Tech Support Forum - View Single Post

tetonbob · 03-06-2006, 10:53 PM

I'm not surprised this system is slow....you've been seriously infected, and it may just be too messed up to get back to what you may have been used to. We'll do our best.

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

When files found by other scanners are in the Recovery directory inside the Spybot-S&D directory, it is only a backup. It is no longer of any harm there, as the file won't be loaded from there. But once you are sure you don't need the backup, go to the Recovery section inside Spybot-S&D and purge the files.

------------------------------------------------------------------

Clear your IE cookies. Start>Settings>Control Panel>Internet Options>General tab>under Temporary files, click on Delete Cookies

------------------------------------------------------------------

I know you have Ewido already. Please update it's definitions, and run a scan where I have placed it in this fix.

You will need to update Ewido to the latest definition files.

On the left hand side of the main screen click update.
Then click on Start Update.

The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update Ewido
When you have finished updating, EXIT Ewido.

---------------------------------------------------------------

Run Cleanup! using the following configuration:

1. Click Options...
2. Set the slider to Standard CleanUp!
3. Uncheck the following:

Delete Newsgroup cache

Delete Newsgroup Subscriptions

Scan local drives for temporary files

4. Click OK
5. Press the CleanUp! button to start the program. Reboot/logoff when prompted.
* CleanUp! will not create any backups!!

---------------------------------------------------------------

Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Make sure to close any open browsers.

---------------------------------------------------------------

Run Ewido with it's updated definitions:(...it's important that all windows must be closed)

Click Scanner
Click Complete System Scan to begin scanning.
Click OK when prompted to clean files

With the first file it prompts to clean, select the option:

"Perform action on all infections"
Choose clean and click OK.

Once finished, click the Save report button & save the report to your desktop

** Ewido scan would require at least an hour.

---------------------------------------------------------------

Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading, select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Also make sure there is no checkmark beside Hide file extensions for known file types
* Click Yes to confirm and then click OK.

---------------------------------------------------------------

Delete the following Files/Folders if they exist:

C:\Documents and Settings\Andrew J Yu\Application Data\AlfaCleaner
C:\WINDOWS\system32\kernels8.exe
C:\WINDOWS\system32\sachostp.exe
C:\WINDOWS\system32\vxgamet4.exe7680.exe
C:\WINDOWS\system32\wininet.old
C:\Windows\System32\mswinb32.exe
C:\Windows\System32\mswinb32.dll
C:\Windows\System32\mswinf32.exe
C:\Windows\System32\mswinf32.dll
C:\Windows\System32\page.htm
C:\Windows\System32\oleext.dll

------------------------------------------------------------------

Run CleanUp once again, using the same settings as before.

------------------------------------------------------------------

Boot to normal mode now.

---------------------------------------------------------------

Run a new HijackThis scan. Save the log file and post it here.

---------------------------------------------------------------

Right click on this link http://www.greyknight17.com/spy/RegSrch.vbs and choose 'Save As'. Save it somewhere. Now run that program and do a search for these files (if more than one, make sure to search and save them separately):

alphacleaner
AlphaCleaner

Save the file/files and post the results in the forum.

------------------------------------------------------------------

That Kaspersky log looks like it's from the onboard AV program, not the online scanner.....is that the case?

------------------------------------------------------------------

Please return with logs from:

Ewido
HJT

03-06-2006, 10:53 PM	#8 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,228 OS: 2000 Pro; XP Pro; XP Home	I'm not surprised this system is slow....you've been seriously infected, and it may just be too messed up to get back to what you may have been used to. We'll do our best. Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below. When files found by other scanners are in the Recovery directory inside the Spybot-S&D directory, it is only a backup. It is no longer of any harm there, as the file won't be loaded from there. But once you are sure you don't need the backup, go to the Recovery section inside Spybot-S&D and purge the files. ------------------------------------------------------------------ Clear your IE cookies. Start>Settings>Control Panel>Internet Options>General tab>under Temporary files, click on Delete Cookies ------------------------------------------------------------------ I know you have Ewido already. Please update it's definitions, and run a scan where I have placed it in this fix. You will need to update Ewido to the latest definition files. On the left hand side of the main screen click update. Then click on Start Update. The update will start and a progress bar will show the updates being installed. If you are having problems with the updater, you can use this link to manually update Ewido When you have finished updating, EXIT Ewido. --------------------------------------------------------------- Run Cleanup! using the following configuration: 1. Click Options... 2. Set the slider to Standard CleanUp! 3. Uncheck the following: Delete Newsgroup cache Delete Newsgroup Subscriptions Scan local drives for temporary files 4. Click OK 5. Press the CleanUp! button to start the program. Reboot/logoff when prompted. * CleanUp! will not create any backups!! --------------------------------------------------------------- Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Make sure to close any open browsers. --------------------------------------------------------------- Run Ewido with it's updated definitions:(...it's important that all windows must be closed) Click Scanner Click Complete System Scan to begin scanning. Click OK when prompted to clean files With the first file it prompts to clean, select the option: "Perform action on all infections" Choose clean and click OK. Once finished, click the Save report button & save the report to your desktop ** Ewido scan would require at least an hour. --------------------------------------------------------------- Go to My Computer->Tools->Folder Options->View tab: * Under the Hidden files and folders heading, select Show hidden files and folders. * Uncheck the Hide protected operating system files (recommended) option. * Also make sure there is no checkmark beside Hide file extensions for known file types * Click Yes to confirm and then click OK. --------------------------------------------------------------- Delete the following Files/Folders if they exist: C:\Documents and Settings\Andrew J Yu\Application Data\AlfaCleaner C:\WINDOWS\system32\kernels8.exe C:\WINDOWS\system32\sachostp.exe C:\WINDOWS\system32\vxgamet4.exe7680.exe C:\WINDOWS\system32\wininet.old C:\Windows\System32\mswinb32.exe C:\Windows\System32\mswinb32.dll C:\Windows\System32\mswinf32.exe C:\Windows\System32\mswinf32.dll C:\Windows\System32\page.htm C:\Windows\System32\oleext.dll ------------------------------------------------------------------ Run CleanUp once again, using the same settings as before. ------------------------------------------------------------------ Boot to normal mode now. --------------------------------------------------------------- Run a new HijackThis scan. Save the log file and post it here. --------------------------------------------------------------- Right click on this link http://www.greyknight17.com/spy/RegSrch.vbs and choose 'Save As'. Save it somewhere. Now run that program and do a search for these files (if more than one, make sure to search and save them separately): alphacleaner AlphaCleaner Save the file/files and post the results in the forum. ------------------------------------------------------------------ That Kaspersky log looks like it's from the onboard AV program, not the online scanner.....is that the case? ------------------------------------------------------------------ Please return with logs from: Ewido HJT __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009