Tech Support Forum - View Single Post

KB. · 06-23-2009, 11:35 AM

Thanks for posting back.

We have a few things to do for the moment and I need some information to help me assist you.

uTorrent Questions
Did you remove uTorrent from the system? If you didn't, please do so now. If you did, please let me know.

Malwarebytes' Anti-Malware
Please download by clicking here:
http://www.besttechie.net/tools/mbam-setup.exe

Re-name the downloaded file Nailmalware
Once re-named, close all programs and Windows on your computer (including this one.)
Double-click on the icon on your desktop named Nailmalware.exe. This will start the installation of MBAM onto your computer.
When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure you leave both the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware checked. Then click on the Finish button.
MBAM will now automatically start and you will see a message stating that you should update the program before performing a scan. As MBAM will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main program.
On the Scanner tab, make sure the the Perform quick scan option is selected and then click on the Scan button to start scanning your computer.
MBAM will now start scanning your computer for malware. This process can take quite a while, so we suggest you go and do something else and periodically check on the status of the scan.
When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click Show Results.
:!: Make sure all entries have a Checkmark at their far left. If you do not, the program will have done nothing..
Click on the Remove Selected button to remove all the listed malware. MBAM will now delete all of the files and registry keys and add them to the programs' quarantine.
When MBAM has finished removing the malware, it will open the scan log and display it in Notepad. Review the log as desired, and then do a File, Save and then close the Notepad window. Remember where you saved the log file, as we will want to see it later. If MBAM suggests a reboot is necessary, be sure to do so. Otherwise there can be active infectors still on your system that would only be removed finally with the reboot sequence.

Run ComboFix
Let's re-run ComboFix as follows:

Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
Disable your Antivirus software. If it has Script Blocking features, please disable these as well.

Using your mouse, Highlight and then Right-click | Copy the entire contents of the Code box below, including blank lines:

Code:

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8085:TCP"=-

Open a new Notepad session (Do not use a Word Processor or WordPad). Click "Format" and be certain that Word Wrap is not enabled. Right-click | Paste the Code box contents from above into Notepad. Click File, Save as..., and set the location to your Desktop, and enter (including quotation marks) as the filename: "CFscript.txt" .

Using your mouse, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown:

A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Do not run ComboFix more than once

Re-activate your protection programs at this time

Post Back (copy/paste the .txt files, do not use attachments)
After following the above, post back with:

1. Contents of C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
2. Answer to uTorrent questions;
3. Contents of C:\ComboFix.txt;
4. System status...how is your system running now???

Good Luck

06-23-2009, 11:35 AM	#5 (permalink)
KB. Analyst, Security Team Join Date: May 2009 Posts: 39 OS: XP	Re: McAfee cannot delete trojan Thanks for posting back. We have a few things to do for the moment and I need some information to help me assist you. uTorrent Questions Did you remove uTorrent from the system? If you didn't, please do so now. If you did, please let me know. Malwarebytes' Anti-Malware Please download by clicking here: http://www.besttechie.net/tools/mbam-setup.exe Re-name the downloaded file Nailmalware Once re-named, close all programs and Windows on your computer (including this one.) Double-click on the icon on your desktop named Nailmalware.exe. This will start the installation of MBAM onto your computer. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure you leave both the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware checked. Then click on the Finish button. MBAM will now automatically start and you will see a message stating that you should update the program before performing a scan. As MBAM will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main program. On the Scanner tab, make sure the the Perform quick scan option is selected and then click on the Scan button to start scanning your computer. MBAM will now start scanning your computer for malware. This process can take quite a while, so we suggest you go and do something else and periodically check on the status of the scan. When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click Show Results. :!: Make sure all entries have a Checkmark at their far left. If you do not, the program will have done nothing.. Click on the Remove Selected button to remove all the listed malware. MBAM will now delete all of the files and registry keys and add them to the programs' quarantine. When MBAM has finished removing the malware, it will open the scan log and display it in Notepad. Review the log as desired, and then do a File, Save and then close the Notepad window. Remember where you saved the log file, as we will want to see it later. If MBAM suggests a reboot is necessary, be sure to do so. Otherwise there can be active infectors still on your system that would only be removed finally with the reboot sequence. Run ComboFix Let's re-run ComboFix as follows: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser. Disable your Antivirus software. If it has Script Blocking features, please disable these as well. Using your mouse, Highlight and then Right-click \| Copy the entire contents of the Code box below, including blank lines: Code: Registry:: [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "8085:TCP"=- Open a new Notepad session (Do not use a Word Processor or WordPad). Click "Format" and be certain that Word Wrap is not enabled. Right-click \| Paste the Code box contents from above into Notepad. Click File, Save as..., and set the location to your Desktop, and enter (including quotation marks) as the filename: "CFscript.txt" . Using your mouse, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown: A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes. A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work. A file will be created at => C:\Combofix.txt. I'll need to see that in your reply. Do not run ComboFix more than once Re-activate your protection programs at this time Post Back (copy/paste the .txt files, do not use attachments) After following the above, post back with: 1. Contents of *C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt* 2. Answer to uTorrent questions; 3. Contents of C:\ComboFix.txt; 4. System status...how is your system running now??? Good Luck __________________