Monitoring several laptops for infections and Acrobat reader, MS excel corrupt

[shark74]

Dear PP.
Thanks,
Well I found out that my wifi error was not related to laptop issues, but with all the downloads I went over my gig limit.
Anyhow, so I am using a cellphone modem, that be the MTN data card.
So this is making all internet much slower. Will attempt Kaspersky in a moment, but attaching the zipped files you requested.
Regarding the ntde1ect.com..when I installed Trend Micro earlier in January I think that took care of of ntde1ect issue, which might have left some reference in the registry to the worm/malware. ????

Will post kaspersky and avg -as soon...

Thanks
S

[PhilliePhan]

Hi Shark,

Anyhow, so I am using a cellphone modem, that be the MTN data card.
So this is making all internet much slower. Will attempt Kaspersky in a moment, but attaching the zipped files you requested.

I figured that was what you were using the card for shortly after I wrote that...LOL!

-- The zipped files are benign - I didn't think that they were anything to worry about, but was curious.

Regarding the ntde1ect.com..when I installed Trend Micro earlier in January I think that took care of of ntde1ect issue, which might have left some reference in the registry to the worm/malware.

Yeah - TM is a good product.
There are often registry remnants left after malware removal. In this case,it is a bit different as you are dealing with a number of infected external drives.
Those registry values will come back with the next infected drive - unfortunately, it is difficult to stop these drives from autorunning. Changes are usually only temporary. But, stopping their autoruns would be something to look into...
-- At least there are no actual malware files showing on your computer!

Scanned the pc using three programmes you suggested.
See attached txt. docs.
Hope I did them as I should have done. All looks clean

Agreed! They look good. Had a bit of difficulty reading the Kaspersky log in that format, but it too looks OK. I would say that this machine is clean. Now might be a good time to make a disk image with a tool such as Acronis...

-- Let me know how things are running and we'll wrap this up.

Starting to think I should rip Trend Micro from the laptop, and use another anivir. If I cancel the PCscnsrv.exe the pc runs ok again..

Well. . . This is a long-standing problem with TM. It sometimes has trouble interacting with other anti-malware programs (most notably, SpybotSD - which I do not see in HJT Log....)

http://blog.kazmarek.com/2007/10/10/...-too-much-cpu/
http://www.wilderssecurity.com/showthread.php?t=157277

If you do replace TM, I would suggest Kaspersky or NOD32 - they are listed in my linky below!

-- I would also suggest learning to use some tools such as ComboFix and SDFix and the like as they will be invaluable if you have to clean 20+ laptops.... These tools will remove a number of baddies automatically and a large number of other baddies will show in the logs as being recently added to the machines.


Cheers
PP

[PhilliePhan]

Somewhere along the line I forgot to address the Acrobat/Excel issues you mentioned.

I would imagine that they were corrupted during your malware battles and will need to be reinstalled.
-- In the case of Adobe, you need to update to the latest version (8) anyway for better security. Be sure to uninstall all older versions.

-- You should also update Java and remove any old versions via Add/Remove Programs.
http://www.java.com/en/

-- If you have any other questions or would like suggestions/recommendations, just let me know.

PP