1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Win 2000 checked but eventually not clean!

Discussion in 'Malware and Virus Removal Archive' started by SKN66, 2011/02/28.

Page 3 of 3
  1. 2011/03/01
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I've seen TFC refusing to run on some machines.
    Reason unknown :)
     
    broni,
    #41
  2. 2011/03/01
    SKN66

    SKN66 Inactive Thread Starter

    Joined:
    2011/02/26
    Messages:
    80
    Likes Received:
    0
    Ok!

    Finally, an answer that didn't make me look stupid :D
     
    SKN66,
    #42


  3. to hide this advert.

  4. 2011/03/01
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Hahaha....
     
    broni,
    #43
  5. 2011/03/01
    SKN66

    SKN66 Inactive Thread Starter

    Joined:
    2011/02/26
    Messages:
    80
    Likes Received:
    0
    Not quite done jet

    Running the alternative to TFC now.... Done that also....What should I do with these "things" every single one of them can be deleted as far as I'm concernd...

    D:\@ - Temp\Downloads 080808 - newer\2011-02-16\registrybooster.exe Win32/RegistryBooster application
    D:\@ - Temp\T E M P O R Ä R T\registrybooster.exe Win32/RegistryBooster application
    H:\ZÖ - Div osort\K T F A B\@ - Temp\Diablo Hack\845_edit.zip a variant of Win32/Packed.PECrypt32.A application
    H:\ZÖ - Div osort\K T F A B\@ - Temp\Diablo Hack\031003\845_edit.zip a variant of Win32/Packed.PECrypt32.A application
    K:\Musik\Zippat\Tveksama\Tony Carey - men törs inte röra då det är en exe i ändan på detr.zip a variant of Win32/Hoax.ArchSMS.HD application
    L:\ÖÖÖ - Backuper\Arbete\@ K T F A B\@ - Temp\Diablo Hack\845_edit.zip a variant of Win32/Packed.PECrypt32.A application
    L:\ÖÖÖ - Backuper\Arbete\@ K T F A B\@ - Temp\Diablo Hack\031003\845_edit.zip a variant of Win32/Packed.PECrypt32.A application
     
    Last edited: 2011/03/02
    SKN66,
    #44
  6. 2011/03/02
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Run OTL
    • Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

      Code:
      :OTL

:Services

:Reg

:Files
D:\@ - Temp\Downloads 080808 - newer\2011-02-16\registrybooster.exe 
D:\@ - Temp\T E M P O R Ä R T\registrybooster.exe 
H:\ZÖ - Div osort\K T F A B\@ - Temp\Diablo Hack\845_edit.zip 
H:\ZÖ - Div osort\K T F A B\@ - Temp\Diablo Hack\031003\845_edit.zip 
K:\Musik\Zippat\Tveksama\Tony Carey - men törs inte röra då det är en exe i ändan på detr.zip 
L:\ÖÖÖ - Backuper\Arbete\@ K T F A B\@ - Temp\Diablo Hack\845_edit.zip 
L:\ÖÖÖ - Backuper\Arbete\@ K T F A B\@ - Temp\Diablo Hack\031003\845_edit.zip

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
    • Then click the [color= "#FF0000"]Run Fix[/color] button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ==============================================================

    Your computer is clean :)

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how your computer is doing.
     
    broni,
    #45
  7. 2011/03/02
    SKN66

    SKN66 Inactive Thread Starter

    Joined:
    2011/02/26
    Messages:
    80
    Likes Received:
    0
    Thanks!

    I'll do that, it will keep me occupied a little while...
    Meanwhile if You would be so kind and take look at this....

    My experience about / with firewalls is ZERO!
    If You don't have the time... any place I could read about it... on a really basic level :)

    Is this ok program to give free access to internet?
    I can read that its Java, but after the last days...,
    well let say, I've learned NOT to trust what's written :)

    C:\Program Files\Java\jre6\bin
    Jqs.exe
    IP : 127.0.0.1 Port : 5152 - TCP
    SERVICES.EXE

    I understand the basic principle about Firewalls, it's all the questions I've been asked -I don't know what to answer :eek: I post it here in belief that it's related to virusers and stuff like that... redirect me if You don’t agree!

    The Firewall prog. informed me that FireFox is a "hidden" prog. and asked if I was sure about wether FF would be allowed to connect or not.... ?
    I'm not sure about anything, but I guess it's ok :eek:

    D:\Wintools\Iconid\iconid.exe does something, something using tr3.dll into the Parent application explorer.exe using a global hook which could be used by keyloggers to steal private information. (wasn't allowed to read and write it all down.. I'm to slow)
    Iconid is a prog I've used for years...saves icon positions, makes the text backround transparent... and couple more estetical details...
    Question: Is it infected with something now?

    Winword and explorer trying to gain access to i-net... as far I understand these programs don't have anything to do on the i-net and that should stay that way...right?
    Winword question comes while copying info rom i-net to a winword doc.... so maybe its ok? I have denied access so far... and that makes FF to stop working...??

    Once again, don't have the expirience, so I'll have to ask all these dumb questions,
    but if something suddenly starts to behave diffrently....?? What else should I do?

    1) Something wants to use the dial upp connection to access i-net every time now, when I start my computer (or after a reboot) My connection to i-net is through mobile "broadband" and I have to click the connect button to do so. Mostly I do connect, but not always... the question here is: Is this one of all the protective programs or is it some "left over" bug...?

    2) The Dialogue box with the text below "Saving Your settings" after "shut down" takes a lot of time... once again the question is: Friend or foe ?

    3) Screen saver is not present after every start / reboot.... same thoughts as above!

    Thanks again!:)
     
    SKN66,
    #46
  8. 2011/03/02
    wildfire

    wildfire Getting Old

    Joined:
    2008/04/21
    Messages:
    4,649
    Likes Received:
    124
    Questions about your firewall settings should be asked in General Security. Malware and Virus Removal is there to remove malware ;)

    JQS.EXE (Java Quick Starter) isn't actually trying to access the internet above it's just using your network configuration as a local loopback (ie it's just connecting to your system 127.0.0.1)
     
    wildfire,
    #47
  9. 2011/03/02
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I agree with Wildfire, so I'll address Comodo issue briefly only.
    Comodo will learn, so at the beginning it'll ask you some questions.
    With the time, it'll ask less and less.
    In general, if it asks for about any program, you know, it's safe to OK it.

    1. I'm not very familiar with your type of internet connection, so you may want to ask your question in networking forum.

    2. It may be connected to Comodo learning process. Give it some time.

    3. Again, it's not malware related issue, so you may want to ask the question in appropriate forum.
     
    broni,
    #48
  10. 2011/03/02
    SKN66

    SKN66 Inactive Thread Starter

    Joined:
    2011/02/26
    Messages:
    80
    Likes Received:
    0
    Thanks You guys

    Thanks for the answers anyway... any little pice of info is welcome because until for not so long ago... internet was more or less E-mail, divers, some mp3 and a quick visit to the bank....so that's why I'm so totally off..:eek:
    I will rewrite some of the questions under the security forum... :)
    ...still strange thins still occur on my pc.. that with the sreen saver is one of them? ....I'll give it a little time...

    Two of the first rebbots did not "fallow trough" ... so after a 5-6 miin. I used reset...?

    All processes killed
    ========== OTL ==========
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    D:\@ - Temp\Downloads 080808 - newer\2011-02-16\registrybooster.exe moved successfully.
    D:\@ - Temp\T E M P O R Ä R T\registrybooster.exe moved successfully.
    H:\ZÖ - Div osort\K T F A B\@ - Temp\Diablo Hack\845_edit.zip moved successfully.
    H:\ZÖ - Div osort\K T F A B\@ - Temp\Diablo Hack\031003\845_edit.zip moved successfully.
    K:\Musik\Zippat\Tveksama\Tony Carey - men törs inte röra då det är en exe i ändan på detr.zip moved successfully.
    L:\ÖÖÖ - Backuper\Arbete\@ K T F A B\@ - Temp\Diablo Hack\845_edit.zip moved successfully.
    L:\ÖÖÖ - Backuper\Arbete\@ K T F A B\@ - Temp\Diablo Hack\031003\845_edit.zip moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: BIG$
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Kiolein
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 38936 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 65975169 bytes
    ->Flash cache emptied: 775 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    RecycleBin emptied: shell32.dll unable to determine bytes removed.

    Total Files Cleaned = 63,00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: BIG$

    User: Default User

    User: Kiolein
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0,00 mb


    OTL by OldTimer - Version 3.2.22.2 log created on 03032011_002657

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: BIG$
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Kiolein
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    RecycleBin emptied: shell32.dll unable to determine bytes removed.

    Total Files Cleaned = 0,00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: BIG$

    User: Default User

    User: Kiolein
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0,00 mb


    OTL by OldTimer - Version 3.2.22.2 log created on 03032011_005137

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...

    Otherwise everything seems to be OK!

    I'll take a little break before starting on the second pc... four nights in a row (it' middle of a night here now) has taken a toll on a "old" guy, as me :D
    I need rest!
    Once again, I'm really grateful for all the help, couldn't have done it without You!
     
    SKN66,
    #49
  11. 2011/03/02
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You're very welcome :)

    Good luck and stay safe :)
     
    broni,
    #50
Page 3 of 3

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...