?
Solved

PUP infection

Posted on 2013-05-10
12
Medium Priority
?
546 Views
Last Modified: 2013-11-22
A client was having issues with PUPs...slow computer and sometimes stalling.
Ran scans, see below.

What do you think?  No Trojans or viruses picked up...just stuff from PUPs.  Do you see any vulnerabilities.

Ran SAS scan but he closed it without removing the cookies.  also ran AwdCleaner...but didn't have the report transfered to my computer...I can send it later if necessary.

Thanks,
Mags
Rkill--1.txt
Rkill--2.txt
RKreport-1--S-05092013-02d1006.txt
RKreport-2--D-05092013-02d1007.txt
RKreport-3--H-05092013-02d1009.txt
mbam-log-2013-05-09--10-30-05-.txt
HitmanPro-20130509-1320.log
RKreport-1--S-05092013-02d1433.txt
JRT.txt
SUPERAntiSpyware-Scan-Log---05-0.log
0
Comment
Question by:Mags
  • 6
  • 6
12 Comments
 
LVL 30

Accepted Solution

by:
Thomas Zucker-Scharff earned 2000 total points
ID: 39156412
Just looking at the roguekiller reports. I'm a little worried you may have removed something that windows will have a fit about.

This appears in one of the first reports:

[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND

But that is not a hijack it is the component that 64bit systems use to trick 32 bit programs into thinking they are running on a 32bit machine.  At least that is my recollection.

It looks like you got rid of extra BHOs, personally I think this machine needs a different browser - I never have trusted IE.  Have you tried running RevoUninstaller on it?  That should find an extraneous or left over bits and you can uninstall them.
0
 

Author Comment

by:Mags
ID: 39156556
Tzucker...I forgot to mention this....after roguekiller ran plus some other scans the system needed to run a repair...did a system restore.  Was this possibly due to what roguekiller removed?  Seemed to correct the issue.

I used revo to uninstall some programs but is there a way to use it to clean up leftovers if a program has been uninstalled with windows uninstaller?

Thanks for your assistance!  It is greatly appreciated.
0
 
LVL 30

Assisted Solution

by:Thomas Zucker-Scharff
Thomas Zucker-Scharff earned 2000 total points
ID: 39156598
Revo should search for leftovers.  (I think there is a search for extras button)  if you don't see that try Total Uninstaller.  It does sound like the repair was due to what RK removed.  A system restore should have restored the file that was deleted, although it also may have restored unwanted files as well.

If you are sure that the system is clean, make a backup, then run CCleaner.  CC is a powerful program and will clean up a lot, but beware because some virii will put files into the temp directory which CC deletes.  That is why you want to make sure the system is clean.  Also if the user uses the recent files option in MSOffice apps, be sure to uncheck those options, otherwise the recent files shortcuts will also be cleaned out.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 30

Expert Comment

by:Thomas Zucker-Scharff
ID: 39156620
Uninstallers that are portable applications (can run from a USB stick):

MyUninstaller
RevoUninstaller
UninstallTool

Also an important tool to use is Autoruns.
0
 

Author Comment

by:Mags
ID: 39157349
Thanks...I will check to see which other programs may have been undone by the System Restore.

I will double check Revo for removing other leftovers and run Autoruns.

tzucker How do I know if RogueKiller is wanting to remove or replace something it shouldn't?  I don't have the experience using it or all registry items that may be necessary not to screw something up...guidelines?  Thanks

I will do this tomorrow and get back with you.  Thanks to you both!
Mags
0
 
LVL 30

Expert Comment

by:Thomas Zucker-Scharff
ID: 39157578
it's a  hard call.   you have to be very careful.   generally you don't want to delete anything you don't know how it works.
0
 

Author Comment

by:Mags
ID: 39163367
Okay I had Revo do a clean up then ran CCleaner.  It would stop for a while on the Windows\system32\wbem\Logs\WMITracing.log.  I've never seen that before.  Any worries?
0
 

Author Comment

by:Mags
ID: 39163481
CCleaner has been resolved.
0
 
LVL 30

Expert Comment

by:Thomas Zucker-Scharff
ID: 39164942
Glad to hear.  I don't have any insight into the log problem.  If you run CCleaner again does it still get stuck (or are you too hesitant to try)?
0
 

Author Comment

by:Mags
ID: 39165813
Tom I ran CCleaner again after doing the above and it no longer lingers at the Windows\system32\wbem\Logs\WMITracing.log.  I think we got it...I will check with my client in a few days and see how everything is running.
0
 
LVL 30

Expert Comment

by:Thomas Zucker-Scharff
ID: 39166032
GREAT!
0
 

Author Closing Comment

by:Mags
ID: 39170314
I'm as sure as I can be at this time that the machine is clean.  I will post again if still having issues.
0

Featured Post

Prep for the ITIL® Foundation Certification Exam

December’s Course of the Month is now available! Enroll to learn ITIL® Foundation best practices for delivering IT services effectively and efficiently.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
Phishing emails are a popular malware delivery vehicle for attack.  While there are many ways for an attacker to increase the chances of success for their phishing emails, one of the most effective methods involves spoofing the message to appear to …
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Suggested Courses

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question