Updated Virus Protection and removal

[shenvoid01]

I have always found the virus removal tips on this forum beyond helpful. However, I would like protect myself against the dangers of obsolescence in virus protection software. I still find the virus removal guide by Osiris useful. However, I was wondering if the guide has been updated. The one I have is from several years ago and I can no longer find it on Osiris' page probably due to me not being here in while. A little assistance please?
Thank you.

 

[Yami]

Google 'spyware asylum'. It's Osiris' Spyware Guide with a different name (and a kind of odd name at that, why would you offer asylum to spyware?)

 

[joelm3103]

You could of just given the link .
Spyware Asylum

 

[Yami]

CBA

 

[shenvoid01]

What about Macs? or other operating systems like ubuntu?

 

[Yami]

It's not really needed for Mac OS or Linux.

 

[KSoD]

It's not really needed for Mac OS or Linux.

That is not true. Come on you have been here long enough to hear us rant about how people on Linux or Apple PC's feel so secure when they really aren't.

The truth is that there is very few programs out there for these OS's. There is no programs like Malwarebytes or Combofix for the OS's to use to remove the infection. There are even fewer actual protection programs out there. I have heard McAfee and Norton have worked on an OS X version. I have heard AVG was even working on one as well for *NIX and OS X.

Yes they are needed no matter what OS your using. There is nothing 100% secure about ANY OS.

 

[shenvoid01]

Just finished a scan with combofix. There was a rootkit detected and appears to have been successfully removed at the expense of the registry. I get the following error message ILLEGAL ACTION ATTEMPTED ON A REGISTRY FILE THAT HAS BEEN MARKED FOR DELETION. I don't know if this is because combofix is still in operation or is this an error that can be fixed with a system restore.

 

[Slaymate]

In my experience it is best to disable system restore before you start the virus/spyware/malware removal procedure. If your computer is already infected then the odds are that one or more of your restore points are also infected. Disabling System restore will delete all of your existing Restore Points. Once the infection is removed you then turn it back on and create a new restore point that you know is good

 

[shenvoid01]

The problem with the registry appears to have been resolved with a simple reboot. These are the logs of the scans I have completed. The pc is working at its normal pace. I'll defrag the hd and create a system restore point. Thank you all.
Malwarebytes' Anti-Malware 1.46

Malwarebytes



Database version: 4052



Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18904



9/11/2010 6:27:59 PM

mbam-log-2010-09-11 (18-27-59).txt



Scan type: Quick scan

Objects scanned: 130057

Time elapsed: 4 minute(s), 29 second(s)



Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0



Memory Processes Infected:

(No malicious items detected)



Memory Modules Infected:

(No malicious items detected)



Registry Keys Infected:

(No malicious items detected)



Registry Values Infected:

(No malicious items detected)



Registry Data Items Infected:

(No malicious items detected)



Folders Infected:

(No malicious items detected)



Files Infected:

(No malicious items detected)

ComboFix 10-09-09.04 - DTX 09/10/2010 23:31:06.1.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3325.2203 [GMT -4:00]

Running from: c:\users\DTX\Downloads\ComboFix.exe

SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.



((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.



c:\programdata\Wyeke

c:\users\DTX\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.dll

c:\users\DTX\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.drv

c:\users\DTX\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.exe

c:\users\DTX\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.sys

c:\users\DTX\AppData\Roaming\Microsoft\Windows\Recent\CLSV.dll

c:\users\DTX\AppData\Roaming\Microsoft\Windows\Recent\CLSV.drv

c:\users\DTX\AppData\Roaming\Microsoft\Windows\Recent\CLSV.exe

c:\users\DTX\AppData\Roaming\Microsoft\Windows\Recent\CLSV.sys

c:\users\DTX\AppData\Roaming\Microsoft\Windows\Recent\CLSV.tmp

c:\users\DTX\AppData\Roaming\Microsoft\Windows\Recent\ddv.tmp

c:\users\DTX\AppData\Roaming\Microsoft\Windows\Recent\delfile.exe

c:\users\DTX\AppData\Roaming\Microsoft\Windows\Recent\delfile.sys

c:\users\DTX\AppData\Roaming\Microsoft\Windows\Recent\eb.dll

c:\users\DTX\AppData\Roaming\Microsoft\Windows\Recent\eb.drv

c:\users\DTX\AppData\Roaming\Microsoft\Windows\Recent\eb.exe

c:\users\DTX\AppData\Roaming\Microsoft\Windows\Recent\eb.tmp

c:\users\DTX\AppData\Roaming\Microsoft\Windows\Recent\energy.dll

c:\users\DTX\AppData\Roaming\Microsoft\Windows\Recent\exec.dll

c:\users\DTX\AppData\Roaming\Microsoft\Windows\Recent\exec.sys

c:\users\DTX\AppData\Roaming\Microsoft\Windows\Recent\exec.tmp

c:\users\DTX\AppData\Roaming\Microsoft\Windows\Recent\fix.exe

c:\users\DTX\AppData\Roaming\Microsoft\Windows\Recent\kernel32.dll

c:\users\DTX\AppData\Roaming\Microsoft\Windows\Recent\kernel32.drv

c:\users\DTX\AppData\Roaming\Microsoft\Windows\Recent\kernel32.tmp

c:\users\DTX\AppData\Roaming\Microsoft\Windows\Recent\pal.tmp

c:\users\DTX\AppData\Roaming\Microsoft\Windows\Recent\PE.dll

c:\users\DTX\AppData\Roaming\Microsoft\Windows\Recent\PE.exe

c:\users\DTX\AppData\Roaming\Microsoft\Windows\Recent\PE.sys

c:\users\DTX\AppData\Roaming\Microsoft\Windows\Recent\PE.tmp

c:\users\DTX\AppData\Roaming\Microsoft\Windows\Recent\ppal.exe

c:\users\DTX\AppData\Roaming\Microsoft\Windows\Recent\runddlkey.dll

c:\users\DTX\AppData\Roaming\Microsoft\Windows\Recent\runddlkey.tmp

c:\users\DTX\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.exe

c:\users\DTX\AppData\Roaming\Microsoft\Windows\Recent\sld.exe

c:\users\DTX\AppData\Roaming\Microsoft\Windows\Recent\sld.tmp

c:\users\DTX\AppData\Roaming\Microsoft\Windows\Recent\SM.dll

c:\users\DTX\AppData\Roaming\Microsoft\Windows\Recent\SM.tmp

c:\users\DTX\AppData\Roaming\Microsoft\Windows\Recent\snl2w.exe

c:\users\DTX\AppData\Roaming\Microsoft\Windows\Recent\tempdoc.tmp

c:\users\DTX\AppData\Roaming\Microsoft\Windows\Recent\tjd.dll

c:\users\DTX\AppData\Roaming\Microsoft\Windows\Recent\tjd.drv

c:\users\DTX\AppData\Roaming\Microsoft\Windows\Recent\tjd.tmp

c:\windows\system32\drivers\ozldt.sys



Infected copy of c:\windows\system32\drivers\nsiproxy.sys was found and disinfected

Restored copy from - Kitty ate it

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.



-------\Legacy_ozldt

-------\Service_ozldt





((((((((((((((((((((((((( Files Created from 2010-08-11 to 2010-09-11 )))))))))))))))))))))))))))))))

.



2010-09-11 02:37 . 2010-09-11 02:37 -------- d-----w- c:\program files\Trend Micro

2010-09-06 23:56 . 2010-09-06 23:56 -------- d-----w- c:\program files\QS

2010-09-03 13:10 . 2010-09-03 13:10 0 ----a-w- c:\windows\nsreg.dat

2010-08-23 22:21 . 2010-08-23 22:22 -------- d-----w- c:\program files\QuickTime

2010-08-13 00:39 . 2010-08-13 00:39 -------- d-----w- c:\users\DTX\AppData\Roaming\MP3SkypeRecorder

2010-08-13 00:39 . 2010-08-13 00:39 -------- d-----w- c:\users\DTX\AppData\Local\Alexander_Nikiforov

2010-08-13 00:37 . 2010-08-13 00:39 -------- d-----w- c:\program files\MP3 Skype Recorder



.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-11 03:03 . 2008-12-05 04:19 -------- d-----w- c:\programdata\McAfee

2010-09-11 02:19 . 2009-04-23 19:04 -------- d-----w- c:\programdata\Google Updater

2010-09-08 08:09 . 2008-11-22 20:51 -------- d-----w- c:\program files\Full Tilt Poker

2010-09-08 07:38 . 2009-06-03 19:38 -------- d-----w- c:\users\DTX\AppData\Roaming\Skype

2010-09-08 04:08 . 2009-06-03 19:39 -------- d-----w- c:\users\DTX\AppData\Roaming\skypePM

2010-09-07 23:17 . 2010-07-25 22:14 452104 ----a-w- c:\users\DTX\AppData\Roaming\Real\Update\setup3.12\setup.exe

2010-09-06 23:58 . 2008-11-22 21:35 -------- d-----w- c:\program files\PokerTracker 3

2010-09-01 22:08 . 2008-10-17 22:21 101968 ----a-w- c:\users\DTX\AppData\Local\GDIPFONTCACHEV1.DAT

2010-09-01 20:50 . 2009-06-16 19:17 -------- d-----w- c:\program files\AIM Toolbar

2010-09-01 20:49 . 2010-08-02 07:27 -------- d-----w- c:\program files\DAEMON Tools Toolbar

2010-09-01 20:47 . 2008-11-03 23:37 -------- d-----w- c:\programdata\Microsoft Help

2010-09-01 20:45 . 2009-11-13 01:32 -------- d---a-w- c:\program files\Cake Poker

2010-09-01 20:44 . 2006-11-02 12:37 -------- d-----w- c:\program files\MSBuild

2010-08-30 18:34 . 2010-09-04 08:12 1496064 ----a-w- c:\users\DTX\AppData\Roaming\Mozilla\Firefox\Profiles\nr50hvu5.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

2010-08-30 18:33 . 2010-09-04 08:12 43008 ----a-w- c:\users\DTX\AppData\Roaming\Mozilla\Firefox\Profiles\nr50hvu5.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll

2010-08-30 18:33 . 2010-09-04 08:12 338944 ----a-w- c:\users\DTX\AppData\Roaming\Mozilla\Firefox\Profiles\nr50hvu5.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll

2010-08-30 18:33 . 2010-09-04 08:12 346112 ----a-w- c:\users\DTX\AppData\Roaming\Mozilla\Firefox\Profiles\nr50hvu5.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll

2010-08-27 17:25 . 2010-05-06 21:24 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll

2010-08-27 17:25 . 2010-08-27 17:25 56765 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe

2010-08-27 17:25 . 2010-05-06 21:18 -------- d-----w- c:\programdata\DivX

2010-08-27 17:25 . 2008-11-06 04:33 -------- d-----w- c:\program files\DivX

2010-08-27 17:25 . 2010-08-27 17:25 56997 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe

2010-08-27 17:24 . 2010-08-27 17:24 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe

2010-08-27 17:24 . 2010-08-27 17:24 57691 ----a-w- c:\programdata\DivX\Player\Uninstaller.exe

2010-08-27 17:23 . 2010-08-27 17:23 54153 ----a-w- c:\programdata\DivX\DFXPlugin\Uninstaller.exe

2010-08-27 17:20 . 2010-08-27 17:25 185640 ----a-w- c:\programdata\DivX\Setup\finishPlugin.dll

2010-08-27 17:20 . 2010-08-27 17:20 144696 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe

2010-08-27 17:20 . 2010-05-06 21:24 1062184 ----a-w- c:\programdata\DivX\Setup\Resource.dll

2010-08-27 17:19 . 2010-05-06 21:24 850200 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe

2010-08-25 14:40 . 2009-10-06 20:15 -------- d-----w- c:\program files\TeamViewer

2010-08-25 14:39 . 2009-06-03 17:02 -------- d-----w- c:\program files\oDesk

2010-08-25 14:28 . 2009-10-25 02:54 -------- d-----w- c:\program files\CCleaner

2010-08-24 05:49 . 2008-11-06 00:05 -------- d-----w- c:\program files\BitTorrent

2010-08-24 02:54 . 2008-11-23 04:13 -------- d-----w- c:\users\DTX\AppData\Roaming\BitTorrent

2010-08-13 07:58 . 2010-01-25 07:58 -------- d-----w- c:\users\DTX\AppData\Roaming\vlc

2010-08-02 22:32 . 2009-04-15 19:42 -------- d-----w- c:\program files\Safari

2010-08-02 22:31 . 2010-08-02 22:31 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.33.17.8\SetupAdmin.exe

2010-08-02 21:40 . 2009-03-24 20:30 -------- d-----w- c:\users\DTX\AppData\Roaming\DAEMON Tools Lite

2010-08-02 07:27 . 2010-08-02 07:26 -------- d-----w- c:\program files\DAEMON Tools Lite

2010-08-02 07:26 . 2009-03-24 20:30 691696 ----a-w- c:\windows\system32\drivers\sptd.sys

2010-08-02 07:26 . 2009-03-24 20:35 -------- d-----w- c:\programdata\DAEMON Tools Lite

2010-07-20 04:29 . 2010-07-20 04:28 -------- d-----w- c:\program files\iTunes

2010-07-20 04:28 . 2010-07-20 04:28 -------- d-----w- c:\program files\iPod

2010-07-20 04:28 . 2008-12-04 01:02 -------- d-----w- c:\program files\Common Files\Apple

2010-07-20 04:24 . 2010-07-20 04:24 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.1.4\SetupAdmin.exe

2010-07-16 17:18 . 2009-06-03 19:38 -------- d-----r- c:\program files\Skype

2010-07-16 17:16 . 2010-07-16 17:16 -------- d-----w- c:\program files\Common Files\Skype

2010-07-16 17:16 . 2009-06-03 19:37 -------- d-----w- c:\programdata\Skype

2010-07-13 00:12 . 2010-07-13 00:12 71992 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe

2010-06-24 22:14 . 2010-05-11 22:12 439816 ----a-w- c:\users\DTX\AppData\Roaming\Real\Update\setup3.10\setup.exe

2010-06-24 15:45 . 2010-06-24 15:45 501936 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb5F.tmp.exe

2010-05-19 06:25 . 2010-05-19 06:25 73216 --sha-r- c:\windows\System32\msdxm4.dll

.