Jump to content

Change Mode

Malware for 6 Days - Nothing is Helping


nadalotta
 Share

Recommended Posts

  • Replies 131
  • Created
  • Last Reply

Top Posters In This Topic

OMG, I was so out of it when I read the post above that I thought you wanted me to uninstall Revo then run TFC and reboot. UGH.

 

So.... I'm going to get to Revo back and run it again.

 

BTW, when I uninstalled Revo, a little box came up saying to reboot which I clicked on - it showed 21,000 MG would be deleted. But, when I went to the Recycle Bin, it was empty. I clicked on Properties and didn't see the screen with the files but a General Tab with:

Recycle Bin Location Space Available

{Folder}OS (C:) 916 GB

{Recovery} (D:) 14.9 GB

 

Settings for selected location:

{checked Radio Size button}:

Maximum size (MB) 48970

 

{unchecked button}:

Do not move files to the Recycle Bin. Remove files immediately when deleted.

 

{Checked box} Display delete confirmation dialog

 

Speaking of Recycling Bin, when I opened it, it had all of my file folders that I use such as Documents, Pictures, Music; under that were folders for Desktop, Computer, Network, Control Panel, Recycle Bin and then all of my folders that I've made over the years. Did I somehow move everything over into my Recycling Bin???

 

ETA: I right-clicked a file to send to the Recycling Bin - there is no longer an option for that. Shouldn't there be? (I can click and drag to it) I'm just so confused!!

 

 

Thank you so much!

Edited by nadalotta
Link to comment
Share on other sites

Hi Madam,

 

You wanted me to run the Revo Uninstaller of everything with iobit in it.

 

I clicked on it and then found out there were 146 iobit items. On post #72, I mentioned having being unsure as to what to do with all of those. I gave a list of

 

Going down the page, I saw the folder "Folders" with a + to the left so I clicked it. There weren't 146 items anymore but something like 25 because I'd chosen Folders instead of all (because I'd had questions and was too worried to continue). On post 75, I said I found a folder with a + sign; when I opened it:

 

All highlighted were all the following:

 

C:\Program Files\IObit Apps Toolbar\ - 1

C:\Program Files\IObit Apps Toolbar\FF\

C:\Program Files\IObit Apps Toolbar\FF\chrome\

C:\Program Files\IObit Apps Toolbar\FF\components\

C:\Program Files\IObit Apps Toolbar\IE\

C:\Program Files\IObit Apps Toolbar\IE\9.7\

C:\Program Files\IObit Apps Toolbar\Res\

C:\Program Files\IObit Apps Toolbar\Res\Lang\

 

But I knew we wanted the iobit Toolbar gone and there they were above so I clicked yes to delete them.

 

When I woke up this morning, I saw your post:

 

Run TFC by Old Timer, wait until it's finished, then reboot. See if that line is still showing with Revo.

 

And, like a dummy, I uninstalled Revo then ran TFC. There were boxes that were there that I posted in post #77. The only thing I haven't yet installed Revo again to install.

 

Does that help? I want you to know why/how I did what I did.

 

Thanks so much again! You have no idea how much your help has meant.

Link to comment
Share on other sites

Phew!

Okay that looks fine. Don't bother to re-install Revo again. That could be really dangerous! :P

 

I want you to keep TFC by Old Timer and use it about once a week or so.

You can keep AdwCleaner, as long as you update it. (it will update when/or if you need it)

 

Delete Combofix by clicking on Computer, then clicking Local Disk C:\

Look for folder C:\Qoobox <--- delete the folder. Empty the recycle bin.

 

You should be good to go now.

 

You need to update to IE11 and get any/all Windows critical updates as needed. Only update two or three at a time.

Link to comment
Share on other sites

You're not going to believe this - I ran House Calls deep scan and I still have 1 Malware!! Seriously, I want to cry.

 

ETA 2:34: Guess what? Now it's 2. House Calls is only 58% done. I'm now going off to cry.

 

ETA 8:30AM: The test is at 95% and there's 3

Edited by nadalotta
Link to comment
Share on other sites

OK, the HouseCalls finally hit 100% when I was here in front of the computer - yay!! Instead of it automatically rebooting, it listed the 3 problems and I clicked FIX. Here's the part that's available for me to see:

 

FILE:

C:\Program Files/Java jre7\lib\rt.jar THREAT: EXPL CVE20130431 TYPE: Other

 

C:\Users\Donna\AppData\Roa....\uninstaller.exe THREAT: ADW INSTALLCORE TYPE: Spyware

 

C:\Users\Donna\AppData\Roa... \uninstaller.exe THREAT: ADW INSTALCOR TYPE: SOFTWARE

 

All three show High Risk and FIXED. Then there is a Restore button (oh yeah, like I'll click on THAT!!!) and Close which I did.

 

Now I'm going to reboot and then try House Calls again. YAY!!!!!!!!!!

Link to comment
Share on other sites

When I rebooted, a wordpad doc popped up with this:

 

For two one is 444 for almost
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21769
IconResource=%SystemRoot%\system32\imageres.dll,-183
[LocalizedFileNames]
Windows Mail.lnk=@%ProgramFiles%\Windows Mail\WinMail.exe,-225
Wordpad.lnk=@%SystemRoot%\system32\shell32.dll,-22069
Calculator.lnk=@%SystemRoot%\system32\shell32.dll,-22019
Paint.lnk=@%SystemRoot%\system32\shell32.dll,-22054
Character Map.lnk=@%SystemRoot%\system32\shell32.dll,-22021
Snipping Tool.lnk=@%SystemRoot%\system32\SnippingTool.exe,-15051
Sidebar.lnk=@%ProgramFiles%\Windows Sidebar\sidebar.exe,-1005
Windows Photo Gallery.lnk=@%ProgramFiles%\Windows Photo Gallery\PhotoLibraryResources.dll,-1581
Solitaire.lnk=@%SystemRoot%\system32\gameux.dll,-10060 ETA: This line was a link and had a phone number (area code 142) but I didn't want to click it!

I'm running House Calls again but is the above something to worry about?

 

Thanks again!

Edited by nadalotta
Link to comment
Share on other sites

Download Security Check by screen317 from here http://screen317.spywareinfoforum.org/SecurityCheck.exe or here http://screen317.changelog.fr/SecurityCheck.exe
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt.
Please post the contents of that document.

 

It looks like HouseCall is telling you that you have "Hidden Files and Folders" open. .

 

In Windows Explorer: check Tools > Folder Options > View tab > check 'Hide
protected system files'. Apply this setting to all folders.

***desktop.ini files are created when you are showing 'hidden files and folders' .... (the icon that is semi-transparent)

Link to comment
Share on other sites

Hi Madam, I ran another House Calls before I left for an app't. It's at 65% and... 2 problems. What the heck???? I clicked FIX on them.

 

I'll do as you say - one thing, though, I always have my hidden files and folders open. Back in 2008, someone told me to do that because then you can see the entire whatever (I forget).

 

So I should NOT have those open then? Argh.

 

OK I'll be back with the results. Thank you!

 

ETA Here are the results:

 

Results of screen317's Security Check version 0.99.90
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Secunia PSI (3.0.0.2004)
CCleaner
Java 7 Update 67
Java version out of Date!
Adobe Flash Player 15.0.0.223
Adobe Reader 10.1.12 Adobe Reader out of Date!
Mozilla Firefox (33.1)
Google Chrome (38.0.2125.104)
Google Chrome (38.0.2125.111)
Google Chrome (chrome.exe..)
Google Chrome (Dictionaries...)
Google Chrome (master_preferences...)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbam.exe
Malwarebytes Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1 %
````````````````````End of Log``````````````````````

Edited by nadalotta
Link to comment
Share on other sites

Madam, there's something I don't understand about part of your instructions. You wrote:

 

In Windows Explorer: check Tools > Folder Options > View tab > check 'Hide
protected system files'. Apply this setting to all folders.

***desktop.ini files are created when you are showing 'hidden files and folders' .... (the icon that is semi-transparent)

 

I right-clicked on the start button for Explorer but couldn't see Tools, etc. So do you mean to do the Tools>Folder options, etc. to IE 9, Opera, Chrome and Firefox each?

 

Remember, I'm a novice at this kind of stuff! Thank you!

Link to comment
Share on other sites

Hi Madam, I ran another House Calls before I left for an app't. It's at 65% and... 2 problems. What the heck???? I clicked FIX on them.

 

I'll do as you say - one thing, though, I always have my hidden files and folders open. Back in 2008, someone told me to do that because then you can see the entire whatever (I forget).

 

So I should NOT have those open then? Argh.

 

OK I'll be back with the results. Thank you!

 

ETA Here are the results:

 

Results of screen317's Security Check version 0.99.90

Windows Vista Service Pack 2 x86 (UAC is enabled)

Internet Explorer 9

Internet Explorer 8

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Microsoft Security Essentials

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Secunia PSI (3.0.0.2004)

CCleaner

Java 7 Update 67

Java version out of Date!

Adobe Flash Player 15.0.0.223

Adobe Reader 10.1.12 Adobe Reader out of Date! Madam, this one is strange - I checked and 10.1.12 is what I have.

Mozilla Firefox (33.1)

Google Chrome (38.0.2125.104)

Google Chrome (38.0.2125.111)

Google Chrome (chrome.exe..)

Google Chrome (Dictionaries...)

Google Chrome (master_preferences...)

````````Process Check: objlist.exe by Laurent````````

Microsoft Security Essentials MSMpEng.exe

Microsoft Security Essentials msseces.exe

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbam.exe

Malwarebytes Anti-Malware mbamscheduler.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 1 %

````````````````````End of Log``````````````````````

 

Link to comment
Share on other sites

Updated Checkup:

Results of screen317's Security Check version 0.99.90

Results of screen317's Security Check version 0.99.90
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Secunia PSI (3.0.0.2004)
CCleaner
Java 7 Update 67
Java version out of Date!
Adobe Flash Player 15.0.0.223
Adobe Reader 10.1.12 Adobe Reader out of Date! Still not sure why this is out of date. Mine shows 10.1.12
Mozilla Firefox (33.1)
Google Chrome (38.0.2125.104)
Google Chrome (38.0.2125.111)
Google Chrome (chrome.exe..)
Google Chrome (Dictionaries...)
Google Chrome (master_preferences...)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbam.exe
Malwarebytes Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0 %
````````````````````End of Log``````````````````````

 

No more Fragmentation on Drive: C !!!!

Edited by nadalotta
Link to comment
Share on other sites

Update Adobe Reader: http://www.adobe.com/support/downloads/product.jsp?platform=windows&product=10

Version 11.0.09

 

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Update Java:


  • Download the latest version of Java Runtime Environment 7u72(JRE) .http://www.oracle.com/technetwork/java/javase/downloads/index.html
  • Scroll over to the right (JRE) (download) >>(not server!)

     

     

  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Programs and Features and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre 7u72--windows-i586-p.exe to install the newest version.
Link to comment
Share on other sites

Well, 1 out of 2 worked.

 

I was able to install #2 the Java. BTW, there was just one Java that had to be removed before adding the new one. I even did a search - just the one. It was version 67 - this one is 72.

 

OK now to the not so good:

 

I did as you said and downloaded the Update Adobe Reader per your instruction but when I tried to install it, a white box titled Windows Installer comes up with a red circle and a white X. It says:

"The upgrade patch cannot be installed by the Windows Installer service because the program to be upgraded may be missing or the upgrade patch may update a different version of the program. Verify that the program to be upgraded exists on your computer and that you have the correct upgrade patch." *

 

p.s. When looking through the Control Panel, guess what else was on the list of programs - iobit Apps Toolbar v9.7!!! Shall I try to delete again?

 

* Madam, I have a folder of Downloaded items to do. I looked in it and here are two of the programs I was supposed to download. Both were dated 24 Oct 2014. Here they are:

install_reader10_en_mssa_aaa_aih.exe
install_reader10_en_mssd_aaa_aih.exe

Could this be the reason why I can't download the reader you want me to download? Should I just delete these two programs? Thanks!

Edited by nadalotta
Link to comment
Share on other sites

I don't use Adobe Reader .... I use Foxit Reader http://www.foxitsoftware.com/Secure_PDF_Reader/

Please be aware of bundled add-ons that may come with this download if you choose to switch. Uncheck pre-checked items!

 

I'd like you to scan your machine with ESET OnlineScan

  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the esetOnline.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
    3. [*]Check esetAcceptTerms.png [*]Click the esetStart.png button. [*]Accept any security warnings from your browser. [*]Check esetScanArchives.png [*]Push the Start button. [*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. [*]When the scan completes, push esetListThreats.png [*]Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. [*]Push the esetBack.png button. [*]Push esetFinish.png

Link to comment
Share on other sites

Hi Madam,

 

I d/l the ESET and hit START but had a problem. I'm supposed to check one of the two:

 

Enable Detection of potentially unwanted applications

Disable detection of potentially unwanted applications

 

Then saw a click on "Hide advanced settings". Things were hidden so I wanted to see what was behind there. Here's the list:

 

1. Remove found threats - this was checked.

2. Scan archives - unchecked.

3. Scan for potentially unsafe applications - unchecked.

4. Enable Anti-Stealth technology - this was checked.

 

Then there was this: Current scan targets: Operating memory, Local drives (then CHANGES as a link).

1. Use custom proxy settings (then CONFIGURE as a link)

 

BTW, there was a warning: Another antivirus was detected. This may affect the performance and quality of the scan. (Link of SHOW LIST) When I clicked it, there was: Microsoft Security Essentials

 

MY QUESTIONS:

 

1. Should I check the Enable detection of potentially unwanted apps or Disable detention of potentially unwanted apps.

 

2. Under Hide advanced settings, are the two items already checked alright? I know later I'm supposed to click Scan Archives.

 

3. I can't disable my MS Security Essentials from ESET. Should I go go into my Control Panel and pause it or disarm it or whatever it's called or just run the ESET as is.

 

Thanks very much!

Link to comment
Share on other sites

Good morning, Madam,

 

Thank you but I can't run it without checking one of the following:

 

I'm supposed to check one of the two:

 

Enable Detection of potentially unwanted applications

Disable detection of potentially unwanted applications

 

Thanks!

Link to comment
Share on other sites

Thank you very much. So, basically, under Hide Advanced Settings, I checked the unchecked items and unchecked the checked items.

 

 

Son of a gun - 47 seconds and this program has found 6 infected files!

 

 

I'll let you know when it's done and how many hundreds of infected files have been found. :rollingpin:

Edited by nadalotta
Link to comment
Share on other sites

ESET Online Scanner Results:

 

Scanned Files: 381689

Infected Files: 79 (and, yes, there were more than 5 IObit files)
Cleaned Files: 0

Scan Status: Finished

 

I'm trying to copy/paste all of the infected files but I can't copy the entire screen. There are options to copy to clipboard and Export to text file. I saved the txt file but it didn't print on anything. Then I googled how to copy to clipboard but it didn't work.

 

The screen before it which showed the numbers of infected files, etc. also had this:

 

Select Uninstall if you want to remove all ESET Online Scanner files from your computer. The next time you run the ESET Online Scanner, they will need to be downloaded again.

Then there's a checked box: Uninstall application on close and then a FINISH button.

 

Is there a way I can get a list of the infected files? It shows some from my XP Laptop which my Vista has shared files with the laptop. Thanks!

 

p.s. I ended up taking a pic with my iphone of each screen which showed an error - five screens in all but you'd need to enlarge each one to read it.

Edited by nadalotta
Link to comment
Share on other sites

 Share


×
×
  • Create New...