Solved

PUP infection

Posted on 2013-05-10
12
538 Views
Last Modified: 2013-11-22
A client was having issues with PUPs...slow computer and sometimes stalling.
Ran scans, see below.

What do you think?  No Trojans or viruses picked up...just stuff from PUPs.  Do you see any vulnerabilities.

Ran SAS scan but he closed it without removing the cookies.  also ran AwdCleaner...but didn't have the report transfered to my computer...I can send it later if necessary.

Thanks,
Mags
Rkill--1.txt
Rkill--2.txt
RKreport-1--S-05092013-02d1006.txt
RKreport-2--D-05092013-02d1007.txt
RKreport-3--H-05092013-02d1009.txt
mbam-log-2013-05-09--10-30-05-.txt
HitmanPro-20130509-1320.log
RKreport-1--S-05092013-02d1433.txt
JRT.txt
SUPERAntiSpyware-Scan-Log---05-0.log
0
Comment
Question by:MagsMcKinley14
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 6
12 Comments
 
LVL 28

Accepted Solution

by:
Thomas Zucker-Scharff earned 500 total points
ID: 39156412
Just looking at the roguekiller reports. I'm a little worried you may have removed something that windows will have a fit about.

This appears in one of the first reports:

[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND

But that is not a hijack it is the component that 64bit systems use to trick 32 bit programs into thinking they are running on a 32bit machine.  At least that is my recollection.

It looks like you got rid of extra BHOs, personally I think this machine needs a different browser - I never have trusted IE.  Have you tried running RevoUninstaller on it?  That should find an extraneous or left over bits and you can uninstall them.
0
 

Author Comment

by:MagsMcKinley14
ID: 39156556
Tzucker...I forgot to mention this....after roguekiller ran plus some other scans the system needed to run a repair...did a system restore.  Was this possibly due to what roguekiller removed?  Seemed to correct the issue.

I used revo to uninstall some programs but is there a way to use it to clean up leftovers if a program has been uninstalled with windows uninstaller?

Thanks for your assistance!  It is greatly appreciated.
0
 
LVL 28

Assisted Solution

by:Thomas Zucker-Scharff
Thomas Zucker-Scharff earned 500 total points
ID: 39156598
Revo should search for leftovers.  (I think there is a search for extras button)  if you don't see that try Total Uninstaller.  It does sound like the repair was due to what RK removed.  A system restore should have restored the file that was deleted, although it also may have restored unwanted files as well.

If you are sure that the system is clean, make a backup, then run CCleaner.  CC is a powerful program and will clean up a lot, but beware because some virii will put files into the temp directory which CC deletes.  That is why you want to make sure the system is clean.  Also if the user uses the recent files option in MSOffice apps, be sure to uncheck those options, otherwise the recent files shortcuts will also be cleaned out.
0
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

 
LVL 28

Expert Comment

by:Thomas Zucker-Scharff
ID: 39156620
Uninstallers that are portable applications (can run from a USB stick):

MyUninstaller
RevoUninstaller
UninstallTool

Also an important tool to use is Autoruns.
0
 

Author Comment

by:MagsMcKinley14
ID: 39157349
Thanks...I will check to see which other programs may have been undone by the System Restore.

I will double check Revo for removing other leftovers and run Autoruns.

tzucker How do I know if RogueKiller is wanting to remove or replace something it shouldn't?  I don't have the experience using it or all registry items that may be necessary not to screw something up...guidelines?  Thanks

I will do this tomorrow and get back with you.  Thanks to you both!
Mags
0
 
LVL 28

Expert Comment

by:Thomas Zucker-Scharff
ID: 39157578
it's a  hard call.   you have to be very careful.   generally you don't want to delete anything you don't know how it works.
0
 

Author Comment

by:MagsMcKinley14
ID: 39163367
Okay I had Revo do a clean up then ran CCleaner.  It would stop for a while on the Windows\system32\wbem\Logs\WMITracing.log.  I've never seen that before.  Any worries?
0
 

Author Comment

by:MagsMcKinley14
ID: 39163481
CCleaner has been resolved.
0
 
LVL 28

Expert Comment

by:Thomas Zucker-Scharff
ID: 39164942
Glad to hear.  I don't have any insight into the log problem.  If you run CCleaner again does it still get stuck (or are you too hesitant to try)?
0
 

Author Comment

by:MagsMcKinley14
ID: 39165813
Tom I ran CCleaner again after doing the above and it no longer lingers at the Windows\system32\wbem\Logs\WMITracing.log.  I think we got it...I will check with my client in a few days and see how everything is running.
0
 
LVL 28

Expert Comment

by:Thomas Zucker-Scharff
ID: 39166032
GREAT!
0
 

Author Closing Comment

by:MagsMcKinley14
ID: 39170314
I'm as sure as I can be at this time that the machine is clean.  I will post again if still having issues.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A brand new malware strain was recently discovered by security researchers at Palo Alto Networks dubbed “AceDeceiver.” This new strain of iOS malware can successfully infect non-jailbroken devices and jailbroken devices alike.
An introduction to the wonderful sport of Scam Baiting.  Learn how to help fight scammers by beating them at their own game. This great pass time helps the world, while providing an endless source of entertainment. Enjoy!
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question