Virus Clean Up Required.

[suziqjjc]

Hi Guys,

 

I know I've come to the right place to get my problems sorted out by the number of welcoming mails in the introductions. Well done!

 

All was going along nicely with my Windows Media (or not) edition when I accidently downloaded a virus - Doh ! I thought I was clicking on my own McAfee scan but it was Virus Melt. This is my first experience with a virus so it had me panicked as I didn't know if my personal info would be stolen etc. I immediately looked online for help before doing anything and the first site I came to was computing.net where someone responed to my request for help. After completing a few steps though, this person has disappeared and no one else appears willing to pick up where he left off. I can copy and paste over those posts, I ran maleware and a hijack this and have logs. I haven;t done any clean up so I'm still unsure if I'm at risk or what. Google is still redirecting and I can't get on to gmail as its giving me an error. Would love some help and advise .

 

Many thanks,

Sue

[maynardvdm]

Hi

 

Follow these steps:

 

Malware is software designed to infiltrate or damage a computer system without the owner's informed consent. It is a combination of the words malicious and software. The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code.

 

It is in your best interest to note the following:

1. Please disable your resident security applications (such as AVG, Spybot, WinPatrol, etc.) before performing the below procedure so that they do not interfere with the process.
   
2. Perform all the steps in the order listed to avoid any conflicts.
   
3. If unsure, please stop and voice your doubts.
   
4. You might be required to go offline during the disinfection process. Therefore, it is recommended to print off the instructions below for ease of reference.
   

If you stick to the above guidelines, all should go smoothly.

 

================================================

STEP 1

1. Download ATF-Cleaner by Atribune.
   
2. Save the file to your Desktop.
   
3. Double-click on the file to run the program.
   
4. On the Main tab, check the Select All button.
   
5. Next, click on the Firefox tab (if applicable) and check the Select All button.
    
   Note: If you would like to preserve your saved passwords in Firefox, then click No at the corresponding prompt.
   
6. Now, click on the Opera tab (if applicable) and check the Select All button.
    
   Note: If you would like to preserve your saved passwords in Opera, then click No at the corresponding prompt.
   
7. Press the Empty Selected button and click OK to acknowledge the corresponding prompt.
   
8. Click on the Exit button to quit the program.
   

================================================

STEP 2

1. Please click here to download Malwarebytes' Anti-Malware.
   
2. Save the file to your Desktop.
   
3. Double-click mbam-setup.exe and follow the prompts to install the program.
   
4. At the end, make sure a check mark is placed next to:
   1. 
      
   2. Update Malwarebytes' Anti-Malware
      
   3. Launch Malwarebytes' Anti-Malware
      

[*]Click Finish.

[*]The program will download and update itself if it finds the necessity to do so. Please allow this.

[*]Once the program has loaded, select Perform full scan, then click Scan.

 

Note: Depending on your computer specifications, the scan may take some time to complete. Please wait patiently and do not interrupt the process.

[*]When the scan is complete, click OK, and then Show Results to view the results.

[*]Make sure that every entry is selected, and click Remove Selected.

[*]Restart your computer.

================================================

STEP 3

1. Please click here to download SUPERAntiSpyware (Free Version).
   
2. Save the file to your Desktop.
   
3. Double-click SUPERAntiSpyware.exe and follow the prompts to install the program.
   
4. Open SUPERAntiSpyware.
   
5. Under Configuration and Preferences, click the Preferences button.
   
6. Click the Scanning Control tab.
   
7. Under Scanner Options make sure the following fields checked:

   [*]Click the Close button to leave the control center screen.

   [*]On the main screen, under Scan for Harmful Software click Scan your computer.

   [*]On the left, make sure you check mark C:\Fixed Drive.

   [*]On the right, under Complete Scan, choose Perform Complete Scan.

   [*]Click Next to start the scan. Please be patient while it scans your computer.

   [*]After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click OK.

   [*]Make sure every entry has a check mark next to it and click Next.

   [*]A notification will appear that Quarantine and Removal is Complete. Click OK and then Finish to return to the main menu.

   [*]Restart your computer.

   ================================================

   STEP 4
   1. Please visit the ESET Online Scanner, using Internet Explorer to initiate the scan.
       
      Note: If you are running Windows Vista, then you will need Administrative privileges to complete the latter part of the procedure. To do so, right-click on the Internet Explorer icon in the Start Menu and select the Run As Administrator option in the shell context menu.
      
   2. Check mark the YES, I accept the Terms of Use box.
      
   3. Click the Start button.
      
   4. Click the Install button on the following screen.
      
   5. Click Start. This will will initialize and update the scanner engine.
      
   6. Check mark the box beside Remove found threats.
      
   7. Click the Scan button. This will start the scan. Please be patient while it is in progress.
      
   8. Restart your computer.
      

   ================================================

   STEP 5
   1. Click on Start > Programs > Accessories > System Tools and select System Restore.
      
   2. Choose the radio button marked Create a Restore Point on the first screen and click Next. Give the restore point a name then click Create. The new point will be stamped with the current date and time. Keep a note of this so you can find it easily should you need to use System Restore.
      
   3. Next, click on Start > Run, type Cleanmgr and click on OK.
      
   4. Click on the More Options tab.
      
   5. Click the Clean Up button in the System Restore section to remove all previous restore points except the most recent one.
      

   This will remove any infected files that have been backed up by Windows. The files in "System Restore" are protected to prevent any programs changing those files. This is the only foolproof way to ensure the deletion of those files.

    

   Note: Please don't use it on a regular basis as this will clear all previous restore points. The feature might be very useful to revert your computer to working condition if something goes wrong.

    

   Re-enable all your security applications and please return here and tell us how the computer seems to be operating.

Close browsers before scanning
Scan for tracking cookies
Terminate memory threats before quarantining

[suziqjjc]

Thanks MaynardVDM,

Will get right to it now and give you the details. I had downloaded AFT Cleaner and Malwarebytes before - Should I re-install or is it ok just to run them again?

Sue

[maynardvdm]

Just update them before you run them.

[suziqjjc]

Will do, thanks a mil.

Sue

[suziqjjc]

Hi again,

 

I just have MaAfee which I have disabled temp, I also had superantispyware installed, should I do anything with this?

 

Sue

[BeeCeeBee]

SUPERantispyware is part of the program just make sure you update it before you use it. As for McAfee I would consider making that move permanent. It didn't serve you very well this time.

 

If you would like some alternatives let us know when you are done. McAfee is not that easy to uninstall completely but there is a tool availabe that will do the job. However for now just concern yourself with the disinfection process.

[suziqjjc]

Hi again, Am on step 3 now, have just installed the SUPERantispyware - under scanner control, scanner options, there were some boxes checked already. Should I leave these as is or uncheck them and just have the 3 you highlighted above checked? Sue

[BeeCeeBee]

If I remember correctly most of those are options for how you want to configure SAS on startup etc. For the time being just run the program according to the directions above. Make sure you run the update first even though you have just installed.

[suziqjjc]

Ok, thats grand, thx

[suziqjjc]

Hi there, Completed the steps outlined above and have just been searching for stuff hoping all would be ok. There were 9 adware threats detected and when i ran the last scan, it said 3 threats were found. I've tried to log into squidoo but the page doesn't appear to be loading correctly, its a totally different layout to normal. I then did a google search on "images not loading correctly" and was redirected to some porn site ! This is what was happening before. On a seperate note, I'm trying to get into IM and was just wondering about proxy servers. I did go to a recommended site and chose a proxy server for US, I'm in Ireland - would this have any bearing on whats happening? Many thanks, Sue

[BeeCeeBee]

What is the proxy server you selected and why do you feel you needed one? What is your ISP? Eircom or some other?

[suziqjjc]

Hi BeeCeeBee, I'm with Digiweb, am trying to learn adwords so wanted to see ads as if I was in America and not Irish ones. Tried to find the site I got the IP address from but while I've logged in to hotmail ok, I can't seem to open any email, also just checked squidoo again and that still won't load correctly. Help!! IP address is 20.132.16.22 but I actually changed back last night to auto detect. Sue

[BeeCeeBee]

The address you gave is for a server located in Maryland. Were you on the proxy when you ran the steps above?

 

Also where did you find that particular proxy service and did things ever work properly when you were logged on?

[suziqjjc]

Hi BeeCeeBee, To be honest, I'm not sure as I've changed back and forth between that IP and auto detect a couple of times. I got that IP from a site recommended by Chris Carpenter of Google Cash - I can't open my email to find the link where I can find what that site was. I probably changed to that IP around the same time as I downloaded the virus which is a couple of weeks ago. I know where I got the virus, I was online looking for party invites and clicked on a link in google groups. I emailed google with the relevant info so they could remove it. I just assumed that the fact google was redirecting was because of the virus but now that the virus has been removed, I'm thinking that its because of the IP address. Sue

[suziqjjc]

Still can't open email but had site written down, its Proxy 4 Free - Public Proxy Servers, Anonymous Proxy, Proxy List - Protect Your Online Privacy!

[BeeCeeBee]

I noticed that you may have interrupted the program while you were running it . That is not a good idea. I would suggest that you rerun it without the proxy and see if that helps. Immediately set a restore point if it does.

 

Sometimes these infections are apparently removed only to reinstate themselves when you reboot. It is quite possible that something came along with the proxy download. Try uninstalling it first and then run the program from your digiweb IP.

[suziqjjc]

Hi BeeCeeBee, Do you mean to rerun the above steps without setting a proxy? When you say uninstall the program - which program do you mean? Sue

[suziqjjc]

Should I contact my ISP for a proxy address?

[BeeCeeBee]

What did you have to do to get the proxy address that you were using? Did you have top subscribe to or download anything?

[DirtyPolo]

Hey sue,

 

I would just like to jump in now and to say that until we get your pc fixed and clean and ready to go, you stay clear from ALL proxy sites and just use your PC normally.

 

I still don't understand your need for them, but that is another issue that we can talk about once your PC is cleaned up as that is the main problem here right now.

 

Do as BeeCeeBee said, return your IP details back to normal, get rid of anything related to proxies, including any programs, and re run through the disinfection steps as posted previously.

 

We will then take it from there and remember to keep away from proxies as they could be the cause of all of this.

[suziqjjc]

Hi BeeCeeBee / DirtyPolo, Really appreciate your help - no I didn't have to download anything, just selected one for the USA and put it in the firefox internet connections box - Ok, will follow the steps above again, I have deleted the proxy settings and just left it at auto detect. Just to confirm, I need to disable McAfee and my firewall ? Sue

[BeeCeeBee]

Disable McAfee, I can see no reason to disable your firewall unless it is blocking any of the proscribed programs from running.

[suziqjjc]

Ok - will do, thanks.

[suziqjjc]

Hi there, Have finished all the checks and re-enabled McAfee again. Just clicked on Squidoo and that is now fine - Hurray, logged into hotmail but still can't seem to open any emails. Just did a couple of searches also with no problems so hopefully (fingers crossed) that is the end of the virus. Maleware and superantispyware didn;t detect anything but the other Esey detected 1 threat. So thanks a mil for your help. Now, just to sort my email, have you any suggestions as to why I can't open emails? My account etc all looks normal but when I click on a mail, nothing happens. Many thanks, Sue