Boot time scan and Fun Web/ Fun Cards

[JENT1701]

Hey no problem.  Ahhhh. Yes, okay. I was kinda wondering how to get the program running. Probably won't get to it 'till later on in the day. She is out for a while. Thanks.

[essexboy]

Thanks for understanding 

[JENT1701]

Poop happens..   nobody's perfect

[JENT1701]

Hey there, sorry for the delay. Things have been a bit hairy especially with the holiday weekend. I had my friend run Combofix on her machine yesterday. Here are the results. Thanks.

[essexboy]

OK he did not want to go - so bigger hammer time

1. Please download The Avenger2 by Swandog46 to your Desktop.

• Right click on the Avenger.zip folder and select "Extract All..."
• Follow the prompts and extract the avenger folder to your desktop
  

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Begin copying here:

Drivers to delete:
krjb

Files to delete:
c:\windows\system32\drivers\egmenb.sys

Note: the above code was created specifically for this user.  If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, open the avenger folder and start The Avenger program by clicking on its icon.

• Right click on the window under Input script here:, and select Paste.
  
• You can also Paste the text copied to the clipboard into this window by pressing (Ctrl+V), or click on the third button under the menu to paste it from the clipboard.
  
• Click on Execute
  
• Answer "Yes" twice when prompted.
  

4. The Avenger will automatically do the following:

• It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete" or "Drivers to Disable", The Avenger will actually restart your system twice.)
  
• After the restart, it creates a log file that should open with the results of Avenger’s actions.  This log file will be located at  C:\avenger.txt
  
• The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
  

5. Please copy/paste the content of c:\avenger.txt into your reply along with a fresh OTL log .

[JENT1701]

Ok, I think I got that. So, after I do all that you want the log from Avenger 2 and you want me to run Old Time Scanner and send the log for that as well, correct?
Wow you guys have a trained eye for this stuff. I never would have guessed that there was still a problem. I tried looking up the file "c:\windows\system32\drivers\egmenb.sys" online just to find out more about it, but it only sent me back to this thread. What is it anyway?

[essexboy]

Yes if I could have the log - No idea what it is yet so lets see if Avast can tell us

The Avenger makes backups of all actions it takes, and saves those backups in the folder C:\Avenger (if C:\ is your system drive).
The backups are zipped and password-protected with password "infected", to prevent accidental reinfection when viewing backups of live malware.
The most recent backup is called "backup.zip", and the rest are named by date and time of creation.

Could you pass that zipped file to Avast please as malware - if you are not sure how to do this then let me know and I will walk you through it

[JENT1701]

One more question. I downloaded Avenger so that I can run through it with her on the phone. (obviously I won't be clicking on "Execute" as it only pertains to her machine) I noticed when the "input script here" box opens, there are 2 boxes to check.  Scan for rootkits and Automatically disable rootkits found.  Should I have her check those boxes?  Thanks.

[essexboy]

Either which - we definitely need the scan, but the disable key is problematic in it effectiveness 

[JENT1701]

Sorry for the delay in getting back, personal problems. I actually ran the program myself and from what I can see, it appears to have either fixed the problem, or it couldn't find it, if I am reading the log correctly.  I have attached the Avenger log and reran OTS and provided that log as well. Let me know where we stand with this. Thanks so much for your time, Jon.

[essexboy]

Looks good - the driver was deleted from the registry, but the file was gone

What problems remain ? 

[JENT1701]

I'm not quite sure what needs to be done, I thought I had performed all the software updates, but it was stated earlier:

When we are all done with the malware removal and then removing tools from the machine, we will need to update some software on the machine that is outdated as well, but we will instruct you how to do this and cannot do it now.

Otherwise it seems to be working great. 

[essexboy]

OK lets remove my rubbish then

Subject to no further problems  

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

 Now the best part of the day ----- Your log now appears clean  :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset  System Restore points:

Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

Code: [Select]

[Empty Temp Folders]
[EmptyFlash]
[ClearAllRestorePoints]
  

Click Start > Run  and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

Run OTS and hit the cleanup button.  It will remove all the programmes we have used plus itself.  

We will now confirm that your hidden files are set to that, as some of the tools I use will change that

• Click Start.
• Open My Computer.
• Select the Tools menu and click Folder Options.
• Select the View Tab.
• Under the Hidden files and folders heading select Do not show hidden files and folders.
  
• Click Yes to confirm.
• Click OK.

  Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:

• Go to[color="#FF0000"] this site[/color]  and click Do I have Java
  
• It will check your current version and then offer to update to the latest version

SPRING CLEAN
 
Download and run Puran Disc Defragmenter
For the first run I would recommend a boot defrag and disk check




Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
 
Malwarebytes.  Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

• Microsoft Windows Update
  

To learn more about how to protect yourself while on the internet read our little guide  How did I get infected in the first place ?
Keep safe  :wave:

[JENT1701]

That kept me busy today, but I did all that, plus I found a BIOS update and a few other downloads from Compaq I overlooked. Apparently that nasty little bug must have done something to the updating for Adobe and Java, because they were set to automatically update. I think it has been floating around for quite some time. Thank you so much for your help and for introducing me to some very interesting and educational tools. All is well now. Have a great day.   

[essexboy]

Glad to hear all is well