System Security 2009 recovery?

[evilfantasy]

Okay, I was afraid of that. We need to restore some files that are in Qoobox.

Delete ComboFix if it is still on your desktop.

Download the new version of combofix.exe  and save it to your desktop. DO NOT RUN IT YET!!! Just make sure you have the new  version downloaded and saved.

Now download this file > http://download.bleepingcomputer.com/sUBs/CFDQ-UsrPrf.exe

Now run the CFDQ-UsrPrf.exe program by  double clicking on it.

• Immediately after you run it, YOU MUST NOT reboot your  PC.  Don't do anything else but continue on with the below..
  
• Now immediately run the new version of ComboFix that you saved to  your desktop earlier. This should cause a reboot of your PC after  running if malware was detected and removed.
• After reboot post the new ComboFix log.

[Zippy2]

Downloaded new combofix, downloaded and ran CFDQ-Usrprf.  Ran ComboFix and got error message indicating that it is only compatible with certain OS's, (mine is XP home and was listed as compatible) when I clicked OK, IE closed and the ComboFix file is no longer on desktop.

Do I re-download and re-run ComboFix?

[evilfantasy]

Yes try a new download.

[Zippy2]

Downloaded and ran ComboFix again.  Did not automatically restart, and I attached the ComboFix log. What's next?

Thanks
Zippy2

[Saving space, attachment deleted by admin]

[evilfantasy]

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]

KillAll::

DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:5555


3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

[Zippy2]

Thanks again!

Everything went well in response to your last post.  Attached is the ComboFix log from the actions you recommended.  Please advise on any further steps.

Thanks!
Zippy2

[Saving space, attachment deleted by admin]

[evilfantasy]

Okay, finally. I was wondering if we were going to get rid of that without using brute force!

* Click START then RUN - Vista users press the Windows Key and the R keys for the Run box.
* Now type Combofix /Uninstall in the runbox
* Make sure there's a space between Combofix and /Uninstall
* Then hit Enter

* The above procedure will:
* Delete the following:
* ComboFix and its associated files and folders.
* Reset the clock settings.
* Hide file extensions, if required.
* Hide System/Hidden files, if required.
* Set a new, clean Restore Point.

----------

Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. 
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

----------

ESET Online Scan

Scan your computer with the ESET FREE Online Virus Scan

* Click the ESET Online Scanner button.

* For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
* Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop
* Double click on the esetsmartinstaller_enu.exe icon on your desktop.
* Place a check mark next to YES, I accept the Terms of Use.

* Click the Start button.
* Accept any security warnings from your browser.
* Leave the check mark next to Remove found threats and place a check next to Scan archives.
* Click the Start button.
* ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.
* When the scan completes, click List of found threats.
* Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.
* Click the <<Back button then click Finish.

In your next reply please include the ESET Online Scan Log

[Zippy2]

Thanks Evil,

The instructions went well. Attached is the ESETScan log.

Thanks,
Zippy2

[Saving space, attachment deleted by admin]

[evilfantasy]

Looks good. Is the computer running good now?


Use the Secunia Software Inspector to check for out of date software.

• Click Start Now
  
• Check the box next to Enable thorough system inspection.
  
• Click Start
  
• Allow the scan to finish and scroll down to see if any updates are needed.
• Update anything listed.

.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no realtime protection so will not interfere with each other. They do not use any significant amount of resources (except a little disk space) until you run a scan.

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.

[Zippy2]

Everyth8ing appears to be running well, except for all of the emai lmessages in Outlook Express that are still missing.  I guess they are gone for good,

I am having trouble running  Secunia Software Inspector.  It is giving me an error message about JAVA not being installed.  I have gone through all of the verifying steps to ensure that JAVA is indeed installed and working properly.  As a result, I was not able to complete the  Secunia Software Inspector scan.

Zippy2

[evilfantasy]

I am having trouble running  Secunia Software Inspector.

Are you using Internet Explorer?

What images in your email?

[Zippy2]

Yep, using IE 7

I am missing all of my email messages.  Those stored within Outlook Express folders before the infection.

[evilfantasy]

I'm not sure about the email You might ask in the Software Forum if anyone knows of a good free recovery program.

Here are a few you can try. From here http://www.computerhope.com/forum/index.php/topic,66522.0.html

Free recovery software.

• PC INSPECTOR File Recovery
  
• Recuva
  
• Undelete Plus

.
Commercial  recovery software will increase the chances of recovering important  data. It's not free but can be well worth the price.

• Active@ UNDELETE  - Has great reviews with demo results before you buy
  
• DiskInternals Mail Recovery - Recover and repair Windows email!  (Demo)
  
• OfficeRecovery.com  - Data recovery software for email, databases and office productivity
  

[Zippy2]

The email issue is not a big deal for me.  I'm just happy to have access to the files/pics/programs on my desktop than anything else.

I uninstalled JAVA, then resintalled.  Secunia Software Inspector worked!  SSI showed two necessary updates: one to Adobe Flash Player (completed without issues) and Adobe reader. During the reader update, I am prompted with an error message. Rather than type it verbatim, I have included a JPEG.  When I click OK, the installation rolls back and ceases installing.  Is this related to the previous issues?

[Saving space, attachment deleted by admin]

[evilfantasy]

Try using Revo to uninstall Adobe Reader. Be sure to restart the computer before installing the new version.

Download Revo Uninstaller

* Open Revo and let the list populate (can take several seconds to finish).
* Right click what you want to uninstall and choose Uninstall
* Next choose Advanced then click Next
* This will (try to) launch the programs built in uninstaller and go through the normal uninstall process.
* If the uninstaller fails just continue on with the Revo instructions.
* Once complete: In Revo Uninstaller click Next and Revo will scan the registry for leftovers.
* This scan can take several seconds.
* Once the results are shown look at each one to ensure they are all related to the program that was uninstalled.
* Choose Select All then click Delete
* Click Next and Revo will scan for any files or folders that were not removed.
* If any files/folders are found choose Select all > Delete


New version. http://get.adobe.com/reader/

Note! Be sure to uncheck Free McAfee Security Scan Plus (optional) before starting the download.