Starbuck Posted September 9, 2011 Posted September 9, 2011 Hi dharmadave Nice timing, i'm off on holiday tomorrow. I'm betting that what Eset found had already been removed and was in a quarantine folder. Yep, i was right plus a couple of dodgy restore points. ( nothing to worry about). Ok, let's finish off the cleaning process then. Step 1 Restart MBAM. Click on the Quarantine tab If there are items in quarantine..... Make sure everything is selected and then click Delete All. Close MBAM. Step 2 Please uninstall ComboFix by Clicking on Start ...then run ... and type in combofix /uninstall (don't forget there's is a gap between x and /) Then press Ok http://img.photobucket.com/albums/v708/starbuck50/new/cfu.png This action will uninstall Combofix and also perform a few cleanup measures Step 3 Please double-click OTL.exe to run it. You should see a CleanUp! button, press that button, http://img.photobucket.com/albums/v708/starbuck50/cleanupbutton.png This will cleanup an assortment of tools used during malware removal, plus itself Note: MBAM will not be removed Step 4 Now you should set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state. Click on Start... Control Panel... System and Maintenance... System Click on System Protection in the left-hand task list. Uncheck the checkboxes next to each hard drive listed under the Create restore points automatically on the selected disks: section. When you uncheck a disk you will be presented with a screen. You should click on the Turn System Protection Off button. Click Apply and then OK. Reboot your computer. Now: Click on Start... Control Panel... System and Maintenance... System Click on System Protection in the left-hand task list. Put a checkmark in the checkboxes next to each hard drive listed under the Create restore points automatically on the selected disks: section. Click Apply and then OK. Your System restore will now be active again... starting with a new restore point. To find out how you may have been infected....read this topic: How did i get infected? Not all of the following information will be applicable to you, but it's still best to read it all. Now that you are clean, please follow these simple steps in order to keep your computer clean and secure: Use an AntiVirus Software Avira AntiVir ... see note* ....installation guide Here Avast free Bitdefender Free MS Security Essentials ... see note** ... installation guide Here Note*: Avira now includes the Ask.com Toolbar unless you choose not to install it. This means it is pre-checked by default and it is recommended that you uncheck that option during installation. Note**: Upon installation MS Security Essentials will check that your OS is a legal copy. Only install one AntiVirus program [*]Update your AntiVirus Software regularly [*]Use a 3rd party Firewall Online Armor Free ZoneAlarm ...Important note below Outpost Firewall Free Sunbelt Personal Firewall NOTE: If choosing Zone Alarm be aware that the free version also installs ZoneAlarm Spy Blocker. It is recommended however that you UNcheck this option. Only install one software Firewall Some 3rd party Firewalls will turn off the windows firewall when they are installed. It's always best to check that the Windows Firewall is turned off: How to turn off Windows Firewall: Start ... Control Panel ...click on 'Classic View'. now select Windows Firewall. When the Windows Firewall box opens, put a tick against .. Off (not recommended) and then click Ok [*]Scan regularly with a 'Stand Alone' Anti-Malware scanner: Installing another scanner that you can run once or twice a week is always beneficial. Something like: Malwarebytes Anti-Malware SUPERAntiSypware Remember to update these programs each time before running. You can install more than one of these if you only run them as stand alone programs. [*] Use an alternative browser: Some excellent alternatives to MS Internet Explorer are: Firefox For added security, add the NoScript extension to this browser: Allow active content to run only from sites you trust, and protect yourself against XSS and Clickjacking attacks also consider adding: WOT - Safe Browsing Tool Web of Trust warns you about risky sites that cheat customers, deliver malware or send spam. Millions of members of the WOT community rate sites based on their experience, giving you an extra layer of protection when browsing or searching the Web. Btw: you don't have to make a contribution. Opera They offer better security, more stability, and better speed. [*]Keep a backup of your registry Keeping a regular backup of your registry will help when something goes wrong. Use a program like: Erunt A full tutorial on how to set up and use Erunt can be found here: Erunt tutorial [*]Keep your system clean of temp files etc, using a 'Cleaner': Cleaners are programs that will help to clean out your: Windows temp files Current user temp files Cookies Temporary Internet flies Browser history Recycle bin Etc....... In other words.... all the rubbish that you accumalate over the course of your browsing and day to day usage of your pc. Programs like: TFC by OldTimer ATF Cleaner [*]Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. [*]Install SpywareBlaster - SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. A tutorial on installing & using this product can be found here: Using and installing SpywareBlaster [*]Update all your 'Security' programs regularly - Without regular updates you WILL NOT be protected when new malicious programs are released. Follow this list and your potential for being infected again will reduce dramatically. Glad I was able to help. Safe surfing. http://fc08.deviantart.net/fs71/f/2010/033/b/3/Computer_addict__by_Sinister_Starfeesh.gif Quote Member of:UNITE
dharmadave Posted September 22, 2011 Author Posted September 22, 2011 Thanks again. I'll perform these final steps shortly. In the meantime, there is something else you may want to know about. (You may want this as a security post.) I received thanks for a donation from you, but I hadn't made one yet. I only just got my PayPal account set up. If your system pulled up a donation I made a few years ago, that's okay -- if not, then I'm going to guess that it's a taunt. It certainly coincides with an unsuccessful (thankfully) attempt at using my credit card to make a $1,295 purchase from Dell Computers, who alerted me. (I then canceled the card, of course. Now I have to wait for my new card, then change my PayPal info before I can do anything else, naturally.) Someone has my full name, address, and telephone number, along with my credit card type and (now defunct) number. Very unsettling! Quote
RandyL Posted September 22, 2011 Posted September 22, 2011 Hi. It may have been that you clicked the donate button but did not donate. That would send us a notification that you donated even if you did not. I'm not getting the owners confirmation emails so I would have to assume a donation was made. This happens once in a while. Nothing to worry about. Best wishes. Quote We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.Get help with computer problems. Join Free PC Help here Donations are welcome. Read Here
Starbuck Posted September 22, 2011 Posted September 22, 2011 Hi dharmadave I received thanks for a donation from you, but I hadn't made one yet. I only just got my PayPal account set up. If your system pulled up a donation I made a few years ago, that's okay -- if not, then I'm going to guess that it's a taunt. Very odd. I don't have access to what donations are made etc, so can't look into this but i will mention it to RandyL and ask him to look into this. It certainly coincides with an unsuccessful (thankfully) attempt at using my credit card to make a $1,295 purchase from Dell Computers, who alerted me. This may well have happened because of the infections you had. TDSS has been known to steal data from your system, so does NrIAdsssyo.exe ( which was removed by Rogue Killer). When credit card data is stolen, the bad guys normally try out the card details on a small scale to see if the details are valid. Then if that works, they go for a bigger amount. I'll have a word with RandyL on your behalf and will let you know what he says. Because of the credit card problem, i also recommend that you change all passwords for any email address's, forums and anything else you do on the internet.... just to make sure. I'll get back to you when i know more. Edit: I see RandyL has replied whilst i was typing. Quote Member of:UNITE
dharmadave Posted September 23, 2011 Author Posted September 23, 2011 Thanks, guys. The donation acknowledgment included a specific very small amount, which is what really made me wonder: Some clever creep rolling a test and a taunt into one? And yes, I will now go about changing all my passwords, etc. Thanks again! Quote
dharmadave Posted September 23, 2011 Author Posted September 23, 2011 PS: However, yes, I did click donate -- and then quit when I realized I didn't remember any of my PayPal info. Quote
RandyL Posted September 23, 2011 Posted September 23, 2011 Yes that would have done it. Sometimes search bots hit the link too. I don't thank them. Quote We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.Get help with computer problems. Join Free PC Help here Donations are welcome. Read Here
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.