Elise
-
Posts
8,720 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by Elise
-
-
Please find attached the Romanian language files.
-
That is not known as a malicious file, but to be sure you may want to uninstall Apple Application support.
Your version of Adobe Reader is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Adobe components and update:
- Download the latest version of Adobe Reader Version X. and save it to your desktop.
- Uncheck the "Free McAfee Security plan Plus" option or any other Toolbar you are offered
- Click the download button at the bottom.
- If you use Internet Explorer and do not wish to install the ActiveX element, simply click on the click here to download link on the next page.
- Remove all older version of Adobe Reader: Go to Add/remove and uninstall all versions of Adobe Reader, Acrobat Reader and Adobe Acrobat.
If you are unsure of how to use Add or Remove Programs, the please see this tutorial:How To Remove An Installed Program From Your Computer - Then from your desktop double-click on Adobe Reader to install the newest version.
If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator. - When the "Adobe Setup - Welcome" window opens, click the Install > button.
- If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
Your Adobe Reader is now up to date!
Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
- Download the latest version of Java Runtime Environment (JRE) Version 7u4.
- Look for "JDK 7u4 (JDK or JRE).
- Click the "Download JRE" button at the right.
- Read the License Agreement, and then check the box that says: "Accept License Agreement".
- Select "Windows x86 Offline" and click on jre-7-windows-i586.exe
[*]Save it to your desktop
[*]Close any programs you may have running - especially your web browser.
[*]Uninstall all older versions of Java (any item with Java Runtime Environment, JRE or J2SE in the name).
[*]Reboot your computer once all Java components are removed.
[*]Install the newest version by double clicking (run as Administrator for Windows Vista/Seven) the downloaded file.
- Select "Windows x86 Offline" and click on jre-7-windows-i586.exe
ESET ONLINE SCANNER
----------------------------
I'd like us to scan your machine with ESET OnlineScan
- Hold down Control and click on this link to open ESET OnlineScan in a new window.
- Click the
button. - For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
- Double click on the
icon on your desktop. - Check "YES, I accept the Terms of Use."
- Click the Start button.
- Accept any security warnings from your browser.
- Under scan settings, check "Scan Archives" and "Remove found threats"
- Click Advanced settings and select the following:
- Scan potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth technology
- Scan potentially unwanted applications
[*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
[*]When the scan completes, click List Threats
[*]Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
[*]Click the Back button.
[*]Click the Finish button.
- Download the latest version of Adobe Reader Version X. and save it to your desktop.
-
Please do a clean boot and see if the pop ups stop after that? http://support.microsoft.com/kb/331796
If they stop, re-enable one program/application at a time and see which one is responsible for the pop-ups. This may be a tedious process, but is the best way to determine which program is causing the problems.
-
That looks good. I wanted to verify this file because it was recently modified whereas other files belonging to this product were not.
Can you please restart your computer in safe mode with networking and see if the same pop ups occur there as well?
-
Can you please upload the following file to http://www.virustotal.com: C:\Windows\System32\drivers\Rtlh86.sys
Please link me to the scan results.
-
Do you have other computers connected to the same router and if so, do they have the same issues or only this computer?
-
I see I forgot to answer your earlier question: a reformat of C might be enough, although it depends a bit what you ahve on your other partitions.
OTL
-----
Please download OTL from one of the following mirrors:
[*]Save it to your desktop.
[*]Double click on the
icon on your desktop.[*]Click the "Scan All Users" checkbox.
[*]Copy and Paste the following code into the
textbox.netsvcs
[*]Push
[*]A report will open. Copy and Paste that report in your next reply.
-
Hi again,
How are things running at this point, what problems do you still have left?
-
No problem, that should have installed the right version. In the log only some cache objects show up (which have nothing to do with the actual Java installation, but with page content you visited).
ALL CLEAN
--------------
Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean
Please do the following to remove the remaining programs from your PC:
- Delete the tools used during the disinfection:
- Press windows key
+ r on your keyboard at the same time. In the run box type combofix /uninstall, then press OK. 
- This will remove Combofix and other tools we used from your computer.
[*]You can delete any other tool or log by simply deleting them.
- Press windows key
Please read the following advice on how to prevent reinfecting your PC:
- Install and update the following programs regularly:
- an outbound firewall. If you are connected to the internet through a router, you are already behind a hardware firewall and as such you do not need an extra software firewall.
A comprehensive tutorial and a list of possible firewalls can be found here. - an AntiVirus Software
It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats. - an Anti-Spyware program
Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
SUPERAntiSpyware is another good scanner with high detection and removal rates.
Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions. - Spyware Blaster
A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
- an outbound firewall. If you are connected to the internet through a router, you are already behind a hardware firewall and as such you do not need an extra software firewall.
[*]Keep Windows (and your other Microsoft software) up to date!
I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.
Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
[*]Keep your other software up to date as well
Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.
[*]Stay up to date!
The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.
Some more links you might find of interest:
- Miekies' prevention suggestions
- So How did I get infected?
- Microsoft - 'Security at home'
- Calendar of Updates: See which updates have been released.
- How to backup your Data with Cobian Backup:because you never know, when your harddisk might fail :wink:
- Commonly Used Freeware Replacements: a nice list of freeware programs in all categories, that are regarded as useful by the users of this forum.
- osalt: Find (free) open source alternatives to known commercial software.
Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.
- Delete the tools used during the disinfection:
-
No problem, glad it worked!
P2P WARNING
-------------------
Going over your logs I noticed that you have uTorrent installed.
- Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
- They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
- Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
- The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.
If you wish to keep it, please do not use it until your computer is cleaned.
Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
- Download the latest version of Java Runtime Environment (JRE) Version 7u4.
- Look for "JDK 7u4 (JDK or JRE).
- Click the "Download JRE" button at the right.
- Read the License Agreement, and then check the box that says: "Accept License Agreement".
- Select "Windows x86 Offline" and click on jre-7-windows-i586.exe
[*]Save it to your desktop
[*]Close any programs you may have running - especially your web browser.
[*]Uninstall all older versions of Java (any item with Java Runtime Environment, JRE or J2SE in the name).
[*]Reboot your computer once all Java components are removed.
[*]Install the newest version by double clicking (run as Administrator for Windows Vista/Seven) the downloaded file.
- Select "Windows x86 Offline" and click on jre-7-windows-i586.exe
ESET ONLINE SCANNER
----------------------------
I'd like us to scan your machine with ESET OnlineScan
- Hold down Control and click on this link to open ESET OnlineScan in a new window.
- Click the button.
- For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
- Double click on the
icon on your desktop. - Check "YES, I accept the Terms of Use."
- Click the Start button.
- Accept any security warnings from your browser.
- Under scan settings, check "Scan Archives" and "Remove found threats"
- Click Advanced settings and select the following:
- Scan potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth technology
- Scan potentially unwanted applications
[*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
[*]When the scan completes, click List Threats
[*]Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
[*]Click the Back button.
[*]Click the Finish button.
- Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
-
Please find attached the .zip file containing both romanian language files (.lng and .isl).
-
Hi, how are things running at this point?
Please launch MBAM, update it and run a full scan. Post me the resulting log.
-
You are most welcome George!
I will request this topic to be closed.
-
You are most welcome!
I will request this topic to be closed.
-
You are welcome.
I hope you'll be able to sort the remaining issue out as well.ALL CLEAN
--------------
Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean
Please do the following to remove the remaining programs from your PC:
- Delete the tools used during the disinfection:
- Press windows key + r on your keyboard at the same time. In the run box type combofix /uninstall, then press OK.
- This will remove Combofix and other tools we used from your computer.
[*]You can delete any other tool or log by simply deleting them.
- Press windows key
Please read the following advice on how to prevent reinfecting your PC:
- Install and update the following programs regularly:
- an outbound firewall. If you are connected to the internet through a router, you are already behind a hardware firewall and as such you do not need an extra software firewall.
A comprehensive tutorial and a list of possible firewalls can be found here. - an AntiVirus Software
It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats. - an Anti-Spyware program
Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
SUPERAntiSpyware is another good scanner with high detection and removal rates.
Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions. - Spyware Blaster
A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
- an outbound firewall. If you are connected to the internet through a router, you are already behind a hardware firewall and as such you do not need an extra software firewall.
[*]Keep Windows (and your other Microsoft software) up to date!
I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.
Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
[*]Keep your other software up to date as well
Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.
[*]Stay up to date!
The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.
Some more links you might find of interest:
- Miekies' prevention suggestions
- So How did I get infected?
- Microsoft - 'Security at home'
- Calendar of Updates: See which updates have been released.
- How to backup your Data with Cobian Backup:because you never know, when your harddisk might fail :wink:
- Commonly Used Freeware Replacements: a nice list of freeware programs in all categories, that are regarded as useful by the users of this forum.
- osalt: Find (free) open source alternatives to known commercial software.
Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.
- Delete the tools used during the disinfection:
-
On the bright side, it is a native permissions issue, and not malware.
Besides this, do you have any other issue left?
-
That looks excellent!
ALL CLEAN
--------------
Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean
Please do the following to remove the remaining programs from your PC:
- Delete the tools used during the disinfection:
- Press windows key + r on your keyboard at the same time. In the run box type combofix /uninstall, then press OK.
- This will remove Combofix and other tools we used from your computer.
[*]You can delete any other tool or log by simply deleting them.
- Press windows key
Please read the following advice on how to prevent reinfecting your PC:
- Install and update the following programs regularly:
- an outbound firewall. If you are connected to the internet through a router, you are already behind a hardware firewall and as such you do not need an extra software firewall.
A comprehensive tutorial and a list of possible firewalls can be found here. - an AntiVirus Software
It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats. - an Anti-Spyware program
Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
SUPERAntiSpyware is another good scanner with high detection and removal rates.
Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions. - Spyware Blaster
A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
- an outbound firewall. If you are connected to the internet through a router, you are already behind a hardware firewall and as such you do not need an extra software firewall.
[*]Keep Windows (and your other Microsoft software) up to date!
I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.
Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
[*]Keep your other software up to date as well
Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.
[*]Stay up to date!
The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.
Some more links you might find of interest:
- Miekies' prevention suggestions
- So How did I get infected?
- Microsoft - 'Security at home'
- Calendar of Updates: See which updates have been released.
- How to backup your Data with Cobian Backup:because you never know, when your harddisk might fail :wink:
- Commonly Used Freeware Replacements: a nice list of freeware programs in all categories, that are regarded as useful by the users of this forum.
- osalt: Find (free) open source alternatives to known commercial software.
Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.
- Delete the tools used during the disinfection:
-
Hi, that is looking quite good!
Do you have any problem left at this point?Your version of Adobe Reader is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Adobe components and update:
- Download the latest version of Adobe Reader Version X. and save it to your desktop.
- Uncheck the "Free McAfee Security plan Plus" option or any other Toolbar you are offered
- Click the download button at the bottom.
- If you use Internet Explorer and do not wish to install the ActiveX element, simply click on the click here to download link on the next page.
- Remove all older version of Adobe Reader: Go to Add/remove and uninstall all versions of Adobe Reader, Acrobat Reader and Adobe Acrobat.
If you are unsure of how to use Add or Remove Programs, the please see this tutorial:How To Remove An Installed Program From Your Computer - Then from your desktop double-click on Adobe Reader to install the newest version.
If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator. - When the "Adobe Setup - Welcome" window opens, click the Install > button.
- If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
Your Adobe Reader is now up to date!
Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
- Download the latest version of Java Runtime Environment (JRE) Version 7u4.
- Look for "JDK 7u4 (JDK or JRE).
- Click the "Download JRE" button at the right.
- Read the License Agreement, and then check the box that says: "Accept License Agreement".
- Select "Windows x86 Offline" and click on jre-7-windows-i586.exe
[*]Save it to your desktop
[*]Close any programs you may have running - especially your web browser.
[*]Uninstall all older versions of Java (any item with Java Runtime Environment, JRE or J2SE in the name).
[*]Reboot your computer once all Java components are removed.
[*]Install the newest version by double clicking (run as Administrator for Windows Vista/Seven) the downloaded file.
- Select "Windows x86 Offline" and click on jre-7-windows-i586.exe
Finally, please launch MBAM, update it and run a full scan. Post me the resulting log.
- Download the latest version of Adobe Reader Version X. and save it to your desktop.
-
I would first try to create a separate userprofile and see how things are behaving there. Due to the permissions problems there is no way saying if the problem lies in the program or the settings in the userprofile you are running it from.
-
Hi, that looks good, fortunately the infection was no longer completely active.
COMBOFIX
---------------
Please download ComboFix from one of these locations:
ForoSpyware- Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
- Double click on Combofix.exe and follow the prompts.
- As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.
-
Yes, usually nothing goes wrong with it, this is merely a warning for users who see a fix posted somewhere and decide to try out things on their own.
With this infection the risks are a lot bigger just leaving things as they are than risking to lose access to a recovery partition (which can always be manually restored).
-
Okay, best is to try out different settings (just note down somewhere what you changed) and see what has the desired effect. Most likely something screwed up the user permissions. If this doesn't work the best solution might be to create a new userprofile and migrate all your personal data, otherwise it is possible you keep encountering this problem in the future.
-
It depends a bit, but yes, that might be broken. that doesn't mean the information is lost though, it does mean however that it might be difficult to access the recovery image (you would have to manually alter the partition table to set it to boot straight into recovery if you wanted that). If you have a Dell reinstall CD there is no need to worry about that though.
This is a tricky infection and sometimes the command does not outright detect the infection. It is also possible that the main components is not there, however other parts are still present and need to be removed (which will be done by this tool).
-
Since Vista and Windows 7 are so similar I assumed it would be the same, which obviously it isn't.
For an explanation on how to change the settings, see here.
Romanian translation
in Version 1.65
Posted
Ooops, I think I forgot to click the Attach button after I browsed to the file to be attached, I'll attach it to this post.
romanian.zip