I downloaded, installed, and updated malwarebytes. I turned off the system restore, then I ran a full malwarebytes scan. It found a bunch of malware, and I told it to delete all of this. Attached is the log file.
Feels like progress - THANKS! Is that the last step? Can I turn on my system restore, run a full Norton scan just to be sure, and if clean - declare victory?
If yes, then one last question. Any suggestions on how to proceed in scanning my peripheral devices to make sure they are not infected - i.e., WD Sync external hard drive, 3 flash drives, iPod, Sony Walkman MP3 player.
Now that your computer is cleaned out, you want to make sure that auto run is turned off in your Windows settings. Make sure Norton is fully updated, turn early load on, set heuristic detection to aggressive, and reboot to get the settings in place. Plug in your peripherals one at a time and run a custom scan on each one. If there are any issues, Norton should be able to handle it.
Then you will be good to go. Let us know if you have any issues with it.
I Noticed these entries and ones in the registry belonging to the Seneka Rootkit
c:\WINDOWS\SYSTEM32\DRIVERS\seneka.sys (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\SYSTEM32\DRIVERS\senekapqipxtny.sys (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\SYSTEM32\DRIVERS\senekatqvvdltf.sys (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\SYSTEM32\senekamuiyqogq.dat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\SYSTEM32\senekaqwykmtxa.dat (Trojan.Agent) -> Quarantined and deleted successfully.
Please Update Malwarebytes and Run a Full Scan again, Why?? With some of the Rootkits and like Vundo, Malwarebytes and Superantispyware say deleted but with another scan it is still there.
I did the Avenger scan for 2 different Rootkit names, Not Seneka, If it still shows up I will have to create a new script.
Gotcha. I'll update Malwarebytes and re-run. If that detects anything I'll delete it and forward the new log file. If it says my computer is clean, I'll follow Delphinium's instructions on scanning my peripherals. I'll use the flash disinfector if I have access issues with my peripherals.
Question - how do I turn off the auto run feature in Windows? I assume I should do this, so that any viruses on the peripherals don't have a chance to jump back to my computer when I plug them in. Makes sense, but I don't know how to turn off/on the auto run feature in Windows XP.
Open Windows Explorer by pressing the Windows + "e" key.
Right-click the desired CD-ROM and select Properties from the menu.
Select the AutoPlay tab.
Select each item from the pulldown list and for the Action to perform, select "Take no action" to disable autorun, or pick the apporpriate action to take if enabling autorun.