Jump to content

Blade81

Experts
 View Profile  See their activity

  • Posts

    1,263

  • Joined

  • Last visited

 Content Type 

Posts posted by Blade81

    Malware removal help

    in Resolved Malware Removal Logs

    Posted

    Hi,

     

    • Download Farbar Recovery Scan Tool to your Desktop. to your Desktop. to your Desktop.

    • Right-click Frst64.exe and select Run as Administrator to launch it (if Windows SmartScreen protection window appears click More Information and then Run).

      Note: Make sure that Addition option is checked.

    • Press Scan button and wait.

    • When finished scanning 2 logs will open on your Desktop, FRST.txt and Addition.txt

    help with removing svchost.exe trojan agent

    in Resolved Malware Removal Logs

    Posted

    Open notepad and copy/paste the text in the quotebox below into it:


    File::
    C:\Users\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\14f5fd3-573605a1
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\02QUT8VN\itbzdtcvhzhshte[1].pdf
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\02QUT8VN\itbzdtcvhzhshte[1].pdf
    DDS::
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
    TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    TB-X64: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
    DirLook::
    C:\Users\user\AppData\Local\cfoecahm

    Save this as

    CFScript

    A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

    CFScriptB-4.gif

    Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe (let the tool to update itself if prompted).

    Then post the resultant log.

    What items did Avira flag?

    help with removing svchost.exe trojan agent

    in Resolved Malware Removal Logs

    Posted

    Hi,

    uTorrent

    Above listed ones are P2P file sharing programs. P2P downloads are nowadays one of those things that most likely bring infection into the system. My recommendation is to uninstall these (and other if present) P2P file sharing programs.

    Uninstall old Adobe Reader versions and get the latest one (Adobe Reader 10.1 and separate 10.1.1 10.1.2 updates for it) here or get Foxit Reader here. Make sure you don't (unless you want to) install toolbar if choose Foxit Reader! You may also check free readers introduced here.

    Uninstall your current Adobe shockwave player and get the fresh one here if needed.

    Uninstall vulnerable Flash versions by following instructions here. Fresh version can be obtained here.

    Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

    Updating Java:

    • Download the latest version of Java Runtime Environment (JRE) 7 Update 3.
    • Click the
      Download
      button under JRE.
    • Check the box that says:
      Accept License Agreement.
    • Click on the jre-7u3-windows-i586.exe link to download Windows Offline Installation and save to your desktop.
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
    • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each Java versions.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on jre-7u3-windows-i586.exe to install the newest version.

    * Go here to run an online scanner from ESET.

    • Note: You will need to use Internet explorer for this scan
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activex control to install
    • Click Start
    • Make sure that the option Remove found threats is UNchecked and the option Scan unwanted applications is checkmarked.
    • Click Scan
    • Wait for the scan to finish.

    Post back its report & a fresh dds.txt log.

    help with removing svchost.exe trojan agent

    in Resolved Malware Removal Logs

    Posted

    Hi,

    Please visit this webpage for download links, and instructions for running ComboFix tool:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    Please ensure you read this guide carefully first.

    Please continue as follows:

    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
      Remember to re-enable them afterwards.
    2. Click Yes to allow ComboFix to continue scanning for malware.

    When the tool is finished, it will produce a report for you.

    Please include the following reports for further review, and so we may continue cleansing the system:

    C:\ComboFix.txt

    New dds log.

    A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

    Infected I think

    in Resolved Malware Removal Logs

    Posted

    Hi again,

    Please visit this webpage for download links, and instructions for running ComboFix tool:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    Please ensure you read this guide carefully first.

    Please continue as follows:

    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
      Remember to re-enable them afterwards.
    2. Click Yes to allow ComboFix to continue scanning for malware.

    When the tool is finished, it will produce a report for you.

    Please include the following reports for further review, and so we may continue cleansing the system:

    C:\ComboFix.txt

    New dds log.

    A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

    Infected I think

    in Resolved Malware Removal Logs

    Posted

    Hi,

    Please download MiniToolBox, save it to your desktop and run it.

    Checkmark the following checkboxes:

    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Installed Programs
    • List Users, Partitions and Memory size.
    • List Minidump Files

    Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

    Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

    Rogue.Antivirus2010

    in Resolved Malware Removal Logs

    Posted

    Hi

    Please visit this webpage for download links, and instructions for running ComboFix tool:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    Please ensure you read this guide carefully first.

    Please continue as follows:

    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
      Remember to re-enable them afterwards.
    2. Click Yes to allow ComboFix to continue scanning for malware.

    When the tool is finished, it will produce a report for you.

    Please include the following reports for further review, and so we may continue cleansing the system:

    C:\ComboFix.txt

    New dds log.

    A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

    Rogue.Antivirus2010

    in Resolved Malware Removal Logs

    Posted

    Just scan normally. After scan is complete and results are shown you should be able to choose not to fix findings..

    MBAM log should be in c:\users\<username>\appdata\roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs folder (replace username with user account name).

    Win 7 2012 Virus and File Association Problems

    in Resolved Malware Removal Logs

    Posted

    It was just a short cut on the desktop I removed. I decided to not remove anything else until I got the situation sorted out. When I select the properties for the recycle bin, I have the option to customize the size and, which is preselected, and the "Don't move files to the recycle bin. Remove files immediately when deleted" option. These are on the general tab and there are no other tabs.

    You could copy some file to the desktop and see if deleting still behaves in the same way on it. If it does, enable "Don't move files to the recycle bin. Remove files immediately when deleted" option and click ok to close the window. Then return back to the window and change option back to the "custom size" option.

    Also are there any other antiviral software I should use?

    Your current one is ok. There're so many different variations of malware in the bitworld that none of antivirus products can catch them all.

    Win 7 2012 Virus and File Association Problems

    in Resolved Malware Removal Logs

    Posted

    Hi,

    By the way, there is an interesting occurrence going on with the recycle bin. I wanted to remove a few items and instead of it simply going into the bin, it was deleted. A window popped asking me if I wanted to do delete the item. I've never seen that window before, and I'm wondering if this is related to the reset of the system restore. If so, is there a way to fix it so that items simply go into the bin instead of them being deleted immediately?

    How big those files were? You can check recycle bin settings by right clicking its icon on the desktop and select properties.

    I can't see anything infection related in your logs.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.