JeanInMontana
-
Posts
3,859 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by JeanInMontana
-
-
So, everything is working? Update MBAM and do a quick scan again and post that and a new HJT log.
-
Secunia didn't flag Java as outdated?
You are running an outdated and unsafe version of Java. You need to uninstall it via Add/Remove programs and delete the program file also. Then go here Java Update and install the correct version for your system. Choose the offline installation.
What is the folder? I need specific error info. Exactly what they say.
-
I should have added this also. You are running an outdated and unsafe version of Java. You need to uninstall it via Add/Remove programs and delete the program file also. Then go here Java Update and install the correct version for your system. Choose the offline installation.
-
H and welcome to Malwarebytes. Please move HJT off your desktop and to program files. Run a new scan from that location and post the log. I don't see anything to show either things you mention.
-
This is strange, is MBAM the only thing you used? A system restore might work also. It could potentially reinfect you also, but you can then remove the rogue again.
-
Hi John glad we could help. Be sure to read this http://www.malwarebytes.org/forums/index.php?showtopic=6105
-
All recommended programs are free and easy on system resources. You should install them as part of your protection arsenal.
A firewall and antivirus are also essential. The Windows firewall in XP and Vista is not sufficient.
Preform Windows Updates monthly on the second Tuesday or use automatic updates, and use your scanners weekly at the least. Always update before you scan.
Keep other software known for vulnerabilities updated also. Use the Secunia Inspector free scan to identify risks in outdated versions.
Spybot Search & Destroy Be sure to use the immunize feature.
SpywareBlaster from Javacool Software
The windows firewall is not sufficient to protect. It doesn't monitor outgoing traffic and this is a must. I use and recommend Online Armor Free
Also the full protection of MBAM is offered at a very low price For life in my signature.
You will also need at least one other scanning program Asquared or SuperAntiSpyware are good and there are several other excellent programs with free and paid versions. Read the overviews of what each program below does so you have an understanding of their importance and how to use.
-
Hi it's possible that the recovery partition is infected, you can clean it with MBAM, just include that partition in the scan. I'm not sure excluding E in System Restore is a good idea. I suggest you post that in the PC Help forum, we will both learn.
I didn't know Adobe was at 9 now, thanks! CCleaner is very good for cleaning up wasted space by junk files. It is not a malware tool. -
OK, have you renamed your Windows folder? C:\WINDOWS.0 <======== This is not the typical name for Windows.
Open SB S&D
Make sure you are in Advanced Mode. Click on the Mode link at the top of the program and then Advanced Mode.
Click on the Tools section and then Resident.
You will see two items.
1. Resident "SD helper" (Internet Explorer bad download blocker.) active
2. Resident "Tea Timer" (Protection of over-all system settings.) active.
Uncheck number 2..
Leave number 1 checked always.
You can enable Tea Timer again if you wish once all special fixes have been done.
I need you to please attach a zipped folder with this file in it C:\WINDOWS\Cursors\lsass.exe . Attach to your reply here.
Run HJT and put a check next to this
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
Click fix.
You are running an outdated and unsafe version of Java. You need to uninstall it via Add/Remove programs and delete the program file also. Then go here Java Update and install the correct version for your system. Choose the offline installation.
Attach that file ASAP please.
-
You should notice an improved performance. MBAM ripped the heart out of some nasty stuff.
You are running an outdated and unsafe version of Java. You need to uninstall it via Add/Remove programs and delete the program file also. Then go here Java Update and install the correct version for your system. Choose the offline installation.
Your running an outdated and unsafe version of Adobe Acrobat Reader latest version. Or get the alternative faster lighter on resources Foxit PDF Reader and Editor Look at the Downloads tab here or Downloads if you don't want to see the features etc
Do these updates. Update MBAM and run a quick scan post that log and a new HJT please.
-
OK we got the special fix for you. See the attached zip folder, download it to your desktop, extract and run it. Find the malware folder it makes, zip that and attach it to your reply. Wait about 10 minutes after this post time, update MBAM and do a scan. Post that log and a new HJT please.
-
You only posted a portion of the HJT log. Please post all of it.
-
03477235 Application/SmithFraudFix.A HackTools No 0 Yes No C:\Documents and Settings\Chez\Desktop\SmitfraudFix.exe
That clearly shows it is on your desktop. Please delete it. Find the log, post it and delete the folder. Finish with my instructions.
-
Follow the instructions in the link posted by AdvancedSetup. Someone can help you there.
-
Hi blender!! Welcome, I set you to Expert so you can access those forums.
-
Hello cheztaz and welcome to Malwarebytes. Please delete Smitfraudfix from your desktop. Post the log from that program as a reply not attached. Update MBAM and do a quick scan with it post that log in your reply not attached and a new HJT log please.
-
OK let's do some clean up. Run HJT again and put a check next to the following
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
Now let's update MBAM one more time, new version is out and do a quick scan.
You are running an outdated and unsafe version of Java. You need to uninstall it via Add/Remove programs and delete the program file also. Then go here Java Update and install the correct version for your system. Choose the offline installation.
Post the new MBAM log and a new HJT.
As for the Buffer Overrun what I find using Google is either a malware issue or a program like QuickTime, RealPlayer etc has gone corrupt. Try this use the Secunia Inspector free scan to identify risks in outdated versions. It will also identify anything with a newer version and you can repair that way. Something else might be a disk error check and sfcscannow the system file checker to see if there is a corrupt file. Malware can do damage to all sorts of system files. Also you might post this issue in the general PC Help forum and it opens it up to many more with more knowledge in this area.
-
Hello and welcome to Malwarebytes. Please update MBAM and run a quick scan again. This time, be sure you have an check next to all items found and you take action. Post that log and a new HJT log.
-
What education site? I saw your advice to another user and it's all wrong. There is no reason to remove the HD ever. A quick scan is just as effective as a full scan. Rogue's as AV2009 are injected via a web site with a fake alert to the user that they are infected and need to install the malware. Often there is no way out of the install unless the user knows enough to use the Task Manager and close the browser. This is where a layered protection is the most effective, prevention of ever arriving on the malicious site.
-
Please do not do as gregatkins has said. There is no need to remove the HD. There is no need to do a full scan. MBAM is designed to work as well using the quick scan. There is a possibility you have more trojans. The infection is not a virus. Please follow the instructions here and start your own topic.
-
This site is how I knew it was your Bday!!
-
You are running an outdated and unsafe version of Java. You need to uninstall it via Add/Remove programs and delete the program file also. Then go here Java Update and install the correct version for your system. Choose the offline installation.
Your log looks clean. We need to now reset a clean System Restore point. If you don't and you need to use System Restore you will reinfect yourself. Go to Start>Control Panel>System. Click on the System Restore tab and put a check in Turn off System Restore. Then click OK.
Now go to Start>Help and Support > Undo Changes to Your System or System Restore depending on the make of your PC. Click on what ever will open the System Restore box. You will see two options, Choose Create a System Restore Point. Give it a name like Clean Restore Point and today's date. Now if you need to use it you have it.
Many of these infections can be avoided with an added layer of prevention. All recommended programs are free and easy on system resources. You should install them as part of your protection arsenal. Keep MBAM and Spybot Search & Destroy and always immunize SBS&D when you update. You will also need at least one other scanning program Asquared or SuperAntiSpyware are good and there are several other excellent programs with free and paid versions. Read the overviews of what each program below does so you have an understanding of their importance and how to use.
A firewall and antivirus are also essential. The Windows firewall in XP and Vista is not sufficient.
Preform Windows Updates monthly on the second Tuesday or use automatic updates, and use your scanners weekly at the least. Always update before you scan.
Keep other software known for vulnerabilities updated also. Use the Secunia Inspector free scan to identify risks in outdated versions.
SpywareBlaster from Javacool Software
The windows firewall is not sufficient to protect. It doesn't monitor outgoing traffic and this is a must. I use and recommend Online Armor Free
Also the full protection of MBAM is offered at a very low price.
-
Thanks. Here in the States though, The UK site is slower than the other two.
MyteryFCM might not have had his morning cuppa .
-
This issue should be fixed any day now. It is something that affects a very select group of machines. If you attach the mini dump here it may help Marcin.
Logs
in Resolved Malware Removal Logs
Posted
There is no point in scanning and not taking action. Remove the malware found. Update MBAM and quickscan again. Post that log and a new HJT log please.