Jump to content
Sign in to follow this  
troothteller

Multiple Hijacks

Recommended Posts

This is the second time I tried to post this, being that I am using IE8 which froze after I wrote this post. After my Windows 7 went down yesterday, I tried to use this XP to download something to make a startup floppy to start my Windows 7. Both are on the same wireless network. Anyway, the download was so malevolent that even after running eScan, Baidu AntiVirus, Malwarebytes' Anti-Malware and SuperAntiSpyware, my default browser Firefox is still infected. Sites that normally do not have them have ads. There are popups whenever I have to log into a site. Any recommendations? I should be thankful this machine runs at all.

Share this post


Link to post
Share on other sites

start with this

 

Instructions on how to backup your Favourites/Bookmarks and other data can be found below.

Proceed with the reset once done.~~~~~~~~~~~~~~~~~~~~

 

BY4dvz9.pngAdwCleaner

  • Please download AdwCleaner and save the file to your Desktop.
  • Right-Click AdwCleaner.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts.
  • Click Scan.
  • Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate.
  • Ensure anything you know to be legitimate does not have a checkmark, and click Clean.
  • Follow the prompts and allow your computer to reboot.
  • After rebooting, a log (AdwCleaner[s0].txt) will open. Copy the contents of the log and paste in your next reply.
  • -- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.

     

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

     

     

    thisisujrt.gif

    Please download Junkware Removal Tool to your desktop.

    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
    ~~

    please post

    C:\AdwCleaner.txt

    JRT.txt

Share this post


Link to post
Share on other sites

Juliet, I have run the above programs after using updated versions. I am concerned because Junkware Removal tried to do something to my Baidu AntiVirus, which removed much of this malware, although not to the fullest entent. Incentally, the specific file that I tried to download in order to fix my Windows 7 problem, which I was able to fix last night, was "how to make a bootable floppy disk for windows 7." Here are the logs:

# AdwCleaner v4.111 - Logfile created 20/02/2015 at 14:16:26
# Updated 18/02/2015 by Xplode
# Database : 2015-02-18.3 [server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : Louis Paul Toscano - TOSHIBA-USER
# Running from : C:\Documents and Settings\Louis Paul Toscano\Desktop\adwcleaner_4.111.exe
# Option : Cleaning

***** [ Services ] *****

[x] Not Deleted : ACS

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\baidu
Folder Deleted : C:\Documents and Settings\All Users\Application Data\51d78f22170914a7
Folder Deleted : C:\Documents and Settings\All Users\Application Data\5897339613643084967
Folder Deleted : C:\Program Files\baidu
Folder Deleted : C:\Program Files\DigiSaver
Folder Deleted : C:\Program Files\RoboSaverr
Folder Deleted : C:\Program Files\SSaveeuLots
Folder Deleted : C:\Program Files\TakeTeheCoupon
Folder Deleted : C:\Program Files\TAkeTheaCoupona
Folder Deleted : C:\Program Files\UniDDealsi
Folder Deleted : C:\Documents and Settings\Louis Paul Toscano\Local Settings\Application Data\CrashRpt
Folder Deleted : C:\Documents and Settings\Louis Paul Toscano\Application Data\baidu
Folder Deleted : C:\Documents and Settings\All Users\Application Data\fghcgmhgfdebfbcjcpegkfeedmodhiic
Folder Deleted : C:\Documents and Settings\All Users\Application Data\ickjeffjhklolaoipkmikmdokcdphgbi
File Deleted : C:\WINDOWS\system32\acs.exe

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\P23e332d8_f852_4584_a619_93143dfb72bb_.P23e332d8_f852_4584_a619_93143dfb72bb_
Key Deleted : HKLM\SOFTWARE\Classes\P23e332d8_f852_4584_a619_93143dfb72bb_.P23e332d8_f852_4584_a619_93143dfb72bb_.9
Key Deleted : HKLM\SOFTWARE\Classes\P4e9cf24b_5106_46dc_8c73_d4aff391f547_.P4e9cf24b_5106_46dc_8c73_d4aff391f547_
Key Deleted : HKLM\SOFTWARE\Classes\P4e9cf24b_5106_46dc_8c73_d4aff391f547_.P4e9cf24b_5106_46dc_8c73_d4aff391f547_.9
Key Deleted : HKLM\SOFTWARE\Classes\Pb3e490bc_da0d_48a2_b430_8ecc2be98873_.Pb3e490bc_da0d_48a2_b430_8ecc2be98873_
Key Deleted : HKLM\SOFTWARE\Classes\Pb3e490bc_da0d_48a2_b430_8ecc2be98873_.Pb3e490bc_da0d_48a2_b430_8ecc2be98873_.9
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{23e332d8-f852-4584-a619-93143dfb72bb}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4e9cf24b-5106-46dc-8c73-d4aff391f547}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{b3e490bc-da0d-48a2-b430-8ecc2be98873}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{57B0DCF0-8B40-4449-8AA4-E297D6E779D4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{23e332d8-f852-4584-a619-93143dfb72bb}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{23e332d8-f852-4584-a619-93143dfb72bb}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{23e332d8-f852-4584-a619-93143dfb72bb}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4e9cf24b-5106-46dc-8c73-d4aff391f547}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{b3e490bc-da0d-48a2-b430-8ecc2be98873}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\Baidu
Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\SOFTWARE\Baidu
Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}

***** [ Web browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Mozilla Firefox v35.0.1 (x86 en-US)

-\\ Google Chrome v

[C:\Documents and Settings\Louis Paul Toscano\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : fghcgmhgfdebfbcjcpegkfeedmodhiic

*************************

AdwCleaner[R0].txt - [3666 bytes] - [06/05/2014 21:07:29]
AdwCleaner[R1].txt - [4975 bytes] - [20/02/2015 14:08:23]
AdwCleaner[s0].txt - [3732 bytes] - [07/05/2014 13:14:41]
AdwCleaner[s1].txt - [4955 bytes] - [20/02/2015 14:16:26]

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [5014 bytes] ##########

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Microsoft Windows XP x86
Ran by Louis Paul Toscano on Fri 02/20/2015 at 14:35:30.01
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

Successfully deleted: [File] "C:\WINDOWS\wininit.ini"

 

~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\baidu"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\baidu security"
Failed to delete: [Folder] "C:\Program Files\baidu security"

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 02/20/2015 at 14:43:09.65
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Share this post


Link to post
Share on other sites

I use adblock and Java noscript so I think what you see is not getting through on my browser.

 

I can see items removed that were malicious....

 

Whats happening on the computer now?

Share this post


Link to post
Share on other sites

Dear Juliet, I thought I responded earlier; but I do not see the post I expected to find. Anyway, I browsed with Firefox after going through your steps. I experienced nothing like yesterday. The popups and excess ads did not show. Logging into various websites did not cause anything to pop up. Thanks. Let me know if there is anything else I need to do to either search further or to secure this computer. I would not want this hijacking to occur again.

Share this post


Link to post
Share on other sites

It's possible more is on the computer but, in the sub forum we're in now we don't ask people to run extensive scanning tools.

 

Use your computer for a day or two, report back if anything shows up.

Share this post


Link to post
Share on other sites

Dear Juliet, that computer is on a wireless network with a Windows 7 64-Bit system. I am on that computer now. On another thread, that computer was down until I disconnected some devices. I would not want any more problems on the Windows 7 like I had on my XP.

Share this post


Link to post
Share on other sites

Dear Juliet, I thought we did a good job cleaning up this XP. However, earlier today I ran Baidu AntiVirus. It picked up four pieces of malware: c:\documents and settings\louis paul toscano\desktop\adwcleaner_4.111.exe Trojan.MSIL.Agent.aamqn Repaired
C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\Quarantine.exe Trojan.MSIL.Agent.aamqn Deleted
C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\jrt\misc.bat Backdoor.Win32.WebShell.Gen Repaired
C:\Documents and Settings\Louis Paul Toscano\Desktop\adwcleaner_4.111.exe Trojan.MSIL.Agent.aamqn Deleted

 

It appears that some may be connected with AdwCleaner. However, Malwarebytes' Anti-Malware did not find anything.

Share this post


Link to post
Share on other sites

Dear Juliet, I thought we did a good job cleaning up this XP. However, earlier today I ran Baidu AntiVirus. It picked up four pieces of malware: c:\documents and settings\louis paul toscano\desktop\adwcleaner_4.111.exe Trojan.MSIL.Agent.aamqn Repaired

C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\Quarantine.exe Trojan.MSIL.Agent.aamqn Deleted

C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\jrt\misc.bat Backdoor.Win32.WebShell.Gen Repaired

C:\Documents and Settings\Louis Paul Toscano\Desktop\adwcleaner_4.111.exe Trojan.MSIL.Agent.aamqn Deleted

 

It appears that some may be connected with AdwCleaner. However, Malwarebytes' Anti-Malware did not find anything.

Don't be worried over those files being detected. Your antivirus doesn't know those tools we use are safe.

 

For now you can consider those a false/positive.

 

I can remove them now if you like?

 

What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.

Most reliable and thorough.

The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.

This scanner can take quite a bit of time to run, depending of course how full your computer is.

 

 

GzlsbnV.pngESET Online Scan

Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

  • Please download ESET Online Scan and save the file to your Desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Double-click esetsmartinstaller_enu.exe to run the programme.
  • Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
  • Agree to the Terms of Use once more and click Start. Allow components to download.
  • Place a checkmark next to Enable detection of potentially unwanted applications.
  • Click Advanced settings. Place a checkmark next to:
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Ensure Remove found threats is unchecked.
  • Click Start.
  • Wait for the scan to finish. Please be patient as this can take some time.
  • Upon completion, click esetListThreats.png. If no threats were found, skip the next two bullet points.
  • Click esetExport.png and save the file to your Desktop, naming it something such as "MyEsetScan".
  • Push the Back button.
  • Place a checkmark next to xKN1w2nv.png.pagespeed.ic.JWqIaEgZi7.png and click SzOC1p0.png.pagespeed.ce.OWDP45O6oG.png.
  • Re-enable your anti-virus software.
  • Copy the contents of the log and paste in your next reply.

     

Share this post


Link to post
Share on other sites

Dear Juliet, what I posted came from the log of Baidu's actions. So, they are off. However, I can run ESET. It has been a while since I ran it; so any file I might have had to download it is probably obsolete.

Share this post


Link to post
Share on other sites

Dear Juliet, ESET ran and here is the log:

C:\AdwCleaner\Quarantine\C\Program Files\BrowseToSave\uninstall.exe.vir Win32/SProtector.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\UniDDealsi\UniDDealsi.exe.mwt.vir a variant of Win32/BHOUninstaller.AB potentially unwanted application
C:\Documents and Settings\Louis Paul Toscano\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\39\63451f27-3b138226 a variant of Java/Obfus.CL trojan
C:\Documents and Settings\Louis Paul Toscano\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\41\31c89de9-7934cf02 a variant of Java/Obfus.CL trojan
C:\Documents and Settings\Louis Paul Toscano\My Downloads\Media Burning Setups\cdbxp_setup_4.5.4.5306.exe a variant of Win32/OpenCandy.C potentially unsafe application
C:\Documents and Settings\Louis Paul Toscano\My Downloads\Windows Repair Disc Images\ubcd521.iso Win32/PSWTool.KonBoot.A potentially unsafe application
C:\Program Files\StepOne\StepOne.dll.mwt a variant of Win32/SProtector.O potentially unwanted application

Share this post


Link to post
Share on other sites

clear the Java cache

https://www.java.com/en/download/help/plugin_cache.xml

 

 

This you will have to remove manually.

C:\Documents and Settings\Louis Paul Toscano\My Downloads\Windows Repair Disc Images\ubcd521.iso

 

 

 

 

Download OTM by OldTimer Here & save it to your desktop.

  • Double click on OTM.exe to run it
  • Copy & paste the contents inside the Code box below beginning with :Files into --->> Paste Instructions for Items to be Moved
Note: Do not type it out to minimize the risk of typo error

 

:Files
C:\Documents and Settings\Louis Paul Toscano\My Downloads\Media Burning Setups\cdbxp_setup_4.5.4.5306.exe
C:\Program Files\StepOne\StepOne.dll
:Commands
[emptytemp]
[Reboot]
  • Click on MoveIt!
  • When done, click on Exit
Note: If a file or folder can't be moved immediately, you may be asked to restart your computer. Choose Yes.

A log will be produced at C:\_OTM\MovedFiles\date_time.log, where date_time are numbers. Post this log in your next reply.

 

 

How is the computer now?

Share this post


Link to post
Share on other sites

Also

 

Please run this security check.

 

Download Security Check by screen317 from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Share this post


Link to post
Share on other sites

Dear Juliet, before I can do any more of this, my XP computer is now hanging. After I completed ESET, I ran SuperAntiSpyware, as I do routinely with Baidu and Malwarebytes. SuperAntiSpyware ran clean. I shut the computer down last night, the same routine that I follow for the Windows 7 I am on now. After powering up early today, I saw that my wireless adapter did not connect. So, I thought a shutdown and restart would most likely correct. I did not use the power button, but clicked on the log off entry on the Start menu. Right now, the screen is dark, as it turns after the words display "Windows is shutting down;" but the cursor is still lit. Now, I am afraid to hit the power button in case it causes the motherboard to blow.

Share this post


Link to post
Share on other sites

Dear Juliet, that XP is on a Toshiba laptop, which has a separate switch to enable wireless connection. For future reference, these switches vary in location with newer laptops; but mine has a light behind it when turned on. On their PC's I do not know if they have the same separate switch. I should mention that Firefox is my default browser and I run it, as well as SeaMonkey without plugins. Anyway, here are the logs:

 

All processes killed
========== FILES ==========
C:\Documents and Settings\Louis Paul Toscano\My Downloads\Media Burning Setups\cdbxp_setup_4.5.4.5306.exe moved successfully.
C:\Program Files\StepOne\StepOne.dll folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32969 bytes
->Flash cache emptied: 57311 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 50038 bytes

User: Louis Paul Toscano
->Temp folder emptied: 843015 bytes
->Temporary Internet Files folder emptied: 14511815 bytes
->Java cache emptied: 2126 bytes
->FireFox cache emptied: 5955480 bytes
->Flash cache emptied: 58625 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33036 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19595 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 58321 bytes

Total Files Cleaned = 21.00 mb


OTM by OldTimer - Version 3.1.21.0 log created on 02242015_145637

Files moved on Reboot...
File C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\JETBFC1.tmp not found!

Registry entries deleted on Reboot...

Results of screen317's Security Check version 0.99.96
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Please wait while WMIC compiles updated MOF files.d
i
s
p
l
a
y
N
a
m
e
ECHO is off.
B
a
i
d
u
ECHO is off.
A
n
t
i
v
i
r
u
s
ECHO is off.
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
AOL Spyware Protection
SpywareBlaster 5.0
SUPERAntiSpyware
Secunia PSI
Java 8 Update 31
Java version 32-bit out of Date!
Java 64-bit 8 Update 31
Adobe Flash Player 16.0.0.305
Adobe Reader XI
Mozilla Firefox (36.0)
````````Process Check: objlist.exe by Laurent````````
Privatefirewall 6.1 pfsvc.exe
Baidu Security Baidu Antivirus BavSvc.exe
Baidu Security Baidu Antivirus BHipsSvc.exe
Baidu Security Baidu Antivirus BavTray.exe
Privacyware Privatefirewall 7.0 PFGUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 8%
````````````````````End of Log``````````````````````

Edited by troothteller

Share this post


Link to post
Share on other sites

You can delete or uninstall this

Java version 32-bit out of Date!

 

What is the computer doing now?

Share this post


Link to post
Share on other sites

Dear Juliet, I have been browsing with Firefox and, so far, no popups. From what I see, I only have one Java version and its Update feature does not show anything more recent available. How do you feel about the programs JavaRa and Hitman?

Share this post


Link to post
Share on other sites

I have been browsing with Firefox and, so far, no popups.

Glad to hear it.

 

You can use JavaRa to delete out the older versions.

 

Upgrading Java :

Please download JavaRa to your desktop and unzip it to its own folder

  • Run JavaRa.exe, then click on Remove Java Runtime.
  • Select the Java version you have from the drop down list, and then click on Run Uninstaller
  • Press Yes if it asks to uninstall the product.
  • Allow the uninstaller to remove the installed version.
  • When its finished, go back to JavaRa, and click Back
  • Click on Update Java Runtime and then select Download and install latest version.
  • Press Next
  • Press Java Manual Download.
  • A browser window will open with the Java download page.
  • Click the Windows offline link to download Java.
  • Run the installer.
  • Close JavaRa
~~~~~~~~~~~~~~~~~~~~~~~~~`

HitmanPro is another good tool to add to an arsenal.

I rather those who run it use these directions, in the case of a false positive. You can look over items found and determine if all need to be deleted

 

When the scan is done click on drop-down menu of the found entries (if any) and choose -

Apply to all => Ignore <= IMPORTANT!!!

Share this post


Link to post
Share on other sites

Dear Juliet, in my experience JavaRa does more than just eliminate outdated versions of Java. Despite that, I will run it because I do not feel like doing so much manual work here.

Share this post


Link to post
Share on other sites

that will work.

 

Safe surfing :)

 

AFZxnZc.jpg DelFix

  • Please download DelFix

    or from here http://www.bleepingcomputer.com/download/delfix/ and save the file to your Desktop.

  • Double-click DelFix.exe to run the programme.
  • Place a checkmark next to the following items:
    • Activate UAC
    • Remove disinfection tools

       

  • Click the Run button.
-- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete). Edited by Juliet

Share this post


Link to post
Share on other sites

Dear Juliet, we have to fix Java first. The only way I know is to go directly to the site. With the two options under JavaRa, one links to the developer page. I do not want that one. The other tries to use the Update feature in the Control Panel, which is now corrupted from the removal process. So, it looks like I will have to reinstall Java for both Firefox and IE8. Probably it is the same version we took off. Now that I ran JavaRa and went to Java's website to test for it, the site on both IE8 and Firefox shows that I have the most recent version, 8 Update 31, the same one we took off. Incidentally, when OTL rebooted, I took a screen shot. A program box with a yellow "!" came up. The box says, "The following browsers were found but not supported in Password Bank: Too New Browsers: Firefox." From this site's directions, I did not think I could include images in posts. Also, I may not have used the most recent, stable version of JavaRa, but one already on my computer. The one I have does not have any actions with drop down menus. I also have to download the new version with Firefox since IE8 does not allow downloads from the site linked. Now that I have the newest JavaRa, the removal process did not work, and it is taking me to the page to download the same version we had. By the way, does "click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore <= IMPORTANT!!!" pertain to JavaRa or Hitman?

Edited by troothteller

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...