Jump to content

jeffce

Trusted Malware Techs
  • Content Count

    253
  • Joined

  • Last visited

Posts posted by jeffce


  1. Lets get a different look shall we...if you can't run ComboFix.

     

    • Download OTL to your desktop.
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check.
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.

      Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.

    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

  2. Hi and Welcome!! :) My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

    • The fixes are specific to your problem and should only be used for the issues on this machine.

    • It's often worth reading through these instructions and printing them for ease of reference.

    • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.

    • Please reply to this thread. Do not start a new topic.
    IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

    DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

     

    Having said that....Let's get going!! :thumbup:

    ----------

     

    Let me look over these logs and I will get right with you. :)

    ---------

     

    In the mean time please do the following...

     

    Please download aswMBR to your desktop.

     

    • Right click and Run as Administrator the aswMBR icon to run it.
    • Click the Scan button to start scan.
    • When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.
    Posted Image

    Click the image to enlarge it

    ----------


  3. Hi,

     

    I notice that you have AVG installed on your system. We need to uninstall that and the best way to make sure that all of it is removed is by downloading the AVG Remover Tool found here. Just download the tool and double-click to run it. :)

    ----------------

     

    Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    • DDS::
      Trusted Zone: google.com\maps
      Filter: text/html - {0802350b-3d3c-422c-ab03-7c9284eeafaa} -
      
      Firefox::
      FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\g1g0dhdp.default\
      FF - prefs.js: browser.search.selectedEngine - Ask.com
      
    • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

       

      Posted Image

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
    • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
    • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
    CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

    ----------


  4. Hi,

     

    Oh we still have some things to work over because there are some entries that need to go. :)

    ------------

     

    Lets remove AVG from your system completely. Download and run the AVG removal tool from here. Once you have run it, reboot your system into Normal mode if possible. If not boot into Safe mode with Networking.

    -------------

     

     

    Please read through these instructions to familarize yourself with what to expect when this tool runs

     

    Download ComboFix from one of these locations:

     

    Link 1

    Link 2

     

    * IMPORTANT !!! Save ComboFix.exe to your Desktop

    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs
    • Double click on ComboFix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

     

     

     

    Posted Image

    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

     

    Posted Image

     

    Click on Yes, to continue scanning for malware.

     

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

     

    Notes:

     

    1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

    3. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

    ----------

     

    In your next reply let me know if you have any problems...if not, post the log that was created by ComboFix.


  5. Hi #FNK-346811 (Is it ok to call you Poirot?)

     

    I don't see a whole lot on either of those two scans that you ran. What symptoms are you having that are making you feel you have malware?

    ----------

     

    Is this a corporate or business computer?

    ----------

     

    I do notice that you have two running antivirus programs on your system. Having two on your system can significantly diminish the performance of your computer. You should uninstall either AVG or Symantec antivirus programs. When you decide which one you would like to remove let me know and I will get you the correct removal tool to remove it. :)


  6. Hi and Welcome!! :) My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

    • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.

    • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Watch Topic button to the right of your topic title and then choosing the notification method ( Recommended: Inmediate Notification)

    • The fixes are specific to your problem and should only be used for the issues on this machine.

    • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.

    • It's often worth reading through these instructions and printing them for ease of reference.

    • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.

    • Please reply to this thread. Do not start a new topic.
    IMPORTANT NOTE : Please do not delete anything unless instructed to.

    DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

    Doing so could make your system inoperable and could require a full reinstall of your OS losing all your programs and data.

     

    Vista and Windows 7 users:

    These tools MUST be run from the executable (.exe) every time you run them

    with Admin Rights (Right click, choose "Run as Administrator")

     

    Stay with this topic until I give you the all clean post.

    ----------

     

     

    Please download DDS from either of these links

     

    LINK 1

    LINK 2

     

    and save it to your desktop.

    • Disable any script blocking protection
    • Double click dds to run the tool.
    • When done, two DDS.txt's will open.
    • Save both reports to your desktop.
    ---------------------------------------------------

    Please include the contents of the following in your next reply:

     

    DDS.txt

     

    Attach.txt

    ----------

     

     

    GMER

     

    Download GMER Rootkit Scanner from here or here.

    • Extract the contents of the zipped file to desktop.
    • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
    • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

       

      Posted Image

      Click the image to enlarge it

    • In the right panel, you will see several boxes that have been checked. Uncheck the following ...

      • IAT/EAT
      • Drives/Partition other than Systemdrive (typically C:\)
      • Show All (don't miss this one)
    • Then click the Scan button & wait for it to finish.
    • Once done click on the [save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
    • Save it where you can easily find it, such as your desktop, and attach it in your reply.
    **Caution**

    Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

    .

    ----------

     

    In your next reply please post the logs created by DDS and GMER. :)


  7. Hi flash0429,

     

    IT APPEARS THAT YOUR LOGS ARE NOW CLEAN :D SO LETS DO A COUPLE OF THINGS TO WRAP THIS UP!! :D

     

    This infection appears to have been cleaned, but as the malware could be configured to run any program a remote attacker requires, it's impossible to be 100% sure that any machine is clean.

    ----------

     

    After performing the following instructions, I would ask that you start a new thread in the Tech Forum here at PC Pitstop or here at What the Tech (you will have to register for an account if you don't already have one). They will be able to help you with your error messages and BSOD problems as these are not malware related.

    ----------

     

    The following will implement some cleanup procedures as well as reset System Restore points:

     

    Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

     

    ComboFix /Uninstall

    ----------

     

    • Double-click OTM.exe to start the program.
    • Close all other programs apart from OTM as this step will require a reboot
    • On the OTM main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.
    ----------

     

    Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.

     

    Here are some tips to reduce the potential for spyware infection in the future:

     

    1. Make your Internet Explorer more secure - This can be done by following these simple instructions:

    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
    • Change the Download signed ActiveX controls to Prompt
    • Change the Download unsigned ActiveX controls to Disable
    • Change the Initialize and script ActiveX controls not marked as safe to Disable
    • Change the Installation of desktop items to Prompt
    • Change the Launching programs and files in an IFRAME to Prompt
    • Change the Navigate sub-frames across different domains to Prompt
    • When all these settings have been made, click on the OK button.
    • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
    2. Enable Protected Mode in Internet Explorer. This helps Windows Vista users stay more protected from attack by running Internet Explorer with restricted privileges as well as reducing the ability to write, alter or destroy data on your system or install malicious code. To make sure this is running follow these steps:
    • Open Internet Explorer
    • Click on Tools > Internet Options
    • Press Security tab
    • Select Internet zone then place check next to Enable Protected Mode if not already done
    • Do the same for Local Intranet, Trusted Sites and Restricted Sites and then press Apply
    • Restart Internet Explorer and in the bottom right corner of your screen you will see Protected Mode: On showing you it is enabled.
    3. Use and Update an Anti-Virus Software - I can not overemphasize the need for you to use and update your Anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.

     

    4. Firewall

    Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. A tutorial on Firewalls and a listing of some available ones can be found here.

    **Do not install more than one firewall program because they will conflict with each other**

    5. Make sure you keep your Windows OS current. Windows XP users can visit Windows update regularly to download and install any critical updates and service packs. Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems. Without these you are leaving the back door open.

     

    6. Filehippo's Update Checker. It is free utilitiy that scan your computer for installed software, checks the versions and then sends this information to see if there are any newer releases. Available software updates are displayed and you can decide which ones to download and install. Among many other types of programs, they includes a number of the Anti-Spyware, Firewall/Security and Anti-Virus programs that have been recommended (though not all of them). Note: Definition files should be updated from within the programs themselves. The Update Checker look for newer versions of the software program, not definition files.

     

    7. Consider a custom hosts file such as MVPS HOSTS. This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.

    For information on how to download and install, please read this tutorial by WinHelp2002

    Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.

     

    8. WOT , Web of Trust, As 'Googling' is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome.

     

    9. Install Spybot - Search and Destroy - Download and install Spybot - Search and Destroy with its TeaTimer option. This will provide real time spyware and hijacker protection on your computer alongside your virus protection. You should scan your computer with the program on a regular basis just as you would with your anti-virus software. A tutorial on installing and using this product can be found here:

    Instructions for - Spybot S & D and Ad-aware

     

    10. Finally, I strongly recommend that you read TonyKlein's good advice So how did I get infected in the first place?

     

     

    Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.


    • Click Start > Run... then type in CMD and click on OK.
    • At the Command Prompt C:\ > type the following: chkdsk c: /r and hit the Enter/Return key.

      Note: chkdsk c: /r presumes that the disk upon which you wish to run Error Checking is your C: Drive (most often)

    • When prompted with:

    CHKDSK cannot run because the volume is in use by another process

    Would you like to schedule this volume to be checked next time the system

    restarts (Y/N)

    • Hit the Y key then at the Command Prompt C:\ >
    • Type in EXIT and and hit the Enter/Return key.
    • Now Reboot(Restart) your computer.
    Note: Upon Reboot(Restart), CHKDSK will start and carry out the repairs required.

     

    How is your computer running now and are you having any other problems?


  8. Hi flash0429,

     

    Yes please post that log created by the error check so that we can take a look at that. Thank you.

    ----------

     

    You have an older version of Adobe Reader. You can download the current version HERE

    ----------

     

    P2P - I see you have P2P software uTorrent installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections and possibly Identity Theft. It likely contributed to your current situation. This page will give you further information.

     

    Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

     

    I would strongly recommend that you uninstall these now. You can do so via Control Panel >> Add or Remove Programs.


  9. Hi Flash0429,

     

    Please download Malwarebytes' Anti-Malware to your desktop.

     

    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform quick scan, then click Scan as shown below.

       

      Posted Image

    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.

     

    The log can also be found here:

    C:\Documents and Settings\<User name>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

    ----------

    ESET Online Scanner

    I'd like us to scan your machine with ESET Online Scan

     

    Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.

    Please don't go surfing while your resident protection is disabled!

    Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.

     

    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

      ESET OnlineScan

    • Click the Posted Image button.
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
      • Double click on the Posted Image icon on your desktop.
    • Check Posted Image
    • Click the Start button.
    • Accept any security warnings from your browser.
    • Check Posted Image
    • Make sure that the option "Remove found threats" is Unchecked
    • Push the Start button.
    • ESET will then download updates for itself, install itself, and begin

      scanning your computer. Please be patient as this can take some time.

    • When the scan completes, push Posted Image
    • Push Posted Image, and save the file to your desktop using a unique name, such as

      ESETScan. Include the contents of this report in your next reply.

    • Push the Back button.
    • Push Finish
    http://www.eset.com/onlinescan/

     

    In your next reply please post the logs created by Malwarebytes and the ESET Online Scanner. :)


  10. Hi flash0429!!

     

    Please download OTM by OldTimer.

    • Save it to your desktop.
    • Please click OTM and then click >> run.
    • Copy the lines inside the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Processes
    explorer.exe
    
    :Reg
    [-HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^3754068.lnk]
    [-HKLM\~\startupfolder\C:\Documents and Settings\Owner\Start Menu\Programs\Startup\3754068.lnk]
    
    :Files
    c:\documents and settings\Owner\Start Menu\Programs\Startup\3754068.lnk
    c:\windows\pss\3754068.lnkStartup
    
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]
    
    • Return to OTM, right click in the "Paste Instructions for items to be Moved" window (under the yellow bar) and choose Paste.
    • Click the red Moveit! button.
    • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
    • Close OTM
    Note: If an item cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


  11. Hi!!

     

    **WARNING**Unfortunately one or more of the infections I have identified are Backdoor Trojans, IRCBots or other Malware capable of stealing very important information. You need to stop using all Internet Banking sites, change passwords to all sites with sensitive information from a clean computer and phone your bank to inform them that you may be a victim of identify theft. More often than not, we advise users that a full reinstallation of their Operating System is the only way to ensure that their computer will ever be 100% clean again.

     

    If you would like to continue with the cleaning please follow the instructions below and I will be more than happy to help. :)

    ----------

     

    1. Close any open browsers.

     

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

     

    3. Open notepad and copy/paste the text in the quotebox below into it:

     

    File::

    c:\documents and settings\Owner\Start Menu\Programs\Startup\3754068.lnk

    c:\windows\pss\3754068.lnkStartup

     

    Registry::

    [-HKLM\~\startupfolder\C:\Documents and Settings\Owner\Start Menu\Programs\Startup\3754068.lnk]

     

    Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe

     

     

    Posted Image

     

    Refering to the picture above, drag CFScript into ComboFix.exe

     

    When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


  12. Hi Flash0429!

     

    Please read through these instructions to familarize yourself with what to expect when this tool runs

     

    Download ComboFix from one of these locations:

     

    Link 1

    Link 2

     

    * IMPORTANT !!! Save ComboFix.exe to your Desktop

     

    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs
    • Double click on ComboFix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

     

    Posted Image

    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

     

    Posted Image

     

    Click on Yes, to continue scanning for malware.

     

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

     

    Notes:

     

    1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

    3. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

     

    In your next reply please post the log created by ComboFix. :)


  13. Hi flash0429!!

     

    Please download DDS by sUBs from one of the following links and save it to your desktop.

    • Disable any script blocking protection (How to Disable your Security Programs)
    • Double click DDS icon to run the tool (may take up to 3 minutes to run)
    • When done, DDS.txt will open.
    • After a few moments, attach.txt will open in a second window.
    • Save both reports to your desktop.
    ---------------------------------------------------
    • Post the contents of the DDS.txt report in your next reply
    • Attach the Attach.txt report to your post by scroling down to the Attachments area and then clicking Browse. Browse to where you saved the file, and click Open and then click UPLOAD.
    ----------

     

    Please download aswMBR to your desktop.

     

    • Double click the aswMBR icon to run it.

      Vista and Windows 7 users right click the icon and choose "Run as administrator".

    • Click the Scan button to start scan.
    • When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.

    Posted Image

    Click the image to enlarge it

     

    In your next reply please post the logs created by DDS and aswMBR.exe :)


  14. Hi and Welcome!! :wp: My name is Jeff. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

    • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
    • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Watch Topic button to the right of your topic title and then choosing the notification method ( Recommended: Inmediate Notification)
    • The fixes are specific to your problem and should only be used for the issues on this machine.
    • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
    • It's often worth reading through these instructions and printing them for ease of reference.
    • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
    • Please reply to this thread. Do not start a new topic.

    **Please be advised, as I am still in training, all my replies to you will be checked for accuracy by one of our experts to ensure that I am giving you the best possible advise, this will be a team effort. This may cause a delay, but I will do my best to keep it as short as possible. Please bear with me, I will post back to you as soon as I can.**

     

    IMPORTANT NOTE : Please do not delete anything unless instructed to.

    DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

    Doing so could make your system inoperable and could require a full reinstall of your OS losing all your programs and data.

     

    Vista and Windows 7 users:

    These tools MUST be run from the executable (.exe) every time you run them

    with Admin Rights (Right click, choose "Run as Administrator")

     

    Stay with this topic until I give you the all clean post.


  15. Hi CarterRichardCarter!!

     

    IT APPEARS THAT YOUR LOGS ARE NOW CLEAN :D SO LETS DO A COUPLE OF THINGS TO WRAP THIS UP!! :D

     

     

    Lets go ahead and update your Internet Explorer to Internet Explorer 8. Please visit this page here to update.

    ----------

     

    **Be sure to update your Windows as that is out of date as well. Keeping Windows updated will help to reduce your chances of infection. You can do so by following the instructions in #5 below. :) **

     

    This infection appears to have been cleaned, but as the malware could be configured to run any program a remote attacker requires, it's impossible to be 100% sure that any machine is clean.

     

    Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.

     

    Here are some tips to reduce the potential for spyware infection in the future:

     

    1. Make your Internet Explorer more secure - This can be done by following these simple instructions:

    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
    • Change the Download signed ActiveX controls to Prompt
    • Change the Download unsigned ActiveX controls to Disable
    • Change the Initialize and script ActiveX controls not marked as safe to Disable
    • Change the Installation of desktop items to Prompt
    • Change the Launching programs and files in an IFRAME to Prompt
    • Change the Navigate sub-frames across different domains to Prompt
    • When all these settings have been made, click on the OK button.
    • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
    2. Enable Protected Mode in Internet Explorer. This helps Windows Vista users stay more protected from attack by running Internet Explorer with restricted privileges as well as reducing the ability to write, alter or destroy data on your system or install malicious code. To make sure this is running follow these steps:
    • Open Internet Explorer
    • Click on Tools > Internet Options
    • Press Security tab
    • Select Internet zone then place check next to Enable Protected Mode if not already done
    • Do the same for Local Intranet, Trusted Sites and Restricted Sites and then press Apply
    • Restart Internet Explorer and in the bottom right corner of your screen you will see Protected Mode: On showing you it is enabled.
    3. Use and Update an Anti-Virus Software - I can not overemphasize the need for you to use and update your Anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.

     

    4. Firewall

    Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. A tutorial on Firewalls and a listing of some available ones can be found here.

    **Do not install more than one firewall program because they will conflict with each other**

    5. Make sure you keep your Windows OS current. Windows XP users can visit Windows update regularly to download and install any critical updates and service packs. Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems. Without these you are leaving the back door open.

     

    6. Filehippo's Update Checker. It is free utilitiy that scan your computer for installed software, checks the versions and then sends this information to see if there are any newer releases. Available software updates are displayed and you can decide which ones to download and install. Among many other types of programs, they includes a number of the Anti-Spyware, Firewall/Security and Anti-Virus programs that have been recommended (though not all of them). Note: Definition files should be updated from within the programs themselves. The Update Checker look for newer versions of the software program, not definition files.

     

    7. Consider a custom hosts file such as MVPS HOSTS. This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.

    For information on how to download and install, please read this tutorial by WinHelp2002

    Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.

     

    8. WOT , Web of Trust, As 'Googling' is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome.

     

    9. Install Spybot - Search and Destroy - Download and install Spybot - Search and Destroy with its TeaTimer option. This will provide real time spyware and hijacker protection on your computer alongside your virus protection. You should scan your computer with the program on a regular basis just as you would with your anti-virus software. A tutorial on installing and using this product can be found here:

    Instructions for - Spybot S & D and Ad-aware

     

    10. Finally, I strongly recommend that you read TonyKlein's good advice So how did I get infected in the first place?


  16. Hi CarterRichardCarter!!

     

    IT APPEARS THAT YOUR LOGS ARE NOW CLEAN :D SO LETS DO A COUPLE OF THINGS TO WRAP THIS UP!! :D

     

     

    Lets go ahead and update your Internet Explorer to Internet Explorer 8. Please visit this page here to update.

    ----------

     

    **Be sure to update your Windows as that is out of date as well. Keeping Windows updated will help to reduce your chances of infection. You can do so by following the instructions in #5 below. :) **

     

    This infection appears to have been cleaned, but as the malware could be configured to run any program a remote attacker requires, it's impossible to be 100% sure that any machine is clean.

     

    **Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted by right clicking and selecting delete so they aren't cluttering up your desktop.**

     

    Here are some tips to reduce the potential for spyware infection in the future:

     

    1. Make your Internet Explorer more secure - This can be done by following these simple instructions:

    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
    • Change the Download signed ActiveX controls to Prompt
    • Change the Download unsigned ActiveX controls to Disable
    • Change the Initialize and script ActiveX controls not marked as safe to Disable
    • Change the Installation of desktop items to Prompt
    • Change the Launching programs and files in an IFRAME to Prompt
    • Change the Navigate sub-frames across different domains to Prompt
    • When all these settings have been made, click on the OK button.
    • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
    2. Enable Protected Mode in Internet Explorer. This helps Windows Vista users stay more protected from attack by running Internet Explorer with restricted privileges as well as reducing the ability to write, alter or destroy data on your system or install malicious code. To make sure this is running follow these steps:
    • Open Internet Explorer
    • Click on Tools > Internet Options
    • Press Security tab
    • Select Internet zone then place check next to Enable Protected Mode if not already done
    • Do the same for Local Intranet, Trusted Sites and Restricted Sites and then press Apply
    • Restart Internet Explorer and in the bottom right corner of your screen you will see Protected Mode: On showing you it is enabled.
    3. Use and Update an Anti-Virus Software - I can not overemphasize the need for you to use and update your Anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.

     

    4. Firewall

    Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. A tutorial on Firewalls and a listing of some available ones can be found here.

    **Do not install more than one firewall program because they will conflict with each other**

    5. Make sure you keep your Windows OS current. Windows XP users can visit Windows update regularly to download and install any critical updates and service packs. Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems. Without these you are leaving the back door open.

     

    6. Filehippo's Update Checker. It is free utilitiy that scan your computer for installed software, checks the versions and then sends this information to see if there are any newer releases. Available software updates are displayed and you can decide which ones to download and install. Among many other types of programs, they includes a number of the Anti-Spyware, Firewall/Security and Anti-Virus programs that have been recommended (though not all of them). Note: Definition files should be updated from within the programs themselves. The Update Checker look for newer versions of the software program, not definition files.

     

    7. Consider a custom hosts file such as MVPS HOSTS. This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.

    For information on how to download and install, please read this tutorial by WinHelp2002

    Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.

     

    8. WOT , Web of Trust, As 'Googling' is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome.

     

    9. Install Spybot - Search and Destroy - Download and install Spybot - Search and Destroy with its TeaTimer option. This will provide real time spyware and hijacker protection on your computer alongside your virus protection. You should scan your computer with the program on a regular basis just as you would with your anti-virus software. A tutorial on installing and using this product can be found here:

    Instructions for - Spybot S & D and Ad-aware

     

    10. Finally, I strongly recommend that you read TonyKlein's good advice So how did I get infected in the first place?

     

     


  17. Hi,

     

    Hijack This is a scan that we used to use but with the development of more sophisticated malware, we have transitioned to using DDS to look over your logs and this gives us a better idea of what is on your system. The information provided by Hijack This is given in DDS along with much more. Posted Image

     

    Please run DDS one more time and post the new log created in your next reply.


  18. Good Morning,

     

    The reason that we want to keep Java updated is that when there are new versions that come out and used, the old versions create security vulnerabilities on your computer. You should always be sure to have the latest update as well as deleting any older versions you may have. :)

     

    Try using the information provided by Webroot at this site --> http://support.webro...detail/a_id/451

     

    If you can not get Webroot disabled go ahead and run ESET as it may run anywat and post the log to that scan. Your Malwarebytes scan looks good!

     

    If you can't get ESET to run try this online scan instead with the instructions below.

     

    Please do a scan with Kaspersky Online Scanner

    Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

     

    • Click on the Accept button and install any components it needs.
    • The program will install and then begin downloading the latest definition files.
    • After the files have been downloaded on the left side of the page in the Scan section select My Computer.
    • This will start the program and scan your system.
    • The scan will take a while, so be patient and let it run. (At times it may appear to stall)
    • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
      • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
      • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
    • Once the scan is complete, click on View scan report To obtain the report:
    • Click on: Save Report As
    • Next, in the Save as prompt, Save in area, select: Desktop
    • In the File name area, use KScan, or something similar In Save as type, click the drop arrow and select: Text file [*.txt]
    • Then, click: Save
    • Please post the Kaspersky Online Scanner Report in your reply.

    Animated tutorial

    http://i275.photobucket.com/albums/jj285/B...ng/KAS/KAS9.gif

×
×
  • Create New...