Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: How can I be sure if I am still infected with "Win32/Small.CA" virus".

05 Nov 2012   #31
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Download Security Check by screen317 from here http://screen317.spywareinfoforum.org/SecurityCheck.exe or here http://screen317.spywareinfoforum.org/
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt.
Please post the contents of that document.

Also,

Download CKScanner from here http://downloads.malwareremoval.com/CKScanner.exe
Save it to your desktop. <=== IMPORTANT
Doubleclick CKScanner.exe and click Search For Files.
After a very short time, when the cursor hourglass disappears, click Save List To File.
A message box will verify that the file is saved.
Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

Please post the .txt logs from both scanners.


My System SpecsSystem Spec
.
06 Nov 2012   #32
shiphen

Windows7 Pro x64
 
 

1. From my Home PC (Win 7 x64)
a) Checkup.txt

Results of screen317's Security Check version 0.99.54
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.1.1000
JavaFX 2.1.1
Java 7 Update 9
Adobe Flash Player 11.4.402.287
Adobe Reader X (10.1.4)
Mozilla Firefox (9.0.1)
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 5%
````````````````````End of Log``````````````````````


b) ckfiles.txt - looks suspiciously small (!)

CKScanner 2.1 - Additional Security Risks - These are not necessarily bad
scanner sequence 3.MN.11.SHAPAC
----- EOF -----
My System SpecsSystem Spec
06 Nov 2012   #33
shiphen

Windows7 Pro x64
 
 

2. From my WinXP Pro laptop

a) Checkup.txt

Results of screen317's Security Check version 0.99.54
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG Anti-Virus Business Edition 2012
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
SUPERAntiSpyware
Malwarebytes Anti-Malware version 1.65.1.1000
CCleaner
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 10.3.183.7 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (9.0.1)
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 18% Defragment your hard drive soon! (Do NOT defrag if SSD!)
[b][u]

b) ckfiles.txt

CKScanner 2.1 - Additional Security Risks - These are not necessarily bad
c:\program files\adobe\adobe dreamweaver cs5\configuration\taglibraries\html\keygen.vtm
scanner sequence 3.NA.11.DOAPNH
----- EOF -----
My System SpecsSystem Spec
.

06 Nov 2012   #34
Golden
Microsoft MVP

Windows 7 Ult. x64
 
 

The performance of the computers will improve once you defragment those disks, but wait until Jacee has helped you clean out the malware.

Be careful of that keygen on the XP laptop!
My System SpecsSystem Spec
06 Nov 2012   #35
vincenso

Windows 7 Home Premium 64bit
 
 

If I saw any sign of any virus I would immediately pick my Acronis CD, boot my PC from the CD and reinstall an image of the C: drive. An Acronis image of the C: drive is a single compressed file in .tib format.

You don't need to buy Acronis to create an image of C: or to reinstall the image whenever you want or to create a bootable Acronis CD. You can do all 3 tasks with the free trial version.

Therefore I don't understand why people are trying to solve virus problems. Instead trying to solve them you can just reinstall a C: image that you have created the first day you installed windows.

The result is very much like formatting your C: drive and then reinstalling windows and all the programs. However the difference is with Acronis it takes me only 2 minutes to do it for windows 7 using Acronis 2013.

Another big advantage of drive imaging is that you can use it as an optimization tool to create the perfect settings for every piece of software on your computer without any disadvantage of aging. The way you do this is to record changes that you make in various programs, such as windows, word, excel, photoshop. Just keep a simple list in notepad. Then when the list is long enough, go back to the first day of windows using Acronis and re-apply all the changes to the fresh windows and other programs and take another image. This way the windows in your image file will always be less than one day old.

Of course you need to keep all your documents and your firefox and thunderbird profiles in the D: drive and you can encrypt the D: drive if you want to protect your files and passwords against theft.
My System SpecsSystem Spec
06 Nov 2012   #36
Golden
Microsoft MVP

Windows 7 Ult. x64
 
 

@vincenso - go back and read post #8
My System SpecsSystem Spec
06 Nov 2012   #37
vincenso

Windows 7 Home Premium 64bit
 
 

Golden, I had a look at shiphen's message in #8 and I also ready DavidW7ncus' message in #6 where he suggests drive imaging.

I think the OP is doing something something wrong. Maybe he is not dividing his data from his C: drive or if he does, he is not going back to day 1 to take new c: backups.

From #8:
Quote   Quote: Originally Posted by shiphen View Post
My problem is that as I dont know when the infection happened, I am now unsure whether these backups have been infected.
That's why I suggested that the system image should be taken the first day windows was installed. If this is not the case then C: should be re-formatted and windows re-installed and all the programs installed and Acronis image taken. The free trial version is enough. It is a no brainer. It takes me 62 seconds to reinstall a C: image of windows 7 on a i5 computer with SSD.

As you can see, the method I'm suggesting would solve OP's problem. You should not take a backup of your system from time to time. The backup should be taken on day 1 of windows and any changes to the backup file should be done after you reinstall the backup and go back to day 1 thus keeping the backup always less than 1 day old.
My System SpecsSystem Spec
06 Nov 2012   #38
Golden
Microsoft MVP

Windows 7 Ult. x64
 
 

I agree about the imaging......Macrium is also popular here.

Unfortunately, however, it doesn't help the current situation. He is in good hands with Jacee - she knows her stuff, so hopefully he can get to a situation where he can have something reasonably clean to work from, rescue his data and then consider a clean install/imaging strategy if its warranted.
My System SpecsSystem Spec
06 Nov 2012   #39
vincenso

Windows 7 Home Premium 64bit
 
 

I'm new here. The above was my first message. Before I wrote in this topic I also read a topic by Layback Bear about zbot infection and I was also surprised by that topic as well because the OP seems to be experienced. My general feeling is that very few percentage of members do the drive imaging the correct way, by going back to day 1 and keeping your image file less than a day old. This anti-aging strategy is good for both security and performance.

I just wanted to share how I do drive imaging and when you do it that way there is never a need to fix anything.
My System SpecsSystem Spec
06 Nov 2012   #40
Golden
Microsoft MVP

Windows 7 Ult. x64
 
 

My System SpecsSystem Spec
Reply

 How can I be sure if I am still infected with "Win32/Small.CA" virus".




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Kyboard deos not respond to the keys: "e", "d", "c" and "3"
Example sentence: vrytim I prss ths kys, nothing happns. Now I'm writing with my on-sreen keyboard. I'm clueless when it comes to computer stuff. How do I fix this? Is this a software problem, or a hardware problem?Help is much appreciated!
Hardware & Devices
Changing the "minimize" "maximize" and "close" buttons of a theme
Ok so I'm using a custom visual style made by another user however I don't really like the buttons used that I mentioned above. The creator states it is acceptable to change the theme to however you like as long as you don't redistribute it anywhere. Ok so I opened up the .msstyles file (using...
Customization
BSOD every few hours: mostly "STOP: 0x00000F4", "c00021a" & "c0000135"
Hi everyone! Yesterday my HP laptop (Windows 7) started getting BSOD with various types of errors (mostly "STOP: 0x00000F4", "STOP: 0x0000007A", "c00021a" and one "missing %hs, c0000135"). Most of the time it restarts without any issues and works fine right after the BSOD and then an hour or two...
BSOD Help and Support
Need to add "TASKBARS" (MSese for "Launchpads", "Docks" NOT "Toolbars"
My office just upgraded, and I can no longer use Windows XP. On this system, I was able to add a separate taskbar to facilitate quick access to commonly-browsed folder locations on our vast network, and another one expedited the launching of useful programs and lists. Each task on each taskbar...
General Discussion
"application" can't be run in win32 mode"
I'm trying to run VIPRERESCUE to check for rootkit virus's, but when I dbl click on the application, I get a pop up saying "application can't be run in Win32 mode." I'm using a system that is loaded with the 64 bit version of Win 7 Home Premium. I have run this successfully in the past (don't...
Software
display settings only shows "Small" & "Medium"
My notebook is set to the recommended screen resolution, under display settings that allows you to change the text size indepdenent of the screen resolution, I was expecting to see 3 radio buttons (as per the windows 7 tutorial) but I can see only "Small" and "medium". I haven't played around with...
General Discussion


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 02:34.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App