needhelpsjs
-
Posts
21 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by needhelpsjs
-
-
There is 5 in there with finnish yes. They've been on the computer since 2011 apparently.
-
Hi MrC,
If you look in the installed programs list here, there are some which aren't in English.
-
Is there any reason why "ActiveX-Kontroll for fjarranslutningar for Windows Live Mesh" is in the programs list, along with a few others that have.. non English names?
Thanks for the help MrC.
-
Results of screen317's Security Check version 0.99.57
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
McAfee Anti-Virus and Anti-Spyware
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.70.0.1100
Java 7 Update 13
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Reader 10.1.5 Adobe Reader out of Date!
Google Chrome 24.0.1312.56
Google Chrome 24.0.1312.57
````````Process Check: objlist.exe by Laurent````````
McAfee Online Backup MOBKbackup.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````
-
Seems fine, nothing to report since the viruses were detected.
-
What exactly is a preferences file anyway? I don't think the user of the computer would mind that much if it was missing as long as they can still log into things.
Next step MrC?
-
Hi MrC, when loading Google Chrome after the reboot it told me my preferences were corrupted or invalid and Chrome could not recover them?
-
Hi this is the log from Adwcleaner, nothing there that looks of importance.
-
No, if it's working OK...leave it alone. MrC
Sorry, I mean the newest version of Java. Currently there's no java.
-
Hi, I have a 64-bit computer, but using Google Chrome in a 32-bit apparently according to the website.
Should I download the 64 bit or the 32 bit?
-
-
Hi MrC, nothing was found. Internet seems to be fine along with Windows Update, Windows firewall is off however because of the McAfee Firewall.
However when I rebooted at one point from the startup screen it said something about a 'debugger' wasn't working or something, just seconds before I rebooted and I didn't get to read it all in time.
The thing about this infection was that this: http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Blacole
"Additional information
The Blackhole exploit pack is sold to attackers for profit. Thus, attackers are motivated to use the attack code to distribute the following types of malware in oder to offset the financial overhead of the Blacole exploit pack:
- Online banking password stealers
- Rogue security software
- Backdoor trojans to leverage additional theft"
So from the scans does it look like McAfee caught it?
- Online banking password stealers
-
Nope, same problem unfortunately.
-
They both continue to stop working, should I try in safe mode?
-
Okay, do you want me to rerun RogueKiller now, and if so, which one?
The x64 gave me an indication as to what the problem was, but the first one just closed.
-
I searched the word 'wer' in the temp folder but it didn't find any of those 3?
-
The files that are apparently the cause of it are;
C:\Users\-----\appdata\local\temp\Wer2606.tmp.WERInternalmetadata.xml
C:\Users\-----\appdata\local\temp\Wer6eba.tmp.appcompat.txt
C:\Users\-----\appdata\local\temp\Wer6F67.tmp.hdmp
?
-
Disabling McAfee didn't work, ran in safe mode and it didn't work either.
-
Hi MrC, I attempted to scan 3 times with RogueKiller and it stopped responding and closed every time when it scanned the services. Could this be because McAfee is still active? I didn't see any instructions to stop it being active?
Thanks.
-
McAfee found 3 trojans in the Chrome cache while visiting a website, researched them and they sound sort of serious.
JS/Exploit-Blacole.eu and JS/Exploit-Blacole.em
F_000899
F_00089a
F_00089b
Which were all detected and put into quarantine. Ran Malwarebytes and it picked up nothing.
http://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Java%2fBlacole
However the two websites where they were picked up from are:
selkent.org.uk (a low populated income footballing website, hardly no java?)
imotorhead.com (a website about a band)
Which leads me to believe that it could be a FP?
Thanks for any help.
JS/Exploit-Blacole.eu/em
in Resolved Malware Removal Logs
Posted
Thanks MrC,
Sounds like that's it, thanks for all the help.