Jump to content

LiquidTension

Honorary Members
  • Posts

    4,182
  • Joined

  • Last visited

Posts posted by LiquidTension

  1. Hi Duncan, 

     

    Please provide an update on your computer after completing the steps below. Are there any outstanding issues?

     

    STEP 1

    GfiJrQ9.png Malwarebytes Anti-Malware (MBAM)

    • Open Malwarebytes Anti-Malware and click Update Now.
    • Once updated, click the Settings tab, followed by Detection and Protection and tick Scan for rootkits.
    • Click the Scan tab, ensure Threat Scan is checked and click Scan Now.
    • Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards. 
    • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
    • Upon completion of the scan (or after the reboot), click the History tab.
    • Click Application Logs and double-click the Scan Log.
    • Click Copy to Clipboard and paste the log in your next reply. 
       

    STEP 2
    GzlsbnV.png ESET Online Scan
    Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

    • Please download ESET Online Scan and save the file to your Desktop.
    • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
    • Double-click esetsmartinstaller_enu.exe to run the programme. 
    • Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
    • Agree to the Terms of Use once more and click Start. Allow components to download.
    • Place a checkmark next to Enable detection of potentially unwanted applications.
    • Click Hide advanced settings. Place a checkmark next to:
      • Scan archives
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth technology
    • Ensure Remove found threats is unchecked.
    • Click Start.
    • Wait for the scan to finish. Please be patient as this can take some time.
    • Upon completion, click esetListThreats.png. If no threats were found, skip the next two bullet points. 
    • Click esetExport.png and save the file to your Desktop, naming it something such as "MyEsetScan".
    • Push the Back button.
    • Place a checkmark next to xKN1w2nv.png.pagespeed.ic.JWqIaEgZi7.png and click SzOC1p0.png.pagespeed.ce.OWDP45O6oG.png.
    • Re-enable your anti-virus software.
    • Copy the contents of the log and paste in your next reply.
       

    ======================================================
     
    STEP 3
    pfNZP4A.png Logs
    In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

    • MBAM Scan log
    • ESET Online Scan log
    • Are there any outstanding issues?
  2. Good job, Scott. 

    We can discuss how you can reduce the risk of reinfection once this process is finished. 

     

    Lets check for remnants and confirm your machine appears clean. 

     

    STEP 1

    GfiJrQ9.png Malwarebytes Anti-Malware (MBAM)

    • Open Malwarebytes Anti-Malware and click Update Now.
    • Once updated, click the Settings tab, followed by Detection and Protection and tick Scan for rootkits.
    • Click the Scan tab, ensure Threat Scan is checked and click Scan Now.
    • Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards. 
    • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
    • Upon completion of the scan (or after the reboot), click the History tab.
    • Click Application Logs and double-click the Scan Log.
    • Click Copy to Clipboard and paste the log in your next reply. 
       

    STEP 2
    GzlsbnV.png ESET Online Scan
    Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

    • Please download ESET Online Scan and save the file to your Desktop.
    • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
    • Double-click esetsmartinstaller_enu.exe to run the programme. 
    • Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
    • Agree to the Terms of Use once more and click Start. Allow components to download.
    • Place a checkmark next to Enable detection of potentially unwanted applications.
    • Click Hide advanced settings. Place a checkmark next to:
      • Scan archives
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth technology
    • Ensure Remove found threats is unchecked.
    • Click Start.
    • Wait for the scan to finish. Please be patient as this can take some time.
    • Upon completion, click esetListThreats.png. If no threats were found, skip the next two bullet points. 
    • Click esetExport.png and save the file to your Desktop, naming it something such as "MyEsetScan".
    • Push the Back button.
    • Place a checkmark next to xKN1w2nv.png.pagespeed.ic.JWqIaEgZi7.png and click SzOC1p0.png.pagespeed.ce.OWDP45O6oG.png.
    • Re-enable your anti-virus software.
    • Copy the contents of the log and paste in your next reply.
       

    ======================================================
     
    STEP 3
    pfNZP4A.png Logs
    In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

    • MBAM Scan log
    • ESET Online Scan log
  3. That log looks fine. 

     

    Thank you for your patience. This is certainly an unusual case. 

     

    xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Search

    • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
    • Type the following text into the Search: textbox:
      explorer.*
    • Click on the Search File(s) button.
    • Upon completion, a log (Search.txt) will be open, and saved in the same location as FRST.exe.  
    • Copy the contents of the log and paste in your next reply.
  4. There are lots of issues here. I would suggest you backup your important documents now. 
     
    MgeHyNE.png CHKDSK

    • Note: If you have a Solid State Drive (SSD), do not run CHKDSK.
    • Click Start and type CMD in the Search Bar. Right-Click CMD.exe and select AVOiBNU.jpg Run as administrator.
    • In the command window type the following and press Enter on your keyboard.
      chkdsk c: /x /r
    • If you are prompted to schedule CHKDSK to run the next time the computer restarts, type y and press Enter on your keyboard.
    • Type Exit and press Enter on your keyboard.
    • Restart your computer. CHKDSK will automatically run.
    • Note: This process can take up to an hour
    • Press the Windows Key xpdKOQKY.png.pagespeed.ic.tmAgS1-k6q.png + r on your keyboard at the same time. Type eventvwr.msc and click OK.
    • Click Windows Logs.
    • Right-click Application and click Find.
      • If CHKDSK ran within Windows (you didn't have to restart the computer), type Chkdsk into the text field and click Find Next. The log should appear. Highlight the text, Copy and paste in your next reply.
      • If CHKDSK ran after a restart, type Winlogon (XP) / Wininit (Vista/7) / Chkdsk (8) into the text field and click Find Next. The log should appear. Highlight the text, Copy and paste in your next reply.
    • ​For instructions accompanied by screenshots, please refer to the following article
  5. OK Robbie. Once the machine is clean, and you've changed your passwords, you may feel differently and decide against reformatting. The warning should be considered as a worse case scenario - what's described is a possibility, and can happen, but does not mean it has

     

    Lets start with the following. 

     

    xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

    • Please download Farbar Recovery Scan Tool (x32) or Farbar Recovery Scan Tool (x64) and save the file to your Desktop.
    • Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run.
    • Right-Click FRST.exe / FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
    • Click Yes to the disclaimer.
    • Ensure the Addition.txt box is checked.
    • Click the Scan button and let the programme run.
    • Upon completion, click OK, then OK on the Addition.txt pop up screen.
    • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. 
  6. Hi Robbie, 
     
    Thank you for the log. 
     
    Your machine is still infected. Furthermore, due to the nature of one of the infections present on your machine, I must ensure you are aware of the following. Please read the warning below, let me know what you think and how you wish to proceed. 
     

    goGMWSt.gifBACKDOOR WARNING
     
    ------------------------------

    One or more of the identified infections is known to use a backdoor, that allows attackers to remotely control your computer, download/execute files and steal critical system, financial and personal information.

    If your computer was used for online banking, has credit card information or other sensitive data, using a non-infected computer/device you should immediately change all account information (including those used for banking, Email, eBay, Paypal, online forums, etc).

    Banking and credit card institutions should be notified of the possible security breach immediately. Please read the following article for more information: How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

    Whilst the identified infection(s) can be removed, there is no way to guarantee the trustworthiness of your computer unless you reformat your Hard Drive and reinstall your Operating System. This is due to the nature of the infection, which allows the attacker remote control over the machine. Many experts in the security community believe that once infected with this type of malware, the best course of action is to reformat/reinstall. Please read the following articles for more information.

    You now have the choice between cleaning the infection(s) present or reformatting your computer. Ultimately, this decision is personal, and down to you and what you're most comfortable with. Please let me know how you wish to proceed, and if you have any questions.
  7. Hello ryams27, welcome to Malwarebytes' Malware Removal forum!

    My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems.
    If you would allow me to call you by your first name I would prefer that. xsmile.png.pagespeed.ic.CwSpBGGvqN.png

    General P2P/Piracy Notice: 
     

    If you are using Peer to Peer (P2P) filesharing software such as uTorrent, BitTorrent or similar you must either fully uninstall or completely disable the programme(s) from running whilst receiving assistance at this forum. 
    Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
    If you have illegal/cracked/keygen or similar software on the computer, please remove/uninstall the software now and read the policy on Piracy. Failure to do so will also result in your topic being closed.

     
    ======================================================

    Please read through the points below to ensure this process moves as quickly and efficiently as possible.

    • Please read through my instructions thoroughly, and ensure you carry out each step in the order specified.
    • Please do not post logs using the CODEQUOTE or ATTACHMENT format. Logs should be posted directly in plain text. If you receive an error whilst posting, please break the log in half and use multiple posts.
    • Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in ascertaining the current situation and providing the best set of instructions for you.
    • Please backup important files before proceeding with my instructions. Malware removal can be unpredictable.
    • If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before proceeding.
    • Topics are locked if no response is made after 4 days. Please inform me if you will require additional time to complete my instructions.
    • Ensure you are following this topic. Click xetYzdbu.png.pagespeed.ic.U7AjmRUewW.png at the top of the page.

    ======================================================
     

    My work machine has picked up ff5ee.com, which I understand to be a browser hijacker.

    Your machine is/was attempting to connect to this site. Malwarebytes is/was blocking this. 
    It isn't a browser hijacker, it's a symptom of an infection called Poweliks. 
     
    Please post the ComboFix log (C:\ComboFix.txt) in your next reply.

  8. Hello DCMJR, welcome to Malwarebytes' Malware Removal forum!

    My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems.
    If you would allow me to call you by your first name I would prefer that. xsmile.png.pagespeed.ic.CwSpBGGvqN.png

    General P2P/Piracy Notice: 
     

    If you are using Peer to Peer (P2P) filesharing software such as uTorrent, BitTorrent or similar you must either fully uninstall or completely disable the programme(s) from running whilst receiving assistance at this forum. 
    Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
    If you have illegal/cracked/keygen or similar software on the computer, please remove/uninstall the software now and read the policy on Piracy. Failure to do so will also result in your topic being closed.

     
    ======================================================

    Please read through the points below to ensure this process moves as quickly and efficiently as possible.

    • Please read through my instructions thoroughly, and ensure you carry out each step in the order specified.
    • Please do not post logs using the CODEQUOTE or ATTACHMENT format. Logs should be posted directly in plain text. If you receive an error whilst posting, please break the log in half and use multiple posts.
    • Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in ascertaining the current situation and providing the best set of instructions for you.
    • Please backup important files before proceeding with my instructions. Malware removal can be unpredictable.
    • If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before proceeding.
    • Topics are locked if no response is made after 4 days. Please inform me if you will require additional time to complete my instructions.
    • Ensure you are following this topic. Click xetYzdbu.png.pagespeed.ic.U7AjmRUewW.png at the top of the page.

    ======================================================
     
    Due to the nature of one of the infections present on your machine, I must ensure you are aware of the following. Please read the warning below, let me know what you think and how you wish to proceed. 
     

    goGMWSt.gifBACKDOOR WARNING
     
    ------------------------------

    One or more of the identified infections is known to use a backdoor, that allows attackers to remotely control your computer, download/execute files and steal critical system, financial and personal information.

    If your computer was used for online banking, has credit card information or other sensitive data, using a non-infected computer/device you should immediately change all account information (including those used for banking, Email, eBay, Paypal, online forums, etc).

    Banking and credit card institutions should be notified of the possible security breach immediately. Please read the following article for more information: How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

    Whilst the identified infection(s) can be removed, there is no way to guarantee the trustworthiness of your computer unless you reformat your Hard Drive and reinstall your Operating System. This is due to the nature of the infection, which allows the attacker remote control over the machine. Many experts in the security community believe that once infected with this type of malware, the best course of action is to reformat/reinstall. Please read the following articles for more information.

    You now have the choice between cleaning the infection(s) present or reformatting your computer. Ultimately, this decision is personal, and down to you and what you're most comfortable with. Please let me know how you wish to proceed, and if you have any questions.
  9. Hello,

     

    These registry cleaner/optimization programmes are all added by WinZip. They aren't required in order to use the programme; rather, they're bundled with it. I simply suggest you avoid running any of these programmes. Or alternatively, you can delete the files yourself. I'll let you decide. 

    C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe a variant of Win32/Systweak.L potentially unwanted applicationC:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll a variant of Win32/Systweak.N potentially unwanted applicationC:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe a variant of Win32/Systweak.L potentially unwanted applicationC:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe a variant of Win32/Systweak potentially unwanted applicationC:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe a variant of Win32/Systweak.L potentially unwanted applicationC:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe a variant of Win32/Systweak.L potentially unwanted application

     
    STEP 1
    xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

    • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
    • Copy the entire contents of the codebox below and paste into the Notepad document.
      startC:\Users\JPS\Downloads\7zip-setup.exeC:\Users\JPS\Downloads\flvplayer.zipC:\Users\JPS\Downloads\FreeVideoToAndroidConverter.exe C:\Users\JPS\Downloads\GamingWonderland.exe C:\Users\JPS\Downloads\winzip175.exe C:\Windows\Installer\7a92c711.msi EmptyTemp:end
    • Click FileSave As and type fixlist.txt as the File Name
    • Important: The file must be saved in the same location as FRST64.exe. 

    NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

    • Right-Click FRST64.exe and select Run as administrator to run the programme.
    • Click Fix.
    • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
       

    STEP 2
    CXrghb6.png Update Outdated Software

    Outdated software contain security risks that must be patched. Please download and install the latest version of the programmes below.

    • xGIhUGR.png Adobe Reader (uncheck the "Optional Offer")
    • j8JVMVP.jpg Java (watch out for "Optional Offers" or bundled software)
    • Qlf57ne.png Mozilla Firefox
    • u9DsAVv.png Follow these instructions to check for and download the latest Windows Updates.
    • ehzOq95.png I recommend installing the latest version of Internet Explorer for added security. The latest version IE can be installed via Windows Update.
       

    STEP 3
    EtQetiM.png Remove Outdated Software

    • Press the Windows Key + r on your keyboard at the same time. Type appwiz.cpl and click OK.
    • Search for the following programmes, right-click and click Uninstall one at a time.
    • Note: The programmes below may not be present. If this is the case, please skip to the next step.
      • Adobe Reader XI
      • Java™ 6 Update 25 
    • Follow the prompts, and reboot if necessary.
       

    STEP 4
    zANS9oB.png Disable Java in Your Browser
    Due to frequent exploits we recommend you disable Java in your browser.
    For information on Java vulnerabilities, please read the following article (point #7).

    • Click the Windows Start Button and type Java Control Panel (or javacpl) in the search bar. 
    • Click on the Java Control Panel. Once opened, click the Security tab.
    • Deselect the check box for Enable Java content in the browser. This will disable the Java plug-in in the browser. 
    • Click Apply. When the Windows User Account Control (UAC) appears, allow permissions to make the changes. 
    • Click OK in the Java Plug-in confirmation window.
    • Restart your browser(s) for changes to take effect.
    • More information can be found here and here.
       

    STEP 5
    oxliOQk.png Security Check

    • Please download SecurityCheck and save the file to your Desktop.
    • Double-click SecurityCheck.exe and follow the onscreen instructions inside the black box.
    • A log (checkup.txt) will automatically open on your Desktop.
    • Copy the contents of the log and paste in your next reply.
       

    ======================================================
     
    STEP 6
    pfNZP4A.png Logs
    In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

    • Fixlog.txt
    • checkup.txt
    • How is your computer performing? Are there any outstanding issues?
  10. No problem at all. :)
     
    Once your computer is back up and running, you may wish to look into the following:
     
    I have compiled below a list of resources you may find useful. The articles document information on computer security, common infection vectors and how you can stay safe on the Internet.

    The following programmes come highly recommended in the security community.

    • xKsUqI5A.png.pagespeed.ic.vn1Hlvqi8h.jpg AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.
    • E8I37RF.pngCryptoPrevent places policy restrictions on loading points for ransomware (eg.CryptoPrevent), preventing your files from being encrypted.
    • x7D2ig3K.png.pagespeed.ic.x4TC1AK8OX.jpg Emsisoft Antimalware (free) acts as an additional on-demand scanner, and can be used in conjunction with your Anti-Virus. 
    • EG85Vjt.png Malwarebytes Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
    • x6YRrgUC.png.pagespeed.ic.HjgFxjvw2Z.jpg Malwarebytes Anti-Malware Premium (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
    • xjv4nhMJ.png.pagespeed.ic.A5YbWn1eDO.png NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology. 
    • 3O8r9Uq.png Sandboxie isolates programmes of your choice, preventing files from being written to your HDD unless approved by you. 
    • DgW1XL2.png.pagespeed.ce.v1OlJl_ZAS.png Secuina PSI will scan your computer for vulnerable software that is outdatedand automatically find the latest update for you.
    • xj1OLIec.png.pagespeed.ic.k6hhwopU0q.jpg SpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
    • xsHjS79L.png.pagespeed.ic.n4Sk8_GzZn.jpg Unchecky automatically removes checkmarks for bunlded software in programme installers; helping you avoid adware and PUPs. 
    • xJEP5iWI.png.pagespeed.ic.4tmM1lM7DQ.png Web of Trust (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website. 
  11. There were only two threats identified in the ESET log.

    C:\FRST\Quarantine\C\Users\Allison\Downloads\Adobe_Flash_Setup.exe.xBAD a variant of Win32/InstallCore.RA potentially unwanted applicationC:\TDSSKiller_Quarantine\29.10.2014_08.38.09\tdlfs0000\tsk0001.dta Win64/Olmarik.AK trojan

    Both have already been quarantined, and pose no threat to your computer. 
     
    These are installers for programmes. The first file being an installer for a Weather programme, and the other four for CCleaner.

    C:\Users\Allison\AppData\Local\Downloaded Installations\{B73C48EC-B96A-4B38-8EAD-7B1BBA358A97}\The Weather Channel App.msi a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe applicationC:\Users\Allison\Downloads\ccsetup413.exe Win32/Bundled.Toolbar.Google.D potentially unsafe applicationC:\Users\Allison\Downloads\ccsetup415.exe Win32/Bundled.Toolbar.Google.D potentially unsafe applicationC:\Users\Allison\Downloads\ccsetup416.exe Win32/Bundled.Toolbar.Google.D potentially unsafe applicationC:\Users\Allison\Downloads\ccsetup417.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

    They aren't threats, and pose no risk. You can delete the files if you wish, but it won't make a difference.

  12. Sounds good. 

    Lets update your vulnerable software to reduce the risk of reinfection.

     

    STEP 1
    CXrghb6.png Update Outdated Software

    Outdated software contain security risks that must be patched. Please download and install the latest version of the programmes below.

    STEP 2
    oxliOQk.png Security Check

    • Please download SecurityCheck and save the file to your Desktop.
    • Double-click SecurityCheck.exe and follow the onscreen instructions inside the black box.
    • A log (checkup.txt) will automatically open on your Desktop.
    • Copy the contents of the log and paste in your next reply.
       

    ======================================================
     
    STEP 3
    pfNZP4A.png Logs
    In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

    • checkup.txt
    • How is your computer performing? Are there any outstanding issues?
  13. Excellent.
    Now for the good news.

    All Clean!
    Congratulations, your computer appears clean! :)
    I no longer see signs of malware on your computer, and feel satisfied that our work here is done. The steps below will remove the tools we have used, and reset any settings changed. I have also provided a list of resources and tools that you may find useful.

    My help will always be free. But if you are happy with the help provided, and would like to support my fight against malware and/or buy me a beer, please consider a donation. YSCcjW7.png


    STEP 1
    9SN2ePL.png ComboFix Uninstall

    • Press the Windows Key + r on your keyboard at the same time. Type the following text into the Run box:
      ComboFix /Uninstall
    • Click OK.
    • Note: It may appear as if Combofix is installing. This is not the case; the programme is uninstalling. Please do not interrupt the process.
       

    STEP 2
    AFZxnZc.jpg DelFix

    • Please download DelFix and save the file to your Desktop.
    • Double-click DelFix.exe to run the programme.
    • Place a checkmark next to the following items:
      • Activate UAC
      • Remove disinfection tools
      • Create registry backup
      • Purge system restore
      • Reset system settings
    • Click the Run button.

    -- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).

    ======================================================

    I have compiled below a list of resources you may find useful. The articles document information on computer security, common infection vectors and how you can stay safe on the Internet.

    The following programmes come highly recommended in the security community.

    • xKsUqI5A.png.pagespeed.ic.vn1Hlvqi8h.jpg AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.
    • E8I37RF.pngCryptoPrevent places policy restrictions on loading points for ransomware (eg.CryptoPrevent), preventing your files from being encrypted.
    • EG85Vjt.png Malwarebytes Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
    • x6YRrgUC.png.pagespeed.ic.HjgFxjvw2Z.jpg Malwarebytes Anti-Malware Premium (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
    • xjv4nhMJ.png.pagespeed.ic.A5YbWn1eDO.png NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
    • 3O8r9Uq.png Sandboxie isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
    • DgW1XL2.png.pagespeed.ce.v1OlJl_ZAS.png Secuina PSI will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you.
    • xj1OLIec.png.pagespeed.ic.k6hhwopU0q.jpg SpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
    • xJEP5iWI.png.pagespeed.ic.4tmM1lM7DQ.png Web of Trust (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.

    -- Please feel free to ask if you have any questions or concerns on computer security or the programmes above.

    ======================================================

    Please confirm you have no outstanding issues, and are happy with the state of your computer. Once I have confirmation things are in order, we can wrap things up and I will close this thread.

    Thank you for using Malwarebytes.

    Safe Surfing. :)
    Adam (LiquidTension).

  14. OK. In the meantime, lets update your vulnerable software to reduce the risk of reinfection.

     

    STEP 1
    CXrghb6.png Update Outdated Software

    Outdated software contain security risks that must be patched. Please download and install the latest version of the programmes below.

    STEP 2
    EtQetiM.png Remove Outdated Software

    • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type appwiz.cpl and click OK.
    • Search for the following programmes, right-click and click Uninstall one at a time.
    • Note: The programmes below may not be present. If this is the case, please skip to the next step.
      • Java 7 Update 67 
    • Follow the prompts, and reboot if necessary.
       

    STEP 3
    zANS9oB.png Disable Java in Your Browser
    Due to frequent exploits we recommend you disable Java in your browser.
    For information on Java vulnerabilities, please read the following article (point #7).

    • Click the Windows Start Button 29Fou9c.jpg and type Java Control Panel (or javacpl) in the search bar. 
    • Click on the Java Control Panel. Once opened, click the Security tab.
    • Deselect the check box for Enable Java content in the browser. This will disable the Java plug-in in the browser. 
    • Click Apply. When the AVOiBNU.jpg Windows User Account Control (UAC) appears, allow permissions to make the changes. 
    • Click OK in the Java Plug-in confirmation window.
    • Restart your browser(s) for changes to take effect.
    • More information can be found here and here.
       

    STEP 4
    oxliOQk.png Security Check

    • Please download SecurityCheck and save the file to your Desktop.
    • Double-click SecurityCheck.exe and follow the onscreen instructions inside the black box.
    • A log (checkup.txt) will automatically open on your Desktop.
    • Copy the contents of the log and paste in your next reply.
       

    ======================================================
     
    STEP 5
    pfNZP4A.png Logs
    In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

    • checkup.txt
    • How is your computer performing? Are there any outstanding issues?
  15. I recommend reading the following article: http://www.sevenforums.com/tutorials/219487-clean-reinstall-factory-oem-windows-7-a.html

    This explains the process.

     

    I would suggest creating an account at Seven Forums if you have any specific questions, as the techs there are better equipped to answer. 

     

    You are more than welcome to ask questions on computer security, programmes, how to reduce the risk of reinfection, etc here. 

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.