I have had it with malware... Process Explorer Advise.

[ashdavid]

I am going to give Process Explorer a try and I just installed the OS so if I screw things up I can always just re-install. I have researched as much as anyone can and I confident that I can give it a go, but I need to ask if anyone have any good advise about what should a shouldn't be done?

I have come to the understanding that this program can completely rid your PC of malware if done correctly and I understand that there are difficult programs to kill that require a lot of work can require killing individual threads of stubborn malware that have hooks in programs that can't be simply deleted.

Anyway , anyone who has any experience with this your input would be invaluable. Cheers.

 

[evilfantasy]

Advice: use the tools designed to find and rid ALL traces of malware. Antivirus and antimalware scanners.

Process explorer is used to kill/stop stubborn processes. It is NOT antivirus or antimalware!!! Removing the process before trying to clean malware with other tools can in many cases just make it even harder to get rid of.

Sorry but there is no one click fix out there. If there was you wouldn't see malware removal forums with hundreds of posts requesting help.

 

[ashdavid]

Advice: use the tools designed to find and rid ALL traces of malware. Antivirus and antimalware scanners.

Process explorer is used to kill/stop stubborn processes. It is NOT antivirus or antimalware!!! Removing the process before trying to clean malware with other tools can in many cases just make it even harder to get rid of.

Sorry but there is no one click fix out there. If there was you wouldn't see malware removal forums with hundreds of posts requesting help.

That being the case, I have run the programs you and others so kindly helped me to use and I still have something that is attatched to a file that is affect the volume my computer. I cannot use Skype b/c of this and I need this to work. Maybe running combofix and posting the log could be helpfull? I don't know as I am only just learning. Cheers.

 

[evilfantasy]

You posted a couple of Hijackthis logs and wouldn't do any more of what I suggested. This could have been solved a few days ago.

Running the programs is good no doubt. But I/we need logs to see where the infections are. Without logs.............We are just killing time with conversation.

I will try once more.

Please download DrWeb CureIt & save it to your desktop.

Scan with DrWeb-CureIt as follows:

• Double-click on drweb-cureit.exe and then click Start.
• An Express Scan of your PC notice will appear.
• Under Start the Express Scan Now Click OK to start.
  • This is a short scan that will scan the files currently running in memory.
  • If or when something is found, click the Yes button when it asks you if you want to cure it.
• Once the short scan has finished, Click Options > Change settings
• Choose the Scan tab and UNcheck Heuristic analysis and click OK
• Back at the main window, select the Complete scan button.
• Then click the Green Arrow
  
  Start Scanning button on the right and the scan will start.
  • Click Yes to all if it asks if you want to cure/move any file(s).
• When the scan is done.
• In the Dr.Web CureIt menu on top left, click File and choose Save report list.
• Save the DrWeb.csv report to your Desktop.
• Exit Dr.Web Cureit.

• Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.

• After reboot, Right-click the Dr.Web log on the desktop and choose Open With > Notepad
• Copy and paste that log in the next reply

 

[ashdavid]

Will do thanks. I am at work right now but I hope to post later today.

I am just begining to learn how to read these log files, so I really do appreciate the help you and others are giving as I have learnt so much.

Cheers

 

[ashdavid]

BtW Evil, I did download those two programs and ran them like you suggested, I then posted the new HJthis log file which I did say in that other thread. But I am not here to argue with someone being so kind to give their time to help me out. So here is that last log you were looking for, and I don't have notepad so I saved it on word, is that ok?

Process.exe;C:\$Recycle.Bin\S-1-5-21-339807326-2168244874-4038777832-1000\$RK97O0R\apps;Tool.Prockill;;
Process.exe;C:\Documents and Settings\owner\Desktop\SDFix\apps;Tool.Prockill;;
Process.exe;C:\SDFix\apps;Tool.Prockill;;
Process.exe;C:\Users\owner\Desktop\SDFix\apps;Tool.Prockill;;
VBAOL11.CHM\html/olobjAddressEntries.htm;C:\Windows.old\Program Files\Microsoft Office\OFFICE11\1041\VBAOL11.CHM;ˆŸŽí - VBS.Petik;;
VBAOL11.CHM;C:\Windows.old\Program Files\Microsoft Office\OFFICE11\1041;ƒA[ƒJƒCƒu‚ÉŠ´õƒIƒuƒWƒFƒNƒg‚ªŠÜ‚Ü‚ê‚Ä‚¢‚Ü‚•;ˆÚ“B;

 

[evilfantasy]

What scan produced that?

 

[ashdavid]

DrWeb CureIt. I followed your directions, but please remember that I am on a Japanese OS which has quite a few differences to the English version. I will have another look.

 

[evilfantasy]

Everything there already quarantined.

I need you to do a scan with Kaspersky Online Scanner. It requires Internet Explorer. I have to have the FULL log from it.

Use the Kaspersky Online Scanner

• Click Accept.
• Answer Yes, when prompted to install an ActiveX component.

• The program will then begin downloading the latest definition files.
• Once the files have been downloaded click on NEXT
• Locate the Scan Settings button & configure to:
  • Scan using the following Anti-Virus database:
    • 
      [*]Extended
  • Scan Options:
    • 
      [*]Scan Archives
      [*]Scan Mail Bases
• Click OK & have it scan My Computer

When the scan is done, in the Scan is completewindow (below), any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.

To obtain the report:
Click on: Save Report As... (above - red blinking arrow)
Next, in the Save asprompt, Save in area, select: Desktop.
In the File name area, use KScan, or something similar.
In Save as type: click the drop arrow and select: Text file [*.txt]
Then, click: Save
Please attach the Kaspersky Online Scanner Reportin your next post.

---------------

Next post
Kaspersky log

 

[ashdavid]

I found this in Autorun, it looks suspicious to me, do you think I should disable it? I will give Kaspersky a go.

 

[ashdavid]

There is something seriously wrong here and I think I am barking up the wrong tree. Evilfantasy, I tried to get a log for you with your last suggestion ,but the scan won't complete and I am getting all kinds of errors comming up. It has only been up and running for a week so I am going check all conections on the hardware are secure and reinstall the OS. Thanks for your help.

 

[evilfantasy]

Sometimes that is the best/easiest solution.

Learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?

Here are some great FREE/Reliable tools to help keep the PC from getting infected.

Spybot Search & Destroy - A safe and effective spyware scanner.
* Official Spybot Tutorial
* Spybot FAQ

AVG Anti-Spyware Free Edition - Very reliable with a high detection rate.
* AVG Anti-Spyware User Manual

SpywareBlaster - Secure your Internet Explorer to make it harder for these ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* SpywareBlaster Tutorial

Comodo BOClean - Stops trojans and many more malicious attacks.

Use a Firewall - It can not be stressed enough how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over.
* Click here for a list of free firewalls.
* Why would I consider a third party firewall?

UPDATE UPDATE UPDATE!!! - If you do not have automatic updates enabled then visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer.
* Help with Windows updates

 

[ashdavid]

Thanks EvilFantasy.
If it would be ok, I would like to pick your brain and ask a few questions.

First, I was under the impression that you should not put more than one anti-virus program on the computer?

Is it better to go with an olmighty does everything anti-virus like Kaspersky ect,ect? I find these to slow the PC down considerably.

And lastly I just want to thank you again as your help has been invaluble. Cheers

 

[evilfantasy]

First, I was under the impression that you should not put more than one anti-virus program on the computer?

Only one AV is correct. Two will cause problems.

Is it better to go with an olmighty does everything anti-virus like Kaspersky ect,ect? I find these to slow the PC down considerably.

Security Suites can slow down a computer. I find it best to mix in different free products to cover all bases.

The mix I have on my main computer for real time protection is: (all free versions)

• AVG-Antivirus
• Comodo Firewall (I like the PC Tools Free firewall also)
• SpywareBlaster
• Comodo BOClean
• WinPatrol

And lastly I just want to thank you again as your help has been invaluble. Cheers

No problem, I enjoy learning as much as I can about malware removal. Helping people is challenging but very useful to help keep up with all of the new threats that spring up all of the time.

 

[ashdavid]

Only one AV is correct. Two will cause problems.

Security Suites can slow down a computer. I find it best to mix in different free products to cover all bases.

The mix I have on my main computer for real time protection is: (all free versions)

• AVG-Antivirus
• Comodo Firewall (I like the PC Tools Free firewall also)
• SpywareBlaster
• Comodo BOClean
• WinPatrol

No problem, I enjoy learning as much as I can about malware removal. Helping people is challenging but very useful to help keep up with all of the new threats that spring up all of the time.

You have all those and don't have any clashes? I just learnt something very valuable. I think I am going to use what you use this next time round. Again thanks for your help.

 

[evilfantasy]

You have all those and don't have any clashes? I just learnt something very valuable. I think I am going to use what you use this next time round. Again thanks for your help.

They all serve a completely different purpose and no, no clashes.

SpywareBlaster actually doesn't run at all unless it is being updated. It sets restrictions in the browser and thats it.