[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2105
  • Last Modified:

Infected Computer

OK I thought I had cleaned this computer, attached are logs, but ran Trojan Killer as a check and it came up with a couple things...I am simply using this program to diagnose.
Fixed HiJack.EnableLUA and found Trajan.Win 32.

Attached are scans run.

My Web Search still showing up in Startup but not checked.  If a program is no longer on the computer would it show up in Startup???  I can't seem to find them on the computer.  See Start up screen.

I am running ESET online scanner now.
rkill.log
rkill-log-2.txt
mbam-log-2012-07-26--14-52-09-.txt
SUPERAntiSpyware-Scan-Log---07-2.log
Trojan-Killer-scan-2012-08-16--1.txt
HitmanPro-20120807-1022.log
log.xml
Startup-programs.jpg
0
Mags
Asked:
Mags
  • 6
  • 4
  • 2
  • +3
2 Solutions
 
Garry GlendownConsulting and Network/Security SpecialistCommented:
With the level of sophistication found with many virus/trojan programs nowadays, I personally recommend any infected system to be completely wiped and cleanly re-installed ... at most, clean it as well as possible, do a backup of anything not safely stored earlier to CD/DVD (definitely do not connet to any network), and then continue with wiping ...
anything else you run the risk of not discovering some part of the malware ...
0
 
Norm DickinsonGuruCommented:
If nothing else works with an infection you can always purchase a professional remote cleaning directly from McAfee for about $90. Just go to http://www.mcafee.com and point at
"For Home," then  click on "Support." Click the "Virus Removal" link (top center) and proceed with the purchase. This will provide you with a case number and a phone number; simply call them up and they can normally access your computer remotely by having you restart in safe mode with networking support. They offer a 30 day guarantee as well. I've used them several times with particularly stubborn or brand new strains and they always meet my expectations. You can also order by phone: 1-866-966-8478
0
 
younghvCommented:
tqfdotus -

Mags is already a paying member here on EE. We sure don't want to be giving him advice to go somewhere else!

Mags -
Give me a few minutes to review your logs and I'll post back.
0
New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

 
cokefourCommented:
My advice? If you're running Vista - upgrade to Win 7. Too many holes in that version.
0
 
Norm DickinsonGuruCommented:
Younghv -

I was not aware of that rule - thank you - and just wanted to point out the professional option from McAfee. There are some strains that are not going to be worth taking the time or the risk to try to remove manually, especially if prior attempts did not remove the infection. As I said, if nothing else works...
0
 
younghvCommented:
Hey Mags -
I'm going to post a suggestion and then unsubscribe.
Sorry for doing this, but I'm sure you can tell why.

Vic
====================
Your logs look as though the tools are functioning properly and doing their job.
After you run them (and the system seems normal), are you running CCleaner - or any temp cleaner - to clean out all the miscellaneous junk?

You never want to do that if there are missing/hidden file or folder symptoms, but it is still a good idea as one of the final steps.

You might want to give something a try that is a new (to me) tool on the market. It has been getting rave reviews by some of the best anti-malware experts.

I've used it a couple of times now and it is VERY good:

"Emsisoft Emergency Kit 2.0"
http://www.emsisoft.com/en/software/eek/
0
 
MagsOwnerAuthor Commented:
Vic..I wish you wouldn't go...we work so well together.  I ran CCleaner when I thought her machine was clean.  Trying  "Emsisoft Emergency Kit 2.0" now.

This computer, as with many I work on, is being done remotely.  Any issues with that?
0
 
oneononecompCommented:
Download combofix to desktop and run in normal mode.  Disable your AV and AS software first.

www.bleepingcomputer.com/combofix
0
 
MagsOwnerAuthor Commented:
Will do...I appreciate the assistance with ComboFix.  Attached is the results from ESET and Emsisoft Emergency if you want to look at that first.  I will let my client know I need her computer.

Thank You oneononecomp!!!!!!!!!!!!!!!
Emsisoft-a2scan-120816-154552.txt
ESET-Scanner-log.txt
0
 
MagsOwnerAuthor Commented:
Running ComboFix tomorrow.
0
 
oneononecompCommented:
Be patient.  It can take 10-15 minutes.
0
 
oneononecompCommented:
This link gets you to the download page.

http://www.bleepingcomputer.com/download/combofix/
0
 
MagsOwnerAuthor Commented:
Thanks...I've run it before just don't know how to read it...I appreciate your assistance!!

Attached are the rKill and ComboFix logs
Rkill--1-8-21.txt
0
 
MagsOwnerAuthor Commented:
Sorry...here is the ComboFix log.
ComboFix-Log-8-21-Kim.txt
0
 
oneononecompCommented:
Looks like it cleaned it up well.  Do you see any signs of infection?
0
 
MagsOwnerAuthor Commented:
No signs of infection.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 6
  • 4
  • 2
  • +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now