SpyWare BeWare! ASAP
April 28, 2017, 05:08:12 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News:
 
   Home   Help Search Calendar Donations Login Register Chat  



Google It!
Pages: 1 [2]   Go Down
  Print  
Author Topic: Dell Laptop slow-IE very slow.  (Read 2002 times)
0 Members and 1 Guest are viewing this topic.
melboy
Moderator
Hero Member
*****
Offline Offline

Date Registered:April 02, 2009, 02:56:03 AM
Posts: 756



« Reply #15 on: July 18, 2013, 05:42:38 PM »

Your log now appears to be clean. Congratulations!

This is my general post for when your logs show no more signs of malware Wink - Please let me know if you still are having problems with your computer and what these problems are.


AdwCleaner

  • Double click AdwCleaner.exe to run it.
  • Click Uninstall.
  • Click Yes to the prompt.
  • AdwCleaner will close and uninstall itself
.
Note: If AdwCleaner prompts you an update is available, click Cancel and continue to uninstall.


Uninstall Combofix

We Need to Remove ComboFix

  • Please go to Start -> Run
  • Enter "ComboFix /uninstall" (without quotes). Note the space between "ComboFix" and "/uninstall", it needs to be there.

  • Press OK (Or hit enter).
  • Allow ComboFix to remove itself.
.


OTC by OldTimer

Download OTC by Old Timer and save it to your Desktop.

  • Double-click OTC.exe
  • Click the CleanUp! button
  • Select Yes when the Begin cleanup Process? Prompt appears
  • If you are prompted to Reboot during the cleanup, select Yes
  • The tool will delete itself once it finishes, if not delete it by yourself
.

======================================


ROOTKIT

Your computer had a ROOTKIT known as Win32.Sirefef 

A rootkit is a set of software tools intended for concealing running processes, files or system data from the operating system.
The rootkit gives an intruder remote backdoor access to your computer. This gives intruders complete control of your computer to log your keystrokes, steal personal & critical system information, and Download and Execute files
 
You are strongly advised to do the following:

If you do any banking or other financial transactions on the PC, or if it should contain any other sensitive information:

  • Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts. If you don't mind the hassle, change all your account numbers.
  • Change all your passwords (ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, online groups and forums and any other online activities you carry out which require a username and password).
.

From the scans we've run, your computer looks clean but there can be no guarantees. You may want to consider reinstalling the OS.

http://www.malwareremoval.com/forum/viewtopic.php?p=613737#p613737


======================================


General Security and Computer Health

Below are some steps to follow in order to dramatically lower the chances of reinfection. You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented.

  • Make sure that you keep your antivirus updated
    New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
    Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
    Uninstall Tools for Major Antivirus Products
  • Security Updates for Windows, Internet Explorer & Microsoft Office
    Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC.  Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.
    Note: The update process uses ActiveX, so you will need to use internet explorer for it and allow the ActiveX control to install.
  • Update Non-Microsoft Programs
    Microsoft isn't the only company whose products can contain security vulnerabilities.  To check whether other programs running on your PC are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month.
  • Make Internet Explorer More Secure
    Even if you do not use Internet Explorer as you Primary/Default browser it is important to keep it updated. Internet Explorer can be utilised by other programs and therefore must be kept updated to avoid exploitable vulnerabilities.
.

Recommended Programs

I would recommend the download and installation of some or all of the following programs (if not already present), and the updating of them on a regular basis.

  • WinPatrol
    As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission.  WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.  For more information, please visit HERE.
  • Malwarebytes' Anti-Malware
    As you already have Malwarebytes' Anti-Malware on board I would keep it regularly updated and run regular quick scans with it. Malwarebytes' Anti-Malware is an anti-malware application that can thoroughly remove even the most advanced malware. The Full version can be used as an addition to an anti-virus & includes a number of features, including a built in protection monitor that blocks malicious processes before they even start. It's IP Protection provides an additional layer of security for your computer, by preventing access to known malicious IP addresses and IP ranges. You can now trial the full versions features within the program. Click the Protection Tab to see.
  • Hosts File
    For added protection you may also like to add a host file.  A simple explanation of what a Hosts file does is HERE and for more information regarding host files read HERE.
.

Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs and other applications & programs up to date.

Also please read this great article by Gary R & Wingman Computer Security - a short guide to staying safer online

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Happy surfing and stay clean!




Logged

amjohns
Newbie
*
Offline Offline

Date Registered:June 27, 2008, 07:12:53 AM
Posts: 48


« Reply #16 on: July 19, 2013, 07:39:03 AM »

ok, great. I got all my passwords changed I could think of. Will change the rest as I find them but got the main financial ones.
Ran OTC and uninstalled Combofix.

How can I prevent getting a rootkit? Security Essentials does not seem to stop much of anything.

I ran kasperskys TDDSkiller several times a month but it never finds anything either.

I run Malwarebytes at least once a week. I feel like I am doing more than most people and still get hammered.

I will put win patrol on and i thought I had set up a hosts file already but will check it.

Is there anything I can run safely on the other PC's in my house to make sure the rootkit isn't getting passed around again?

Thanks for all the help!
Logged
amjohns
Newbie
*
Offline Offline

Date Registered:June 27, 2008, 07:12:53 AM
Posts: 48


« Reply #17 on: July 19, 2013, 07:53:03 AM »

I also read through article folowing the link on the rootkit name in your post. THere are still TONS of folders as described  in the reparse section:

Creates a folder in which to store other malware

Sirefef creates a special folder configured as a reparse point (a collection of user-defined data) in which to store additional malware components, as well as the original clean copy of the replaced driver.

The created folder uses the following format:

<system root>\$NtUninstallKB<number>$

where <number> is a randomly generated number.



SHould I delete these folders or are some of them valid windows update folders?
Note: The files stored under this folder are encrypted, and are not generally accessible.


 
Logged
melboy
Moderator
Hero Member
*****
Offline Offline

Date Registered:April 02, 2009, 02:56:03 AM
Posts: 756



« Reply #18 on: July 20, 2013, 05:35:03 AM »

Hi Smiley

SHould I delete these folders or are some of them valid windows update folders?

They're legit MS folders.

How can I prevent getting a rootkit?...

...I feel like I am doing more than most people and still get hammered.


There's lots of good advice in the topic I linked you to - Computer Security - a short guide to staying safer online

And this advice:
Update Non-Microsoft Programs
Microsoft isn't the only company whose products can contain security vulnerabilities.  To check whether other programs running on your PC are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month.


Update Java Runtime

You are using an old version of Java. Oracle's Java (Was Sun Java) is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system. The most current version of Oracle Java is:
Java Runtime Environment Version 7 Update 25.

  • Go to Oracle Java
  • Scroll down to where it says "Java Platform, Standard Edition. Java SE 7 Update 25"
  • Click the Download JRE button to the right.
  • Check the box to Accept License Agreement
  • In the list of files, Look to Windows x86 Offline & click on the link to the right which says "jre-7u25-windows-i586.exe" and save the downloaded file to your desktop.
  • Uninstall all old versions of Java via Start > Control Panel  > Add/Remove Programs:
    Quote
    Java 7 Update 21
    Java(TM) 6 Update 35
  • Install the new version by running the newly-downloaded file with the java icon which will be at your desktop, and follow the on-screen instructions.
  • Reboot your computer
.

Is there anything I can run safely on the other PC's in my house to make sure the rootkit isn't getting passed around again?

It's unlikely that you're machine being infected has affected the others, but you can scan them with Malwarebytes' Anti-malware. You're looking for detections named Rootkit.0Access.

There's also their Anti-rootkit scanner, but it is classed as BETA, so read the disclaimer first.

Of course, you can always ask here for help too, should anything be detected. Smiley
Logged

amjohns
Newbie
*
Offline Offline

Date Registered:June 27, 2008, 07:12:53 AM
Posts: 48


« Reply #19 on: July 23, 2013, 08:09:17 AM »

uninstalled jave 6 and 7, installed latest version and rebooted.
ran secunia with thorough system inspection checked-no problems found.

I run malwarebytes 2-3 times a month and it has never found anything. It didnt find this one either. Is it worth buying the pro version?

I downloaded the beta scanner listed, will just hang on to it for now...oh and I installed the hosts file listed.

I guess we are done at this point. Thanks for all the help. I will read through the security guide this week.

Andrew
Logged
Pages: 1 [2]   Go Up
  Print  
 
Jump to:  


Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2013, Simple Machines Valid XHTML 1.0! Valid CSS!