Worm infestation

[essexboy]

In that case methinks I will send you on your merry way

Subject to no further problems   

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems 

Now the best part of the day ----- Your log now appears clean  :thumbsup:

Delete AswMBR from the desktop

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset  System Restore points:

Remove ComboFix

• Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  
• In the Run box, type in ComboFix /Uninstall
   (Notice the space between the "x" and "/")
  then click OK
  
  
  
  
• Follow the prompts on the screen
• A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button.  It will remove all the programmes we have used plus itself. 

Clear Restore Points

Go Start > All Programmes > Accessories > System tools
Right click Disc Cleanup and select run as administrator
When it pops up at the first prompt select OK after it has done some calculations the tabs will appear
Select More Options tab
Press Sytem Restore and Shadow Copies Cleanup button



: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article and this article.
I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware



Malwarebytes.

Update and run weekly to keep your system clean


It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read our little guide  How did I get infected in the first place ?Keep safe  :wave:

[PatP3005]

Ah, would that I were gone. It appears that more damage was done. Probably beyond the scope of your services, but I did want to ask your help with part of it.

I had hired someone to do some upgrading of my computers over the summer and it appears that they used bootleg MS Win7 Ultimate OS software. I'm taking care of that (money, harm done, etc.), but in the meantime, I have to get the computers, licenses, etc. right. Not using them to fix it obviously. I'm not sure, but maybe in cleaning up the infection we also removed something that was hiding the fact that it was an illegal copy?

Now almost anything I try to do I'm being stopped by various error messages. My guess is part of the problem may be some essential files have been removed - whether Windows files or other program files. My plan now is to do clean installs on two machines (after all your hard work!) so I'm trying to gather as complete a listing as I can of files that were deleted.  So grateful I've been diligent about backups!

Will the Avast logs give me lists of all files that have been deleted? Could you tell me other log names if there are others I need to print out before I start doing the cleanup process you've laid out for me?

[essexboy]

The main problem file (I.e. infected) was user32.dll that was replaced with a good backup copy
The other deletions were just general adware and of no consequence


What are the error messages that you are getting ?

[PatP3005]

I can't exactly say the error messages. I've never seen them before, I haven't figured out how to capture them (snipping tool is disabled, print screen doesn't capture it, ??). Most I can't duplicate. But, for instance, when I tried to print, this is what happened twice: both monitors turn light blue, main monitor has two error/message boxes with two different messages. One says something about a required file being missing. The other said something about a tool being unavailable. The tool had something to do with printing, was a three word phrase, I'm pretty sure it started with 'interactive,' might have been interactive digital, but I don't remember. And as with most of them, it hasn't been back. I still can't print though. Tried re-installing drivers, no good. Odd though that if nothing of consequence was deleted in the cleanup, where did they go?

The whole thing has me a little weirded out. Some of what I'm seeing is sometimes just a flash of red here or there. ?? Maybe I'm just being paranoid. I'll be glad when it's cleaned up and I can move on.

[essexboy]

What printer are you using (make and model) and does this occur if you are in single monitor mode ?

[PatP3005]

I'm using a Brother HL-5370DW. I have it in single monitor now. Just attempted to print and it seems to be behaving the same as before. I select a pdf to print. The display shows a progress window as if it is going to print, but it stays at 0% progress. It's been at least 3-4 minutes now and it still hasn't timed out. Still hasn't printed either. Control Panel/Devices shows that the printer is Offline. I have rebooted several times, turned the printer on/off, the status lights show there is power to the printer, opening the Document Queue shows the docs waiting to be printed but the icons aren't right.

[essexboy]

When you installed the driver did you use the CD that came with the printer or did you download the latest set from here http://welcome.solutions.brother.com/bsc/public/us/us/en/dlf/download_index.html?reg=us&c=us&lang=en&prod=hl5370dw_us&dlid=&flang=English&os=93&type2=-1

Also did you fully uninstall the printer or just install over the top ?

[PatP3005]

Ok. Well the printing mystery has been resolved. Someone else had reinstalled the printer before so I re-did it myself so I could answer your questions. Yes, we downloaded from Brother's website and installed the full package. I uninstalled and reinstalled. The REAL problem however was this. There was no cable running from the printer to the computer. Right. Sorry. I'm quite embarrassed. It was being run wirelessly and no one had thought to take it all the way down to the wires. When I went to do just that, bam, no wires. I'm truly sorry, I hate to waste your time, but it really was a great laugh after a rather tough week.

With everything else being changed and done/undone, the wireless settings are gone. That doesn't explain the initial problem of the error messages, but that cause is long gone now. I have new Win7Pro discs being delivered tomorrow and an IT guy is scheduled to do clean installs for me tomorrow. Really hoping next week is a little more productive.

I can't thank you enough for all the help you've offered. You had mentioned that this machine had a variant you hadn't seen before? Before we wipe everything clean, is there anything else I can run or do that might be of help to you? Send you Disney tickets? LOL I'm just down the road from them.

[essexboy]

This was actually a new variation on an old programme, they have now learnt how to hide the main running elements.   But, now I know

Stuff like that happens, I tried to set up my wireless printer once without turning on the wireless card..  Now that was a fun few hours  

[PatP3005]

Haha! I'm sure it was. Well, I really will let you go now. You've been a tremendous help and I thank you again. Be well!