Support Forums

Support Forums > Categories > Virus Protection, Removals, and HJT Team > HJT Squad Forum > (Canned Speech) All Clean
Full Version: (Canned Speech) All Clean
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

--([-S7N-])--

10-19-2010, 03:17 AM
Remember, CS's are not static, they must be altered every use.

=================

I see no infections present in your log anymore. If you are not having any further problems, I declare you ALL CLEAN.

You have some important updates which need attention to prevent possible future infections.

Internet Explorer
Your current version of Internet Explorer is outdated and older versions contain vulnerabilities. Please download the latest version (V9.00) from HERE.

Service Pack
You currently have an outdated Service Pack. It is highly recommended you update to the latest Service Pack. This is an extremely important update which fixes several bugs and security issues that attackers exploit. Without it, I can almost guarantee that you will get infected again.
To download the latest Service Pack, please visit: Windows Update

The following procedure will implement some cleanup procedures. It will also reset your System Restore by flushing out previous restore points (which contain the infections) and create a new restore point.

Uninstall ComboFix:
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • [Image: CF-Uninstall.png]

CleanUp with OTL
  • Make sure you have an Internet Connection.
  • Double-click OTL.exe to run it. (Vista users, please right click on OTL.exe and select "Run as an Administrator")
  • Click on the CleanUp! button
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTL to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You should be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

Remove tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

Clear system restore points:

This is a good time to clear your existing system restore points and establish a new clean restore point:
  • Go to Start > All Programs > Accessories > System Tools > System Restore
  • Select Create a restore point, and Ok it.
  • Next, go to Start > Run and type in cleanmgr
  • choose your root drive (normally C: )
  • after it calculates how much space you will save it will open up a new window
  • Select the More options tab at the top of the window
  • Choose the option to clean up system restore and OK it.
  • go back to the disk clean up tab
  • put a checkmark in all - except compress old files (leave this unchecked)
  • click Ok then click yes
This will remove all restore points except the new one you just created and clean unneeded files

Make your Internet Explorer more secure:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialise and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    Next press the Apply button and then the OK to exit the Internet Properties page.

Turn On Automatic Updates:
  • Turn On Automatic Updates
    1. Click Start, click Run, type sysdm.cpl, and then press ENTER.
    2. Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them

    If you click this setting, click to select the day and time for scheduled updates to occur. You can schedule Automatic Updates for any time of day. Remember, your computer must be on at the scheduled time for updates to be installed. After you set this option, Windows recognizes when you are online and uses your Internet connection to find updates on the Windows Update Web site or on the Microsoft Update Web site that apply to your computer. Updates are downloaded automatically in the background, and you are not notified or interrupted during this process. An icon appears in the notification area of your taskbar when the updates are being downloaded. You can point to the icon to view the download status. To pause or to resume the download, right-click the icon, and then click Pause or Resume. When the download is completed, another message appears in the notification area so that you can review the updates that are scheduled for installation. If you choose not to install at that time, Windows starts the installation on your set schedule.

    or visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Antispyware programs:

I would recommend the download and installation of some or all of the following programs (all free), and the updating of them regularly:
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.

  • Spyware Blaster - By altering your registry, this program stops harmful sites from installing things like ActiveX Controls on your machines.

  • Malwarebytes' Anti-Malware - Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recommend keeping it and using often.

Please read this great article by miekiemoes How to prevent Malware
and this great article by Tony Klein So How Did I Get Infected In First Place

Best wishes!

Code:
I see no infections present in your log anymore. If you are not having any further problems, I declare you [color=#00BFFF][size=medium][b]ALL CLEAN[/b][/size][/color].

You have some important updates which need attention to prevent possible future infections.

[color=#00BFFF][b]Internet Explorer[/b][/color]
Your current version of Internet Explorer is outdated and older versions contain vulnerabilities. Please download the latest version (V8.00) from [url=http://www.microsoft.com/windows/internet-explorer/default.aspx]HERE.[/url]

[color=#00BFFF][b]Service Pack[/b][/color]
You currently have an outdated Service Pack. It is highly recommended you update to the latest Service Pack. This is an extremely important update which fixes several bugs and security issues that attackers exploit. Without it, I can almost guarantee that you will get infected again.
To download the latest Service Pack, please visit: [url=http://windowsupdate.microsoft.com/]Windows Update[/url]

[color=limegreen][i][b]The following procedure will implement some cleanup procedures. It will also reset your System Restore by flushing out previous restore points (which contain the infections) and create a new restore point.[/b][/i][/color]

[b][color=#00BFFF]Uninstall ComboFix:[/color][/b]

[list]
[*]push the "windows key" + "R" (between the "Ctrl" button and  "Alt" Button)
[*] please copy and past the following into the box [b]ComboFix /Uninstall[/b] and click [b]OK[/b].
[*] Note the [b]space[/b] between the [b]X[/b] and the [b]/Uninstall[/b], it needs to be there.
[*][img]http://i280.photobucket.com/albums/kk173/Dakeyras_album2/CF-Uninstall.png[/img]
[/list]

[color=#00BFFF][b]CleanUp with OTL[/b][/color]
[list]
[*]Make sure you have an Internet Connection.
[*]Double-click [b]OTL.exe[/b] to run it. (Vista users, please right click on [b]OTL.exe[/b] and select "Run as an [b]Administrator[/b]")
[*]Click on the [b]CleanUp![/b] button
[*]A list of tool components used in the Cleanup of malware will be downloaded.
[*]If your Firewall or Real Time protection attempts to block OTL to reach the Internet, please [b]allow the application to do so.[/b]
[*]Click [b]Yes[/b] to begin the Cleanup process and remove these components, including this application.
[*]You should be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose [b]Yes.[/b]
[/list]

[b][color=#00BFFF][u]Remove tools:[/u][/color][/b]

Please download [url=http://oldtimer.geekstogo.com/OTC.exe]OTCleanIt[/url] and save it to desktop.  This tool will remove all the tools we used to clean your pc.
[list]
[*]Double-click [b]OTCleanIt.exe[/b].
[*]Click the [b]CleanUp![/b] button.
[*]Select [b]Yes[/b] when the "Begin cleanup Process?" prompt appears.
[*]If you are prompted to Reboot during the cleanup, select [b]Yes[/b].
[*]The tool will delete itself once it finishes, if not delete it by yourself.
[/list]
[b]Note:[/b] If you receive a warning from your firewall or other security programs regarding [b]OTCleanIt[/b] attempting to contact the internet, please allow it to do so.

[color=#00BFFF][b][u]Clear system restore points: [/u][/b][/color]

This is a good time to clear your existing system restore points and establish a new clean restore point:
[list]
[*]Go to [b]Start > All Programs > Accessories > System Tools > System Restore[/b]
[*]Select [b]Create a restore point[/b], and Ok it.
[*]Next, go to [b]Start > Run[/b] and type in [b]cleanmgr[/b]
[*]choose your  root drive [b](normally C: )[/b]
[*] after it calculates how much space you will save it will open up a new window
[*]Select the [b]More options[/b] tab at the top of the window
[*]Choose the option to [b]clean up system restore[/b] and OK it.
[*] go back to the [b]disk clean up[/b] tab
[*] put a checkmark in all - except [b]compress old files[/b] (leave this unchecked)
[*] click [b]Ok[/b] then click [b]yes[/b]
[/list]
This will remove all restore points except the new one you just created and clean unneeded files

[color=#00BFFF][u][b]Make your Internet Explorer more secure:[/b][/u][/color]

[list][*]From within Internet Explorer click on the [b]Tools[/b] menu and then click on [b]Options[/b].
[*]Click once on the [b]Security[/b] tab
[*]Click once on the [b]Internet[/b] icon so it becomes highlighted.
[*]Click once on the [b]Custom Level[/b] button.
[*]Change the [b]Download signed ActiveX controls[/b] to [b]Prompt[/b]
[*]Change the [b]Download unsigned ActiveX controls[/b] to [b]Disable[/b]
[*]Change the [b]Initialise and script ActiveX controls not marked as safe[/b] to [b]Disable[/b]
[*]Change the [b]Installation of desktop items[/b] to [b]Prompt[/b]
[*]Change the [b]Launching programs and files in an IFRAME[/b] to [b]Prompt[/b]
[*]Change the [b]Navigate sub-frames across different domains[/b] to  [b]Prompt[/b]
[*]When all these settings have been made, click on the [b]OK[/b] button.
[*]If it prompts you as to whether or not you want to save the settings, press the [b]Yes[/b] button.
Next press the [b]Apply[/b] button and then the [b]OK[/b] to exit the Internet Properties page.
[/list]

[b][color=#00BFFF][u]Turn On  Automatic Updates:[/u][/color][/b]

[list]Turn On  Automatic Updates
1. Click [b]Start[/b], click [b]Run,[/b] type [b]sysdm.cpl[/b], and then press [b]ENTER[/b].
2. Click the [b]Automatic Updates[/b] tab, and then click to select one of the following options. We recommend that you select the[b] Automatic (recommended)[/b] Automatically download recommended updates for my computer and install them

If you click this setting, click to select the day and time for scheduled updates to occur. You can schedule Automatic Updates for any time of day. Remember, your computer must be on at the scheduled time for updates to be installed. After you set this option, Windows recognizes when you are online and uses your Internet connection to find updates on the Windows Update Web site or on the Microsoft Update Web site that apply to your computer. Updates are downloaded automatically in the background, and you are not notified or interrupted during this process. An icon appears in the notification area of your taskbar when the updates are being downloaded. You can point to the icon to view the download status. To pause or to resume the download, right-click the icon, and then click Pause or Resume. When the download is completed, another message appears in the notification area so that you can review the updates that are scheduled for installation. If you choose not to install at that time, Windows starts the installation on your set schedule.

or visit http://www.windowsupdate.com regularly.  This will ensure your computer has always the latest security updates available installed on your computer.  If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
[/list]

[B][COLOR=#00BFFF][u]Antispyware programs:[/u][/COLOR][/B]

I would recommend the download and installation of some or all of the following programs (all free), [b]and the updating of them regularly[/b]:

[list][*][b][url=http://www.winpatrol.com/]WinPatrol[/url][/b] As a robust security monitor, [b]WinPatrol[/b] will alert you to hijackings, malware attacks and critical changes made to your computer without your permission.  WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.

[*][url=http://www.javacoolsoftware.com/spywareblaster.html][b]Spyware Blaster[/b][/url] - By altering your registry, this program stops harmful sites from installing things like [url=http://www.webopedia.com/TERM/A/ActiveX_control.html]ActiveX Controls[/url] on your machines.

[*][url=ttp://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html][b]Malwarebytes' Anti-Malware[/b][/url] - Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recommend keeping it and using often.
[/list]

Please read this great article by miekiemoes [b][url=http://users.telenet.be/#00BFFFpatchy/miekiemoes/prevention.html][color=lightblue]How to prevent Malware[/color][/url][/b]
and this great article by Tony Klein [url=http://www.malwareremoval.com/forum/viewtopic.php?f=11&t=4959][color=lightblue][b]So How Did I Get Infected In First Place[/b][/color][/url]

Best wishes!
Support Forums > Categories > Virus Protection, Removals, and HJT Team > HJT Squad Forum > (Canned Speech) All Clean