Solved: "Personal Guard 2009" infection, contiues still after Malwarebytes scan. - Page 2

Willison_b · 14-Nov-2009, 06:51 AM **#16**

Ok, i ran the OTM and AntiVir Guard came up a couple times as it was moving and said "A Virus or unwanted program was found!" i hit "Deny Access" and it continued threw the OTM process, here is a file that AntiVir Guard is alerting about.

C:\Program Files\Undisker\Undisker.exe and says TR/Agent.1990656.

I hope i didn't do something wrong here, but here is the OTM log.

All processes killed
========== FILES ==========
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\65GXONGP\load-full[1].exe moved successfully.
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\WJU5GRGD\Z[1].exe moved successfully.
File/Folder c:\windows\system32\SET240.tmp not found.
File/Folder c:\windows\system32\SET29C.tmp not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Administrator.SK
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Alan
->Temp folder emptied: 102839858 bytes
->Temporary Internet Files folder emptied: 644530 bytes
->Java cache emptied: 13846597 bytes
->FireFox cache emptied: 38876827 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: End-User

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 4760 bytes
->Temporary Internet Files folder emptied: 9339014 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1205958 bytes
%systemroot%\System32 .tmp files removed: 54289 bytes
Windows Temp folder emptied: 45289 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 75120 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 159.23 mb

OTM by OldTimer - Version 3.1.1.0 log created on 11142009_023745

Files moved on Reboot...

Registry entries deleted on Reboot...

muppy03 · 14-Nov-2009, 06:56 AM **#17**

No you did nothing wrong.

C:\Program Files\Undisker\Undisker.exe is not a threat, so that is ok.

Any other issues or problems? Let me know and if not we will clean up our mess.

Willison_b · 14-Nov-2009, 02:05 PM **#18**

Nope, i think that should about do it, looks like it's gone. Now hopefully the programs you gave me to install and those updates will keep me from getting it again.

Again i really appreciate what you have done, thank you. Let me know what you'd like me to do next.

muppy03 · 14-Nov-2009, 07:38 PM **#19**

All is looking good so If you are not having any further problems, I would suggest you proceed as follows.

MBAM and ATF are great tools for you to keep and use on a regular basis.

Remove Combofix

Click START then RUN
Now type Combofix /u in the runbox and click OK ( please note the space between Combofix and the /,it is needed)

The above procedure will reset your System Restore and clear out the backups and quarantines created during the course of this fix.

Let's clear out the programs we've been using to clean up your computer, they are not suitable for general malware removal and could cause damage if used inappropriately.

Double-click OTM.exe. (Vista users, please right click on OTM.exe and select "Run as an Administrator")
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.

Now that the infection is gone lets try to keep it that way by following the below recommendations.

Make your Internet Explorer more secure - This can be done by following these simple instructions:

From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
- Change the Download signed ActiveX controls to Prompt
- Change the Download unsigned ActiveX controls to Disable
- Change the Initialise and script ActiveX controls not marked as safe to Disable
- Change the Installation of desktop items to Prompt
- Change the Launching programs and files in an IFRAME to Prompt
- Change the Navigate sub-frames across different domains to Prompt
- When all these settings have been made, click on the OK button.
- If it prompts you as to whether or not you want to save the settings, press the Yes button.

Here are some free programs I recommend that could help you improve your computer's security.

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system. If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.

You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Install WinPatrol
Download it from here
Here you can find information about how WinPatrol works here

Install MVPS Hosts File from here
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
Find Tutorial here : http://www.mvps.org/winhelp2002/hosts.htm

Read some information here how to prevent Malware.

Please reply if you have any problems or questions

Happy Safe Surfing

Willison_b · 15-Nov-2009, 04:03 AM **#20**

Thank you, i've downloaded what you recommend. Should i still keep the program SecurityCheck.exe?

Also should i keep "Ad-aware" or just uninstall it and stick to "MBAM"?

muppy03 · 15-Nov-2009, 04:49 AM **#21**

Security Check can go. Ad-aware is up to you, depends how much you like it. You will find ATF will do most of what it does, and MBAM the rest. It is not conflicting with anything and does not take up much of the system resources so if you like it keep it.

Willison_b · 16-Nov-2009, 05:55 PM **#22**

I've just noticed that whenever i put a CD into my computer, it doesn't load it up, and it won't let me load it up manually through "my computer". It's just flashing contiually and won't let me open it, not even by pressing the "Eject button" under my computer. Any thoughts?

Thank you again.

muppy03 · 16-Nov-2009, 06:32 PM **#23**

Probably better asking the techies in the XP forum. Could be as simple as the CD drive has given up the ghost. The symptoms sound similar to when mine went. Ask in the XP forum first. You should get quick answers there, see what they suggest.

Willison_b · 17-Nov-2009, 04:04 PM **#24**

Alright will do, again thank you very much for everything!

muppy03 · 17-Nov-2009, 06:58 PM **#25**

No problems

Tag Cloud
access acer asus bios bsod computer crash desktop driver drivers error ethernet excel freeze gaming hard drive hardware hdmi internet laptop malware memory modem monitor motherboard network printer problem ram registry router security slow software sound toshiba trojan ubuntu 11.10 uninstall usb video virus vista wifi windows windows 7 windows 7 32 bit windows 7 64 bit windows xp wireless

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Search
Search for:

Find the solution to yourcomputer problem!

Find the solution to your
computer problem!