-
Posts
1,263 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by Blade81
-
-
Hi,
Malwarebytes has detected DDS as a malware.Could you post MBAM log showing that finding?
Allow it to access.Also, whenever I start my computer, it says Windows Malicious Software Removing Tool wants access to my laptop. I always click no because I'm scared it's a virus. Should I click yes? -
Hi,
Allow Avira to remove its findings. Let me know if there were items it wasn't able to take care of.
-
Open notepad and copy/paste the text in the quotebox below into it:
File::
C:\Users\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\14f5fd3-573605a1
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\02QUT8VN\itbzdtcvhzhshte[1].pdf
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\02QUT8VN\itbzdtcvhzhshte[1].pdf
DDS::
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
DirLook::
C:\Users\user\AppData\Local\cfoecahmSave this as
CFScript
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.
Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe (let the tool to update itself if prompted).
Then post the resultant log.
What items did Avira flag?
-
Hi,
uTorrent
Above listed ones are P2P file sharing programs. P2P downloads are nowadays one of those things that most likely bring infection into the system. My recommendation is to uninstall these (and other if present) P2P file sharing programs.
Uninstall old Adobe Reader versions and get the latest one (Adobe Reader 10.1 and separate 10.1.1 10.1.2 updates for it) here or get Foxit Reader here. Make sure you don't (unless you want to) install toolbar if choose Foxit Reader! You may also check free readers introduced here.
Uninstall your current Adobe shockwave player and get the fresh one here if needed.
Uninstall vulnerable Flash versions by following instructions here. Fresh version can be obtained here.
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...
Updating Java:
- Download the latest version of Java Runtime Environment (JRE) 7 Update 3.
- Click the
Download
button under JRE. - Check the box that says:
Accept License Agreement. - Click on the jre-7u3-windows-i586.exe link to download Windows Offline Installation and save to your desktop.
- Close any programs you may have running - especially your web browser.
- Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
- Check any item with Java Runtime Environment (JRE or J2SE) in the name.
- Click the Remove or Change/Remove button.
- Repeat as many times as necessary to remove each Java versions.
- Reboot your computer once all Java components are removed.
- Then from your desktop double-click on jre-7u3-windows-i586.exe to install the newest version.
* Go here to run an online scanner from ESET.
- Note: You will need to use Internet explorer for this scan
- Tick the box next to YES, I accept the Terms of Use.
- Click Start
- When asked, allow the activex control to install
- Click Start
- Make sure that the option Remove found threats is UNchecked and the option Scan unwanted applications is checkmarked.
- Click Scan
- Wait for the scan to finish.
Post back its report & a fresh dds.txt log.
- Download the latest version of Java Runtime Environment (JRE) 7 Update 3.
-
No, you don't have to delete anything. Just do like earlier here
-
Looking better but we're not done yet Please run DDS again and post back its logs.
-
Hi,
ComboFix won't delete all of your files but it will remove bad items it detects. If you want to backup some important stuff first I recommend you use external hard drive.
-
Hi,
Please visit this webpage for download links, and instructions for running ComboFix tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please ensure you read this guide carefully first.
Please continue as follows:
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
Remember to re-enable them afterwards. - Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
Please include the following reports for further review, and so we may continue cleansing the system:
C:\ComboFix.txt
New dds log.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
-
Good. Now we know where to look for the log
Open c:\TDSSKiller.2.7.20.0_12.03.2012_19.11.42_log.txt file in notepad and copy-paste its contents back here.
-
Hi,
Open notepad and then copy and paste the bolded lines below into it. Go to File > save as and name the file fixes.bat, change the Save as type to all files and save it to your desktop.
@ECHO OFF
DIR C:\*.txt >Log.txt
START Log.txt
DEL %0
Double-click on fixes.bat file to execute it. Notepad should open up. Post back its contents, please.
-
Hi again,
Please visit this webpage for download links, and instructions for running ComboFix tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please ensure you read this guide carefully first.
Please continue as follows:
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
Remember to re-enable them afterwards. - Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
Please include the following reports for further review, and so we may continue cleansing the system:
C:\ComboFix.txt
New dds log.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
-
Hi,
I see you've run TDSSKiller there. Could you post back its log in c: drive root (name should be in UtilityName.Version_Date_Time_log.txt format), please?
-
Hi,
ComboFix should be run only under supervision of trained helper. If help still needed post fresh dds logs, please.
-
-
Hi,
Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
- Flush DNS
- Report IE Proxy Settings
- Reset IE Proxy Settings
- Report FF Proxy Settings
- Reset FF Proxy Settings
- List content of Hosts
- List IP configuration
- List Winsock Entries
- List last 10 Event Viewer log
- List Installed Programs
- List Users, Partitions and Memory size.
- List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
- Flush DNS
-
-
Hi
Please visit this webpage for download links, and instructions for running ComboFix tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please ensure you read this guide carefully first.
Please continue as follows:
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
Remember to re-enable them afterwards. - Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
Please include the following reports for further review, and so we may continue cleansing the system:
C:\ComboFix.txt
New dds log.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
-
Just scan normally. After scan is complete and results are shown you should be able to choose not to fix findings..
MBAM log should be in c:\users\<username>\appdata\roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs folder (replace username with user account name).
-
Hi,
Please see if you're able to run MBAM scan without quarantining its findings. Then post the MBAM report contents back here.
-
You're welcome
-
It was just a short cut on the desktop I removed. I decided to not remove anything else until I got the situation sorted out. When I select the properties for the recycle bin, I have the option to customize the size and, which is preselected, and the "Don't move files to the recycle bin. Remove files immediately when deleted" option. These are on the general tab and there are no other tabs.
You could copy some file to the desktop and see if deleting still behaves in the same way on it. If it does, enable "Don't move files to the recycle bin. Remove files immediately when deleted" option and click ok to close the window. Then return back to the window and change option back to the "custom size" option.
Also are there any other antiviral software I should use?Your current one is ok. There're so many different variations of malware in the bitworld that none of antivirus products can catch them all.
-
Hi,
By the way, there is an interesting occurrence going on with the recycle bin. I wanted to remove a few items and instead of it simply going into the bin, it was deleted. A window popped asking me if I wanted to do delete the item. I've never seen that window before, and I'm wondering if this is related to the reset of the system restore. If so, is there a way to fix it so that items simply go into the bin instead of them being deleted immediately?How big those files were? You can check recycle bin settings by right clicking its icon on the desktop and select properties.
I can't see anything infection related in your logs.
-
Hi,
Post fresh DDS logs. Shall see if those hold any infection related stuff.
-
Should I download Combofix again then uninstall it?
Yes. Make sure your antivirus protection is disabled before downloading to avoid protection falsely deleting ComboFix again.
Malware removal help
in Resolved Malware Removal Logs
Posted
Hi,
Note: Make sure that Addition option is checked.