[Neilld]

Hey Jimmy

I just did a quick scan using AVG now (after I did the OTMoveIt command) and it's picking up the trojan PSW.OnlineGames.BDXC (and .BEER) in C:\System Volume Information\_restore{727AB5D6-B326-432F-AB38-9E2301D5887B} then \RP943\A0175050.exe, \RP943\A0175052.exe, \RP943\A0175054.exe for the .BDXC one and \RP953\A0185594.dll for the .BEER one

Here's also the OTMoveIt log following the last instructions


========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
C:\Documents and Settings\All Users.WINDOWS\Application Data\SecTaskMan\MreadfeB.dll.q_8046000_q moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\SecTaskMan\SystemHper.dll.q_804F000_q moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Neill\LOCALS~1\Temp\etilqs_Jng8FoDhO7fkCRYxJODH scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\ib2 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ib3 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ib4 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ib5 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ib6 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_4d4.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Neill\Local Settings\Application Data\Mozilla\Firefox\Profiles\u6yvctxw.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Neill\Local Settings\Application Data\Mozilla\Firefox\Profiles\u6yvctxw.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Neill\Local Settings\Application Data\Mozilla\Firefox\Profiles\u6yvctxw.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Neill\Local Settings\Application Data\Mozilla\Firefox\Profiles\u6yvctxw.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Neill\Local Settings\Application Data\Mozilla\Firefox\Profiles\u6yvctxw.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Neill\Local Settings\Application Data\Mozilla\Firefox\Profiles\u6yvctxw.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.5.0 log created on 10222008_094926

Files moved on Reboot...
File C:\DOCUME~1\Neill\LOCALS~1\Temp\etilqs_Jng8FoDhO7fkCRYxJODH not found!
File move failed. C:\WINDOWS\temp\ib2 scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\ib3 scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\ib4 scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\ib5 scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\ib6 scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_4d4.dat not found!
C:\Documents and Settings\Neill\Local Settings\Application Data\Mozilla\Firefox\Profiles\u6yvctxw.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Neill\Local Settings\Application Data\Mozilla\Firefox\Profiles\u6yvctxw.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Neill\Local Settings\Application Data\Mozilla\Firefox\Profiles\u6yvctxw.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Neill\Local Settings\Application Data\Mozilla\Firefox\Profiles\u6yvctxw.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Neill\Local Settings\Application Data\Mozilla\Firefox\Profiles\u6yvctxw.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Neill\Local Settings\Application Data\Mozilla\Firefox\Profiles\u6yvctxw.default\XUL.mfl moved successfully.

[Advertisements]

Hello Neilld,
Your logs look clean.
Just a few more things to do.

picking up the trojan PSW.OnlineGames.BDXC (and .BEER) in C:\System Volume Information\_restore

That's no problem, that is just the system restore. I will have you clear that out in a bit.





Please download OTCleanIt and save it to your Desktop.

• Double-click OTCleanIt.exe
  
• Click the CleanUp! button to begin removing tools used to clean your computer
  
• If you are prompted to Reboot during the cleanup, please select Yes

Please remove any leftover tools used to clean your computer as well.







Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Restart your computer.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
[/list]
System Restore will now be active again.

The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

1. Spywareguard: Is realtime protection from spyware.

2. Spywareblaster: Helps protect against any bad ActiveX from installing on your computer.

3. SuperAntiSpyware: Use this program to help remove any spyware that may have gotten on your computer.

4. FireFox: This is a great alternate browser over Internet Explorer. Firefox is much more secure then Internet Explorer and also has a bulilt in pop up blocker.

5. ATF Cleaner: This program cleans out your temporary files. This is a great tool that can help speed your computer up.

6. Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)

7. Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.


To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein

[Jimmy2012]

Hello Neilld,
Your logs look clean.
Just a few more things to do.

picking up the trojan PSW.OnlineGames.BDXC (and .BEER) in C:\System Volume Information\_restore

That's no problem, that is just the system restore. I will have you clear that out in a bit.





Please download OTCleanIt and save it to your Desktop.

• Double-click OTCleanIt.exe
  
• Click the CleanUp! button to begin removing tools used to clean your computer
  
• If you are prompted to Reboot during the cleanup, please select Yes

Please remove any leftover tools used to clean your computer as well.







Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Restart your computer.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
[/list]
System Restore will now be active again.

The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

1. Spywareguard: Is realtime protection from spyware.

2. Spywareblaster: Helps protect against any bad ActiveX from installing on your computer.

3. SuperAntiSpyware: Use this program to help remove any spyware that may have gotten on your computer.

4. FireFox: This is a great alternate browser over Internet Explorer. Firefox is much more secure then Internet Explorer and also has a bulilt in pop up blocker.

5. ATF Cleaner: This program cleans out your temporary files. This is a great tool that can help speed your computer up.

6. Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)

7. Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.


To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein

[Neilld]

Awesome news

So everything looks sweet at this end... Thank you ever so much for the help. Two big thumbs up from me

Anytime you need me to repay the favor just look me up

Neill

[Jimmy2012]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.