AV Security Suite & other Malware Help

[ates]

Tom -

This file is NOT located in the System 32 folder. Having said that, I'm not sure what to do based on your instructions.

I tried to copy C:\qoobox\Quarantine\C\windows\system32\winsusrm.dll.vir but it would let me paste it into the System 32 folder per your instructions. What am I missing?

Thanks

[Jintan]

Probably a system protected file name. We can just use ComboFix, but keep it from doing more than returning the file.


Be sure to continue to temporarily disable any protective software when running the scan tools we use here.


Open notepad (go to Start, Run, type notepad and press Enter) and copy/paste the text in the codebox below into it:

Code:

DEQUARANTINE::
C:\qoobox\Quarantine\C\windows\system32\winsusrm.dll.vir
QUIT::

Save this to your desktop as CFScript.txt


You should now have both ComboFix and that CFScript.txt on the desktop. Just left click/hold on the CFScript.txt file, and drag it into ComboFix to start the scan.

ComboFix will run a brief limited scan, after which a log will pop up (also located at C:\DeQuarantine.txt). Post that back here please.

[ates]

Okay. Here you go, partner.

C:\qoobox\Quarantine\C\windows\system32\winsusrm.d ll.vir -> C:\windows\system32\winsusrm.dll ( 264 bytes )

[Jintan]

Okay, that put it back in the right place, with the right name. Any other problems we need to address, before we just do some final cleaning up steps here?

[ates]

Great. I think we are good. Let's put a bow on it with the last clean up steps. Many thanks.

[Jintan]

Just some final changes, then clean up what our work added there to complete our work.


You have an older and more vulnerable install of Adobe reader, so go here and download and click to install the latest version of Adobe Reader (version 9.3 as of the last check I did). I suggest you opt out of allowing it to install the McAfee scan it has pre-checked to download.


You also have a slightly older and more vulnerable Java version installed there, so need to update that.

If you click the Java icon in your Control Panel, under the Update tab is where you can have Java update itself. They have been offering installs of toolbars in their updates, so be sure to watch the updating, and pot out of that if you choose to.

------------

Then just remove what our work added there.


You can go ahead and delete the files/folders of the tools we used. To assist with some of that download OTC.exe by OldTimer to your desktop. This will help by automatically removing some of the tools we used.

Just click OTC.exe, then click CleanUp, and select Yes. When it finishes removing some of the tools and files we used there just agree to the reboot, and OTC should self-delete once the system has rebooted (if not just delete the OTC.exe file).

-------------------------

Then a good idea is to reset the System Restore. To do this, right-click My Computer and select Properties. Click the System Restore tab in the window that appears, and check the box that says "Turn off System Restore on all drives" and click Apply.

You will be asked if you are sure, click Yes. This will delete the restore points. Then click OK in the Properties window and reboot your computer.

When your desktop appears, right-click My Computer and select Properties once more. Uncheck the "Turn off System Restore..." box and click Apply. OK.



In addition, I like to recommend reviewing the information Here to make sure you stay malware free.

[ates]

Tom -

All completed! Many thanks for the expertise and helping hand. You made a difference!

Best,
Ates

[Jintan]