Jump to content

OCD

Trusted Malware Techs
  • Content Count

    35
  • Joined

  • Last visited

About OCD

  • Rank
    WTT Classroom Graduate

Contact Methods

  • Website URL
    http://

Profile Information

  • Gender
    Male
  • Location
    Florida

Previous Fields

  • Teams:
    Nothing Selected
  1. jboy_322, I'm happy everything is working well for you. It has been a pleasure to help. Have a great day!
  2. jboy_322, Congratulations, your logs appear clean. Now for a little housekeeping and my recommendations to help you stay clean. - - - - - Next - - - - - Please locate the file in red and delete it. Please be sure to only delete the file that is designated. (Not the folder they are contained in) C:\Users\shawn\Desktop\music\*in my pants CD quality.mp3 The * in the file name is in place of a word or phrase that the scan filtered out, look for a file that ends with the above phrase. - - - - - Next - - - - - I don't see any evidence of a Firewall on your computer. This must be taken care of first. Firewall: Comodo - http://www.personalfirewall.comodo.com/ Outpost Firewall FREE - http://www.agnitum.com/products/outpostfree/ - - - - - Next - - - - - Clean up with OTMRight-click OTM.exe and select Run As Administrator... to run it. Click the CleanUp! button. Select Yes when the "Begin cleanup Process?" prompt appears. If you are prompted to Reboot during the cleanup, select Yes. The tool will delete itself once it finishes, if not delete it by yourself. - - - - - Next - - - - - You can now delete any other tools I had you download and use, unless you wish to keep them. (they should be located on your desktop, if they are no longer there just continue)RootRepeal Sysprot DDS OTM - - - - - Next - - - - - Here comes the "All Clean Speech": You need to set a new clean System Restore Point System Restore makes regular backups of all your settings, if you ever had to use this program to restore your system to a previous date, you will be infected all over again so we need to clean out the previous Restore Points We need to set a new system restore point: Click Start > Run > copy and paste the following into the run box: %SystemRoot%\System32\restore\rstrui.exe Press OK. Choose Create a Restore Point then click Next. Name it (something you'll remember) and click Create, when the confirmation screen shows the restore point has been created click Close. - - - - - Next - - - - - Now remove all previous Restore Points: Click Start > Run > copy and paste the following into the run box: cleanmgr At the top, click on More Options tab. Click the Clean up button in the System Restore box. Click on the Yes button. When finished, click on Cancel button to exit. - - - - - Next - - - - - Here are some tips to reduce the potential for spyware infection in the future: You have two (2) options to get Windows Vista Updates: To update Windows Vista Here is the link if you would like to download just the SP2 - http://www.microsoft.com/downloads/details...;DisplayLang=en OR Automatic Updates: (Recommended Option) The easiest way to ensure you don't miss any of the critical Windows Updates is to set your computer up to receive Automatic Updates. To set your computer up for Automatic Updates please do the following:Click Start button > All Programs > Windows Update > Change Settings. Make sure that Automatic Updating is checked. Click OK Close the Control Panel. - - - - - Next - - - - - Make your Internet Explorer more secure - This can be done by following these simple instructions: From within Internet Explorer click on the Tools menu and then click on Options. Click once on the Security tab. Click once on the Internet icon so it becomes highlighted. Click once on the Custom Level button. Change the Download signed ActiveX controls to Prompt Change the Download unsigned ActiveX controls to Disable Change the Initialize and script ActiveX controls not marked as safe to Disable Change the Installation of desktop items to Prompt Change the Launching programs and files in an IFRAME to Prompt Change the Navigate sub-frames across different domains to Prompt When all these settings have been made, click on the OK button. If it prompts you as to whether or not you want to save the settings, press the Yes button. Next press the Apply button and then the OK to exit the Internet Properties page. For Firefox, I highly recommend this add-on to keep your PC even more secure. NoScript - for blocking ads and other potential website attacks You are using AVG8 as your anti virus software. It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. Firewall - I cannot stress how important it is that you keep the Firewall on your computer active at all times. Without a firewall your computer is susceptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly. For a tutorial on Firewalls and a listing of some available ones see the link below: Understanding and Using Firewalls Install SpywareBlaster - SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. A tutorial on installing & using this product can be found here: Using SpywareBlaster to protect your computer from Spyware and Malware MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future. Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions. ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed. Update all security programs regularly - Make sure you update all the programs regularly. Without regular updates you WILL NOT be protected when new malicious programs are released. Remember to have only one (1) Firewall and one (1) Anti-Virus program running at any one time. I would also suggest you read "So how did I get infected in the first place"?: by Tony Klein Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.
  3. jboy_322, Your Java is outdated. Please follow these steps to remove older version Java components. Close any programs you may have running, ESPECIALLY your web browser Click Start > Control Panel. Click Add/Remove Programs. Check any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove all versions of Java. Reboot your computer once all Java components are removed. Then download the latest version of Java , which is Version 6 Update 16, and click Yes at the page warning. Under "Platform" select Windows, then check the box to accept the Licence Agreement. Click Yes at the second page warning before downloading the Offline file. There is no need to download the Sun Dowload manager but it is optional. - - - - - Next - - - - - You are correct. These music files were probably downloaded via LimeWire. Hopefully your brother will heed your advice. Please download OTM by OldTimer.Save it to your desktop. Please click OTM and then click >> run. Copy the lines inside the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy): :Processes explorer.exe :Files C:\Users\shawn\AppData\Local\Temp\tmp4108.tmp C:\Users\shawn\Desktop\music\3oh3 - Punk*.mp3 C:\Users\shawn\Desktop\music\all luck.mp3 C:\Users\shawn\Desktop\music\Barenaked Ladies- testing 1 2 3.wma C:\Users\shawn\Desktop\music\boston celtics.mp3 C:\Users\shawn\Desktop\music\camera phone MTV.mp3 C:\Users\shawn\Desktop\music\Carrie Underwood- i dont even know his last name.mp3 C:\Users\shawn\Desktop\music\in my pants CD quality*.mp3 C:\Users\shawn\Desktop\music\Joey & Rory - Cheater Cheater(1).mp3 C:\Users\shawn\Desktop\music\kiss you through the phone(Club RMX).mp3 C:\Users\shawn\Desktop\music\Kristinia DeBarge-Goodbye.wma C:\Users\shawn\Desktop\music\Lil Wayne - Tha Carter III - 01 - 3 Peat.mp3 C:\Users\shawn\Desktop\music\Lil Wayne - Tha Carter III - 08 - Tie My Hands.mp3 C:\Users\shawn\Desktop\music\love story remix taylor swift (hot remix).mp3 C:\Users\shawn\Desktop\music\low remix travis barker.mp3 C:\Users\shawn\Desktop\music\Mastermix 10 Years Of Pop.wma C:\Users\shawn\Desktop\music\Natasha Beddingfield - Take Me Away.mp3 C:\Users\shawn\Desktop\music\Saving Abel - She Got Over Me.mp3 C:\Users\shawn\Desktop\music\steamtrain to mallaig.mp3 C:\Users\shawn\Desktop\music\swagga like obama.mp3 C:\Users\shawn\Desktop\music\webzz-back it up(Club RMX).mp3 C:\Users\shawn\Shared\americas best dance crew mixes.mp3 C:\Windows\Temp\161533419.tmp :Commands [purity] [emptytemp] [start explorer] [Reboot] Return to OTM, right click in the "Paste Instructions for items to be Moved" window (under the yellow bar) and choose Paste. Click the red Moveit! button. Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply. Close OTM Note: If an item cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post. - - - - - Next - - - - - Please re-run DDS and post the new logs generated. Be sure to disable your script blocking software BEFORE running the DDS scan. Use the link below if you need assistance.Disable any script blocking protection (How to Disable your Security Programs) < - - Important Double click DDS icon to run the tool (may take up to 3 minutes to run) When done, DDS.txt will open. After a few moments, attach.txt will open in a second window. Save both reports to your desktop. - - - - - Next - - - - - On your next post please provide the following:OTM log Post the contents of the DDS.txt report in your next reply Attach the Attach.txt report to your post by scroling down to the Attachments area and then clicking Browse. Browse to where you saved the file, and click Open and the click UPLOAD.
  4. jboy_322, Run the following scan: ESET Online Scanner (you will need Internet Explorer to run this scan) You will need to run this scan with Administrator privileges: Simply hit the button “Restart browser as Admin” in ESET Online Scanner or Right-click on the browser icon in the Start Menu and select "Run as administrator" from the context menu. ESET Online Scanner Place a check mark in the box YES, I accept the Terms Of Use Click the Start button. Now click the Install button. Click Start. The scanner engine will initialize and update. Do Not place a check mark in the box beside Remove found threats. Click the Scan button. The scan will now run, please be patient. When the scan finishes click the Details tab. Copy and paste the contents of the C:\ProgramFiles\EsetOnlineScanner\log.txt into your next reply. - - - - - Next - - - - - On your next post please provide the following: ESET log.txt Tell me if you have any remaining issues.
  5. jboy_322, Your logs show evidence that you had/have a nasty Rootkit, Id like to dig a bit deeper to make sure it's completely gone. Please download Sysprot Antirootkit from here http://sites.google.com/site/sysprotantirootkit/ Unzip it into a folder on your desktop. Double click Sysprot.exe to start the program. Click on the Log tab. In the Write to log box select all items. Click on the Create Log button on the bottom right. After a few seconds a new window should appear. Select Scan Root Drive. Click on the Start button. When it is complete a new window will appear to indicate that the scan is finished. The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here. - - - - - Next - - - - - Please re-run Malwarebytes', get the latest updates and perform a full scan. - - - - - Next - - - - - On your next post please provide the following: Sysprot log New MBAM log How is your computer running, do you have any remaining issues?
  6. jboy_322, You have a couple of questionable programs running: LimeWire 5.1.3 Viewpoint Media Player You are using a P2P program called LimeWire 5.1.3. Please see this topic for more information: Perils of P2P File Sharing P2P applications like it are the largest source of malware we see. You'll be doing yourself a favor by removing it. Additional information can be found in these links: http://www.microsoft.com/windows/ie/commun...protection.mspx http://www.internetworldstats.com/articles/art053.htm I would recommend that you uninstall LimeWire 5.1.3, however that choice is up to you. If you wish to keep it, please do not use it until your computer is cleaned. - - - - - Next - - - - - I see that Viewpoint is installed. Viewpoint, Viewpoint Manager, Viewpoint Media Player are Viewpoint components which are installed as a side effect of installing other software, most notably AOL and AOL Instant Messenger (AIM). Viewpoint Manager is responsible for managing and updating Viewpoint Media Player’s components. You can disable this using the Viewpoint Manager Control Panel found in the Windows Control Panel menu. By selecting Disable auto-updating for the Viewpoint Manager -- the player will no longer attempt to check for updates. Anything that is installed without your consent is suspect. Read what Viewpoint says and make your own decision. Viewpoint Manager is considered as foistware instead of malware since it is installed without user's approval but doesn't spy or do anything "bad". This may change, read Viewpoint to Plunge Into Adware. I recommend that you remove the Viewpoint products; however, decide for yourself. Please go to Start Menu > Control Panel > Add/ Remove Programs Scroll Down and locate the following programs: LimeWire 5.1.3 Viewpoint / Viewpoint Manager / Viewpoint Media PlayerSelect the program, then select remove. (if the program is not listed don't be alarmed, just continue) NOTE: Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program. - - - - - Next - - - - - Earlier you stated your AVG could not be updated. This may be because your computer still thinks Norton is your registered AV/FW. This can cause difficulty with AVG running/updating. Please choose which of the two, Norton or AVG you would like to keep. Remove Norton or Symantec Products Note : You should first attempt to remove your Norton/Symantec product using Add/Remove Programs in the Windows Control Panel (Programs and Features, in Windows Vista). This is the best method. Uninstall anything with Norton or Symantec in the name After uninstalling using Windows Add/Remove Programs, run the Norton Removal Tool to ensure successful removal of all Norton references. If no entries are present in the Windows Add/Remove Programs you still need to run Norton Removal Tool below. Please go to http://service1.symantec.com/Support/tsgen...005033108162039 and select the product you have Download the Norton Removal Tool. Save the file to the Windows desktop. On the Windows desktop, double-click the Norton Removal Tool icon. Follow the on-screen instructions. Your computer may be restarted more than once, and you may be asked to repeat some steps after the computer restarts. - - - - - Next - - - - - To remove AVG, please do the same via the Add/Remove Programs feature of your Control Panel. If you chose to keep it see if it can be updated, if so please run a scan and have it remove any items found. You have run Malwarebytes' can you please provide the log if it is still available? C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt - - - - - Next - - - - - Reboot - - - - - Next - - - - - Re-run DDS and supply a new log on your next post. - - - - - Next - - - - - On your next post please provide the following: Malwarebytes' log (if available) DDS.txt Answer the question about AVG (if you chose to keep it) Any change in the performance of your computer?
  7. jboy_322, You have supplied me with these logs: DDS.txt Attach.txt But I still need the RootRepeal.txt log - - - - - Next - - - - - Please run RootRepeal Download RootRepeal from one of the following locations and save it to your desktop. Here Here or Here Open on your desktop. Click the tab. Click the button. In the Select Scan dialog, check Push Ok Check the box for your main system drive (Usually C:), and press OK. Allow RootRepeal to run a scan of your system. This may take some time. Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. - - - - - Next - - - - - Reboot, on your next post please provide the following: RootRepeal.txt Tell me how your computer is running at the moment.
  8. jboy_322, Please go ahead and copy and paste the following logs: Attach.txt RootRepeal.txt
  9. Hello jboy_322, You may want to print out these instructions for reference prior to proceeding. This solution is specifically tailored for this particular problem, please do not attempt to use this solution on another computer. If you have any questions, or are uncertain about any steps please ask 'before' proceeding. - - - - - Next - - - - - It is very important that you do not run any tools or attempt any fixes other than the ones I request. Doing so can either delay our progress or render your computer inoperable. Malware removal can take numerous steps and tools to removal all threats. Absence of symptoms does not necessarily mean you are clean. Please stay with the thread until I give you the all clean. I appreciate your patience and understanding. - - - - - Next - - - - - Please tell me what Anti - Virus and Firewall you are using. - - - - - Next - - - - - Please run RootRepeal Download RootRepeal from one of the following locations and save it to your desktop. Here Here or Here Right click on your desktop and select "Run As Administrator" Click the tab. Click the button. In the Select Scan dialog, check Push Ok Check the box for your main system drive (Usually C:), and press OK. Allow RootRepeal to run a scan of your system. This may take some time. Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. - - - - - Next - - - - - Please download DDS from one of the following links and save it to your desktop.DDS.scr DDS.pif Disable any script blocking protection (How to Disable your Security Programs) Right Click DDS icon and select "Run As Administrator" to run the tool (may take up to 3 minutes to run) When done, DDS.txt will open. After a few moments, attach.txt will open in a second window. Save both reports to your desktop. - - - - - Next - - - - - Reboot, on your next post please provide the following: RootRepeal.txt Post the contents of the DDS.txt report in your next reply Attach the Attach.txt report to your post by scroling down to the Attachments area and then clicking Browse. Browse to where you saved the file, and click Open and the click UPLOAD. Tell me how your computer is running at the moment.
  10. Hello jboy_322, My name is OCD, I will be helping you with your log today. Please be advised, as I am still in training, all my replies to you will be checked for accuracy by one of our experts to ensure that I am giving you the best possible advise. This may cause a delay, but I will do my best to keep it as short as possible. I am checking over your HJT log now, I will post back shortly with instructions.
×
×
  • Create New...