Task Manager query

[Firetastic]

Right have rebooted and am running another quick scan. Just got two more questions

1 Why did AVG not pick up on the Trojan Fake Alert?

2. Is it safe to delete the contents of the quarantine vault?

 

[dave.m]

1. either a) it was not a virus but malware which antivirus programs don't look for,
or b) AVG had not been updated with the latest version of virus definitions.

2. Because of the small risk of 'false positives' where a security program thinks that something it found is an item that should be removed but it turns out to be a genuine piece of software, it is usual for some programs to keep stuff it finds in quarantine until you discover whether your computer needs it or not. If it quarantines something, leave it there for a day or so to see that all else is functioning correctly, then you can clear out the quarantine folder.

dave

 

[Firetastic]

Thanks again Dave. I've purged the system restore and created a new restore point.

I am interested in computers but at the same time am terrified of them although not as bad as when I was eleven and I got my first Windows Pc. It was a Tiny with ME.

For weeks I was too scared to switch it on in case I broke it. Any friends that came round and used the computer I was watching them like a hawk.

Then I got the Internet and realised if I wanted to use it I would need to switch the computer on. And with the help of my now stepdad I became a more confident computer user

 

[Firetastic]

It seems there is still malware on my computer.

Heres the new log. I ran a full scan.

Malwarebytes' Anti-Malware 1.42
Database version: 3407
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18865

22/12/2009 13:33:13
mbam-log-2009-12-22 (13-33-13).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 317768
Time elapsed: 1 hour(s), 27 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\$Recycle.Bin\S-1-5-21-1220871702-929508847-3254620893-1000\$RACKJWL\USB Stick Information\iStar.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-1220871702-929508847-3254620893-1000\$RGBP27K\USB Stick Information\iStar.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-1220871702-929508847-3254620893-1000\$RJ1C3EE\USB Stick Information\iStar.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-1220871702-929508847-3254620893-1000\$RL3ZOND\NC HIGHER SOCIAL SCIENCES - NOTES\iStar.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-1220871702-929508847-3254620893-1000\$RLKMD9G\USB Stick Information\iStar.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-1220871702-929508847-3254620893-1000\$RRSKKG2\USB Stick Information\iStar.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-1220871702-929508847-3254620893-1000\$RRTMCEZ\USB Stick Information\iStar.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-1220871702-929508847-3254620893-1000\$RTPNQFR\USB Stick Information\iStar.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

 

[dave.m]

Empty the recycle bin.

Have you got Ccleaner installed? If not:
Download and install Ccleaner
When installing, watch out for the tick box that will install the Yahoo Toolbar if left ticked
Once installed, click Check For Updates (bottom right of the screen)

Ccleaner. Initial Setup and Operation.

After initial setup, all settings will be saved and only the Instructions In Bold Underline need be
carried out to run Ccleaner on a regular basis

Options -> Cookies
Transfer all the cookies that you recognise and use to the righthand column. (This only needs to be done
once OR prior to cleaning when you have visited new sites that may have lodged cookies for sign-in
purposes).

Options -> Settings
Tick -> Auto check for updates
Dot -> Normal File Deletion ( You can change this if you want to over write the deleted files for securer
deletion)

Options -> Advanced
Tick -> Only delete files in Temp. . . older that 48 hours.
Tick -> Show promt to backup.
Untick -> All other Options.

Tools -> Uninstaller
Handy for uninstalling and also if you have uninstalled using Add/Remove but the name remains in the list, click it in this list and click Delete Entry.

Tools -> Startup
Saves going into Start -> Run -> msconfig to disable programs from running at Startup and you can remove items from the startup list.

Cleaner -> Windows Tab
Tick IE to put a tick in all, then Untick Autocomplete form history
Tick Win Explorer to put a tick in all.
Tick System to put a tick in all, then Untick Clipboard, Start Menu Shortcuts & Desktop
Shortcuts.
Leave Advanced unticked.

Cleaner -> Application Tab
Tick All Boxes except Saved Form Information if there is a non-IE browser section.

Click Registry, Tick Registry Integrity to put a tick in all boxes in the list.


Operation

With all browsers shut down click Cleaner then Analyze.
When complete, click Run Cleaner, the Are You Sure screen will popup, click OK

Click Registry, then Scan For Issues
When complete, click Fix Selected Issues.
The offer to Backup will show, click Yes.
It will offer to save in My Documents, click Save.
Then click Fix All Selected Issues, OK.
Then Close.


Did you purge your system restore points? If not:
In Vista:
Follow these instructions.
Then set a new restore point by following these instructions


Then run a QUICK SCAN with MBAM not a full scan.

dave

 

[Firetastic]

This won't delete any of my folders such as My Documents or my photos will it? I do have backups. but just wondering

 

[dave.m]

No!

Ccleaner is a mild cleaner that removes all your temp files that accumulate when using your computer or browser, you don't need them.

Purging system restore just removes all the pictures of your system but does not effect your files and folders including the documents and pictures.

dave

 

[Firetastic]

Thanks I was just wary in case I run it and after it's finished I look at my Desktop and some of my folders have disappeared such as my college work folder. Have a backup of that. I wasn't sure what it meant by Normal File Deletion. I thought it deleted everything that wasn't there when the computer came out the factory.

 

[dave.m]

Just realised what you were worried about.

What it means is that it will delete any temp files by just deleting the 'string or path' that your computer uses to links to them and not by over-writing them.
It is the quick and simple method of file deletion on a PC.

dave

 

[Firetastic]

I just wanted to say thank you Dave. My computer is now clean again. Have been obssively scanning my computer there is no malware and so far there is none.

I just wanted to wish you a Merry Christmas and a Malware free New Year.

 

[dave.m]

Great to hear that!

Just keep your firewall, antivirus and antispyware upto date and running.

Remember to check Mbam for updates every couple of days, so that should you get another infection, it is tooled up ready to run. And run a quick scan every week to check if anything has got past your real-time security programs.

Ejoy the Holiday Season.

dave