win32/Small.CA virus

Slartybart · 11 Feb 2013

Sorry to jump in, I know you've run AdwCleaner and RogueKiller. Each application has it's strengths.
Consider running the following malware scanners.

Run one at a time, reporting any findings and the resolution (quarantine, delete, ignore, unable), then run the next one, even if the previous one said it fixed it.

Good luck. I'll step out of the way and let Cottonball direct further actions.

Kaspersky: Anti-rootkit utility TDSSKiller
ESET: Online Scanner
Malwarebytes: Malwarebytes (Mbam)

Note

When installing Malwarebytes, do NOT elect the free trial of the full version; you only want the free version.

If the on demand scanners report clean, consider running an offline scanner

Microsoft Defender (WDO)
.

veegee · 11 Feb 2013

JRT Log report

Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.2 (02.02.2013:2)
OS: Windows 7 Home Premium x64
Ran by xxxxxx on 11/02/2013 at 20:12:27.07
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\main\\Start Page

~~~ Registry Keys

~~~ Files

~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\speedmaxpc"
Successfully deleted: [Folder] "C:\Users\xxxxxx\AppData\Roaming\drivercure"
Successfully deleted: [Folder] "C:\Users\xxxxxx\AppData\Roaming\speedmaxpc"
Successfully deleted: [Folder] "C:\Users\xxxxxx\appdata\locallow\datamngr"
Successfully deleted: [Folder] "C:\Users\xxxxxx\appdata\locallow\searchresultstb"

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11/02/2013 at 20:20:42.49
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Cottonball: Ran TFC file and removed 396 files

HALLELUJAH - that nemesis seems to be (dare I say) gone!! The action center doesn't say remove win32/Small.CA virus.

At this point can I confidently feel that my PC is infection free?

To deal with Google Chrome & win. firewall questions, guess I should post to a different category.
Thank you so very much for all your help - it was much appreciated. Will send you more kudos!

cottonball · 11 Feb 2013

As suggested by Slartybart , let's run the ESET Online Scanner

First, temporarily disable your Anti-Virus.
Info: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - BleepingComputer.com

If possible, use Internet Explorer for this scan.

Right-click on the IE icon in the Start Menu and select: Run as Administrator

Go here to run the Scan:
ESET Online Scanner

Accept the Terms of Use, then click on: Start
When prompted, allow the Add-On/Active X to install.

Under Scan Settings, make sure that the option Remove found threats is NOT checked, and the option Scan Archives is checked.

Click on Advanced Settings and select the following:
Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth Technology

Now, click on: Start
The virus signature database begins to download. (This make take some time.)

Next, the Online Scan begins automatically.
Please do not touch the Mouse or keyboard during the scan, otherwise it may stall.

When the scan completes, click: List Threats
Please copy and provide the informationpresented in your reply. (If no malware is found, a list is not presented.)
Click the Back button, and then click the Finish button.

Note: Make sure you re-enable your Anti-Virus!

cottonball · 11 Feb 2013

Please report whether ESET took care of the Action Center issue. If not...

Another option, offline (outside of the Windows Operating System):
Windows Defender Offline

Slartybart · 11 Feb 2013

Cotton, you can run ESET & Mbam with real time protection active.

WDO boots from CD, so it doesn't come into play.

Just thought I'd make note of that, otherwise... very informative post

cottonball · 11 Feb 2013

Slartybart,

...you can run ESET & Mbam with real time protection active

Seen it done both ways, and every now and then there is a glitch. Rather be safe than sorry...

Also, it may go faster.

veegee · 11 Feb 2013

Cottonball: After finishing my last post, I never realized that you had another post below.
Being as how after posting that JRT Removal Tool log, and then finding that Action Center was cleared of the removal of win32/small.ca virus entry, guess there is no need to do the Eset scan you recommended now, right? Thanks.

Slartybart: Thank you for offering to help and suggestions to try.
Incidentally for your information, your links to Anti-rootkit utility TDSSKILLER and Malwarebytes (MBAM) also Defender (WDO) - when clicked came up as "Address is Invalid".
Thanks.

cottonball · 12 Feb 2013

veegee,

If I understand you correctly, the win32/small.ca Action Center reminder was gone after you ran JRT?
If so, there must have been some remnant hanging on, and JRT got rid of it. Good job!

On ESET, it would be a good idea to run it, and then let us know what its results are in: List Threats

It is best to get another confirmation that there is nothing in the system to be concerned about. Scanners have different definitions they look for, so, what one does not pick up, another one may...

cottonball · 12 Feb 2013

@Slartybart,

A little editing will do the trick.

The links are like this:

[URL="http://[url]http://support.kaspersky.com/viruses/solutions?qid=208280684"]

Slartybart · 12 Feb 2013

veegee, great news, thanks for posting back

if you're satisfied that this issue is fixed, please mark the thread as solved. You might wait a day or two

Kudos!

Fixed the links in my post, sorry folks.
- that's what ya get when you try something new (post templates, then edit)