Solved Help to make sure trojan virus is really gone

[hkfish]

Hi,
I got infected with the trojan downloader dofoil virus and removed it with malwarebytes. But I heard that they can leave other programs behind that do more damage so I'm not comfortable to leave it at that.
Also I was blocked by spamhaus and don't fancy being blocked again.
I understand there are other things I can check to make sure this virus hasn't left any friends behind, if someone can take me through some processes that would be excellent.
Karen

 

[cottonball]

hkfish,

:info: Please go to the Farbar Recovery Scan Tool Download
Select the 64-bit version.
Save it to your Desktop.
Double-click the downloaded file to run it.

When the tool opens click Yes to the disclaimer.

Press the Scan button.

FRST64 makes a log (FRST.txt) in the same directory from which the tool is run (Desktop).

Please provide the FRST.txt in your reply. <<---

The first time the tool is run, it also makes another log: Addition.txt
Also post the: Addition.txt in your reply. <<---


:info: Also download RogueKiller:
http://tigzy.geekstogo.com/roguekiller.php
Select the x64 version.
Click the applicable button to download.
Save to the Desktop.

Close all windows and browsers.
Right-click and select: Run as Administrator

At the program console, wait for the prescan to finish. (Under Status, it says: Prescan finished.)

Press: SCAN

When done, a report opens on the Desktop: RKreport.txt

Please provide the RKreport.txt (Mode: Scan) in your reply.

 

[hkfish]

Hi cottonball,
Here are the results attached. I hope it isn't serious..

 

[cottonball]

So far, so good.

Let's run an online scanner...
This may take a while, so run the following when you can be home...

This Scanner is implemented as an ActiveX control, so it is best run on Internet Explorer.
Right click the IE shortcut and select: Run as Administrator

Next, download: Free Online Virus Scanner | ESET

On the ESET website, click on: Run ESET Online Scanner
Click: Start

When asked, allow the add-on to be installed
Click: Start again

On the next prompt, Computer Scan Settings, check: Remove found threats
Next, click on: Advanced Settings

Make sure these options are checked:

• Scan for potentially unwanted applications
• Scan for potentially unsafe applications
• Enable Anti-Stealth Technology

Click: Scan

When the scan is completed, if threats are found, in the Scan Results prompt:

• Click on: List of threats found
• Click on: Export to text file
• Save to the Desktop and name it ESET Scan Results
• Click on: Back
• Place a check on: Uninstall application on close
• Click on: Finish, and close the program.

Please provide the ESET report in your reply to determine if any further action is necessary.

 

[hkfish]

Oh no soooo many viruses getting past all my virus checkers...

Those scanner tools are fantastic though aren't they? Now I know why I kept getting DHL emails popping up all the time - because I've got the DHL virus as well.

 

[cottonball]

These are 2 programs that get rid of Adware/Junkware and will help your cleanup effort:


:info: Please go to the AdwCleaner Download
Save to the Desktop.


Close all open programs.
To run the program, right-click AdwCleaner.exe and select: Run as Administrator


Click on Delete and confirm the prompt.


After the program finishes, the computer is restarted.

A text file report opens after the restart.

Please attach the content of the C:\AdwCleaner[S1].txt in your reply.



:info: Also use the Junkware Removal Tool Download
Save to the Desktop.

Make sure you temporarily disable your AntiVirus, Firewall, and any other AntiSpyware applications.
These programs may interfere with the running of JRT.
Info: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides


Right-click JRT.exe and select: Run as Administrator

The tool opens and starts scanning the system. Please be patient as this can take a while...


When done, a report, JRT.txt is saved on the Desktop.

Please post the contents of JRT.txt in your reply.


:info: Last, let’s check the Security status with the following...

Download Security Check:
http://screen317.spywareinfoforum.org/
Save to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside the black box.

When done, a Notepad report opens automatically, called: checkup.txt

Please post the checkup.txt in your reply.

(Please do not take any corrective actions!)

 

[hkfish]

done! Here are the 3 file attachments. The last check didn't run as my op sys isn't supported.

 

[VistaKing]

The Security Check should work on 32-bit and 64-bit Win7

 

[VistaKing]

Try running Security check in Safe Mode

Restart the PC while the PC is booting up tap on the F8 key on your Keyboard . You should get to the Advanced Boot Options screen . Inside there press the down arrow until you get to Safe Mode and press <enter> key . You will see a list of text scrolling down the screen . Login to your account and run Security Check again and save the file to the desktop then restart your PC to normal mode and upload the file .

 

[hkfish]

oops run as administrator - here it is

 

[VistaKing]

Update these programs

Java(TM) 6 Update 30 Java version out of Date!


Adobe Reader 10.1.7 Adobe Reader out of Date!


Updates :


Click here :ar: Adobe Reader 11.0.03

Click here :ar: Java 7 Update 21

 

[hkfish]

Hi VistaKing,
The java link didn't work but I searched google for the site direct. I hope that is ok.

 

[VistaKing]

Were you able to upgrade the Java software to Java 7 Update 21 ?

 

[hkfish]

yes thank you I did. I noticed my previous version of adobe had no new updates so they must have started a new program or something. Thanks for the heads up on the out of date programs..

 

[VistaKing]

No problem . Now we just wait and see what cottonball says to do

 

[cottonball]

hkfish,

:info: Please Verify Java Version
Uncheck any toolbar and/or software offered with the Java update.

The Java Quick Starter (JQS.exe) that comes along adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to:
Start > Control Panel > Java > Advanced > Miscellaneous
Uncheck the box for: Java Quick Starter
Click OK and restart your computer.

Next, please remove any old Java version and its remnants...
Download JavaRa:
http://download.thewebatom.net/4eeb2b43dbb4b/JavaRa-1.16-16-12-11.zip
Save to the Desktop and unzip it.

Right click on JavaRa.exe, and select: Run As Administrator
Choose the language of your choice and click: Select
Click: Remove Older Versions
Accept any prompts as they appear.



:info: Adobe - Adobe Reader download - All versions
After installing the latest Adobe Reader, uninstall all previous versions (if present).

Unless you want the program installed, uncheck the box: Also Download Adobe Photoshop® Album Starter Edition

Alternatively, you can uninstall Adobe Reader, and Download Foxit Reader 6.0.3.0524 - FileHippo.com
It is a smaller file to download and uses a lot less resources than Adobe Reader.

When installing FoxitReader, make sure to uncheck any pre-checked toolbar, or any other offer.



When done with the above, please update as to whether you are experiencing any malware problems.

 

[hkfish]

Thank you everyone who had input ridding me of viruses! You all did a fine job. I am not experiencing any malware problems so far and would be surprised if I did, as we did a pretty thorough job.

I hope if I get the professional version of Malwarebytes for extra real time protection along with Microsoft security essentials and Superantispyware hopefully that will do the majority of stuff.

Is there a good program to check that a file is clean before I download from the internet? I suspect I got the virus from a certain site but I'd love to be able to confirm this.

Many thanks
Karen

 

[cottonball]

hkfish,

Thanks for the kind words.

I hope if I get the professional version of Malwarebytes for extra real time protection along with Microsoft security essentials and Superantispyware hopefully that will do the majority of stuff.

It is best to have only 1 real time protection program running on your system.

...program to check that a file is clean before I download from the internet

What comes to mind is Web of Trust.
There are different versions depending on which browser is used.
For IE: WOT (Web of Trust) for Internet Explorer - CNET Download.com

Have a great week!!

 

[hkfish]

You too!!!!