Author Topic: Viruses in system32 folder  (Read 50666 times)

0 Members and 1 Guest are viewing this topic.

mauserme

  • Guest
Re: Viruses in system32 folder
« Reply #60 on: April 17, 2007, 12:59:39 PM »
You're right Polonus.  If C:\WINDOWS\system32\clcl3.exe is still present it can be added to the user section of the chest and emailed to avast! before deletion.



EDIT:  BTW, just thought I should mention that clcl3.exe has not been shown as a start up in HijackThis since very early in this thread - it's 04 entry is gone as of page 2.  So even if the file is still present I don't think its been a factor in this for some time now.  That's why, if it is found, I think its removal need not be more complicated than simple deletion.
« Last Edit: April 17, 2007, 02:41:59 PM by mauserme »

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 33756
  • malware fighter
Re: Viruses in system32 folder
« Reply #61 on: April 17, 2007, 03:06:16 PM »
Hi mauserme,

Just came up in the line of thought, just watching this evolve. These kind of threads are instructive, as you will understand. Following what is happening in here is brushing up my anti malware lore. And hopefully I am not the only one... Just like to see another HJT file to see what we are at now with dd3.exe.

Thanx,

polonus
« Last Edit: April 17, 2007, 03:31:51 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Steven6767

  • Guest
Re: Viruses in system32 folder
« Reply #62 on: April 17, 2007, 08:36:54 PM »
Oh wait sorry it didn't say exactly as I said it, It says "Are you sure you want to delete all but most recent to the Restore Point?" So what does that mean exactly, like would it delete some of my programs or what?

Steven6767

  • Guest
Re: Viruses in system32 folder
« Reply #63 on: April 17, 2007, 08:39:49 PM »
Oh wait, im not using a program for clean up, im using Disk Cleanup in the system tools. I didn't get cleanup yet. I'm downloading now.

mauserme

  • Guest
Re: Viruses in system32 folder
« Reply #64 on: April 17, 2007, 08:45:52 PM »
Oh wait sorry it didn't say exactly as I said it, It says "Are you sure you want to delete all but most recent to the Restore Point?" So what does that mean exactly, like would it delete some of my programs or what?
Lot's to keep track of ...

Yes, you do want to delete all but the most recent restore point but make sure you first create a new, clean restore point as I outlined earlier.

This will not affect your programs at all.  The restore points are a collection of settings, drivers, etc that Windows creates from time to time (or you can create manually) so that you can roll back to a good configuration if you need to.  The problem is, the restore points sometimes include malware as did several of yours (look at your AVG AS log - they are the lines that start C:\System Volume Information\_restore ...).  By creating a new, clean point and deleting all the old ones we remove the possibility that you will roll back to a bad point at some time in the future.
« Last Edit: April 17, 2007, 08:48:15 PM by mauserme »

Steven6767

  • Guest
Re: Viruses in system32 folder
« Reply #65 on: April 18, 2007, 12:45:37 AM »
Ok, I did everything you asked, made a restore point, did cleanup and downloaded both of those porgrams, and clcl3.exe is still not present. Am I clean now?

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67199
Re: Viruses in system32 folder
« Reply #66 on: April 18, 2007, 12:53:32 AM »
Am I clean now?
Most probably.
Do you have some time for full computer on-line scanning?

Kaspersky
Trendmicro housecall
Ewido
F-Secure
Panda ActiveScan
BitDefender (free removal of the malware)
HitmanPro (new online scanner)

I suggest the first one...
« Last Edit: April 18, 2007, 02:52:30 AM by Tech »
The best things in life are free.

mauserme

  • Guest
Re: Viruses in system32 folder
« Reply #67 on: April 18, 2007, 02:36:15 AM »
Ok, I did everything you asked ...
But have you updated your Service Pack?

You were deeply infected and we just spent 4 days of dedicted work to get you to this point.  You really don't want to do this all again ...

Here's a link to SP1a

http://www.microsoft.com/windowsxp/downloads/updates/sp1/default.mspx

and SP2

http://www.microsoft.com/windowsxp/downloads/updates/sp1/default.mspx

Update the Service Pack and get all the security patches or we'll be spending a lot more time together   ;)


And Tech's suggestion is a good verification.

Steven6767

  • Guest
Re: Viruses in system32 folder
« Reply #68 on: April 18, 2007, 04:32:24 AM »
Haha yea, the sp's are free to update right?

Steven6767

  • Guest
Re: Viruses in system32 folder
« Reply #69 on: April 18, 2007, 04:38:54 AM »
I went to install the service pack 1a and it says my product key is invalid? I don't want to get to technical with this like call them up and everything to get a new product key. Is there any way to get a quick fix, without a valid key?

mauserme

  • Guest
Re: Viruses in system32 folder
« Reply #70 on: April 18, 2007, 04:39:32 AM »
Yep - they're free.

But before you do that, will you do me one favor?  I would like to check one more thing.

Please download VundoFix.exe to your desktop.

Double-click VundoFix.exe to run it.
When VundoFix re-opens, click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
 

 Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the
Scan for Vundo button." when VundoFix appears at reboot.

A log will be produced which you can post in your next response.

mauserme

  • Guest
Re: Viruses in system32 folder
« Reply #71 on: April 18, 2007, 04:41:20 AM »
I went to install the service pack 1a and it says my product key is invalid? I don't want to get to technical with this like call them up and everything to get a new product key. Is there any way to get a quick fix, without a valid key?
I don't know of a way around this.  If the key is valid contacting them shouldn't be a problem.  If not, well ....

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67199
Re: Viruses in system32 folder
« Reply #72 on: April 18, 2007, 04:42:41 AM »
Haha yea, the sp's are free to update right?
If your Windows copy is legit... yes you can apply them... without it, you won't be able...
The best things in life are free.

Steven6767

  • Guest
Re: Viruses in system32 folder
« Reply #73 on: April 18, 2007, 04:43:25 AM »
Ok, i'll do the vundofix in a second. I guess I could try to e-mail them, or I could just get SP2 from one of my friends.

Steven6767

  • Guest
Re: Viruses in system32 folder
« Reply #74 on: April 18, 2007, 04:45:25 AM »
Ill run VFix now and i'll be back on in a minute  ;D