Solved

PUP infection

Posted on 2013-05-10
12
534 Views
Last Modified: 2013-11-22
A client was having issues with PUPs...slow computer and sometimes stalling.
Ran scans, see below.

What do you think?  No Trojans or viruses picked up...just stuff from PUPs.  Do you see any vulnerabilities.

Ran SAS scan but he closed it without removing the cookies.  also ran AwdCleaner...but didn't have the report transfered to my computer...I can send it later if necessary.

Thanks,
Mags
Rkill--1.txt
Rkill--2.txt
RKreport-1--S-05092013-02d1006.txt
RKreport-2--D-05092013-02d1007.txt
RKreport-3--H-05092013-02d1009.txt
mbam-log-2013-05-09--10-30-05-.txt
HitmanPro-20130509-1320.log
RKreport-1--S-05092013-02d1433.txt
JRT.txt
SUPERAntiSpyware-Scan-Log---05-0.log
0
Comment
Question by:MagsMcKinley14
  • 6
  • 6
12 Comments
 
LVL 26

Accepted Solution

by:
Thomas Zucker-Scharff earned 500 total points
ID: 39156412
Just looking at the roguekiller reports. I'm a little worried you may have removed something that windows will have a fit about.

This appears in one of the first reports:

[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND

But that is not a hijack it is the component that 64bit systems use to trick 32 bit programs into thinking they are running on a 32bit machine.  At least that is my recollection.

It looks like you got rid of extra BHOs, personally I think this machine needs a different browser - I never have trusted IE.  Have you tried running RevoUninstaller on it?  That should find an extraneous or left over bits and you can uninstall them.
0
 

Author Comment

by:MagsMcKinley14
ID: 39156556
Tzucker...I forgot to mention this....after roguekiller ran plus some other scans the system needed to run a repair...did a system restore.  Was this possibly due to what roguekiller removed?  Seemed to correct the issue.

I used revo to uninstall some programs but is there a way to use it to clean up leftovers if a program has been uninstalled with windows uninstaller?

Thanks for your assistance!  It is greatly appreciated.
0
 
LVL 26

Assisted Solution

by:Thomas Zucker-Scharff
Thomas Zucker-Scharff earned 500 total points
ID: 39156598
Revo should search for leftovers.  (I think there is a search for extras button)  if you don't see that try Total Uninstaller.  It does sound like the repair was due to what RK removed.  A system restore should have restored the file that was deleted, although it also may have restored unwanted files as well.

If you are sure that the system is clean, make a backup, then run CCleaner.  CC is a powerful program and will clean up a lot, but beware because some virii will put files into the temp directory which CC deletes.  That is why you want to make sure the system is clean.  Also if the user uses the recent files option in MSOffice apps, be sure to uncheck those options, otherwise the recent files shortcuts will also be cleaned out.
0
Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

 
LVL 26

Expert Comment

by:Thomas Zucker-Scharff
ID: 39156620
Uninstallers that are portable applications (can run from a USB stick):

MyUninstaller
RevoUninstaller
UninstallTool

Also an important tool to use is Autoruns.
0
 

Author Comment

by:MagsMcKinley14
ID: 39157349
Thanks...I will check to see which other programs may have been undone by the System Restore.

I will double check Revo for removing other leftovers and run Autoruns.

tzucker How do I know if RogueKiller is wanting to remove or replace something it shouldn't?  I don't have the experience using it or all registry items that may be necessary not to screw something up...guidelines?  Thanks

I will do this tomorrow and get back with you.  Thanks to you both!
Mags
0
 
LVL 26

Expert Comment

by:Thomas Zucker-Scharff
ID: 39157578
it's a  hard call.   you have to be very careful.   generally you don't want to delete anything you don't know how it works.
0
 

Author Comment

by:MagsMcKinley14
ID: 39163367
Okay I had Revo do a clean up then ran CCleaner.  It would stop for a while on the Windows\system32\wbem\Logs\WMITracing.log.  I've never seen that before.  Any worries?
0
 

Author Comment

by:MagsMcKinley14
ID: 39163481
CCleaner has been resolved.
0
 
LVL 26

Expert Comment

by:Thomas Zucker-Scharff
ID: 39164942
Glad to hear.  I don't have any insight into the log problem.  If you run CCleaner again does it still get stuck (or are you too hesitant to try)?
0
 

Author Comment

by:MagsMcKinley14
ID: 39165813
Tom I ran CCleaner again after doing the above and it no longer lingers at the Windows\system32\wbem\Logs\WMITracing.log.  I think we got it...I will check with my client in a few days and see how everything is running.
0
 
LVL 26

Expert Comment

by:Thomas Zucker-Scharff
ID: 39166032
GREAT!
0
 

Author Closing Comment

by:MagsMcKinley14
ID: 39170314
I'm as sure as I can be at this time that the machine is clean.  I will post again if still having issues.
0

Featured Post

Live: Real-Time Solutions, Start Here

Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
A brand new malware strain was recently discovered by security researchers at Palo Alto Networks dubbed “AceDeceiver.” This new strain of iOS malware can successfully infect non-jailbroken devices and jailbroken devices alike.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now