1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved malware-log from scan- how do I proceed?

Discussion in 'Malware and Virus Removal Archive' started by missy77, 2010/09/28.

Page 3 of 3
  1. 2010/10/03
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Don't worry about those findings...
    It depends, where they're located and 99%, they're not active anymore.
     
    broni,
    #41
  2. 2010/10/03
    missy77

    missy77 Inactive Thread Starter

    Joined:
    2006/09/16
    Messages:
    208
    Likes Received:
    1
    C:\ProgramData\AOL Downloads\triton_suite_install\6.1.41.2\setup.exe probably a variant of Win32/Agent.HZHBURL trojan
    C:\Users\All Users\AOL Downloads\triton_suite_install\6.1.41.2\setup.exe probably a variant of Win32/Agent.HZHBURL trojan
     
    missy77,
    #42


  3. to hide this advert.

  4. 2010/10/03
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    It looks like some AOL instant messenger program.

    It may be false positive, but we better get rid of it.

    Run OTL
    • Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

      Code:
      :OTL

:Services

:Reg

:Files
C:\ProgramData\AOL Downloads\triton_suite_install\6.1.41.2\setup.exe 
C:\Users\All Users\AOL Downloads\triton_suite_install\6.1.41.2\setup.exe

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
    • Then click the [color= "#FF0000"]Run Fix[/color] button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ==============================================================

    Your computer is clean :)

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how is your computer doing.
     
    broni,
    #43
  5. 2010/10/04
    missy77

    missy77 Inactive Thread Starter

    Joined:
    2006/09/16
    Messages:
    208
    Likes Received:
    1
    All processes killed
    ========== OTL ==========
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    C:\ProgramData\AOL Downloads\triton_suite_install\6.1.41.2\setup.exe moved successfully.
    File\Folder C:\Users\All Users\AOL Downloads\triton_suite_install\6.1.41.2\setup.exe not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Lisa
    ->Temp folder emptied: 98793 bytes
    ->Temporary Internet Files folder emptied: 4296075 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 8997129 bytes
    ->Flash cache emptied: 405 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    RecycleBin emptied: 2672312 bytes

    Total Files Cleaned = 15.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Lisa
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.14.1 log created on 10042010_082646

    Files\Folders moved on Reboot...
    File\Folder C:\Users\Lisa\AppData\Local\Temp\~DF6A7B.tmp not found!
    File\Folder C:\Users\Lisa\AppData\Local\Temp\~DF6D47.tmp not found!
    File\Folder C:\Users\Lisa\AppData\Local\Temp\~DF6DBB.tmp not found!
    File\Folder C:\Users\Lisa\AppData\Local\Temp\~DF6E01.tmp not found!
    C:\Users\Lisa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MJORC8CD\95430-active-malware-log-scan-how-do-i-proceed-3[1].html moved successfully.
    C:\Users\Lisa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DMGEX1B1\iframescript[2].htm moved successfully.
    C:\Users\Lisa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

    Registry entries deleted on Reboot...
     
    missy77,
    #44
  6. 2010/10/04
    missy77

    missy77 Inactive Thread Starter

    Joined:
    2006/09/16
    Messages:
    208
    Likes Received:
    1
    OK I updated Adobe too. Next, after some much needed sleep :), I will work on post 43 step 2 and will report back. Thanks sooo much for all the help!!!


    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Lisa
    ->Temp folder emptied: 98793 bytes
    ->Temporary Internet Files folder emptied: 3665230 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 405 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 4.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Lisa
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb



    OTL by OldTimer - Version 3.2.14.1 log created on 10042010_085543

    Files\Folders moved on Reboot...
    File\Folder C:\Users\Lisa\AppData\Local\Temp\~DFF0B3.tmp not found!
    File\Folder C:\Users\Lisa\AppData\Local\Temp\~DFF484.tmp not found!
    File\Folder C:\Users\Lisa\AppData\Local\Temp\~DFF556.tmp not found!
    File\Folder C:\Users\Lisa\AppData\Local\Temp\~DFF560.tmp not found!
    File\Folder C:\Users\Lisa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XA4HGAG7\95430-active-malware-log-scan-how-do-i-proceed-3[1].html not found!
    C:\Users\Lisa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4G4O22YE\iframescript[1].htm moved successfully.
    C:\Users\Lisa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

    Registry entries deleted on Reboot...
     
    Last edited: 2010/10/04
    missy77,
    #45
  7. 2010/10/04
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You're very welcome :)
     
    broni,
    #46
  8. 2010/10/04
    missy77

    missy77 Inactive Thread Starter

    Joined:
    2006/09/16
    Messages:
    208
    Likes Received:
    1
    Cleaning went well. So its ok to move my pics now to an external for backup right?

    Now... :( step 3 (post 43) Windows update- it still will not let me update. It "blinks" fast when I hit the icon, offical website wont work either. I could try firefox for it though. Also using IE, WOT is sitting on website... "loading settings" wont move. So still having IE issue. Reset didnt work. What can I do for that?
     
    missy77,
    #47
  9. 2010/10/04
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Uninstall IE8.
    Go Control Panel>Programs & Features
    You have to click on "View installed updates" and scroll through that list.
    Look for "Windows Internet Explorer 8 ".
    Mine was installed on 5/7/2009

    When uninstalled, it'll revert itself to IE7.

    See, if it'll help.
     
    broni,
    #48
  10. 2010/10/05
    missy77

    missy77 Inactive Thread Starter

    Joined:
    2006/09/16
    Messages:
    208
    Likes Received:
    1
    Before I uninstall IE, how do I save bookmarks?
     
    missy77,
    #49
  11. 2010/10/05
    missy77

    missy77 Inactive Thread Starter

    Joined:
    2006/09/16
    Messages:
    208
    Likes Received:
    1
    found it, done :) now I can proceed :)
     
    missy77,
    #50
  12. 2010/10/05
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Ok :)
     
    broni,
    #51
  13. 2010/10/05
    missy77

    missy77 Inactive Thread Starter

    Joined:
    2006/09/16
    Messages:
    208
    Likes Received:
    1
    OK did unistall and it is now on IE 7... BUT no change at all :(
     
    missy77,
    #52
  14. 2010/10/05
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    In that case....

    In this forum, we make sure, your computer is free of malware and your computer is clean :)
    Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
    You'll get more attention.

    I'll mark this thread as "Resolved" (malware-wise)
     
    broni,
    #53
  15. 2010/10/06
    missy77

    missy77 Inactive Thread Starter

    Joined:
    2006/09/16
    Messages:
    208
    Likes Received:
    1
    OK thanks sooo much for all your help!!!! :D I will need to install WOT and the steps after from post 43, after I fix IE, WOT wont work the way IE is now.
     
    missy77,
    #54
  16. 2010/10/06
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You're very welcome :)
     
    broni,
    #55
Page 3 of 3

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...