Solved: Kollah Spyware and other spyware - need help! - Page 2

Dimi73 · 04:46 AM

Hi Cybertech,

I just did the delete temp files.

I always do this everytime I browse and also delete all history.

What else shall I do? :-)

I ran once again my PCguard Antispyware and it found kollah again and quarantined it. I post below the report:

PCguard Anti-Spyware
Spyware Report (07/04/2009 03:45:55)
Scan Target Scanned Items Detected Spyware Items
Local Disk ( C: ) 90075 0
Cookies 0 0
Registry 33992 5
Memory 14 0
Total 124081 5

Spyware Type Item Action
Kollah Registry hkey_users \S-1-5-18\software\microsoft\windows\currentversion\explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} Quarantine
Kollah Registry hkey_users \S-1-5-18\software\microsoft\windows\currentversion\explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} Quarantine
Kollah Registry hkey_users \S-1-5-19\software\microsoft\windows nt\currentversion\network Quarantine
Kollah Registry hkey_users \S-1-5-20\software\microsoft\windows nt\currentversion\network Quarantine
Kollah Registry hkey_users \S-1-5-21-3179077046-3654154447-3232347922-1006\software\microsoft\windows nt\currentversion\network Quarantine

Also I wondered if you have a wireless router and have someone else who accesses the internet via that router can contaminate my PC? (I have a flatmate and I think her PC could be infected and then it would infect mine? Although we are not set up for our machines to communicate between each other (no network sharing)).

Hopefully we can resolve this 100%

thanks again for helping..

dimi

cybertech · 07-Apr-2009, 07:17 PM **#17**

Each of those Kollah Registry hkey_users \S-1-5-... represent different log-in profiles. You need to clean all of them not just your own.

How many people use this machine?

Dimi73 · 07:31 PM

Hi Cybertech,

I am the only user on this machine..

How do I clean these registry keys then?

Thanks

Dimi

:-)

cybertech · 07-Apr-2009, 07:36 PM **#19**

Restart in Safe Mode.

To boot up in Safe mode, continuously tap the F8 key while starting your computer.
You should see a black screen displaying the Windows Advanced Menu Options.
Using your keyboard's arrow keys, select Safe mode, then hit Enter.

Run Malwarebytes in safe mode.

Make sure PCguard Anti-Spyware is not running while in safe mode.

Dimi73 · 07-Apr-2009, 07:50 PM **#20**

Hi Cybertech,

To boot in safe mode do i tap f8 before typing my logging in password?

sorry.. i'am a bit daft here i know but i am unsure..

cybertech · 07-Apr-2009, 07:54 PM **#21**

You start tapping the F8 key while the machine is booting. If you wait for the log-on screen you have gone too far.

Dimi73 · 07-Apr-2009, 07:56 PM **#22**

ok off to do it now

cybertech · 07-Apr-2009, 07:59 PM **#23**

Dimi73 · 07-Apr-2009, 08:11 PM **#24**

Hi Cybertech,

I'm afraid I did not succeed :-(

I had the choice to enter into 3 devices: Maxtor something , my DVDRW or CDRW

Should it tell me safe mode?

I think I won't be able to do it today as it is quite late now, but please tell me and i will try tomorrow night..

dimi

Dimi73 · 08-Apr-2009, 03:13 AM **#25**

Hi Cybertech,

This morning when I woke up I had a light bulb moment: what if I keep pressing F8 once I have selected MAxtor which must be my c: drive?

I did that and it worked and i selected safe mode and did a quick scan with MBAM, here are the results below. Please note that when in safe mode I could log as myself or Administrator (for which I am not sure to know the password and also never use it)

Malwarebytes' Anti-Malware 1.35
Database version: 1942
Windows 5.1.2600 Service Pack 3

08/04/2009 07:04:54
mbam-log-2009-04-08 (07-04-54).txt

Scan type: Quick Scan
Objects scanned: 72090
Time elapsed: 12 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Please advise what I should do.

thanks (and sorry to be a bit dim when it comes to computers.. )

Dimi

cybertech · 08-Apr-2009, 09:30 PM **#26**

What do you want to do now?

Are you ready to reload the machine?

Dimi73 · 13-Apr-2009, 05:49 PM **#27**

Dear Cybertech,

Sorry for taking time to come back to you.. I was away for the easter weekend..

Hope you had a good weekend.

I am not sure what I should do now? :-S

Please let me know if I should run more scans.

Regards,

Dimi

cybertech · 13-Apr-2009, 06:34 PM **#28**

Are you still having problems?

Dimi73 · 14-Apr-2009, 04:40 PM **#29**

Hi Cybertech.

I am not having anymore problems but just wanted to make sure with you if there was any other actions to be taken to be 100% sure that my system is free of malware and that it is kept in optimal security to avoid being the target of Trojan / Spyware and ID theft in general..

Thanks to let me know and also if TSG accepts paypal for donations. :-)

Take care

dimi

cybertech · 14-Apr-2009, 06:38 PM **#30**

I am happy to hear you are not having problems.

You should remove all of the tools I requested you to download and/or folders associated with them now. It is pointless to keep these tools around as they are updated so frequently that the tools can be outdated within a few days, sometimes within just hours.

Start OTScanIt2
Click the CleanUp button
- OTScanIt2 will download a small file from the Internet. If a security program or firewall warns you of this allow it to download.
- OTScanIt2 will delete any tools downloaded and files/folders created and then ask you to reboot so it can remove itself.
Click Yes.

It's a good idea to Flush your System Restore after removing malware and create a new restore point.
Turn off system restore, restart the machine and then turn it back on: http://support.microsoft.com/kb/310405

Now you should Clean up your PC

Here are some additional links for you to check out to help you with your computer security.

How did I get infected in the first place.

Secunia software inspector & update checker

Good free tools and advice on how to tighten your security settings.

Security Help Tools

TSG does accept paypal donation. http://forums.techguy.org/payments.php#donatenow and thank you in advance for supporting the site.

You're welcome!

Tag Cloud
access acer asus bios bsod computer crash desktop driver drivers error ethernet excel freeze gaming hard drive hardware hdmi internet laptop malware memory modem monitor motherboard network printer problem ram registry router security slow software sound toshiba trojan ubuntu 11.10 uninstall usb video virus vista wifi windows windows 7 windows 7 32 bit windows 7 64 bit windows xp wireless

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Search
Search for:

Find the solution to yourcomputer problem!

Find the solution to your
computer problem!