Jump to content


Photo

Is this residual damage, or do I still have the trojan?


  • This topic is locked This topic is locked
58 replies to this topic

#51 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 13,458 posts

Posted 13 January 2013 - 08:26 PM

I think we are through.
Except for updating Java again (and some cleanup).

Java was just updated today to version 7, Update 11. It fixes the vulnerability that was being exploited that was in the news, and it changes the default security level in the Java Control Panel to High (you did that manually earlier).

So you need to download the new version, go to Control Panel, Add or Remove Programs, and uninstall Java, then install the new version that you just downloaded. If it already automatically updated, you can skip this. To check, go to Control Panel > Add or Remove Programs, double-click on Java, and when the Java Control Panel opens, in the General tab click the "About" button, and if it says Version 7 Update 10, you need to update, if it says Version 7 Update 11, then it's current and you can skip updating it.

Go to start > run and copy and paste the next command in the field:
ComboFix /uninstall

Make sure there's a space between Combofix and /
Then hit enter.

This will uninstall Combofix, implement some cleanup procedures, and reset System Restore points.

Next, you need to delete the utilities you downloaded and their logs:
DDS
SecurityCheck.exe
xp_exe_fix.zip
AdwCleaner.exe
RogueKiller.exe
tdsskiller.exe
FSS.exe
tweaking.com_windows_repair_aio_setup.exe
swreg.exe
SystemLook.exe
aswMBR.exe
Sophos Virus Removal Tool.exe
(you can keep the scanner installed if you want to run it later, it will update before it scans)
mbar-1.01.0.1016.zip (Malwarebytes Anti-Rootkit, I would also uninstall it now, it's a beta version, not a final release) Note: your file name may have been different if it was updated between now and when you downloaded it.

The .reg files that you downloaded:
wscsvc.reg
wuauserv.reg
LEGACY_SHAREDACCESS.reg
LEGACY_WSCSVC.reg
LEGACY_WUAUSERV.reg


And the .bat files that you created:
Legacy1.bat
Legacy2.bat

 

Whew! That was a few utilities.

 

You may want to try a better firewall than the one that comes with Windows XP. You might consider Comodo Firewall Free.

To help keep malware off your system:

  • Keep Windows updated at Windows Update or Microsoft Update.
  • Keep your other applications updated, there are vulnerabilities that rely on exploits through other programs like Java, Microsoft Office, Adobe Reader, Flash, and others.
  • Run a program like Secunia Online Software Inspector or FileHippo Update Checker to see what programs need to be updated.
  • Be careful with flash drives, as they can spread infections. See this post on USB/flash drive safety.
  • Stay away from P2P software; even with a clean P2P program, their networks are often riddled with malware.
  • Don't click on attachments or links in e-mail, and read your e-mail in text-only mode for the highest safety.
  • Don't click on links received in instant message programs.
  • In place of Internet Explorer, browse with Firefox with the NoScript and AdBlock Plus add-ons.
  • A HOSTS file will prevent Internet Explorer from communicating with sites known to be associated with adware or spyware. A good regularly updated HOST file is MVPS HOSTS File, available at http://www.mvps.org/...p2002/hosts.htm
  • A free non-resident utility to prevent the installation of ActiveX-based malware is JavaCool's SpywareBlaster. For real-time protection, there is SpywareGuard. Both are available at http://www.javacools...m/products.html
  • I recommend reading Tony Klein's article So How did I get Infected in the First Place? at http://www.spywarein...showtopic=60955

Does your problem appear resolved?

 

And remember, you need to always run an antivirus program and a firewall, or your system isn't protected.


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#52 nenadrew

nenadrew

    Member

  • Full Member
  • Pip
  • 56 posts

Posted 15 January 2013 - 02:49 PM

Joker, sorry for not responding sooner; I'd been checking back here on the fly and it took me awhile to see your posting on page 2 (or even to notice that there was a second page, lol.)

 

Ok, going down the list...

 

I updated Java.

 

Installed HOSTS and SpywareBlaster, downloaded Comodo firewall but haven't tried it yet.

 

Deleted ComboFix and other utilities, except Sophos.  The only swreg.exe file i found wasn't on my desktop; thought I'd better ask before deleting it (see attached file.)

 

SEARCHED.JPG

 

Everything appears to be working normally, except that I can no longer open PrintShop, either from the shortcut or directly from program files.  Every time I try to open it I get this message:  Cannot determine configuration.  I can reinstall the program, but I wouldn't mind knowing what happened to it.... could one of those utilities have seen it as a threat and disabled it?  Just curious.

 

Nena

 

 

 



#53 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 13,458 posts

Posted 15 January 2013 - 09:58 PM

That's a prefetch file. It can be deleted, although there's really no need. Going back to post #20, swreg.exe was saved in C:\Windows. If you don't see it in that folder, it may have been deleted when you uninstalled ComboFix.

 

I saw multiple people ask about the same "cannot determine configuration" problem online, but I didn't see any real advice other than in general it being from a corrupt installation, and to uninstall it, delete the program folders, and reinstall. If you do that though, be sure you backup any art or projects you may have been working on. If you reinstall and have the same problem, try uninstalling it with Revo Uninstaller (freeware). You can download it from here.

 

Did that solve the problem?


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#54 nenadrew

nenadrew

    Member

  • Full Member
  • Pip
  • 56 posts

Posted 16 January 2013 - 03:25 AM

Weirdly, the prefetch file was nowhere to be found when I went to delete it, which is apparently neither here nor there.  I did get PrintShop deleted and reinstalled; seems to be working fine now.

 

Joker, I cannot thank you enough for your help; I would've been sunk without you!  I appreciate your kindness and patience in sharing your expertise with ignorant strangers.  (But I'm pretty sure all you really want to hear is that I'll continue to do the things you taught me to protect my computer -- and the answer is yes!  I will!)  :)

 

Nena



#55 nenadrew

nenadrew

    Member

  • Full Member
  • Pip
  • 56 posts

Posted 16 January 2013 - 04:15 AM

Well, crap; it appears I may have spoken too soon about everything working fine....

 

When I reinstalled PrintShop, the computer rebooted as part of the installation.  After reboot, I removed the disk from the CD drive and put it away, even opened PrintShop just to test it and everything seemed fine.  But back at the desktop this message box popped up and couldn't be cancelled:

 

ITYPE.JPG

 

I just thought maybe I'd taken the install CD out too soon, so I stuck it back in and clicked Try Again, at which point the error box disappeared and everything seemed normal.

 

However, now I've had the same box pop up again.  So I went to see what I could find about it, and apparently itype is a keyboard file, which has nothing to do with PrintShop.  I am now completely confused.

 

Note to say that I have installed PrintShop many times before without any problems.  But I probably have never installed it before with a resident antivirus program running.... is it possible they have a conflict?

 

Unless you tell me otherwise, think I'll try removing Printshop with your Revo uninstaller and then turn off the antivirus before reinstalling it.  I may not get to that tonight, but will probably tackle it fresh in the morning.

 

Nena

 



#56 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 13,458 posts

Posted 16 January 2013 - 06:25 AM

It looks like that is part of Microsoft Intellitype. I would uninstall Intellitype from Control Panel, and if your keyboard had reduced functionallity, such as some functions don't work (some have volume and other controls), download and reinstall the Intellitype software from Microsoft:
http://www.microsoft...s.aspx?id=26949

It's always possible you don't really need it installed. It comes with my keyboard, I've never needed it.

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#57 nenadrew

nenadrew

    Member

  • Full Member
  • Pip
  • 56 posts

Posted 16 January 2013 - 06:29 PM

Everything's good again once I uninstalled the keyboard software and reinstalled from the CD that came with it.  PrintShop is still doing fine without having to mess with it any further, too.  Guess the computer just had a weird little hiccup last night.  :)

 

Thanks again, Joker!



#58 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 13,458 posts

Posted 16 January 2013 - 08:57 PM

You're welcome. I'm glad it's all working. I'll leave the topic open for a while in case you find any other problems. Once the topic is closed, you can also easily request that it be re-opened, and the instructions for that will be in the closing post.

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#59 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 13,458 posts

Posted 22 January 2013 - 07:17 AM

Glad we could help. :)

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005





2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button