Jump to content

I have the malwares MySearchDial and Jotzey


crossword
 Share

Recommended Posts

The details of my problem are given here in this closed thread:

 

http://forums.pcpitstop.com/index.php?/topic/203012-i-think-i-have-a-virus;-i-cant-access-some-sites/

 

I got so fed up of wasting time running endless programs to find what was wrong, I called my tech and he told me I had no malware; I just had to reinstall Firefox.

 

So he did and I gave it a few days to see if it would work ok. Then I saw even though now I could get to the sites I was previously unable to access, I was still being redirected. He assured me that was fine and gave me some explanation about how sites do get redirected.

 

I didn’t believe him and wanted to post again in the thread to explain what happened but the thread got closed before I could.

 

Since I kept being redirected I decided to call him to reformat the computer but I've been very busy, so haven’t done it so far. And then it occurred to me that even if I did that, the malware would be saved on my external drive where I would have to save all my files.

 

So anyway today HitmanPro ran and told me I had these malware:

 

MySearchDial

 

Jotzey

 

But it also said my trial period was over and so I would have to buy it to delete them.

 

When I ran HitmanPro that very first time over a month ago it showed none of these, so I'm thinking it sounds like a scam that they detected these after my trial period was over. I downloaded 2 versions again but both said they can't run on my comp.

 

So anyway can you please advise me what to do? how come I ran so many programs but none were unable to get rid of the malware or even detect it? Can you recommend something powerful that will get rid of it?

 

Thanks a lot for all the time already put into it.

Link to comment
Share on other sites

The "infections" you have indicated are foistware/adware that are attached to "free" programs. When you install the program you want - the garbage program installs with it.

 

I know you've been all through this before... but the best thing I can do for you is to look at a current log and try to determine what is there. Sometimes I can at least find indications of how it got there... but often not.

 

Please download DDS by sUBs from one of the following links and save it to your desktop.

  • Disable any script blocking protection (How to Disable your Security Programs)
  • Double click DDS icon to run the tool (may take up to 3 minutes to run)
  • When done, DDS.txt will open.
  • After a few moments, attach.txt will open in a second window.
  • Save both reports to your desktop.

---------------------------------------------------

  • Post the contents of the DDS.txt and Attach.txt reports in your next reply

 

Link to comment
Share on other sites

thanks. teh reports:

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16537 BrowserJavaVersion: 10.0.0
Run by Vidya Samson at 21:47:33 on 2014-03-28
Microsoft Windows 8 Enterprise 6.2.9200.0.1252.1.1033.18.3326.2335 [GMT 5.5:30]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Quick Heal Total Security 2013 *Enabled/Updated* {D8418B0E-EE80-1320-B172-3D5DEB3CE14F}
SP: Quick Heal Total Security 2013 *Enabled/Updated* {63206AEA-C8BA-1CAE-8BC2-062F90BBABF2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Quick Heal Firewall *Enabled* {E07A0A2B-A4EF-1278-9A2D-946815EFA634}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Quick Heal\Quick Heal Total Security\EMLPROXY.EXE
C:\Program Files\Quick Heal\Quick Heal Total Security\SAPISSVC.EXE
C:\Program Files\Quick Heal\Quick Heal Total Security\opssvc.exe
C:\Program Files\Quick Heal\Quick Heal Total Security\quhlpsvc.exe
C:\Program Files\Quick Heal\Quick Heal Total Security\SCANWSCS.EXE
C:\Windows\system32\taskhostex.exe
C:\Windows\Explorer.EXE
C:\Program Files\Classic Shell\ClassicStartMenu.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Quick Heal\Quick Heal Total Security\onlinent.exe
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
C:\Windows\system32\CNAB4RPK.EXE
C:\Windows\splwow64.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
mSearch Page = hxxp://www.google.com
BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - c:\program files\classic shell\ClassicExplorer32.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: ClassicIEBHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - c:\program files\classic shell\ClassicIEDLL_32.dll
TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - c:\program files\classic shell\ClassicExplorer32.dll
mRun: [Quick Heal Core UI] "c:\program files\quick heal\quick heal total security\strtupap.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:221
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: disablecad = dword:1
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - c:\program files\classic shell\ClassicIE_32.exe
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {9455301C-CF6B-11D3-A266-00C04F689C50} - {9455301C-CF6B-11D3-A266-00C04F689C50}
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{E5E84425-7882-4C62-BDB5-54E5415D47D4} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: msero - {B0D92A71-886B-453B-A649-1B91F93801E7} - c:\program files\common files\microsoft shared\encarta researcher\MSERO.DLL
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\vidya samson\appdata\roaming\mozilla\firefox\profiles\xjxa2sli.default\
FF - prefs.js: browser.startup.homepage - about:home|hxxp://www.zoetrope.com/members/priv/index.cgi?show_page=discuss&owner=14437
FF - plugin: c:\progra~1\micros~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_70.dll
.
============= SERVICES / DRIVERS ===============
.
R1 ggc;ggc;c:\windows\system32\drivers\ggc.sys [2013-7-30 49904]
R1 wsnf;Network Filter Driver;c:\windows\system32\drivers\wsnf.sys [2013-7-30 38856]
R1 wstif;wstif;c:\windows\system32\drivers\wstif.sys [2013-7-30 68448]
R2 catflt;catflt;c:\windows\system32\drivers\catflt.sys [2012-9-8 45672]
R2 Core Mail Protection;Core Mail Protection;c:\program files\quick heal\quick heal total security\EMLPROXY.EXE [2012-7-28 29680]
R2 Core Scanning Server;Core Scanning Server;c:\program files\quick heal\quick heal total security\SAPISSVC.EXE [2012-7-28 206320]
R2 EMLSS;EMLSS;c:\windows\system32\drivers\EMLTDI.SYS [2013-7-30 29424]
R2 Online Protection System;Online Protection System;c:\program files\quick heal\quick heal total security\OPSSVC.EXE [2012-7-28 25584]
R2 Quick Update Service;Quick Update Service;c:\program files\quick heal\quick heal total security\QUHLPSVC.EXE [2012-7-28 91120]
R3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\drivers\Rt630x86.sys [2012-7-26 495104]
S0 mscank;mscank;c:\windows\system32\drivers\mscank.sys [2013-7-30 33136]
S2 Core Scanning ServerEx;Core Scanning ServerEx;c:\program files\quick heal\quick heal total security\SAPISSVC.EXE [2012-7-28 206320]
S2 WiseBootAssistant;Wise Boot Assistant;c:\program files\wise\wise care 365\BootTime.exe [2014-2-14 580232]
S3 llio;llio;c:\windows\system32\drivers\llio.sys [2013-8-14 58728]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=c:\windows\system32\NOTEPAD.EXE %1 [userChoice]
.
=============== Created Last 30 ================
.
2014-03-08 14:19:18 -------- d-----w- c:\program files\JRE
2014-03-06 08:00:33 -------- d-----w- c:\users\vidya samson\appdata\local\Macromedia
.
==================== Find3M ====================
.
2014-03-27 14:34:13 58728 ----a-w- c:\windows\system32\drivers\llio.sys
2014-03-05 13:58:32 45672 ----a-w- c:\windows\system32\drivers\catflt.sys
2014-02-16 03:47:08 107224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2014-02-16 03:46:40 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-01-16 07:50:17 544656 ----a-w- c:\windows\system32\deployJava1.dll
.
============= FINISH: 21:49:29.76 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8 Enterprise
Boot Device: \Device\HarddiskVolume1
Install Date: 7/30/2013 2:23:05 PM
System Uptime: 3/28/2014 9:13:30 PM (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | M5A78L-M LX V2
Processor: AMD Athlon II X2 270 Processor | AM3R2 | 3400/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 63 GiB total, 32.448 GiB free.
D: is FIXED (NTFS) - 146 GiB total, 132.348 GiB free.
E: is FIXED (NTFS) - 186 GiB total, 183.98 GiB free.
F: is FIXED (NTFS) - 70 GiB total, 68.699 GiB free.
G: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP36: 3/8/2014 7:48:54 PM - Installed OpenOffice.org 3.1
RP37: 3/16/2014 6:01:28 AM - Scheduled Checkpoint
RP38: 3/24/2014 9:55:28 AM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Adobe Flash Player 12 Plugin
Adobe Reader X (10.1.9)
Amazon Kindle
Canon LBP2900
CCleaner
Classic Shell
Final Draft 5
Java Auto Updater
Java 7
Malwarebytes' Anti-Malware
Microsoft Encarta Reference Library 2003
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Text-to-Speech Engine 4.0 (English)
Mozilla Firefox 27.0.1 (x86 en-US)
Mozilla Maintenance Service
Nero 7 Essentials
neroxml
OpenOffice.org 3.1
Quick Heal Total Security
Scriptware for Windows
Shockwave
UBitMenu UK
VLC media player 2.0.3
WinRAR archiver
Wise Care 365 2.94
Wise Disk Cleaner 8.03
Wise PC 1stAid 1.35
Wise Registry Cleaner 6.14
.
==== Event Viewer Messages From Past Week ========
.
3/28/2014 9:13:10 PM, Error: Service Control Manager [7023] - The Software Protection service terminated with the following error: The media is write protected.
3/28/2014 10:12:19 AM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
.
==== End Of File ===========================

Link to comment
Share on other sites

First of all:

Wise Care 365 2.94

Wise Registry Cleaner 6.14

 

I would get rid of these. They are not malware, but registry cleaners can totally brick your system. There is virtually zero chance that running one will speed up or enhance your system, but by running one, you run a significant risk of scrambling your registry - often irreparably. I do not have any experience with this particular one... but I've tried to "save" systems from the damage caused by these programs and my success rate isn't very good.

 

They sale you on the promise that "clearing out" the registry will speed things up. This just isn't true. You can think of the registry as a big card catalog like you find at your local library. You go to the card catalog and look for a specific book by title or author. The "card" then tells you where in the library to find the book. Registry entries are alot like that. When you do something on your computer, the operating system goes to the registry to find what program is available to perform that function, and the registry responds by telling the system where in memory to find the appropriate program.

 

What happens, over time, is that you replace programs that you want your system to use to perform functions - with newer/different programs. Sometimes the new program doesn't completely "clear" the registry of entries relating to the old program. We call those orphaned entries. When the operating system asks the registry what programs are available to perform the task... they are not offered as an option. They may be orphaned on the other end; If you were to search your registry- you might find entries that don't point to programs that exist on the computer. The Registry Cleaners promise to eliminate these entries... and they will do that (for the most part). The problem starts with their promise that this will "speed up" your system. Think back to the card catalog example. These entries are like cards in the catalog that no body pulls. Yes, the card takes up space... but it is infinitesimally small. We are talking bits of memory... not even bytes. Recovering that memory will have absolutely no effect on your system. The real problems are caused because .dll files are interrelated. Clearing a registry entry that was created by an "old" program, may impact "newer" programs because they utilize the same libraries. This can cause a cascading effect the ultimately will scramble the registry... making the system non-bootable. Bad mojo all around so we advise you to steer far far clear of these snake oil medicines.

 

Enough about that. Back to your log.

 

Your current log is not showing those "infections". I had a look back at your previous thread, and see that they did show in your initial log there. You ran several tools, but did no final housekeeping so it is possible that Hitman Pro was picking up traces that would still exist in quarantines. Files in quarantines are anesthetized so cannot "hurt" your system. I don't use Hitman Pro so I'm unsure of it's process... but did it produce a log you can paste here to show exactly what was found where?

 

Also, I see that you have Malwarebytes' Antimalware installed. Would you please run a scan and post the resultant log?

 

Finally, I see from your previous thread that you were having trouble reaching your homepage. Does that situation still exist? I'm specifically asking because I see in your log that there may have been an error reading your hosts file this morning. If you cannot reach your homepage, this could be related.

Link to comment
Share on other sites

Thanks for that info. I will copy and paste to send to friends who I know use registry cleaners. I'll unistall Wise Registry Cleaner. But can I keep Wise DISK Cleaner? I assume its more of a cleaner like CCleaner which I regularly use. I no longer use the Registry Cleaner in CCleaner since it disabled my MS Word once.

 

No I am NOT having trouble reaching my homepage.

 

 

I updated Malwarebytes' Antimalware and have pasted the log below. I note it doesn’t seem to show Jotzey, which Hitman Pro showed. Does that mean Malwarebytes doesn’t detect everything? No, Hitman didn’t leave me any logs and now I can't run it any more.

 

Malwarebytes showed MySearchDial and some trojan in skype. I downloaded skype years ago and never used it so I don’t know why it would.

 

I quarantined everything and ran Malwarebytes again and now it shows no malicious items. However I tried to see the quarantine box so I could then delete but find no way to see it. Is there a way?

 

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 3/29/2014

Scan Time: 6:51:09 AM

Logfile: malware log.txt

Administrator: Yes

 

Version: 2.00.0.1000

Malware Database: v2014.03.28.09

Rootkit Database: v2014.03.27.01

License: Trial

Malware Protection: Enabled

Malicious Website Protection: Enabled

Chameleon: Disabled

 

OS: Windows 8

CPU: x86

File System: NTFS

User: Vidya Samson

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 231487

Time Elapsed: 13 min, 28 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Shuriken: Enabled

PUP: Warn

PUM: Warn

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 2

PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}, , [ca3633cde917a25ef87ce05c956da060],

PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{C292AD0A-C11F-479B-B8DB-743E72D283B0}, , [ca3633cde917a25ef87ce05c956da060],

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 2

Trojan.Agent, c:\Users\Default\AppData\Roaming\skype.dat, , [16ea13edce32689837bf2e2da3600000],

Trojan.Agent, c:\Users\Vidya Samson\AppData\Roaming\skype.dat, , [0000b34d36ca04fc26d05605c241a25e],

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

Link to comment
Share on other sites

Though it says no threats left, I am still getting redirected to sites like google-analytics.com. bluedotmedia.org and facebook and others. At any rate they try to redirect me to those and that makes it take longer to get to the actual site I want to go like

 

http://www.kboards.com/index.php/board,60.0.html?PHPSESSID=2GrSycSuH6,7AOUTZSyLj3

 

which is one of the writers site I usually frequent. And is a very legit site.

 

On top of that when I turn on my computer when the icons finally load, I also see what looks like bubbles bubbling up at the bottom of teh page. That never happened before I got this malware, so its as if its visible proof that the malware is still hanging around.

 

Isn’t the fact something keeps trying to redirect my pages proof that some malware is still present?

Link to comment
Share on other sites

I know of no reason you shouldn't keep disk cleaner. It's just a temp file cleaner and a defrag assistant.

 

I have no clue what a registry defrag would be. That phrase has no meaning as far as I'm aware. You defragment your hard drive to group memory clusters contiguously for related data. I know of no way to defrag the registry as there are no memory clusters to group together. Registries don't get fragmented. I would advise you to stay away from any program that claims to mess with the registry.

The searchdial entries are a couple of orphaned registry entries (like I talked about earlier). They must have been left over from earlier removals. I'm not sure why Skype.dat was targeted. A year or so ago there was a rampant ransomeware that hid itself as skype.dat. I do not believe that you had the infected version. It may have been a false positive, but if you are not using it... it is an out of date version so is best gone.

Jotzey almost always comes attached to either a video streamer or a youtube downloader. It manifests itself by redirecting your searches. I don't know what Hitman found, but I'm not seeing any sign of it ... however, you say you are being redirected.

google-analytics.com is not a website that people get redirected to. That page is not a website that you go to... it is how google collects data for google ads. bluedotmedia.org is similiar. It is a service that websites use to collect data on people who visit their site. facebook.com is similiar data collection that sites use. When I go to the site that you posted... each of those services try to open as well as akamaihd.net and googlesyndication.com. These are all services that websites use to increase their ad revenue.

It appears that you use FireFox as your browser. There are a couple of add ons that you might want to try. They help block some of these ad services. They are AdBlock Plus and no-script. AdBlock, pretty much, just runs in the background. No-script takes a little training to make it work the way you want. Personally, I run both.

 

I suggest you install both of them and then try things out and see how it goes. Then let me know how things seem.

 

Also... please note that that website that you referenced, installed completely new forum software on March 11th. It is quite likely that you will notice that site to look and operate differently under the old software. Also, a bunch of users there got infected with inboxace malware through the new ads services right after the software upgrade.

Link to comment
Share on other sites

Thanks a lot. Yes I will now stay away from any program that claims to mess with the registry. Will also delete Skype.

 

"Jotzey almost always comes attached to either a video streamer or a youtube downloader. It manifests itself by redirecting your searches. I don't know what Hitman found, but I'm not seeing any sign of it ... however, you say you are being redirected."

 

 

Since I only installed Flash recently, I wasn’t even able to view any youtube or other videos till recently. So I would not anyway have downloaded either a video streamer or a youtube downloader.

 

 

google-analytics.com is not a website that people get redirected to. That page is not a website that you go to... it is how google collects data for google ads. bluedotmedia.org is similiar. It is a service that websites use to collect data on people who visit their site. facebook.com is similiar data collection that sites use. When I go to the site that you posted... each of those services try to open as well as akamaihd.net and googlesyndication.com. These are all services that websites use to increase their ad revenue."

 

 

 

That is what I meant by being redirected. Sounds like you're saying I used the wrong word.

 

So it happened to you too. So then is there no way to ensure it doesn’t happen? As I said it never happened before I got the malwares searchdial and Right surf. I naturally assumed it was something left over from them. And before the tech reinstalled Firefox, there were some sites that simply would not load. Instead they just hung, with the note at the bottom saying connecting to…one of these services.

 

But its not just that site it happens with. Those services that try to collect data as you said, those appear even when I go to other sites like this one, the pcpitstop forums, or various other sites.

 

I go on the net with images turned off most of the time to save bandwidth. I'm allowed to download/upload 1 GB a month after which I get charged more. I never go to porn sites, never download films or music, hardly ever watch Youtube videos.

 

But I have to do a lot of research for my writing, so I do google a lot and I can't always know if a site is iffy. Can you recommend any safe software that tells me if a site is infected? I've heard of various such but am afraid now to download anything new.

 

 

"It appears that you use FireFox as your browser. There are a couple of add ons that you might want to try. They help block some of these ad services. They are AdBlock Plus and no-script. AdBlock, pretty much, just runs in the background. No-script takes a little training to make it work the way you want. Personally, I run both."

 

 

Yes I'll definitely try those but before I do, do you think I should ask my tech to reformat the comp? I can't do it on my own but since this comp is still under warranty and he is giving me one year free on site service I could get him to do it for free, if that is the safest thing for this comp. I should do it before the contract expires in a few months, if I do it.

 

"I suggest you install both of them and then try things out and see how it goes. Then let me know how things seem."

 

 

You run both these and you still got those services trying to collect data. So what exactly will these do?

 

I have been reading up about computer safety. I read this:

 

"Another security precaution you should take is to disable active scripting. This relates primarily to the Windows environment, but you can check the configuration of web browsing software on other platforms as well.

 

Active scripting allows web pages and HTML based documents and email to run scripts and applets that execute programs. This can be used to generate dynamic content rather than simply displaying a static page and can provide you with a richer web-surfing experience."

 

 

 

So will that add-on No Script disable active scripting?

 

 

"Also... please note that that website that you referenced, installed completely new forum software on March 11th. It is quite likely that you will notice that site to look and operate differently under the old software. Also, a bunch of users there got infected with inboxace malware through the new ads services right after the software upgrade."

 

I knew about the update, not about the malware. I never click on their ads unless it happened by accident.

Link to comment
Share on other sites

The malware that people got at that site all came from clicking on an ad so I doubt you got it... it never showed in your logs.

 

 

Another security precaution you should take is to disable active scripting.

that is what no script does for you.

 

You run both these and you still got those services trying to collect data.

Those sites you see trying to run are from active scripts programmed into the website. It is not from your computer trying to run them... the website is trying to run them on your computer. You cannot stop them from "trying" to run... but with no script you can block them from running. Remember how I said that no script would take some "training" to get it set up the way you want? What happens is, when you go to a site - no script blocks all scripts, but lists all of them trying to run (that is how I know what was trying to run when I visited that site). Some times, at least at some sites, there may be scripts that you want to allow to run. For example, you might go to a site that has a quicktime video embedded. The video won't play unless you unblock quicktime. Another example is content delivery service. Many forums utilize content delivery services like CloudFlare to optimize delivery. Cloudflare "enhances" user experience at the site by doing things like optimizing routing to site servers. This should give the user the quikest and cleanest access to site data.

 

Site owners put/allow ads on their sites to pay for having the sites. Most sites don't make any money with the ads... but it helps offset costs to have the site. I don't blame them for doing it... but it is kind of sad that they must "make a deal with the devil" to keep their site up. Google ads is by far the most popular source of ad revenue... but in order to get the revenue from google... the site owner must allow them to run whatever ads they want... and some may carry nefarious payloads like the one at your author site. I believe the google agreements do allow the site owner to "ban" some ads from running on their site... but first they have to have run there and someone has to report something happening and then the removal request be submitted. It takes time and there isn't alot the site owner can do more than that. Most ad revenue agreements pay two ways. Views and clicks. Most users that spend enough time on the internet learn not to click on ads - but sometimes they do so accidentally. That is what the ad services count on. I don't know what the ratio is but it takes many multiples of views to equal one click. This "love-hate" relationship is why many sites/forums turn most or all of the ads off when a member logs in. That way they still generate a little income from lurkers- without annoying their members so much. However... even a member will get ads until he actually logs in.

 

As far as reformatting... if you have your data all adequately backed up and don't mind the hassle of having to set everything up the way you want it again... then go ahead. I don't know that you "need" to do it... but it might give you a little more peace of mind.

Link to comment
Share on other sites

"Jotzey almost always comes attached to either a video streamer or a youtube downloader. It manifests itself by redirecting your searches. I don't know what Hitman found, but I'm not seeing any sign of it ... however, you say you are being redirected."

 

 

I remember now shortly after I did install the most recent version of Flash, I went to some site for my research and I saw videos were playing automatically.

 

I googled "what is a video streamer." Am still not sure but it sounds like all it means is the stuff that enables videos to play when you go to any site.

 

So I can get malware etc from any vids playing on any site?

 

I greatly dislike playing any vids at all but it can't always be avoided. My writer friends sometimes make book trailers and recently one of them posted a vid for his novel on Kickstarter. And they ask for feedback.

 

So what precautions do I have to take before watching a video? I know my friends won't deliberately infect anyone but they may not know if a vid is infected.

 

I installed AdBlock Plus and no-script and am thrilled to see I am no longer seeing the names of those services in the bar.

 

Why has no one ever told me about these add-ons? A couple of my online writer friends are comp techs. I guess techs dont all know everything either.

 

Is there any site or newsletter that keeps one informed of the latest in security news and useful things we can install?

 

Please dont close this thread. I want to give it a few days and see if any of my problems recur.

 

Link to comment
Share on other sites

Oh dear, I see I lost formatting in my reply above and though I put everything with line breaks and paras, none have appeared. Is this cos of the message at the top of the screen: Javascript Disabled Detected

 

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

 

javascript.enabled

 

 

I did try to re-enable by going to about: config. Maybe I'm still doing something wrong.

 

Link to comment
Share on other sites

 

So I can get malware etc from any vids playing on any site?

While that statement is technically true (which is why you want to keep your programs updated - java, shockwave, quiktime, flash, etc.), I was specifically referring to the specific infections you saw traces of. Streamers and downloaders are "third party" programs that are designed to "enhance" your experience. Streamers allow you to view a video as it streamers - rather than having to download it in order to view it. Downloaders may speed up the download through compression or even allow you to continue the download from the place you were interrupted rather than having to start over. There are thousands of third party programs out there that do all sorts of things. The problem is many, so called, "free" programs come bundled with adware... which is how the author makes money. About all that you can do to protect yourself is remain vigilant. Make sure that only in stall programs that you really want - and not other things bundled with them. Unfortunately, you won't see them all which is why I recommend an anti-malware program like Malwarebytes'. They help to keep PUP's (possibly unwanted programs" off your system.

 

No script takes some getting used to. If you are running no script on this page... you should have a no scripts menu bar at the bottom of the screen. This bar should have an Options button on the right. Clicking options opens the menu of choices of scripts to block or not. On this site, I must allow ajax.googleapis.com in order to have the formatting buttons available.

Link to comment
Share on other sites

I did allow ajax.googleapis.com but am still getting teh message i must enable javascript. how do i do that?

 

So anyway I guess I do NOT have any malware in my comp?

 

Last time in that previous thread the tech told me to run Malwarebytes anti rootkit. That showed no problems. Before I ran it I was given a warning about how theres a risk I could lose my data etc.

 

But should I run Malwarebytes anti rootkit on a regular basis just as I should run stuff like Adware Removal and AdwCleaner?

 

What are the tools I should run once a month or so to ensure my comp is clean? At present I run CCleaner, Wise DISK Cleaner, Malwarebytes' Antimalware, Adware Removal and AdwCleaner.

 

My QuickHeal antivirus didnt prevent the malware on my comp though it claims to also remove malware and rootkits. As I said to the other tech, QuickHeal is famous in India but no one in the US seems to have heard of it. Three different techs here assured me QuickHeal is the best and I should use that.

 

At this point, I'm wondering: is there any point my using a paid AV? I used to use the free Avast and a tech said my previous computer [a desktop like this one] died because it had a very nasty virus that corrupted the HD. Um, ok, but it was also 9 years old. Then again, perhaps it was years of possibly getting viruses that Avast wasnt removing and that I wasnt aware of that finally corrupted it?

 

I'm going to buy a laptop soon and I need to know what AV to use on it. Would a free one work if I also regularly ran the above checks on it including Malwarebytes anti rootkit? And if I use AdBlock Plus and no-script too, will that greatly reduce the chances of my getting any virus or are these more for malware?

 

Would all those be as good as a paid AV? If not, which AV do you recommend?

 

Link to comment
Share on other sites

If I was running windows 8, I don't think I would run a paid AV. I would utilize the built in Windows Defender that is the evolution of what Microsoft Security Essentials was for XP, vista, and Windows 7 systems. i would then purchase the paid version of Malwarebytes'. Currently you can still by a lifetime license for under $20 - that is a one time payment good for ever (and I think it will cover 3 machines). Version 2.0 just came out and it will cost something like $40/year... but it's a free upgrade and your lifetime license is still good (with no additional payments) if you git it now. Version 2.0 has a rootkit scanner built in. That covers the "mandatory" things in my opinion. From there I'd consider more layers. Perhaps add Winpatrol.

 

I know nothing about QuickHeal except for it has a good reputation in India. I believe that AVAST! is one of the best out there (and I use it myself on one computer... MSE on the other).

 

Another option, specifically because we are at PCPitstops site is to purchase PCPitstop and be done with it.

 

To enable javascript in FireFox:

  1. In the address bar, type about:config and press Enter.
  2. Click "I'll be careful, I promise" if a warning message appears.
  3. In the search box, search for javascript.enabled
  4. Toggle the "javascript.enabled" preference (right-click and select "Toggle" or double-click the preference) to change the value from "false" to "true".
Link to comment
Share on other sites

Thanks!

 

 

Toggle the "javascript.enabled" preference (right-click and select "Toggle" or double-click the preference) to change the value from "false" to "true".

 

 

Yes I did that but I still get a message like this when I go to certain sites:

 

"Your browser's Javascript functionality is turned off. Please turn it on so that you can experience the full capabilities of this site."

 

 

And thats even after I allow all scripts on that page. What do I do now?

 

Also, if I want to uninstall and reinstall FireFox, is there any way to save my plug ins so I dont have to download them again? I always lose my plug ins when I do this.

 

Link to comment
Share on other sites

I wrote you a "beautiful" reply yesterday... but apparently I forgot to post it. :facepalm:

 

You should be able to re-install firefox "over the top" without losing your add on's. (click on "Download a fresh copy")

 

Please provide the address to one of the sites that gives you the javascript warning and I'll see if I can re-create it so I can advise how to fix. :)

Link to comment
Share on other sites

This site, pcpitstop is one of those sites that says:

 

"Javascript Disabled Detected

 

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality."

 

 

I know various other sites said it but now I dont remember which ones. My banking site said it and also added that some plug in or software was out of date or something. How do I find out if my plug ins and software are up to date?

 

Link to comment
Share on other sites

It took me a bit to figure out... but I think I've got it. You need to allow the actual site in your "no script" add on. If you allow pcpitstop.com, the javascript message will go away. I'm believing it is similiar at other sites where you get this warning.

Link to comment
Share on other sites

Let's do a little housekeeping.

 

This tool will cleanup some tools and reset some settings.

We need to remove the tools we've used during cleaning your machine

  • Download Delfix from here
  • Ensure Remove disinfection tools is ticked
    Also tick:
    • Create registry backup
    • Purge system restore

    xdelfix.jpg.pagespeed.ic.Ck7YnvAjwU.jpg
  • Click Run

The program will run for a few moments and then notepad will open with a log. I don't need to see it so you don't need to post it.

If you have any tools or logs left, just go ahead and delete them. Malwarebyres' is an exception. You should keep it.

 

The following is my standard advice for the future. Use what you can and pat yourself on the back for what you're already doing.

Please take time to read Preventing Malware - Tools and Practices for Safe Computing. Very important information for your consideration is contained therein.

I would also suggest you read this:
So how did I get infected in the first place?
by Tony Klein


Also: "How to prevent malware"
by miekiemoes

Please respond back that you understand the above and let me know if you have any questions. Otherwise, this thread will be closed Resolved.

 

Link to comment
Share on other sites

Hi,

You said:

 

"This tool will cleanup some tools and reset some settings.

 

We need to remove the tools we've used during cleaning your machine"

 

Does this mean you want to remove some of the cleaning software I installed such as Malwarebytes anti rootkit? I thought I should keep that one in particular since it is supposed to be powerful. Would it not be good to clean with that once in a while?

 

I wonder if you would mind giving me some advice? I found this laptop for sale:

 

 

 

http://ahmedabad.quikr.com/HP-2000-2d02TU-6-months-old-15-000-Only-W0QQAdIdZ165116262

 

I WAS planning to buy a new Lenovo but this HP costs at least eight thousand rupees less and is supposedly still under warranty for the next 6 months. I rang up the seller and he said he would show me the bill of sale, warranty papers etc when he comes to my house tomorrow to show me the laptop.

 

He claims he is selling it after having it only 6 months because he needs money urgently, which I sort of don’t believe because in India, if you can afford a laptop, you aren’t really likely to be desperately in need of money. Besides, Indians have very strong family ties. I can't imagine any middle class family who won't be willing to give any member that badly needs it the Rs 15,000 he is asking for the laptop. If you're desperately in need of money, you ask your extended family for it. That simple. Unless you really struck out and are cursed with a truly lousy family, in which case you might as well disown them.

 

On top of that I recently saw another ad by someone who wanted to sell his lappy after only 10 days and he too claimed he needed money due to some emergency. But when I googled his lappy I saw it has a very inferior processor.

 

So though I would like to get a good deal and buy a lappy that is still under warranty, I also wonder why anyone would sell any lappy after only a few months. I suspect these guys failed to do the research before buying and then found out afterwards the processor is too slow or the lappy has some other problem.

 

I googled and read up various sites on:

 

HP 2000-2d02TU

 

And

 

Processor: Intel® pentium ® CPU B960 @2.2GHz 2.2GHz

 

Since those are the specs of the lappy.

 

I found this said on the net:

 

"The B960 isn't a horrible processor, but it is mediocre at best"

 

The seller said it was a dual core, but it doesn’t sound like it and it's never a good sign when a seller lies to you.

 

However I only need the lappy for my writing and research. So, word processing and the internet. I don’t need it for gaming or watching films or doing any video editing. I do want a processor that handles all my needs without being slow like my last desktop, an Intel Pentium 4, was.

 

I googed "HP 2000-2d02TU heating problem" but found nothing.

 

Is there any software I can run to test for any problems in the lappy? The HP service center is near my house and we could take it there so I can get it checked out by them but then would they be able to tell anything was wrong such as overheating if the lappy seemed to be working fine for some time?

 

I remember reading of one HP lappy series that had some lousy screens that died in a year or two. Not this particular series but it left me with some doubts about HP as a brand, especially since my very first desktop was an HP and it always gave me trouble.

 

And he says he has never used an antivirus on it. Friend of mine warned me that one danger of buying a used lappy is that it could have some rootkit infection or something that corrupted it so bad and went so deep it would be uncurable.

 

So can you please recommend any programs that would check for stuff like that and ensure this lappy--or any lappy I want to buy--is virus free and has no other problems such as overheating and an iffy screen? Thanks a lot.

Link to comment
Share on other sites

The tool won't remove malwarebytes'. It will remove DDS and a whole variety of tools that we didn't run on your machine.

 

I am not a computer expert by any means and may not be the right person to be asking about choosing a new computer. However, from what I can tell, the HP 200-2d02tu sold new for closer to 26,000 rupees when new and didn't have windows 8 installed (just free DOS). I have no idea why someone would want/need to sell it at such a discount. Here are the specs according to HP: http://h10025.www1.hp.com/ewfrf/wc/document?docname=c03762931&cc=us&dlc=en&lc=en

 

I don't have a ton of experience, but I've always had good luck with HP machines. As far as I know... the B960 is dual core. My gut feeling is it would be plenty of laptop for word processing and cruising the internet.

 

You might want to ask the general population here at PCPitstop on their feelings. Some here work on computers for a living and know more about the potential problems of a specific system. To do that I would propose that you pose a question in the User to User forum.

 

As far as a used machine goes... I'd say your best bet is a system that has had the hard drive wiped(including partitions so that a new boot record gets written) and a fresh install of the operating system performed. This should guarantee that no malware is on the system.

 

 

Link to comment
Share on other sites

 Share

×
×
  • Create New...