Help needed to remove Trojan horse patched_c.LYU

Figment

The list showed the last 30 items to be installed, so it's probably something you've already uninstalled.

I'm not 100% certain about the contents of these folders:
c:\windows\9E897D0FF80441A3966C7BB6EB5B6BE8.TMP\
C:\sh4ldr\

and getting conflicting results in Google. Probably better if you can hang on until waddler returns.

-TangleFoot-

Figment wrote: »

C:\sh4ldr\

Something to do with SpyHunter 4?

waddler_8

Mbam running clean + AVG no longer detecting services.exe as being infected is a good sign. It seems as though combofix has had a right old battle with this one! The DDS log looks good.

2012-06-28 22:48:13

---

d

---

w- C:\sh4ldr
2012-06-28 22:48:13

---

d

---

w- c:\program files\Enigma Software Group
2012-06-28 22:46:58

---

d

---

w- c:\windows\9E897D0FF80441A3966C7BB6EB5B6BE8.TMP
2012-06-28 22:46:55

---

d

---

w- c:\program files\common files\Wise Installation Wizard
2012-06-28 22:36:26

---

d

---

w- c:\users\samsung\appdata\roaming\SpeedyPC Software
2012-06-28 22:36:26

---

d

---

w- c:\users\samsung\appdata\roaming\DriverCure
2012-06-28 22:36:08

---

d

---

w- c:\programdata\SpeedyPC Software

Yes, Enigma software's Spyhunter & other affiliate junk.

Any problems?

kellyp

No Problems so far! Can I just delete the "junk" files?

waddler_8

Yes. If they're installed, uninstall Spyhunter, DriverCure & SpeedyPC(pro?) via programs & features.

Then delete these folders if they're still there.

C:\sh4ldr
c:\programdata\SpeedyPC Software
c:\program files\Enigma Software Group
c:\program files\common files\Wise Installation Wizard
c:\users\samsung\appdata\roaming\DriverCure
c:\users\samsung\appdata\roaming\SpeedyPC Software
c:\windows\9E897D0FF80441A3966C7BB6EB5B6BE8.TMP

appdata\roaming

... Is a hidden folder.
Open a run command and copy/paste %appdata% in. The folders DriverCure & SpeedyPC Software should be in there.

kellyp

All done. Thank you to everyone for saving my netbook!

waddler_8

Is combofix still on your desktop?

Run this file: http://download.bleepingcomputer.com/sUBs/CF_UNINST.EXE

Then create a new restore point & clear the previous ones.

Click on Start > All Programs > Accessories > System Tools.

1. Click on Start > Control Panel.
2. Double click on System.
3. On the left, click on the System Protection link.
4. At the bottom right hand corner, click on the Create... button.
5. Give the System Restore point a descriptive name and click on Create.
6. You should receive a prompt that a System Restore point is created successfully. Click OK to confirm.
7. Click OK again to close the System Protection window. Then close Control Panel.

Don't clear infected System Restore points before creating a new System Restore point first!

1. Right click on Disk Cleanup and select Run As Administrator to run it. UAC will prompt. Allow it.
2. Select your C drive and click OK.
3. Select the More Options tab.
4. Under System Restore and Shadow Copies, click on the Clean up... button.
5. You'll receive a prompt. Click on Delete to delete the old System Restore points.
6. When it's done, click OK. You'll receive another prompt. Click Delete Files to confirm.
7. When it's done, Disk Cleanup will automatically close.