[Resolved] Trying to Restore, but not sure

[CooZooRoo]

I will do your instructions shortly.

FYI, a few days ago, I found a RECYCLER folder in my usb flash disk.
I had it 'force remove' already. It's gone.

[CooZooRoo]

The result of OTL Custom Scans/Fixes (with Run Fix) is in 09212010_131603.txt file.
After a reboot, I ran Quick Scan producing a OTL.txt log.

MBAM has completed the scan, and detected 0. And I attach the log too.

Thanks

[SafeSurf]

You should not use that flash drive on any machine again.

In addition, you should disable autorun.inf with something like Panda USB Vaccine - Antimalware and Vaccine for USB devices:
http://www.pandasecurity.com/homeusers/downloads/usbvaccine/.

It will ask you if you want to vaccinate your machine, which means disable autoruns.inf -- say "yes/OK."

Then it will ask you if you want to vaccinate a NEW flash drive (do not use the old/infected one) or all new ones inserted into your machine (in case you forget). 

It is a simple software to protect you and if you someday want to enable autorun.inf., all you have to do is unclick the box.

[CooZooRoo]

Hi SafeSurf,

Thanks for the info. I havent used that infected flash usb drive since.
Before performing the above scanning and fixing instructed by essexboy
I 'force' delete successfully the hidden virus file and the directory.
And there is only 2 Imation files inside the flash drive, like it was
before.

So do you think the flash drive is not clean still? If not, I could use
my second laptop, which has been reformatted since I upgraded the OS
to Win7 and has no other software yet, to format the flash drive. Then
for security, I could just reformat my 2nd laptop    Is this ok?

I am new at flash drive protection.

[SafeSurf]

Is there something you need to do with the flash drive prior to Essexboy returning?  If so, the Panda USB Vaccine will not erase anything on it, nor will it harm your machine, so it is safe to use.

If you feel more comfortable, you can certainly wait until Essexboy returns for his take on it since he has been involved in your malware removal.

[CooZooRoo]

@SafeSurf: currently I dont need to use the flash drive. And I will put
it aside until the main thing is solved and cleared   You brought in
a very important point and also the Panda USB Vaccine, this is clearly
what would be needed after everything is done. Thanks!

[essexboy]

Those logs looked good - so do we need to do any repairs ? 

How is your computer running now ?

[CooZooRoo]

Hi essexboy,

I think the computer runs very well now. THANK YOU!

The only repair needed is to have a few .exe files like Flash.exe to
be released from their virus chest jail. I cannot have any flash
file working without the main Flash.exe.  And those files are not yet
fixed/cured by the DrWeb CureIt since they were not scanned by it.

What would I do next?

[essexboy]

Uninstall flash using this tool http://kb2.adobe.com/cps/141/tn_14157.html

Then download and install a fresh copy - do not use the file in quarantine otherwise it will start all over again

Once done let me know of any further problems before I remove my tools

[CooZooRoo]

Ok
I got your point. And I am doing the uninstallation and will reinstall.
The flash.exe I meant is the Flash Maker software, not the player.
Along with flash, also Britanica 9.0 exe files that are quarantined.
Will do the uninstall as well

I will update after the reinstallation.

[CooZooRoo]

A question, I found 3 quarantined files that may be part of windows . Should I found
the replacement? or what should I do?

igfxtray.exe        -- C:\Windows\System32
SearchSettings.exe  -- C:\Program Files\Search Settings
realsched.exe       -- C:\Program Files\Common Files\Real\Update_OB

Thanks!

[essexboy]

The first is for the graphics tray - which as far as I know no-one ever uses, the other two are to do with real player so no need to replace them just empty your virus chest

Still working OK ?

[CooZooRoo]

Give me one more day to run everything before I conclude an 'ok'
So far things are good!

I will update.

[essexboy]

I will remove my tools now and give some recommendations, but I would like you to run for 24 hours or so and come back if you have any problems

 Now the best part of the day ----- Your log now appears clean  :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :Commands
  [resethosts]
  [purity]
  [emptytemp]
  [EMPTYFLASH]
  [Reboot]

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done

Run OTL and hit the cleanup button.  It will remove all the programmes we have used plus itself.  MBAM can be uninstalled via control panel add/remove along with ERUNT.  But they may be useful tools to keep

We will now confirm that your hidden files are set to that, as some of the tools I use will change that

• Click Start.
• Open My Computer.
• Select the Tools menu and click Folder Options.
• Select the View Tab.
• Under the Hidden files and folders heading select Do not show hidden files and folders.
  
• Click Yes to confirm.
• Click OK.

SPRING CLEAN
 
Download and run Puran Disc Defragmenter

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

• SpywareBlaster to help prevent spyware from installing in the first place.
  Malwarebytes.  Run weekly to keep your system clean
  

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

• Microsoft Windows Update
  

To learn more about how to protect yourself while on the internet read our little guide  How did I get infected in the first place ?
Keep safe  :wave:

[CooZooRoo]

It's done, and things are working in tune.

I appreciate the detailed efforts to fix and combat
my situation. Really this forum has great 'brains'
Thank you!!!

And for essexboy, thanks for reading the reports and
did analyze them, and lead me into very easy steps
to solutions. Thank you for the TIME given! 

Sincerely,
Ed