Tech Support Forum - View Single Post

**amateur** · 06-26-2007, 03:08 PM

Hi,

The infections reported by Kaspersky are mostly in "E:\downloads\Finished Torrents\porn\othermovies" directory which indicates that you have been infected by the downloaded porn and other movies via torrents; most probably, the source of your problems.

I recommend that you remove BitGrabber via Add/Remove Programs in Control Panel. It's usually bundled with the malware.

You can go ahead and delete Deckard's System Scanner and Combofix from your desktop now, if you haven't already.

Using Windows Explorer (right click on Start, click on Explore), navigate to locate and delete the following folders:

E:\downloads\Finished Torrents\porn\othermovies\Programs ( If you have nothing you would like to keep, you can actually delete the whole downloads folder.
C:\Program Files\BitGrabber\ <== if you removed it.
C:\Deckard
C:\Qoobox
C:\Combofix
E:\Windows Reboot\SmitfraudFix.zip
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine<=== empty the contents of this folder, but not the folder itself.
D:\RECYCLER <===== empty the contents of this folder, but not the folder itself.

====================================

Since AVG Anti Spyware is a trial version, the realtime guard and automatic update will stop functioning after the trial period. That is why we are not installing the guard so it will not interfere with the cleanup or the malware removal process. You can use AVG-AS as an on-demand scanner (recommended) but you will have to manually update the definition file each time you scan.

Ccleaner is also a useful tool to keep for cleaning your cookies and temp files on a regular basis.

Create a new System Restore point to prevent reinfection from old restore points.

Go to Start>Run and type sysdm.cpl. Press Enter

Select the System Restore Tab
Place a check in "Turn off System Restore on all drives"
Click Apply
next, uncheck the same checkbox.
Click Apply
Click OK

You can also find instructions on how to disable and re enable system restore here:
Windows XP System Restore Guide

Enable Windows Auto Update

Go to Start>Run - type wuaucpl.cpl
tick on the checkbox - "Automatically download the updates, and install them on the schedule that I specify".
Click on "OK".

==================================================

A colleague of ours has excellent information and tips on the prevention of malware here and more on improving speed/system performance after malware removal here .

If you want to fight back the Malware Writers, please take a look here and read what you can do against it.

Happy Surfing!

06-26-2007, 03:08 PM	#11 (permalink)
amateur Moderator, Analyst, Security Team ; Rangemaster, TSF Academy Join Date: Jun 2006 Location: USA Posts: 7,302 OS: XP SP3	Re: Vundo virus and other popups Hi, The infections reported by Kaspersky are mostly in "E:\downloads\Finished Torrents\porn\othermovies" directory which indicates that you have been infected by the downloaded porn and other movies via torrents; most probably, the source of your problems. I recommend that you remove BitGrabber via Add/Remove Programs in Control Panel. It's usually bundled with the malware. You can go ahead and delete Deckard's System Scanner and Combofix from your desktop now, if you haven't already. Using Windows Explorer (right click on Start, click on Explore), navigate to locate and delete the following folders: E:\downloads\Finished Torrents\porn\othermovies\Programs ( If you have nothing you would like to keep, you can actually delete the whole downloads folder. C:\Program Files\BitGrabber\ <== if you removed it. C:\Deckard C:\Qoobox C:\Combofix E:\Windows Reboot\SmitfraudFix.zip C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine<=== empty the contents of this folder, but not the folder itself. D:\RECYCLER <===== empty the contents of this folder, but not the folder itself. ==================================== Since AVG Anti Spyware is a trial version, the realtime guard and automatic update will stop functioning after the trial period. That is why we are not installing the guard so it will not interfere with the cleanup or the malware removal process. You can use AVG-AS as an on-demand scanner (recommended) but you will have to manually update the definition file each time you scan. Ccleaner is also a useful tool to keep for cleaning your cookies and temp files on a regular basis. Create a new System Restore point to prevent reinfection from old restore points. Go to Start>Run and type sysdm.cpl. Press Enter Select the System Restore Tab Place a check in "Turn off System Restore on all drives" Click Apply next, uncheck the same checkbox. Click Apply Click OK You can also find instructions on how to disable and re enable system restore here: Windows XP System Restore Guide Enable Windows Auto Update Go to Start>Run - type wuaucpl.cpl tick on the checkbox - "Automatically download the updates, and install them on the schedule that I specify". Click on "OK". ================================================== A colleague of ours has excellent information and tips on the prevention of malware *here* and more on improving speed/system performance after malware removal *here* . If you want to fight back the Malware Writers, please take a look here and read what you can do against it. Happy Surfing! __________________ My services are free. However, you can donate to TSF to help keep it running. Member of ASAP since 2005 Member of UNITE since 2006