Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: How can I be sure if I am still infected with "Win32/Small.CA" virus".

13 Nov 2012   #51
shiphen

Windows7 Pro x64
 
 

Jacee - Help!

OK out of desperation I have now attemped to install the Microsoft patches. Windows did install some of them but keeps failing to install the last 7 patches.
What should I do now. But Jacee now seems to have gone cold... Can anyone else please help??


My System SpecsSystem Spec
.
13 Nov 2012   #52
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Oooo, sorry I'm late

If you're trying to install more than one or two patchs at a time ... don't. Just stick with a couple.

Tell what won't install and for which computer.
My System SpecsSystem Spec
13 Nov 2012   #53
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

On your WinXP ... Combofix was running from this location:
c:\documents and settings\alec\Desktop\ComboFix.exe
My System SpecsSystem Spec
.

13 Nov 2012   #54
shiphen

Windows7 Pro x64
 
 

Jacee - my saviour! Welcome back

On my Window 7 home PC the following wont install:
- Cumulative Security Update for Internet Explorer 9 for Windows 7 for x64-based Systems (KB2761451)
- Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2729452)
- Security Update for Windows 7 for x64-based Systems (KB2727528)
- Update for User-Mode Driver Framework version 1.11 for Windows 7 for x64-based Systems (KB2685813)
- Update for Windows 7 for x64-based Systems (KB2750841)
- Update for Windows 7 for x64-based Systems (KB2761217)
- Update for Windows 7 for x64-based Systems (KB2763523)

What should I do on my laptop? Should I run ComboFix again?

P.S. I seem to have deleted ComboFix.exe (I cant find on either machine) - should I download it again?

J
My System SpecsSystem Spec
14 Nov 2012   #55
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

No, don't download Combofix again.

This patch (KB2761451) is most likely the only one you need right now. Also read here: KB2761451 — Krebs on Security

What I DO want to see right now is a scan with ESET from both XP and Win7 computers. Instructions, once again:
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push
My System SpecsSystem Spec
14 Nov 2012   #56
shiphen

Windows7 Pro x64
 
 

I just panicked and re-ran Malwarebytes AntiMalware (Free) on My Windows 7 computer.

And it found something:
Item: C:\Users\Alec\AppData\Local\Google\Chrome\Application\21.0.1180.83\chrome_frame_helper.exe
Vendor: Trojan.Agent
Result: "Quarantined and deleted successfully."

YIKES!
And my WinXP laptop has got the same problem!
I just ran Malwarebytes on it

C:\Documents and Settings\alec\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.83\chrome_frame_helper.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Should I uninstall Google Chrome on both computers?

J

PS On my both my Win7 PC and my WinXP laptop it says: "No threats found" - (although I have to tell you that the WinXP scan too over 5 hours!)


PPS Please excuse me for jumping ahead but I need to push ahead as my livelihood cant wait.
So I have just run CCleaner and then SUPERAntiSpyware.
Bizarrely SuperAntiSpyware seems to have found a cookie (despite me asking it to delete cookies in all 3 of my browsers) called
> Adware.Tracking Cookie
> C:\Users\Alec\AppData\Roaming\Microsft\Windows\Cookies\5YC1YS3L.txt [/accounts.google.com]

Also it found:
> (x86) HKML\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EHSHELL.EXE
> (x86) HKML\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EHSHELL.EXE#Debugger

More news as I get it...
My System SpecsSystem Spec
14 Nov 2012   #57
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Yes, go ahead and uninstall Google Chrome. Once everything is cleaned up, you can reinstall it again. At that point you will want to set a Clean System Restore point!
My System SpecsSystem Spec
14 Nov 2012   #58
shiphen

Windows7 Pro x64
 
 

1. Okay I have uninstalled Google Chrome from all 3 PCs (Home -Win7, Work - Win7, and laptop).

2. I just ran SUPERantispyware all 3 computers. The others where clean but my Home PC found this:

>>>
SUPERAntiSpyware Scan Log
SUPERAntiSpyware | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!
Generated 11/14/2012 at 06:00 PM
Application Version : 5.6.1014
Core Rules Database Version : 9582
Trace Rules Database Version: 7394
Scan type : Complete Scan
Total Scan Time : 00:13:50
Operating System Information
Windows 7 Professional 64-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Administrator
Memory items scanned : 842
Memory threats detected : 0
Registry items scanned : 73123
Registry threats detected : 2
File items scanned : 84553
File threats detected : 0
Security.HiJack[ImageFileExecutionOptions]
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EHSHELL.EXE
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EHSHELL.EXE#Debugger
>>>

I asked it to (delete?) the items and have just rebooted it.
Unless you stop me I shall get it to run SUPERAntispyware.

Btw, please can you give my more instructions to do at once. Sorry but all this is simply taking too
long. e.g. please can you give me a number of scans to run in sequence or WHATEVER IT TAKES !
Which reminds me - do I need to change my windows password in case I had a trojan that could use the old one to get in???

Or so I need to cut my losses and format some or all of the disks of my PCs?
And if so how the heck can I make sure that my data is clean?

Many thanks

J
My System SpecsSystem Spec
14 Nov 2012   #59
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

I believe this is a false/positive on SAS's part ... These items have something to do with Log Me In. See this article: SAS False Positive with LogMeIn :: KW Support & Consulting LLC

Security.HiJack[ImageFileExecutionOptions]
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EHSHELL.EXE
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EHSHELL.EXE#Debugger

The only thing you haven't done for me is a scan and report from ESET!! I need to see this from both XP and Win7, before I have you set a clean restore point.
My System SpecsSystem Spec
14 Nov 2012   #60
shiphen

Windows7 Pro x64
 
 

Eset produced no errors on any of my computers. But I'll run it again just to make sure.

UPDATE: On my Home PC (Win7) I was getting an error saying "Can not get update. Is proxy configured?" I dont really understand proxy's... I am using an ordinary ADSL from home. I dont think I'm using a Proxy. But I turned off the VPN that I use to pick up work emails from msExchange, and it seemed to download the virus definitions no problem. Scan is now running...

Many thanks

J
My System SpecsSystem Spec
Reply

 How can I be sure if I am still infected with "Win32/Small.CA" virus".




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Kyboard deos not respond to the keys: "e", "d", "c" and "3"
Example sentence: vrytim I prss ths kys, nothing happns. Now I'm writing with my on-sreen keyboard. I'm clueless when it comes to computer stuff. How do I fix this? Is this a software problem, or a hardware problem?Help is much appreciated!
Hardware & Devices
Changing the "minimize" "maximize" and "close" buttons of a theme
Ok so I'm using a custom visual style made by another user however I don't really like the buttons used that I mentioned above. The creator states it is acceptable to change the theme to however you like as long as you don't redistribute it anywhere. Ok so I opened up the .msstyles file (using...
Customization
BSOD every few hours: mostly "STOP: 0x00000F4", "c00021a" & "c0000135"
Hi everyone! Yesterday my HP laptop (Windows 7) started getting BSOD with various types of errors (mostly "STOP: 0x00000F4", "STOP: 0x0000007A", "c00021a" and one "missing %hs, c0000135"). Most of the time it restarts without any issues and works fine right after the BSOD and then an hour or two...
BSOD Help and Support
Need to add "TASKBARS" (MSese for "Launchpads", "Docks" NOT "Toolbars"
My office just upgraded, and I can no longer use Windows XP. On this system, I was able to add a separate taskbar to facilitate quick access to commonly-browsed folder locations on our vast network, and another one expedited the launching of useful programs and lists. Each task on each taskbar...
General Discussion
"application" can't be run in win32 mode"
I'm trying to run VIPRERESCUE to check for rootkit virus's, but when I dbl click on the application, I get a pop up saying "application can't be run in Win32 mode." I'm using a system that is loaded with the 64 bit version of Win 7 Home Premium. I have run this successfully in the past (don't...
Software
display settings only shows "Small" & "Medium"
My notebook is set to the recommended screen resolution, under display settings that allows you to change the text size indepdenent of the screen resolution, I was expecting to see 3 radio buttons (as per the windows 7 tutorial) but I can see only "Small" and "medium". I haven't played around with...
General Discussion


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 17:20.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App