How to remove FraudTool.Win32.Spywarebot etc from Restore folder

PS: If you're still feeling generous towards my non-emergency, what do you reckon about the Active Connections log below? Anything troubling here? Ran from CMD --> netstat -ano to see what is listening.


Active Connections

Proto Local Address Foreign Address State PID
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 1244
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:1025 0.0.0.0:0 LISTENING 1400
TCP 67.188.177.170:139 0.0.0.0:0 LISTENING 4
TCP 67.188.177.170:1235 77.67.126.83:80 CLOSE_WAIT 2424
TCP 67.188.177.170:1296 80.190.154.130:80 CLOSE_WAIT 2884
TCP 67.188.177.170:1299 209.68.48.119:80 CLOSE_WAIT 3256
TCP 67.188.177.170:1300 209.68.48.119:80 CLOSE_WAIT 3256
TCP 127.0.0.1:668 0.0.0.0:0 LISTENING 448
TCP 127.0.0.1:668 127.0.0.1:1049 ESTABLISHED 448
TCP 127.0.0.1:1037 0.0.0.0:0 LISTENING 3180
TCP 127.0.0.1:1049 127.0.0.1:668 ESTABLISHED 2744
TCP 127.0.0.1:1052 0.0.0.0:0 LISTENING 2044
TCP 127.0.0.1:4664 0.0.0.0:0 LISTENING 2884
UDP 0.0.0.0:445 *:* 4
UDP 0.0.0.0:500 *:* 956
UDP 0.0.0.0:4500 *:* 956
UDP 67.188.177.170:123 *:* 1380
UDP 67.188.177.170:137 *:* 4
UDP 67.188.177.170:138 *:* 4
UDP 67.188.177.170:1900 *:* 1572
UDP 127.0.0.1:123 *:* 1380
UDP 127.0.0.1:1102 *:* 3256
UDP 127.0.0.1:1900 *:* 1572

 

Traces can’t do anything.. They are picked up by the wannabe malware scanners to get you to buy their paid version. Just FP’s (False Positives).

The only two scanners used by the Malware removal sites right now are SuperAntiSpyware and Malwarebytes’ Anti-Malware and if either one of those finds anything, it will delete it… Anything left can be removed with the bigger guns like combofix ( not to be used by a novice ).

You have a barrel full of programs that are listening, all the time. With a good firewall installed, they don’t hear anything.. : )

If you have a problem with malware then run one of the two scanners I mentioned and if that don’t clear it, just drop me a log……… ; )

2OG