Jump to content

oldman960

Trusted Malware Techs
  • Content Count

    59
  • Joined

  • Last visited

About oldman960

  • Rank
    WTT Teacher

Previous Fields

  • Teams:
    Nothing Selected
  1. Hi boanro, More than happy to have been able to help. Take care.
  2. Hi boanro, I don't see anything to be concerned with. It does seem to be a temporary file issue, the last tool we used will clean out some of the caches. We'll clean up the tools. Keep Defogger as we will use it later in the cleanup. From your desktop, please delete, if present any notepads/logs that we created aswMBR.exe DDS.scr MBR.dat Next Click the Start button, click Run. Copy and paste the following line into the run box and click OK Combofix /uninstall I suggest you keep MBAM. Keep it updated and use it regularly. You can also keep TFC, use it regularly. To re-enable your Emulation drivers, double click DeFogger to run the tool. The application window will appear Click the Re-enable button to re-enable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appear Click OK DeFogger will now ask to reboot the machine - click OK IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop. Your Emulation drivers are now re-enabled. You can now delete Defogger. Updates and upgrades There is a new version of java available. Click your start button, open Control panel. Locate the Java icon (it looks like a coffee cup) double click it to open it click the Update tab Click update now Next, clear the java cache Still in Control Panel. [*]Double-click the Java icon in the control panel. [*]On the General tab, Click Settings under Temporary Internet Files. [*]On the Temporary Files Settings screen, Click Delete Files. [*]check all boxes [*]Click OK Some Recommendations and prevention tips Basic security consists of 1 antivirus program, 1 resident antispyware program, 1 on demand antispyware program and a firewall. You have those already. You can also use Spybot to install a Custom Hosts file. -Secure your Internet Explorer From within Internet Explorer click on the Tools menu and then click on Options. Click once on the Security tab Click once on the Internet icon so it becomes highlighted. Click once on the Custom Level button. Change the Download signed ActiveX controls to Prompt Change the Download unsigned ActiveX controls to Disable Change the Initialize and script ActiveX controls not marked as safe to Disable Change the Installation of desktop items to Prompt Change the Launching programs and files in an IFRAME to Prompt Change the Navigate sub-frames across different domains to Prompt When all these settings have been made, click on the OK button. If it prompts you as to whether or not you want to save the settings, press the Yes button. Next press the Apply button and then the OK to exit the Internet Properties page. - Keeping your Windows up-to-date is crucial to your computer's security. Please go to the Windows Update Site (using Internet Explorer) and download and install all critical updates on a regular basis - Make sure you have reset Automatic Updates to your chosen optionClick your start button > Control Panel > System - Keep your antivirus program updated, as well as any other security programs you have. -More tips and programs can be found HERE - You may also want to read this article By Tony Klein http://www.freedomlist.com/forum/viewtopic.php?t=22879 Please post back if you have any problems. Take care
  3. Hi boanro, Let's see if this will turn anything up. Please read through these instructions to familarize yourself with what to expect when this tool runs Download ComboFix from one of these locations: Link 1 Link 2 * IMPORTANT !!! Save ComboFix.exe to your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs Double click on ComboFix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply. Notes: 1.Do not mouse-click Combofix's window while it is running. That may cause it to stall. 2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser. 3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper. 4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine. Please post back with the combofix log. Thanks
  4. Hi boanro, No problem. I'll "see" you in a couple of days.
  5. Hi boanro, Perhaps your temporary internet files got a little out of hand. When is the last time you did some basic maintanance and cleanup? Try using the computer for a bit. Let me know how you make out and if it still seems ok we'll clean up the tools.
  6. H iboanro, That log looks good. Which browser are you using? Is it the same with all browsers? Download TFC to your desktop Close any open windows. Double click the TFC icon to run the program TFC will close all open programs itself in order to run, Click the Start button to begin the process. Allow TFC to run uninterrupted. The program should not take long to finish it's job Once its finished it should automatically reboot your machine, if it doesn't, manually reboot to ensure a complete clean Next You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan. Open MBAM Click the Update tab Click Check for Updates If an update is found, it will download and install the latest version. The program will close to update and reopen. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the entire report in your next reply. Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly. Please post back with MBAM logThanks
  7. Hi boanro, There may be a false reading in that last scan. It may be caused some software you have installed that could interfer with aswMBR. We'll temporarily disable some drivers and make sure we get an accurate log. Please download DeFogger to your desktop. Double click DeFogger to run the tool. The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appear Click OK If it needs to, DeFogger may ask to reboot the machine - click OK IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.Do not re-enable these drivers until otherwise instructed. Next Please rerun aswMBR.exe as you did before and post the log produced.
  8. Hi boanro , Comodo appears to be installed with just the firewall. When did you first notice the slow down? Any other symptoms? FrostWire 4.21.3 You have FrostWire 4.21.3, a P2P/file sharing program installed on your computer. P2P applications like it are the largest source of malware we see. You'll be doing yourself a favor by removing it. References for the risk of these programs can be found in these links: http://www.microsoft.com/windows/ie/commun...protection.mspx http://www.internetworldstats.com/articles/art053.htm://http://www.techweb.com/wire/1605005...cles/art053.htm I would recommend that you uninstall FrostWire 4.21.3, however that choice is up to you. If you choose to remove this program, you can do so via Control Panel >> Add or Remove Programs. If you wish to keep it, please do not use it until your computer is cleaned. Open hijackthis, do a system scan only and checkmark these lines, if present O2 - BHO: (no name) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - (no file) O2 - BHO: (no name) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - (no file) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} (Java Plug-in 1.6.0_17) - Close ALL other windows/browsers and click Fix Checked. Answer Yes if prompted. Close HJT. Download aswMBR.exe ( 511KB ) to your desktop. Double click the aswMBR.exe to run it Click the "Scan" button to start scan On completion of the scan click save log, save it to your desktop and post in your next reply
  9. Hi boanro , welcome to the forum. To make cleaning this machine easier Please do not uninstall/install any programs unless asked toIt is more difficult when files/programs are appearing in/disappearing from the logs. Please do not run any scans other than those requested Please follow all instructions in the order posted All logs/reports, etc.. must be posted in Notepad. Please ensure that word wrap is unchecked. In notepad click format, uncheck word wrap if it is checked. Do not attach any logs/reports, etc.. unless specifically requested to do so. If you have problems with or do not understand the instructions, Please ask before continuing. Please stay with this thread until given the All Clear. A absence of symptoms does not mean a clean machine. Looks like you may have mutiple antivirus programs installed. If this is the case it will not give you more protection, it may actually give you less. Multiple antivirus programs will conflict causing the slow down you are experiencing. Avast5 COMODO Internet Security- did you install this with the antivirus? Please download DDS and save it to your desktop. Disable any script blocking protection Double click dds.scr to run the tool. When done, DDS.txt will open.An additional log called Attach.txt should appear minimized on the task bar. Save both reports to your desktop before closing the DDS window. Please post back with antivirus status DDS.txt Attach.txt Thanks
  10. Hi mackie, No you can uninstall it. I find it to b a nusiance. You're welcome.
  11. Hi mary_to78, Keep Defogger, we will use it shortly. From your desktop, please delete, if present any notepads/logs that we created Rootkit Unhooker GMER.exe GMER.zip Next *Create a new Restore Point* Click on the Start button to open your Start Menu. Click on the Control Panel menu option. Click on the System and Maintenance menu option. Click on the System menu option. Click on System Protection in the left-hand task list. Create the manual restore point you should click on the Create button. When you press this button a prompt will appear asking you to provide a title for this manual restore point. Type in a title for the manual restore point and press the Create button. Close the System window after you have been advised that the procedure has been successfully completed. *Remove old Restore Points* Next, go to Start > Run and type in cleanmgr Select the More options tab Choose the option to clean up system restore and Ok it This will remove all restore points except the most recent one. Next To re-enable your Emulation drivers, double click DeFogger to run the tool. The application window will appear Click the Re-enable button to re-enable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appear Click OK DeFogger will now ask to reboot the machine - click OK IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop. Your Emulation drivers are now re-enabled. Next Open OTL then click the Clean Up button. You may get prompted by your firewall that OTL wants to contact the internet - allow this. A cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will do some clean up tasks and delete some of the tools you have downloaded plus itself. I suggest you keep MBAM. Keep it updated and use it regularly. Eset online scanner can be uninstalled if you wish, Click on the Start button > Control Panel Depending on your setings, either click on the Uninstall a program option under the Programs category. If you are using the Classic View of the Control Panel, then you would double-click on the Programs and Features icon instead. Some Recommendations and prevention tips Basic security consists of 1 antivirus program, 1 resident antispyware program, 1 on demand antispyware program and a firewall. * If you are behind a router Windows firewall should be fine. Otherwise a 3rd party firewall with outbound monitoring is recommended. Click FIREWALL for links and tutorials to good, free and paid for firewalls. (Note: Zone Alarm is becoming bloatware) You should also use Spyware Blaster to help immunize your computer. - SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. OR A guide to understanding and using the hosts file. Learn how your Hosts file can protect you and how you can protect it. Besides the Hosts file information, there are links to a very good updated hosts file, a host file manager. and some programs that can protect your hosts file. HOSTS Please read the info on disabling the DNS Client before installing a custom hosts file. -Secure your Internet Explorer From within Internet Explorer click on the Tools menu and then click on Options. Click once on the Security tab Click once on the Internet icon so it becomes highlighted. Click once on the Custom Level button. Change the Download signed ActiveX controls to Prompt Change the Download unsigned ActiveX controls to Disable Change the Initialize and script ActiveX controls not marked as safe to Disable Change the Installation of desktop items to Prompt Change the Launching programs and files in an IFRAME to Prompt Change the Navigate sub-frames across different domains to Prompt When all these settings have been made, click on the OK button. If it prompts you as to whether or not you want to save the settings, press the Yes button. Next press the Apply button and then the OK to exit the Internet Properties page. - Keeping your Windows up-to-date is crucial to your computer's security. Please go to the Windows Update Site (using Internet Explorer) and download and install all critical updates on a regular basis - Ensure that Automatic Update is turned on so you get all the latest patches. Click start, control panel, click Security Center. - Keep your antivirus program updated, as well as any other security programs you have. -Check this site out to check for out of date programs Secunia Personal Software Inspector (PSI) 1.0 -More tips and programs can be found HERE - You may also want to read this article By Tony Klein http://www.freedomlist.com/forum/viewtopic.php?t=22879 Please post back if you have any problems. We'll keep this thread open for a couple of days. Take care
  12. Hi mary_to78, I'll give you some links for some free antivrus programs including AVG. Please do this fix first then reinstall AVG or an alternate antivirus programs. Next, Right click on OTL.exe and chose Run as Administrator to run it Under the Custom Scans/Fixes box at the bottom, paste in the following Do Not copy the word CODE please note the fix starts with the : :Services :OTL O4 - HKLM..\Run: [] File not found IE - HKCU\..\URLSearchHook: {70a38074-97a6-45da-b1a1-34b0a34dc3ff} - Reg Error: Key error. File not found O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. :Files C:\ProgramData\32b918\182347.reg C:\ProgramData\32b918\9d2a7379f890eb472243c999ebf67cc7.ocx C:\ProgramData\32b918\ISS.ico C:\ProgramData\32b918\mcp.ico C:\Users\Owner\AppData\Roaming\Internet Security Suite C:\ProgramData\32b918\vghm9s01u8ny2p45e7tm9q01ucu8dfg2p4hkn.dll C:\ProgramData\ISKYS :Commands [createrestorepoint] [emptytemp] Then click the Run Fix button at the top Let the program run unhindered Please save the resulting log to be posted in your next reply. Please install one of these antivirus programs. Avast Help and support can be found here Avast Forum AVG Help and support can be found here AVG Forum Antivir PersonalEditionClassic Help and support can be found here Avira Personal Support Forum Please post back with the OTL fix log. We'll clean up the tools after you have posted back. Thanks
  13. Hi mackie, JonTom is away from the forums for a few days and asked if I would finish this with you. Everything looks good so we will clean up the tools. The ESET detections will be taken care of as part of the tools removal. Please note that some of these tools have their own unique method for removal. Please follow the steps as posted. From your desktop, please delete, if present any notepads/logs that were created GMER (10z4c3wy[1].exe) You can also delete these programs from wherever you saved them to. CWShredder Stinger I suggest you keep MBAM. Keep it updated and use it regularly. SuperAntiSpyware, your choice, it's a decent on demand scanner. If you would rather not have it you can uninstall it via add/remove programs. ESET can be uninstalled via ADD/Remove programs. Next Click the Start button, click Run. Copy and paste the following line into the run box and click OK Combofix /uninstall Open OTM then click the Clean Up button. You may get prompted by your firewall that OTL wants to contact the internet - allow this. A cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will do some clean up tasks and delete some of the tools you have downloaded plus itself. Updates and upgrades You have an older version of Adobe Reader. You can download the current version HERE You may want to consider Foxit Reader instead. It may be a bit lighter on resources. Visit their support forum Foxit Forum In either case you should uninstall Adobe Reader 7.1.0 first. Be sure to move any PDF documents to another folder first though. Some Recommendations and prevention tips Basic security consists of 1 antivirus program, 1 resident antispyware program, 1 on demand antispyware program and a firewall. You have most of them. For resident antispyware I suggest either Windows Defender OR Winpatrol You should also use Spyware Blaster to help immunize your computer. - SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. OR A guide to understanding and using the hosts file. Learn how your Hosts file can protect you and how you can protect it. Besides the Hosts file information, there are links to a very good updated hosts file, a host file manager. and some programs that can protect your hosts file. HOSTS Please read the info on disabling the DNS Client before installing a custom hosts file. -Secure your Internet Explorer From within Internet Explorer click on the Tools menu and then click on Options. Click once on the Security tab Click once on the Internet icon so it becomes highlighted. Click once on the Custom Level button. Change the Download signed ActiveX controls to Prompt Change the Download unsigned ActiveX controls to Disable Change the Initialize and script ActiveX controls not marked as safe to Disable Change the Installation of desktop items to Prompt Change the Launching programs and files in an IFRAME to Prompt Change the Navigate sub-frames across different domains to Prompt When all these settings have been made, click on the OK button. If it prompts you as to whether or not you want to save the settings, press the Yes button. Next press the Apply button and then the OK to exit the Internet Properties page. - Keeping your Windows up-to-date is crucial to your computer's security. Please go to the Windows Update Site (using Internet Explorer) and download and install all critical updates on a regular basis - Make sure Automatic Updates is set to your chosen option. Click your start button > Control Panel > System - Keep your antivirus program updated, as well as any other security programs you have. -More tips and programs can be found HERE - You may also want to read this article By Tony Klein http://www.freedomlist.com/forum/viewtopic.php?t=22879 Please post back if you have any problems. Take care
  14. Hi mary_to78, Do you still have AVG installed? It seems to have disappeared from the logs. Could I get you to do another quick little scan? Right click on OTL.exe and select "Run as Adminstrator" to run it. Make sure all other windows are closed and to let it run uninterrupted. When the window appears, click the None button near the top (it may looked greyed out) In the window under Custom Scans/Fixes copy and paste the following C:\ProgramData\32b918\*.* /s C:\Users\Owner\AppData\Roaming\Internet Security Suite\*.* /s C:\ProgramData\ISKYS\*.* /s Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long. When the scan completes, it will open a notepad window, OTL.Txt. Please post this log. Thanks
  15. Hi mary_to78, JonTom will be away from the forum for a few days and asked if I'd finish this with you. As a Vista user you will need to right click your browser icon and choose "Run as Administrator" in order to run this next scan. Do not do anything else with that instance of your browser except for this scan. Once the scan is inished, please save the log and close that instance of your browser. *Note It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time. Please don't go surfing while your resident protection is disabled! Once the scan is finished remember to re-enable your antivirus along with your antispyware programs. Go here to run an online scannner from ESET (Note: You must use Internet Explorer for this scan.) Tick the box next to YES, I accept the Terms of Use. Click Start When asked, allow the activex control to install Disable your Antivirus software. You can usually do this with its Notfication Tray icon near the clock Click Start Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is Checked. Click Scan. Wait for the scan to finish. Re-enable your Antivirus software. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. or C:\Program Files\ESET\log.txtWe will need this later. Please post back with the ESET log. Next Right click on the icon and choose "Run as Administrator" to run it. Make sure all other windows are closed and to let it run uninterrupted. Click on Minimal Output at the top In the Custom Scans and fixes window copy and paste the following C:\Users\Owner\AppData\Roaming\Internet Security Suite C:\ProgramData\ISKYS [2010/11/22 18:18:33 | 000,000,000 | -HSD | C] -- C:\ProgramData\32b918 Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long. When the scan completes, it will open a notepad windows. OTL.Txt Pleease post back with Eset log OTL.txt How's the computer? Thanks
×
×
  • Create New...