Solved BIT138.tmp - Not detected by Antivirus

Yes, please re-hide files and folders back to default.

This I give the instructions when I see the machine is clean.

When we're finished with cleaning I give cleanup instructions for Combofix, easy to follow command.

Windows Recovery Console is a backup safety feature that we recommend you leave on the machine.

HJT you can leave since it uses no resources, or uninstall it's user's choice.

AFT Cleaner is a good tool to use once a week to remove temp files. Or you can uninstall it's user's choice.

We did not delete or tamper with any signin/login information, but we did delete Temp files that store cookies and information related that would make you have to sign back into sites that could have your passwords saved.
This I'm unsure of. I don't do any type of online banking myself so I can't say if this is normal or not and I can't say if by cleaning out temp files would had brought this.
Have you rebooted the computer again and tried once more?

Since we're both unsure, the safest thing to do would be go to a known clean computer and change your password that is related to to this sign in feature to use the banking site.

 

I have returned the view parameters to their default values. I will wait for your directions on what to do next.
Thank you.

 

I think we're ready for final cleanup.

You can delete DDS
and DDS.txt


Don't miss or skip this next step, this will remove malicious files from quarantine and set a clean restore point.

• Click START then RUN
• Now type Combofix /u in the runbox and click OK. Note the space between the x and the /u, it needs to be there.

Example below







Your good to go, good job!


Please take the time to read over a few of my preventive tips.


Please navigate to Microsoft Windows Updates and download all the "Critical Updates " for Windows.


Firefox 3
The award-winning Web browser is now faster, more secure, and fully customizable to your online life. With Firefox 2, added powerful new features that make your online experience even better. It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.
*NoScript - Addon for Firefox that stops all scripts from running on websites. Stops malicious software from invading via flash, java, javascript, and many other entry points.

How to prevent Malware: Created by Miekiemoes

Here are some additional utilities that will further enhance your safety.
# http://www.trillian.cc → Trillian or http://www.miranda-im.com → Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)


Read this article 'Safe Computing Practices'.
So how did I get infected in the first place.

Secure My Computer: A Layered Approach

Strong passwords: How to create and use them

Free Antivirus-AntiSpyware-Firewall Software
Slow Computer May Not Be Malware Related, Help! My computer is slow!
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html


PC Safety and Security--What Do I Need?
http://www.techsupportforum.com/sec...115548-pc-safety-security-what-do-i-need.html

Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!
This site offers people who have been (or are) victims of malware the opportunity to document their story.

Extra note:
Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan. http://secunia.com/software_inspector/

 

Hi Juliet,
When I click on Run, Windows says ut can not find ComboFix. When I installed it at the desktop, I renamed it as 123teste, and since I got this message from Windos i renamed it back to ComboFix, but I am still getting same message.
Any hint?

 

We can delete the files and folders manually.

C:\Qoobox <--delete this folder
C:\ComboFix <--delete folders
C:\ComboFix.txt <-- file.
You can delete any other logs that were created/saved too.


Go to Start >> Run - type control sysdm.cpl,,4 & press Enter

* Tick on the checkbox - Turn off System Restore on all drives
* Click Apply

Turn it back 'On' by unticking the same checkbox & click OK



That should do it.

If you have any problems please let me know.

 

It worked. I have a couple of doubts though. Looking at drive C, three files appear (I unchecked the hide files option to see what is present at temp folder), I found, Boot.bak (BAK file), bootwin and cmldr. Are they to be kept?

Also at C:\ Documents and settings\ Local configurations\temp\, I see CF 22709, identified as Windows Command Processor. Is this part of Windows Recovery Console? Is this to be kept or removed?

Thanks again.

 

The items found are harmless and should actually be left alone.
The temp folder can be emptied.

Navigate to
C:\ Documents and settings\ Local configurations\temp<--empty the contents inside.
Some may say access denied or is use, drop into safemode and try again.

Or you can run AFT Cleaner.

 

I have used AFT Cleaner and it is all clean now (those in the temp folder only).
Case closed.

Thank you to you, Juliet, InfoNex and Pete C.

If any of you ever come to Brazil, and need some support with the local language, just let me know.

 

You got a deal!

Glad we could help.