Jump to content

Change Mode

Help Needed, Logs Attached


Recommended Posts

I use Carbonite to back up, but I didn't know it kept any files on the hard drive. I haven't restored since I've had this computer. It may be tomorrow before I can do the scans - kids just got home from Germany!

Take your time, family comes first.
Link to post
Share on other sites
  • Replies 60
  • Created
  • Last Reply

Top Posters In This Topic

Good morning. I ran the OTM tool which required a reboot. I couldn't get past the start up screen so had to manually turn off. Second reboot was still slow but worked. Here's the MBAM scan:

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300www.malwarebytes.orgDatabase version: v2013.12.29.03Windows 7 Service Pack 1 x64 NTFSInternet Explorer 11.0.9600.16476Carol :: CAROL-HP [administrator]Protection: Enabled12/29/2013 9:36:08 AMmbam-log-2013-12-29 (09-36-08).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 292745Time elapsed: 2 minute(s), 26 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end)

Link to post
Share on other sites

Couple of questions

Does Carbonite do an automated backup?, do you know if it's designed to backup on it's on or a certain date?

 

Finding those infected files in your old Carbonite backup makes me think you should delete that version/backup and create a new one once deemed clean?

Do you have any idea where the backups are stored?, since the scans found it it would appear it's stored on your computer, unless you had an USB connected during the time of that scan?

 

Need to see what OTM was able to handle.

 

C:_OTMMovedFiles folder check here for a txt file, copy and paste it here so we can examine.

 

********************

Please run this security check for my review.

 

Download Security Check by screen317 from here.

[*]Save it to your Desktop.

[*]Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.

[*]A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Link to post
Share on other sites

Carbonite backs up on an ongoing basis, as files are created, rather than at a set time as far as I know. I will look for the back up.

Here's the scan from OTM, and I'll run the Security Check.

 

All processes killed========== FILES ==========C:Documents and SettingsOwner.Carol-HPCarbonite Restored OLD User SettingsAppDataLocalLowSunJavaDeploymentcache6.0229a77082-196ca1cb moved successfully.C:Documents and SettingsOwner.Carol-HPCarbonite Restored OLD User SettingsAppDataLocalLowSunJavaDeploymentcache6.02015585d14-3a77859e moved successfully.C:Documents and SettingsOwner.Carol-HPCarbonite Restored OLD User SettingsAppDataLocalLowSunJavaDeploymentcache6.02019e4c9d4-22a6f98f moved successfully.C:Documents and SettingsOwner.Carol-HPCarbonite Restored OLD User SettingsAppDataLocalLowSunJavaDeploymentcache6.02656bf0f5a-27afe244 moved successfully.C:Documents and SettingsOwner.Carol-HPCarbonite Restored OLD User SettingsAppDataLocalLowSunJavaDeploymentcache6.02677ca675a-718d2202 moved successfully.C:Documents and SettingsOwner.Carol-HPCarbonite Restored OLD User SettingsAppDataLocalLowSunJavaDeploymentcache6.0305974e79e-70eba7bb moved successfully.C:Documents and SettingsOwner.Carol-HPCarbonite Restored OLD User SettingsAppDataLocalLowSunJavaDeploymentcache6.031375e065f-197c4d16 moved successfully.C:Documents and SettingsOwner.Carol-HPCarbonite Restored OLD User SettingsAppDataLocalLowSunJavaDeploymentcache6.0396ccf05e7-1528ee97 moved successfully.C:Documents and SettingsOwner.Carol-HPCarbonite Restored OLD User SettingsAppDataLocalLowSunJavaDeploymentcache6.0444ba1196c-479ec086 moved successfully.File/Folder C:UsersOwner.Carol-HPCarbonite Restored OLD User SettingsAppDataLocalLowSunJavaDeploymentcache6.0229a77082-196ca1cb not found.File/Folder C:UsersOwner.Carol-HPCarbonite Restored OLD User SettingsAppDataLocalLowSunJavaDeploymentcache6.02015585d14-3a77859e not found.File/Folder C:UsersOwner.Carol-HPCarbonite Restored OLD User SettingsAppDataLocalLowSunJavaDeploymentcache6.02019e4c9d4-22a6f98f not found.File/Folder C:UsersOwner.Carol-HPCarbonite Restored OLD User SettingsAppDataLocalLowSunJavaDeploymentcache6.02656bf0f5a-27afe244 not found.File/Folder C:UsersOwner.Carol-HPCarbonite Restored OLD User SettingsAppDataLocalLowSunJavaDeploymentcache6.02677ca675a-718d2202 not found.File/Folder C:UsersOwner.Carol-HPCarbonite Restored OLD User SettingsAppDataLocalLowSunJavaDeploymentcache6.0305974e79e-70eba7bb not found.File/Folder C:UsersOwner.Carol-HPCarbonite Restored OLD User SettingsAppDataLocalLowSunJavaDeploymentcache6.031375e065f-197c4d16 not found.File/Folder C:UsersOwner.Carol-HPCarbonite Restored OLD User SettingsAppDataLocalLowSunJavaDeploymentcache6.0396ccf05e7-1528ee97 not found.File/Folder C:UsersOwner.Carol-HPCarbonite Restored OLD User SettingsAppDataLocalLowSunJavaDeploymentcache6.0444ba1196c-479ec086 not found.========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Carol->Temp folder emptied: 2746179 bytes->Temporary Internet Files folder emptied: 638073 bytes->Java cache emptied: 0 bytes->FireFox cache emptied: 4985812 bytes->Flash cache emptied: 14669 bytes User: Default->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes->Flash cache emptied: 0 bytes User: Default User->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes->Flash cache emptied: 0 bytes User: Owner->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes->Flash cache emptied: 0 bytes User: Owner.Carol-HP->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes->Flash cache emptied: 0 bytes User: Public->Temp folder emptied: 0 bytes User: TEMP->Temp folder emptied: 0 bytes User: TEMP.Owner-PC->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes%systemroot% .tmp files removed: 0 bytes%systemroot%System32 .tmp files removed: 0 bytes%systemroot%System32 (64bit) .tmp files removed: 0 bytes%systemroot%System32drivers .tmp files removed: 0 bytesWindows Temp folder emptied: 51512 bytes%systemroot%system32configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet Files folder emptied: 128 bytes%systemroot%sysnativeconfigsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet Files folder emptied: 128 bytesRecycleBin emptied: 0 bytes Total Files Cleaned = 8.00 mb OTM by OldTimer - Version 3.1.21.0 log created on 12292013_091448

Link to post
Share on other sites

Here's the Security Check scan:

 

Results of screen317's Security Check version 0.99.77
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Norton Security Suite
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
Java 7 Update 17
Java version out of Date!
Adobe Flash Player 11.9.900.170
Mozilla Firefox (26.0)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
Symantec Norton Online Backup NOBuAgent.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 4%
````````````````````End of Log``````````````````````

Link to post
Share on other sites

Windows Temp folder emptied: 51512 bytes <-- thats seems to be quite a bit, need to do that more often.

 

You can remove this programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job)

Java 7 Update 17

 

********************************************

[*]Please download and install Revo Uninstaller Free

[*]Double click Revo Uninstaller to run it.

[*]From the list of programs double click on The Program to remove

[*]When prompted if you want to uninstall click Yes.

[*]Be sure the Moderate option is selected then click Next.

[*]The program will run, If prompted again click Yes

[*]when the built-in uninstaller is finished click on Next.

[*]Once the program has searched for leftovers click Next.

[*]Check/tick the bolded items only on the list then click Delete

[*]when prompted click on Yes and then on next.

[*]put a check on any folders that are found and select delete

[*]when prompted select yes then on next

[*]Once done click Finish.

[*]

 

*******************************************

Install Java:

 

Please go here to install Java

[*]click on the Free Java Download Button

[*]click on Agree and start Free download

[*]click on Run

[*]click on run again

[*]click on install

[*]when install is complete click on close

[*]Clean Out Temp Files

[*]This small application you may want to keep and use once a week to keep the computer clean.

 

*******************************************************

For cleaning out temp files please use the below and try to do this at least once a week.

Download CCleaner from here CCleaner

[*]Run the installer to install the application.

[*]When it gives you the option to install Yahoo toolbar uncheck the box next to it.

[*]Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).

[*]Click Run Cleaner.

[*]Close CCleaner.

Please let me know what issues remain.

Link to post
Share on other sites

We've uncovered and cleaned all we can, we're at the end now and need to remove the tools used.

 

 

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.

Paste this into the open notepad. save it to the Desktop as fixlist.txt

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

 

Run FRST/FRST64 and press the Fix button just once and wait.

no needed to post the log this time.

start

DeleteQuarantine:

end

************************

 

Don't miss or skip this next step, this will remove malicious files from quarantine and set a clean restore point.

 

Go to Start > Run > copy and paste the full text path in the run box

 

ComboFix /Uninstall

 

Note the space between the x and the /U, it needs to be there.

 

*****************************

 

Download and Run OTC

 

We will now remove the tools we used during this fix using OTC.

[*]Download OTC by OldTimer and save it to your desktop.

[*]Double click Posted Image icon to start the program. If you are using Vista, please right-click and choose run as administrator

[*]Then Click the big Posted Image button.

[*]You will get a prompt saying "Being Cleanup Process". Please select Yes.

[*]Restart your computer when prompted.

*********************

Any other tools and folders found, simply delete.

 

Your good to go, good job!

 

 

Please take the time to read over a few of my preventive tips.

 

 

Please navigate to Microsoft Windows Updates and download all the "Critical Updates" for Windows.

 

 

Firefox 3

The award-winning Web browser is now faster, more secure, and fully customizable to your online life. With Firefox 3, added powerful new features that make your online experience even better. It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.

*NoScript - Addon for Firefox that stops all scripts from running on websites. Stops malicious software from invading via flash, java, javascript, and many other entry points.

 

WOT Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE.

 

How to prevent Malware: Created by Miekiemoes

 

Be prepared for CryptoLocker:

 

Cryptolocker Ransomware: What You Need To Know

 

CryptoLocker Ransomware Information Guide and FAQ

 

 

 

Backup regularly

 

You never know when your PC will become unstable or become so infected that you can't recover it. Follow this Microsoft article to learn how to backup. Follow this article by Microsoft to restore your backups.

 

Alternatively, you can use 3rd-party programs to back up your data. One example can be found at Bleeping Computer.

 

Avoid P2P

 

P2P may be a great way to get lots of stuffs, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. If you do need to use them, use them sparingly. Check this list of clean and infected P2P programs if you need to use one.

 

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

[*]FBI Cyber Education Letter

File sharing infects 500,000 computers

USAToday

infoworld

Please read the following safe computing articles..

 

Secure My Computer: A Layered Approach

 

Extra note:

Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan. http://secunia.com/software_inspector/

Link to post
Share on other sites
Guest
This topic is now closed to further replies.

×
×
  • Create New...