[nitingaur]

OTMoveIt2 Result
--------------------------------
Explorer killed successfully
C:\WINDOWS\system32\calc.exe moved successfully.
< HKEY_LOCAL_MACHINE\System\ControlSet001\Services\A ppMgSvc >
Registry key HKEY_LOCAL_MACHINE\System\ControlSet001\Services\A ppMgSvc\\ deleted successfully.
< EmptyTemp >
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09212008_224045

[evilfantasy]

That was the one that should have been the toughest to find/delete and causing the biggest problem.

• Click START then RUN
• Now type Combofix /u in the runbox
• Make sure there's a space between Combofix and /u
• Then hit Enter.

• The above procedure will:
• Delete the following:
• ComboFix and its associated files and folders.
• Reset the clock settings.
• Hide file extensions, if required.
• Hide System/Hidden files, if required.
• Set a new, clean Restore Point.

----------

Delete temporary files

Go to:

• Start
• Run
• type: CLEANMGR.EXE
• Press Enter.

When prompted select the C: drive and click OK.
Check the boxes for:

• Temporary Internet Files
• Downloaded Program Files
• Recycle Bin
• Temporary Files

Click OK or Enter

----------

Run this online scan. Requires Internet Explorer

Use the ESET Nod32 Online Scanner

1. Check the box next to YES, I accept the Terms of Use.
2. Click Start
3. When asked, allow the activex control to install
4. Click Start
5. Make sure that the option Remove found threats and the option Scan unwanted applications is check marked.
6. Click Scan
7. Wait for the scan to finish
8. Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
9. Add the C:\Program Files\EsetOnlineScanner\log.txt log into your next reply

[nitingaur]

ESET scanner log
--------------------------------
# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3460 (20080922)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=1be79f6f6ff07847a2e11814e2f1a48a
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-09-22 03:25:49
# local_time=2008-09-22 08:25:49 (-0800, Pacific Daylight Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=235367
# found=2
# scan_time=1609
C:\Keanetools\PREVXCSIBUS.EXE probably a variant of Win32/Genetik trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Common Files\Microsoft Shared\MSInfo\Bhsrv.msi probably a variant of Win32/Hupigon trojan (unable to clean - deleted) 00000000000000000000000000000000

[evilfantasy]

How is everything now?

[nitingaur]

Great!!! no more unwanted IEXPLORER.EXE
Thanks a lot for your lightening fast responses. But still wondering why my Norton antivirus was unable to catch that.

-Nitin

[evilfantasy]

Some malware is designed to install at the most opportine time, like during startup or shutdown when the AV is least likely to catch it.

1. Double click OTMoveIt2.exe to launch it.
Vista users right click and choose Run As Administrator
2. Click on the CleanUp! button.
3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access.
4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)

• When finished exit out of OTMoveIt2

----------

Set a New Restore Point to prevent possible reinfection from an old one
Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed.

• Go to Start > Programs > Accessories > System Tools and click System Restore
• Choose the radio button marked Create a Restore Point on the first screen then click Next Give the Restore Point a name then click Create.
• The new restore point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
• Next go to Start > Run and type Cleanmgr
• Click OK
• Click the More Options Tab.
• Click Clean Up in the System Restore section to remove all previous restore points except the newly created clean one.

You can find instructions on how to enable and re-enable system restore here:

Windows XP System Restore Guide or Windows Vista System Restore Guide

----------

Use the Secunia Software Inspector to check for out of date software.
Out of date software has security vulnerabilities that malware can exploit.

• Click Start Now
• Check the box next to Enable thorough system inspection.
• Click Start
• Allow the scan to finish and scroll down to see if any updates are needed.
• Update anything listed.

----------

Go to Microsoft Windows Update and get all critical updates.

----------

Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC.

Concerned about Browser Security? Consider using Mozilla Firefox 3.0.

To prevent unknown applications from being installed on your computer install WinPatrol 2008
* Using Winpatrol to protect your computer from malicious software

I would suggest using SiteAdvisor. SiteAdvisor rates sites on business practices and spam. Safety ratings from McAfee SiteAdvisor are based on automated safety tests of Web sites.

SpywareBlaster - Secure your Internet Explorer to make it harder for these ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Check out Keeping Yourself safe On The Web for tips and free tools to keep you safe in the future.

Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.

Use only trusted security software like the programs listed on this page. Trusted security tools & resources