Solved Cere's Captivity I can't get rid of

Kasperkey is strill running - it's 80% done

 

Hi
OK HJT log look good.

Are we doing the pn line scan now?

Thanks
Geri

 

Yea doing the on line system scan - sure tajes a lllooonnnggggg time, is AVG a good protection source or is there a better one? Seems to me it let an awful lot through that I didn't know about even though I scan regularly. I had more than just the one problem I think didn't I?

 

Hi
AV's only protect against what is known and they have added to their data base.
AVG is a good AV But you should be running a firewall and Anti spyware applacations also. One of each.

Your best defence is you though. Becareful on where you go, what you download and what you cilck on. Be it on the web or in emails.

I'll point you to some when you are clean.

 

Okay - I do have a firewall - I use windows firewall and I scan with adaware and spybot and they didn't pick them up either. I used to use zone alarm but it interfered with too much and didn't run correctly.

 

almost done - 96% complete it says 3 threat names and 5 infected objects Will post report when it's done running

 

not bad - they are in the restore files: do we leave them there??

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, September 14, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, September 14, 2008 18:42:53
Records in database: 1229478
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 306307
Threat name: 3
Infected objects: 5
Suspicious objects: 0
Duration of the scan: 04:13:34


File name / Threat name / Threats count
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP664\A0115870.exe Infected: not-a-virusownloader.Win32.ImLoader.j 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP664\A0115916.exe Infected: not-a-virusownloader.Win32.ImLoader.j 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP701\A0137847.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP701\A0137915.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP702\A0138066.sys Infected: Hoax.Win32.Agent.fu 1

The selected area was scanned.

 

Hi Karen
OK very good.


Click Start > Run in the run box copy and paste or type ComboFix /u then hit Enter to uninstall ComboFix and remove the files/folders it created. This action will also reset the System Restore points, removing any infected files there as well.

Doing this will clean you up. Those are in your system restore and will be cleaned with the above instructions.

Let me know that everything is running OK after doing the above.

Geri

 

Done and Clean! I ran the malwarebytes again and it came up:

Malwarebytes' Anti-Malware 1.28
Database version: 1151
Windows 5.1.2600 Service Pack 3

9/14/2008 6:49:39 p.m.
mbam-log-2008-09-14 (18-49-39).txt

Scan type: Quick Scan
Objects scanned: 52905
Time elapsed: 7 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Now - Do I reload zone alarm? Is the malwarebytes better than spybot and ad-aware? And thank you thank you thank you so much for your help! I owe you lunch

 

oh and what do I do to be able to play cd's? I think I can get the rest of my I.E. back the way it was.

 

The auto run was diabled.
You can open My computer and start the CD that way.

I will send you a PM on how to reset it back to auto run if you want it.

So check your PM in a few minutes.

Please look at this link for some preventive recommendations, It could keep you from ending up back here to the Malware and Virus Removal Forums.
http://www.windowsbbs.com/showthread.php?t=67958

If all is OK I'll mark this one resolved.

Surf Safely.
Geri

 

Yes I think it is resolved. Thank you so very much for your help! I read the ounce of prevention and will try zone alarm again (is that better than the firewall that Windows provides? and if I have zone alarm fire wall do I disable Windows fire wall?)

 

Hi

Yes to both.

You are welcome.

Comodo is also very good, if you install it. make sure you do the basic install or it will bug you for every little thing.

I sent you the PM.

Geri

 

Thank you Geri - have a nice rest of the night