Jump to content

LeBerk

Members
  • Posts

    11
  • Joined

  • Last visited

Everything posted by LeBerk

  1. I have just read in an online journal, that the FinFisher malware cannot be identified by Malwarebytes Premium and/or Bitdefender Total Security. As I have both, this is worrying. Can someone please explain what this malware is, what it does, and how to prevent it? I have a sneaking feeling that it is like some chemicals - "Not harmful unless swallowed." The journal did not give a clear and rational explanation, but the content was IMO, intended to be scaremongering by pointing to a large list of AV programmes that could not identify FinFisher.
  2. I just got through a marathon battle to remove "toolbars" and the garbage that infested my 'puter. Thanks to Mr.C on these Forums, I made it out the other side with a clean machine, but I still only have a vague idea how they got in there. I always look at downloads closely and I never check boxes to accept this kind of carp. I now know that the offenders - snap.do - ClaroSearch - Babylon - can infest your machine whether or not you check the boxes. The conclusion I came to regarding the source, is pretty ironic really. I should explain that I build 'puters for all my family and for friends. Some time ago, I took the XP PC I built for my youngest grandson because it showed all the signs of heavy infection, and was forced to reinstall. I did take a backup after reinstalling XP and the programmes he wanted. Although I looked at these very closely, I believe that one or more was the cause of the original infection. My problem was twofold: I copied the backup to my own machine, just in case. Then I later learned that some of this stuff can sit on an XP machine without harm, but can cause damage to Win7 O/S machines. Guess what O/S is on mine? So, it may be that my machine was infected by the action of removing an infection from my grandson's. Obviously I will keep that information from him, but it did teach me a lesson. Never, ever, let anything from the family's machines, into mine.
  3. Hi ancient Newbie here! My music - Stones, Buddy Holly, Elvis, Bob Dylan, Dusty Springfield, all the old Blues guys 'n'gals, Creedence/John Fogerty (favourites) Lately I like Adele and a little kmown British band from Stoke on Trent (Robbie Williams' hometown) called "All The Young." Robbie's granddad was my da's second cousin. Just realised, many of those are passed on. Must be some great jammin' up there!
  4. OK MrC Here we go: - Results of screen317's Security Check version 0.99.57 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Disabled! AVG Internet Security 2012 Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.70.0.1100 Java 7 Update 6 Java 7 Update 13 Java version out of Date! Adobe Flash Player 11.5.502.149 Adobe Reader XI Mozilla Firefox (18.0.2) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe AVG avgwdsvc.exe AVG avgtray.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 2% ````````````````````End of Log`````````````````````` I see it reports that Windows Firewall is out of date, don't understand that as I checked and ensured it was working this morning. Also. Java apparently out of date, roll on HTML5! Once again, many thanks for your time.
  5. Hello Mr C Thanks for your continuing help & support, I carried out several ADwarecleaner Scans and I destroyed the last offending "snap.do" Registry entry. This is a very persistent piece of nastiness! The programmes you have directed me to. are great, I will keep them on the PC for future reference and update them regularly, always hoping that I don't need them. These are the first and last Logs I had, after work in the Registry. Everything seemed to be hiding under "SearchUrl". FIRST Log (there are several): - # AdwCleaner v2.111 - Logfile created 02/09/2013 at 20:50:06 # Updated 05/02/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : BobWill - BOBWILL-PC # Boot Mode : Normal # Running from : C:\Users\BobWill\Downloads\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml File Found : C:\Users\BobWill\AppData\Roaming\Mozilla\Firefox\Profiles\q85sua87.default\searchplugins\Askcom.xml Folder Found : C:\Program Files (x86)\AVG Secure Search Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search Folder Found : C:\ProgramData\Ask Folder Found : C:\ProgramData\AVG Secure Search Folder Found : C:\ProgramData\Babylon Folder Found : C:\ProgramData\Tarma Installer Folder Found : C:\Users\BobWill\AppData\Local\AVG Secure Search Folder Found : C:\Users\BobWill\AppData\Local\Babylon Folder Found : C:\Users\BobWill\AppData\LocalLow\AVG Secure Search Folder Found : C:\Users\BobWill\AppData\LocalLow\Claro LTD Folder Found : C:\Users\BobWill\AppData\Roaming\Babylon ***** [Registry] ***** Key Found : HKCU\Software\APN PIP Key Found : HKCU\Software\AVG Secure Search Key Found : HKCU\Software\IGearSettings Key Found : HKCU\Software\IM Key Found : HKCU\Software\ImInstaller Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : HKLM\Software\AVG Secure Search Key Found : HKLM\Software\AVG Security Toolbar Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2} Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB} Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1 Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1 Key Found : HKLM\SOFTWARE\Classes\Prod.cap Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1 Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94} Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1 Key Found : HKLM\Software\Freeze.com Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin Key Found : HKLM\Software\PIP Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Key Found : HKLM\SOFTWARE\Tarma Installer Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar] Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}] Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16457 [OK] Registry is clean. -\\ Mozilla Firefox v18.0.2 (en-GB) File : C:\Users\BobWill\AppData\Roaming\Mozilla\Firefox\Profiles\q85sua87.default\prefs.js Found : user_pref("browser.search.defaultengine", "Ask.com"); Found : user_pref("browser.search.defaultenginename", "Ask.com"); Found : user_pref("browser.search.order.1", "Ask.com"); Found : user_pref("browser.search.selectedEngine", "Ask.com"); Found : user_pref("extensions.helperbar.SmartbarDisabled", false); Found : user_pref("extensions.helperbar.SmartbarStateMinimaized", false); Found : user_pref("keyword.URL", "hxxp://feed.snap.do/?publisher=Tightrope&dpid=Tightrope&co=GB&userid=ea461[...] -\\ Google Chrome v [unable to get version] File : C:\Users\BobWill\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. LAST LOG ************************* AdwCleaner[R1].txt - [7262 octets] - [09/02/2013 20:50:06] ########## EOF - C:\AdwCleaner[R1].txt - [7322 octets] ########## # AdwCleaner v2.111 - Logfile created 02/10/2013 at 11:30:17 # Updated 05/02/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : BobWill - BOBWILL-PC # Boot Mode : Normal # Running from : C:\Users\BobWill\Desktop\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search ***** [Registry] ***** ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16457 [OK] Registry is clean. -\\ Mozilla Firefox v18.0.2 (en-GB) File : C:\Users\BobWill\AppData\Roaming\Mozilla\Firefox\Profiles\q85sua87.default\prefs.js [OK] File is clean. -\\ Google Chrome v [unable to get version] File : C:\Users\BobWill\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [7377 octets] - [09/02/2013 20:50:06] AdwCleaner[R2].txt - [1152 octets] - [10/02/2013 11:28:11] AdwCleaner[R3].txt - [1022 octets] - [10/02/2013 11:30:17] AdwCleaner[s1].txt - [7706 octets] - [09/02/2013 20:52:14] ########## EOF - C:\AdwCleaner[R3].txt - [1142 octets] ########## The Google reference does not matter: I don't run Chrome. Thank you so much for your patient assistance, am I correct in thinking that my machine is now clean? Best Regards, LeBerk.
  6. Hello again Mr C. MWB Ant-Rootkit reports no infections and therfore no need for Cleanup. Computer is now back to normal Boot, no hangs, so I am happy to report that your welcome assistance has a successful outcome. i have donated $10, well worth it! You have my grateful thanks, Best regards, LeBerk.
  7. Hi MrCharlie and thank you so much for your help. Reports (3) attached. RKreport1_S_02082013_02d1551.txtRKreport2_D_02082013_02d1552.txtQuarantineReport.txt I see there are 4 Nasties. I can tell where one came from (with "Jordan" in the description) - that's from my grandson's PC. Regards, LeBerk
  8. A man is desperate to find a WC, to relieve his straining bladder, in a strange town. Eventually, he runs into a Public Convenience and heads for the Urinal, taking a position between two other guys already there. Unfortunately, he has a problem. He manages to spray the two adjacent men with his bladder contents. They take offence at this, naturally, and offer him advice about seeing a doctor, accompanied by many curses and a few blows to the head. Next day, he goes to see his doctor and explains the problem, deeply embarassed. The doc takes a look at the offending organ with a magnifying glass and says "It's full of holes!" then writes an address and phone number down, "Here, go see this guy." "Is he a Consultant doc?" "No, he's a Clarinet player - he'll show you how to hold it!"
  9. Hi, thanks for the instructions, here are my dds logs. dds.txtattach.txt I originally had problems with snap.do, Babylon and Claro Search Toolbars. I have removed as much of these as I found in the Registry, with great care of course. I may have an infection left behind, have carried out Scans with Malware Bytes Pro (with AVG disabled) and then with AVG. Nothing was found, but I am now getting the occasional "Hang" from programmes stopping and refusing to respond. Thanks for any assistance you can give.
  10. Hi everybody Newbie here, hope you have not heard this one: FERTILISATION Trevor the farmer was in the fertilised egg business. He had several hundred young layers (hens), called 'pullets' and eight or ten roosters, whose job was to 'fertilise' the hens. The farmer kept records, and any rooster that didn't perform went into the soup pot and was replaced. That took an awful lot of his time so he bought a set of tiny bells and attached them to his roosters. Each bell had a different tone so Trevor could tell from a distance, which rooster was performing. Now he could sit on the porch and fill out an efficiency report simply by listening to the bells. The farmer's favourite rooster was old Jacob, and a very fine specimen he was too. But on this particular morning Trevor noticed old Jacob's bell hadn't rung at all! Trevor went to investigate. The other roosters were chasing pullets, bells-a-ringing. The pullets, hearing the roosters coming, would run for cover. But to farmer Trevor's amazement, Jacob had his bell in his beak, so it couldn't ring. He'd sneak up on a pullet, do his job and walk on to the next one. Trevor was so proud of Jacob, he entered him in the Polokwane Country Fair and Jacob became an overnight sensation among the judges. The result was the judges not only awarded Jacob the No Bell Piece Prize but they also awarded him the Pullet Surprise as well. Clearly Jacob was a Pulletician in the making: Only a Pulletician could figure out how to win two of the most highly coveted awards on our planet by being the best at sneaking up on the populace and screwing them when they weren't paying attention.
  11. Hello Newbie here, please be generous! I recently purchased the MWB Pro version, after using the Free one for some time, to try to correct the problems below. I have always tried to be careful and secure on the net, but have just endured a horrible 3 days thanks to 3 different Search and Toolbars, supposedly dragged on to my computer. I now believe that I downloaded a false version of the U.S anti spyware product Spyhunter, which caused the following to infect my PC: Snap.do - BabylonSearch - ClaroSearch. I scanned with my resident AVG I.S. 2012 and found nothing. Then with MWB Free, still nothing, then used Ms. Security Essentials, no malware found. However, I did find Snap.do "Helper bars" in the Registry, so deleted those Keys. I had uninstalled the Rogue Spyhunter, after it wanted $99.99 to Fix my PC. After uninstallation, they offered it for $10! After installing the Pro version of MWB, I carried out a Full Scan and still found nothing. I now think that the rogue programme (spelled differently to the REAL one!) gave me false information, in order to make me buy it, which would probably have brought more garbage onto my PC. Does anyone have any information about these Toolbars? I am quite prepred to delve into the Registry, if I have doubts in there, I don't touch anything. What has puzzled me, is that Snap.do was still in the computer, after a MWB Full scan.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.