Jump to content

B-boy/StyLe/

Experts
  • Content Count

    1,575
  • Joined

  • Last visited

Posts posted by B-boy/StyLe/


  1. Hi LT,

    I am sorry for the delay but I was swamped with work the last 2 weeks. I will proceed with the steps as soon as possible. I was able only to test the issue with GeForce Experience disabled (a clean boot was performed) and that didn't resolve the problem. Next I will fully uninstall GeForce Experience to see if there will be any difference and will let you know.

    Also I will create a new user account to see if the issue occurs there.

    In the meantime I noticed that there is a new BETA build. Should I use it instead?

     

    Regards,
    Georgi


  2. Hi LT,

    I noticed the same thing. The issue only appears when starting  Malwarebytes (since I am testing the free version only for second opinion scanner and I don't have the real-time protection and that's why I don't need it to be started in the background all the time I close the application from the tray icon when the scan is done).

    It happened from a time to time with the 3x version but not every time like with the 4x Beta. :)

    Ok, I started MBAM again and I monitored the System logs. I hit the refresh button and the error appeared again. I attached the new System.evtx just in case it is useful for you.

    Also no rush here. Take your time. :)

    Regards.
    G.

     

     


  3. Hi LT,

     

    I installed and ran the latest version you sent me (I uninstalled the old version, rebooted and used the Malwarebytes Support Tool to clean the remnants before installing the new one) but unfortunately I noticed the same errors in the Event Viewer => System

    Quote

    {Registry Hive Recovered} Registry hive (file): '\??\C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\S-1-5-21-1664574625-2511953615-2869871748-1001-09242019010519884-ntuser.dat' was corrupted and it has been recovered. Some data might have been lost.

    {Registry Hive Recovered} Registry hive (file): '\??\C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\S-1-5-21-1664574625-2511953615-2869871748-1001-09242019010519075-ntuser.dat' was corrupted and it has been recovered. Some data might have been lost.

    {Registry Hive Recovered} Registry hive (file): '\??\C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\S-1-5-21-1664574625-2511953615-2869871748-1001-09242019010222835-ntuser.dat' was corrupted and it has been recovered. Some data might have been lost.

    {Registry Hive Recovered} Registry hive (file): '\??\C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\S-1-5-21-1664574625-2511953615-2869871748-1001-09242019010222206-ntuser.dat' was corrupted and it has been recovered. Some data might have been lost.

    Also there is a new one in the Application area:

    Quote

    Faulting application name: MBAMInstallerService.exe, version: 4.0.0.93, time stamp: 0x5d84e8af
    Faulting module name: combase.dll, version: 6.3.9600.19345, time stamp: 0x5ca8ccd8
    Exception code: 0xc0000005
    Fault offset: 0x0000000000037d03
    Faulting process id: 0x1984
    Faulting application start time: 0x01d5725a8fd9f6f5
    Faulting application path: C:\Program Files\Malwarebytes Anti-Malware\MBAMInstallerService.exe
    Faulting module path: C:\Windows\SYSTEM32\combase.dll
    Report Id: d28fc6e0-de4d-11e9-8895-7085c25b66b8
    Faulting package full name:
    Faulting package-relative application ID:

    Best regards,
    G.


  4. 8 minutes ago, LiquidTension said:

    MBST 1.5.1 is compatible with Windows 8.1. The reason it downgraded to 1.4.3 is because your OS version was not detected correctly. We're looking into this further. None of the 8.1 machines tested on have encountered this issue.

    I understand. Thanks for letting me know.

    Btw I disabled both Kaspersky Free AV and Comodo Firewall to avoid possible interference between them and your tool but they were not the culprit.

    8 minutes ago, LiquidTension said:

    Regarding the crash - did you try to run manually run mb-support.exe 1.5.1 from a folder named 7z{random characters}.tmp? If so, the crash is expected as mb-support.exe is not intended to be run manually from this location.

    Yes! That was how I proceeded.

    Regards,
    Georgi


  5. Hi LT,

    You have a PM as well.

    As for the Malwarebytes Support Tool I ran it to collect the logs and I noticed that it downgraded to version 1.4.3.687 for some reason.

    I opened the %temp% folder and tried to run the 1.5.1 (of course I already closed the previous version) and then I got the "unknown software exception" error:

    jUGayWg.png

    I am curious is the 1.5.1 version not compatible with Windows 8.1 or the problem is somewhere else?

    Thanks again for your help!

    Regards,
    Georgi


  6. Hi LiquidTension,

    Here we go (The EventViewer logs are included in the archive):

    Hope this will shed some light on the issue.

     

     

    And here are some dump files from the Malwarebytes Support Tool crashes:

    mb-support.exe.dmps.zip

    Quote

    Description
    Faulting Application Path:    C:\Users\FFreestyleRR\Appdata\Local\Temp\7zSA841.tmp\mb-support.exe

    Problem signature
    Problem Event Name:    APPCRASH
    Application Name:    mb-support.exe
    Application Version:    1.5.1.681
    Application Timestamp:    5d794f67
    Fault Module Name:    KERNELBASE.dll
    Fault Module Version:    6.3.9600.19425
    Fault Module Timestamp:    5d26ae6e
    Exception Code:    e0434352
    Exception Offset:    00034e28
    OS Version:    6.3.9600.2.0.0.256.4
    Locale ID:    1026
    Additional Information 1:    ac05
    Additional Information 2:    ac0507478d1c5bd693cfc4fe3987e900
    Additional Information 3:    ac05
    Additional Information 4:    ac0507478d1c5bd693cfc4fe3987e900

    Extra information about the problem
    Bucket ID:    50c64874e24f38b57f7dacacdc68cbff (2269159645696805887)

     

    Btw: I don't know why but Malwarebytes Support Tool downgraded from 1.5.1 to 1.4.3 when ran it.

    Regards,
    Georgi


  7. Hi,

    I am currently testing the new beta and it is great (despite the animation transitions are a bit slow in my opinion).

    I noticed the following in the Event Viewer after installing it and running a threat scan and a custom scan with it:

    Quote

    {Registry Hive Recovered} Registry hive (file): '\??\C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\S-1-5-21-1664574625-2511953615-2869871748-1001-09192019123206829-ntuser.dat' was corrupted and it has been recovered. Some data might have been lost.

    {Registry Hive Recovered} Registry hive (file): '\??\C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\S-1-5-21-1664574625-2511953615-2869871748-1001-09192019123207656-ntuser.dat' was corrupted and it has been recovered. Some data might have been lost.

    {Registry Hive Recovered} Registry hive (file): '\??\C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\S-1-5-21-1664574625-2511953615-2869871748-1001-09192019123212327-ntuser.dat' was corrupted and it has been recovered. Some data might have been lost.

    {Registry Hive Recovered} Registry hive (file): '\??\C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\S-1-5-21-1664574625-2511953615-2869871748-1001-09192019123714124-ntuser.dat' was corrupted and it has been recovered. Some data might have been lost.

    {Registry Hive Recovered} Registry hive (file): '\??\C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\S-1-5-21-1664574625-2511953615-2869871748-1001-09192019123714846-ntuser.dat' was corrupted and it has been recovered. Some data might have been lost.

    {Registry Hive Recovered} Registry hive (file): '\??\C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\S-1-5-21-1664574625-2511953615-2869871748-1001-09192019124234811-ntuser.dat' was corrupted and it has been recovered. Some data might have been lost.

    {Registry Hive Recovered} Registry hive (file): '\??\C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\S-1-5-21-1664574625-2511953615-2869871748-1001-09192019124235713-ntuser.dat' was corrupted and it has been recovered. Some data might have been lost.

    Keep up the good work!

    Regards,
    Georgi


  8. Hi,

     

    Your system is malware free and no more scans are required.

    Thank you for following my instructions perfectly! bounce.gif

     

    Now that we are at the end of our journey I have some final words for you. smile.png
    All Clean !
    Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it Clean.

     

     

    STEP 1 - UPDATING TASKS

     

    • It is possible for programs on your computer to have security vulnerability that can allow malware to infect you.
    • Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities.
    • You can check these by visiting Secunia Software Inspector or you can use the following application for this purpose PatchMyPC

     

     
    Visit Microsoft's Windows Update Site Frequently

     

    • It is important that you visit Windows Update regularly.
    • This will ensure your computer has always the latest security updates available installed on your computer.
    • If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

     

     

    STEP 2 - CLEANUP


    Here are a few additional steps on how to remove all of the tools we used:

     

    • Please download Delfix.exe by Xplode and save it to your desktop.
    • Please start it and check the box next to "Remove disinfection tools" and uncheck the rest and click on the run button.
    • The tool will delete itself once it finishes.

    Note: If any tool, file, log file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

     

     

    STEP 3 - SECURITY ADVISES
     

    Keep your antivirus software turned on and up-to-date

     

    • New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
    • Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
    • Note2: You should scan your computer with an antimalware program like Malwarebytes' Anti-Malware on a regular basis just as you would an antivirus software. Be sure to check for and download any definition updates prior to performing a scan. Also keep in mind that MBAM is not a replacement for antivirus software, it is meant to complement the protection provided by a full antivirus product and is designed to detect the threats that are missed by most antivirus software.

     

    Be prepared for CryptoLocker and similar threats:

     

    Since the prevention is better than cure you can use Malwarebytes Anti-Ransomware to secure the PC against these lockers.

    You may want to check Malwarebytes Anti-Exploit and add install it to be safe when surfing the net. It work with the most popular browsers and it is very effective. See the article here.

    Also you can use a standard user account with UAC enabled. If you need administrative privileges to perform some tasks, then you can use Run As or log on as the administrator account for that specific task.

     

    Practice Safe Internet


    One of the main reasons people get infected in the first place is that they are not practicing Safe Internet. You practice Safe Internet when you educate yourself on how to properly use the Internet through the use of security tools and good practice. Knowing how you can get infected and what types of files and sites to avoid will be the most crucial step in keeping your computer malware free. The reality is that the majority of people who are infected with malware are ones who click on things they shouldn't be clicking on. Whether these things are files or sites it doesn't really matter. If something is out to get you, and you click on it, it most likely will.  Below are a list of simple precautions to take to keep your computer clean and running securely:

    • If you receive an attachment from someone you do not know, DO NOT OPEN IT! Simple as that. Opening attachments from people you do not know is a very common method for viruses or worms to infect your computer.
    • .zip, .exe, .com, .bat, .pif, .scr, .cmd, .cab .vbs or .js do not open the attachment unless you know for a fact that it is clean. For the casual computer user, you will almost never receive a valid attachment of this type.
    • If you receive an attachment from someone you know, and it looks suspicious, then it probably is. The email could be from someone you know infected with a malware that is trying to infect everyone in their address book.
    • If you are browsing the Internet and a popup appears saying that you are infected, ignore it!. These are, as far as I am concerned, scams that are being used to scare you into purchasing a piece of software. For an example of these types of popups, or Foistware, you should read this article:
      Foistware, And how to avoid it. There are also programs that disguise themselves as Anti-Spyware or security products but are instead scams.  For a list of these types of programs we recommend you visit this link: About Malwares, Rogues, Scarewares, SmitfraudFix
    • Another tactic to fool you on the web is when a site displays a popup that looks like a normal Windows message or alert. When you click on them, though, they instead bring you to another site that is trying to push a product on you. I suggest that you close these windows by clicking on the X instead of the OK button. Alternatively, you can check to see if it's a real alert by right-clicking on the window. If there is a menu that comes up saying Add to Favorites... you know it's a fake.
    • Do not go to adult sites. I know this may bother some of you, but the fact is that a large amount of malware is pushed through these types of sites. I am not saying all adult sites do this, but a lot do.
    • When using an Instant Messaging program be cautious about clicking on links people send to you. It is not uncommon for infections to send a message to everyone in the infected person's contact list that contains a link to an infection. Instead when you receive a message that contains a link, message back to the person asking if it is legit before you click on it.
    • Stay away from Warez and Crack sites! In addition to the obvious copyright issues, the downloads from these sites are typically overrun with infections. Avoid using cracks and unknown programs from sources you don't trust. There are MANY alternative open-source applications. Malware writers just love cracks and keygens, and will often attach malicious code into them. By using cracks and/or keygens, you are asking for problems. So my advice is - stay away from them!
    • Be careful of what you download off of web sites and Peer-2-Peer networks. Some sites disguise malware as legitimate software to trick you into installing them and Peer-2-Peer networks are crawling with it. If you want to download a piece of software a from a site, and are not sure if they are legitimate, you can use Bitdefender TrafficLight or Avira Browser Safety to look up info on the site. Note: skip this advice if your antivirus have a Web Guard.
    • DO NOT INSTALL any software without first reading the End User License Agreement, otherwise known as the EULA. A tactic that some developers use is to offer their software for free, but have spyware and other programs you do not want bundled with it. This is where they make their money. By reading the agreement there is a good chance you can spot this and not install the software.
    • You may want to install Unchecky to prevent adware bundled into many free programs to install.
    • Make the extensions for known file types visible: Be worried of files with a double extension such as image.jpg.exe. As a default setting, Windows often hides common file extensions, meaning that a program like image.jpg.exe will appear to you as simply image.jpg. Double extensions exploit this by hiding the second, dangerous extension and reassuring you with the first one.Check this out - Show or hide file name extensions.
    • Disable Autorun: It's a good idea to disable the Autorun functionality to prevent spreading of the infections from USB flash drives. Check the article here for more information. Also you can install McShield - to prevent infections spread by removable media.
    • Disable and Windows Scripting Host: If you don't use any script files then you can go ahead and disable Windows Scripting Host using the tool provided by Symantec - NoScript.exe. Simple download and run it and click on the Disable button and reboot the computer. If you need to run any js. or vbs scripts at a later stage you should run NoScript.exe again and select Enable, then reboot the computer.
    • Install Adblock Plus to surf the web without annoying ads!

     

     
    Create an image of your system (you can use the built-in Windows software as well if you prefer)

    • Now when your pc is malware free it is a good idea to do a backup of all important files just in case something happens it.
    • Macrium Reflect is very good choice that enables you to create an image of your system drive which can be restored in case of problems.
    • The download link is here.
    • The tutorial on how to create an system image can be found here.
    • The tutorial on how to restore an system image can be found here.
    • Be sure to read the tutorials first.

     

    Follow this list and your potential for being infected again will reduce dramatically.

     

    Safe Surfing ! smile.png

     

    Regards,
    Georgi


  9. Hello! Welcome to Malwarebytes Forums! :welcome:
    My name is Georgi and and I will be helping you with your computer problems.

    Before we begin, please note the following:

    • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
    • The logs can take some time to research, so please be patient with me.
    • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
    • Instructions that I give are for your system only!
    • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
    • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
    • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

     

     

    Before we proceed please read the following topic - Piracy

     

     

    STEP 1

     

    Please download Malwarebytes Anti-Malware 2.2.1.1043 Final to your desktop.
     

    • Double-click mbam-setup-2.2.1.1043.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
      • Launch Malwarebytes Anti-Malware
      • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • Click Finish.
    • On the Settings tab > Detection and Protection subtab, Detection Options, tick the box 'Scan for rootkits'.
    • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • With some infections, you may see this message box.
      • 'Could not load DDA driver'
    • Click 'Yes' to this message, to allow the driver to load after a restart.
    • Allow the computer to restart. Continue with the rest of these instructions.
    • When the scan is complete, click Apply Actions.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the scan log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.

     

     

    STEP 2

     

    Please download the latest version of Farbar Recovery Scan Tool and save it to your desktop.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Make sure that Additional.txt is checked.
    • Press Scan button.
    • It will make 2 logs (FRST.txt and Addition.txt) in the same directory the tool is run. Please copy and paste them to your reply.

     

     

    Regards,
    Georgi


  10. Hello,

     

    Please download the following file => fixlist.txt and save it to the Desktop.

    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    Run FRST and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

     

    Next I'll send you my final recommendations.

     

    Regards,
    Georgi


  11. 30 minutes ago, cchao said:

    Should I have quarantined the tracking cookies with hitmanpro? I wasn't sure if I was suppose to or not since you said don't delete anything.

    It's not needed. They are harmless. When you visit your favorites sites they will appear again. If you want to remove them then you can simple delete your browser history.

    Regards,
    Georgi


  12. Hi,

    I am glad to hear that your issues are resolved.

    Before I let you go. let's check for malware leftovers:

     

    STEP 1

     

    1.Please download HitmanPro.

    • For 32-bit Operating System - dEMD6.gif.
    • This is the mirror - dEMD6.gif
    • For 64-bit Operating System - dEMD6.gif
    • This is the mirror - dEMD6.gif

    2.Launch the program by double clicking on the 5vo5F.jpg icon. (Windows Vista/7 users right click on the HitmanPro icon and select run as administrator).

    Note: If the program won't run please then open the program while holding down the left CTRL key until the program is loaded.

    3.Click on the next button. You must agree with the terms of EULA. (if asked)

    4.Check the box beside "No, I only want to perform a one-time scan to check this computer".

    5.Click on the next button.

    6.The program will start to scan the computer. The scan will typically take no more than 5 minutes.

    7.When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore <= IMPORTANT!!!

     

    6-scanfin-choose.jpg
     
    8.Click on the next button.

    9.Click on the "Save Log" button.

    10.Save that file to your desktop and post the content of that file in your next reply.
     
    Note: if there isn't a dropdown menu when the scan is done then please don't delete anything and close HitmanPro

    Navigate to C:\ProgramData\HitmanPro\Logs open the report and copy and paste it to your next reply.

    Note: C:\ProgramData is hidden by default. Please make sure that you can view all hidden files. Instructions on how to do this can be found here:
    How to see hidden files in Windows

     

     

    STEP 2

     

    emsisoft_emergency_kit.pnglogo.png

    • Download EmsisoftEmergencyKit, run the exe and extract the content in a folder of your choice like (C:\EEK) by clicking the Extract button.
    • Double-click the desktop-shortcut called Start Emsisoft Emergency Kit to start the tool.
    • Click on the "Yes" button when asked to obtain the latest malware definitions.
    • Once the update is complete click "Scan".
    • Click on the "Yes" button when asked to enable the scan for Potentially Unwanted Applications.
    • Next click on the Custom Scan and select only drive C:\ to be scanned and remove the rest of the drives from the list. When the scan complete, click on the View Report button (don't delete or quarantine anything).
    • Please attach the content of the report in your next reply.

     

    And then I'll give you my final recommendations.

     

    Regards,
    Georgi


  13. 5 hours ago, cchao said:

    Index of file:///C:/Program Files (x86)/Mozilla Firefox/

     

    This pops up when I open mozilla from my desktop.

    Hi,

    You missed my previous post?

    Do this happen when you run the main exe in the installation folder of Mozilla FIrefox and Google Chrome:

    C:\Program Files (x86)\Mozilla Firefox\firefox.exe <= this file

    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <= this file

    or only when you run them from their appropriate shortcuts (from the desktop)?

    If only the shortcuts are affected then you can recreate them (right click on firefox.exe and select send to => desktop (create shortcut) and check if that fix the issue. If so please repeat the steps for Google Chrome as well (right click on chrome.exe and select  send to => desktop (create shortcut)).

    If the issue still persists then please go ahead and reinstall both Mozilla Firefox and Google Chrome.

    Let me know how it went.

    Regards,
    Georgi


  14. 7 hours ago, cchao said:

    That's all of the scans. Can I delete all of the programs you told me to download?

    Not yet. We will delete them at the end of the cleaning process.

    7 hours ago, cchao said:

    When I open Mozilla firefox, the program files(x86)/mozillafirefox opens up. Same thing with Google Chrome.

    Do this happen when you run the main exe in the installation folder of Mozilla FIrefox and Google Chrome:

    C:\Program Files (x86)\Mozilla Firefox\firefox.exe

    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    or only when you run them from their appropriate shortcuts?

    If only the shortcuts are affected then you can recreate them or reinstall both Mozilla Firefox and Google Chrome.

    Also I noticed that Adwcleaner removed Pokki. If you need a start menu then I suggest you to install ClassicShell (which is adware free).

     

    Please download the following file => fixlist.txt and save it to the Desktop.

    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    Run FRST and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

    Let me know of any remaining issues.

     

    Regards,
    Georgi


  15. Hello,

    Nice work! :)

    Let's check for malware remnants:

     

    STEP 1

     

    Please download AdwCleaner by Xplode and save to your Desktop.

    • Double click on AdwCleaner.exe to run the tool.
      Vista/Windows 7/8 users right-click and select Run As Administrator.
    • Click on the Scan button.
    • AdwCleaner will begin to scan your computer.
    • After the scan has finished click on the Clean button.
    • Press OK when asked to close all programs and follow the onscreen prompts.
    • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

     

    STEP 2

     

    Please download Junkware Removal Tool to your desktop.

    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

     

    STEP 3

     

    icon_zps423a0d9f.jpg Please download ZHPCleaner (by NicolasCoolman) to your desktop.

    • Double click on ZHPCleaner to run the tool. (Vista/Windows 7/8 users right-click and select Run As Administrator).
    • Please click the Ashampoo_Snap_20140819_13h09m50s_001__zp button.
    • Then press the y3pI4LR.png button.
    • During the scan any open instances of the browsers will be closed automatically.
    • A logfile will automatically open after the scan has finished.
    • Please post the contents of that logfile with your next reply.

     

    That's it for now. smile.png

     

    Regards,
    Georgi


  16. Hi Leena,

     

    Your system is malware free and no more scans are required.

    Thank you for following my instructions perfectly! bounce.gif

     

    Now that we are at the end of our journey I have some final words for you. smile.png
    All Clean !
    Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it Clean.

     

     

    STEP 1 - UPDATING TASKS

     

    • It is possible for programs on your computer to have security vulnerability that can allow malware to infect you.
    • Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities.
    • You can check these by visiting Secunia Software Inspector or you can use the following application for this purpose PatchMyPC

     

     
    Visit Microsoft's Windows Update Site Frequently

     

    • It is important that you visit Windows Update regularly.
    • This will ensure your computer has always the latest security updates available installed on your computer.
    • If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

     

     

    STEP 2 - CLEANUP


    Here are a few additional steps on how to remove all of the tools we used:

     

    • Please download Delfix.exe by Xplode and save it to your desktop.
    • Please start it and check the box next to "Remove disinfection tools" and uncheck the rest and click on the run button.
    • The tool will delete itself once it finishes.

    Note: If any tool, file, log file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

     

     

    STEP 3 - SECURITY ADVISES
     

    Keep your antivirus software turned on and up-to-date

     

    • New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
    • Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
    • Note2: You should scan your computer with an antimalware program like Malwarebytes' Anti-Malware on a regular basis just as you would an antivirus software. Be sure to check for and download any definition updates prior to performing a scan. Also keep in mind that MBAM is not a replacement for antivirus software, it is meant to complement the protection provided by a full antivirus product and is designed to detect the threats that are missed by most antivirus software.

     

    Be prepared for CryptoLocker and similar threats:

     

    Since the prevention is better than cure you can use Malwarebytes Anti-Ransomware to secure the PC against these lockers.

    You may want to check Malwarebytes Anti-Exploit and add install it to be safe when surfing the net. It work with the most popular browsers and it is very effective. See the article here.

    Also you can use a standard user account with UAC enabled. If you need administrative privileges to perform some tasks, then you can use Run As or log on as the administrator account for that specific task.

     

    Practice Safe Internet


    One of the main reasons people get infected in the first place is that they are not practicing Safe Internet. You practice Safe Internet when you educate yourself on how to properly use the Internet through the use of security tools and good practice. Knowing how you can get infected and what types of files and sites to avoid will be the most crucial step in keeping your computer malware free. The reality is that the majority of people who are infected with malware are ones who click on things they shouldn't be clicking on. Whether these things are files or sites it doesn't really matter. If something is out to get you, and you click on it, it most likely will.  Below are a list of simple precautions to take to keep your computer clean and running securely:

    • If you receive an attachment from someone you do not know, DO NOT OPEN IT! Simple as that. Opening attachments from people you do not know is a very common method for viruses or worms to infect your computer.
    • .zip, .exe, .com, .bat, .pif, .scr, .cmd, .cab .vbs or .js do not open the attachment unless you know for a fact that it is clean. For the casual computer user, you will almost never receive a valid attachment of this type.
    • If you receive an attachment from someone you know, and it looks suspicious, then it probably is. The email could be from someone you know infected with a malware that is trying to infect everyone in their address book.
    • If you are browsing the Internet and a popup appears saying that you are infected, ignore it!. These are, as far as I am concerned, scams that are being used to scare you into purchasing a piece of software. For an example of these types of popups, or Foistware, you should read this article:
      Foistware, And how to avoid it. There are also programs that disguise themselves as Anti-Spyware or security products but are instead scams.  For a list of these types of programs we recommend you visit this link: About Malwares, Rogues, Scarewares, SmitfraudFix
    • Another tactic to fool you on the web is when a site displays a popup that looks like a normal Windows message or alert. When you click on them, though, they instead bring you to another site that is trying to push a product on you. I suggest that you close these windows by clicking on the X instead of the OK button. Alternatively, you can check to see if it's a real alert by right-clicking on the window. If there is a menu that comes up saying Add to Favorites... you know it's a fake.
    • Do not go to adult sites. I know this may bother some of you, but the fact is that a large amount of malware is pushed through these types of sites. I am not saying all adult sites do this, but a lot do.
    • When using an Instant Messaging program be cautious about clicking on links people send to you. It is not uncommon for infections to send a message to everyone in the infected person's contact list that contains a link to an infection. Instead when you receive a message that contains a link, message back to the person asking if it is legit before you click on it.
    • Stay away from Warez and Crack sites! In addition to the obvious copyright issues, the downloads from these sites are typically overrun with infections. Avoid using cracks and unknown programs from sources you don't trust. There are MANY alternative open-source applications. Malware writers just love cracks and keygens, and will often attach malicious code into them. By using cracks and/or keygens, you are asking for problems. So my advice is - stay away from them!
    • Be careful of what you download off of web sites and Peer-2-Peer networks. Some sites disguise malware as legitimate software to trick you into installing them and Peer-2-Peer networks are crawling with it. If you want to download a piece of software a from a site, and are not sure if they are legitimate, you can use Bitdefender TrafficLight or Avira Browser Safety to look up info on the site. Note: skip this advice if your antivirus have a Web Guard.
    • DO NOT INSTALL any software without first reading the End User License Agreement, otherwise known as the EULA. A tactic that some developers use is to offer their software for free, but have spyware and other programs you do not want bundled with it. This is where they make their money. By reading the agreement there is a good chance you can spot this and not install the software.
    • You may want to install unchecky to prevent adware bundled into many free programs to install. Please keep in mind that this program is a beta version of a product and not completely tested to ensure its stability or reliability.
    • Make the extensions for known file types visible: Be worried of files with a double extension such as image.jpg.exe. As a default setting, Windows often hides common file extensions, meaning that a program like image.jpg.exe will appear to you as simply image.jpg. Double extensions exploit this by hiding the second, dangerous extension and reassuring you with the first one.Check this out - Show or hide file name extensions.
    • Disable Autorun: It's a good idea to disable the Autorun functionality to prevent spreading of the infections from USB flash drives. Check the article here for more information. Also you can install McShield - to prevent infections spread by removable media.
    • Disable and Windows Scripting Host: If you don't use any script files then you can go ahead and disable Windows Scripting Host using the tool provided by Symantec - NoScript.exe. Simple download and run it and click on the Disable button and reboot the computer. If you need to run any js. or vbs scripts at a later stage you should run NoScript.exe again and select Enable, then reboot the computer.
    • Install Adblock Plus to surf the web without annoying ads!

     

     
    Create an image of your system (you can use the built-in Windows software as well if you prefer)

    • Now when your pc is malware free it is a good idea to do a backup of all important files just in case something happens it.
    • Macrium Reflect is very good choice that enables you to create an image of your system drive which can be restored in case of problems.
    • The download link is here.
    • The tutorial on how to create an system image can be found here.
    • The tutorial on how to restore an system image can be found here.
    • Be sure to read the tutorials first.

     

    Follow this list and your potential for being infected again will reduce dramatically.

     

    Safe Surfing ! smile.png

     

    Regards,
    Georgi

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.