Is my pc safe yet?

I’m looking for a little advice on what to check on my PC to be sure its now safe. I recently had a few viruses and think I have them cleaned up now.

I was using Panda security for the last 4 years or so and never had a problem. I believe I let the subscription lapse and that’s where my issues started.

This is what I’ve done so far to correct my issues-

Uninstalled Panda security
Installed Avast Antivirus
Installed Comodo Firewall
Installed Ad-Aware
Installed Malwarebytes

Avast found Win32:Trojan-gen, Win32:FakeAlert-AFQ [Trj] and LNK:Lnkbaddst-S [Trj]
Avast boot time scan found PUP:Win32:PUP-gen [PUP]
Malwarebytes found Trojan:BHO

Everything that was found by Avast is in the chest at this point and what Malwarebytes found was eliminated as well. I have scanned my PC with every one of these programs a few times over the past few days and have not found anything else.

One of the viruses had changed almost everything on my PC to “hidden”. Pictures, All programs, Favorites, Task manager and a bunch of others. I have most of that back now. This is what I’d like to know:

  1. Is my PC safe at this point or should I be looking for something else?

  2. Is it possible that even though I removed the virus that caused the issue, someone retrieved sensitive information or changed admin rights so my security wont recognize them as a threat? Is there a way to check? The reason I ask is, in HKEY_CURENT_CONFIG, when I righ click and select permisions, Account Unknown [S-1-5-32-547] is there with full permissions. When I look at all users in controll panel there is a guest user. I turned that off but wanted to know if that is a standard item on windows xp?

Any advice would be appreciated. Please know ahead of time I’m not very good with computers haha. If that wasn’t allready obvious.

Thanks, Billy

Did you also visit Secunia Online: http://secunia.com/vulnerability_scanning/online/ to establish you have all the latest updates for your OS and third party software?

polonus

Unknown [S-1-5-32-547],isn’t a standard item on windows XP.Probably you were infected with a backdoor.Did you scan your PC with MBAM’S latest updates?

The 4 new programs I installed are all updated. Windows just had an update 2 days ago I think and I installed that.

Ok I scaned with secunia and my java was not up to date and possibly a risk. I tried to install the newest java but it didnt work. I tried to uninstall the older version from add remove programs and an error came up. “unable to contact windows installer either because your in safe mode or there is an issue with windows installer”. I’m not in safe mode. Any ideas? I uninstalled another program that I didnt need and that worked fine.

when was the last time you installed Windows?

Several years ago. Am i suposed to do that? Ha Ha!!! I think I have only done it one time and it was awfull.

okay that’s what I thought… do yourself a favor, ask someone to help you back up your data first, and then reformat your hard disk and do an install from scratch of Windows + all available updates. You’re on XP I suppose so you’ll need SP3.

To get the rest of your folders back in view:

Download RogueKiller to your desktop

[*]Quit all running programs
[*]For Vista/Seven, right click → run as administrator, for XP simply run RogueKiller.exe
[*]When prompted, type 6 and validate
[*]The RKreport.txt shall be generated next to the executable.

Please post the contents of the RKreport.txt in your next Reply.

If you would like me to check the rest out then:

Download OTS to your Desktop and double-click on it to run it

[*]Make sure you close all other programs and don’t use the PC while the scan runs.
[*]Select All Users
[*]Under additional scans select the following
Reg - Disabled MS Config Items
Reg - Drivers32
Reg - NetSvcs
Reg - SafeBoot Minimal
Reg - Shell Spawning
Evnt - EventViewer Logs (Last 10 Errors)
File - Lop Check

[*]Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
CREATERESTOREPOINT

[*]Now click the Run Scan button on the toolbar. Make sure not to use the PC while the program is running or it will freeze.
[*]When the scan is complete Notepad will open with the report file loaded in it.
[*]Please attach the log in your next post.

yeah okay I skipped the part about hidden folders… so yeah of course these should be “recovered”, ie visible again but I’d still advise once that’s done to re-install the OS. Windows installer seems to be broken, no idea if that’s also the result of an infection but XP takes 15 minutes to install, while troubleshooting the whole system may take several days to this user.

A moot point ;D but he did seem reluctant to do it. Mindst you XP will usually need a re-install annually to clear the rubbish

good lord Essexboy!!! That sounds like brain surgery to me!!! I’ll try the rogue killer thing, that I might be able to get to work. When you say “all running programs”, does that mean open task manager and close everything? Sorry I just don’t mess with this stuff very often. I really appreciate your help though guys.

No it just means try not to play any processor intensive games at the same time ;D

If you want to reinstall I have a guide to help you through it

http://www.geekstogo.com/forum/topic/173729-reformat-and-install-of-windows/

My pc is old enough that my disk dosnt have sp2 on it. Thats why I’m reluctant to wipe everything and start over. Its scary for someone like me. I have rogue killer on my desk top. I’ll try it.

RogueKiller V4.3.8 by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRKgmailcom
Feedback: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: billy [Admin rights]
Mode: Shortcuts HJfix – Date : 04/14/2011 14:26:09

Bad processes: 0

File attributes restored:
Desktop: Success 0 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 0 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 17 / Fail 0
My documents: Success 0 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 3 / Fail 0

Finished : << RKreport[1].txt >>
RKreport[1].txt

I hope I did that right. I just hit 6 and then enter.

Ok i did the ots also. Hope I did it right.