Anders03 Posted September 11, 2012 Author ID:595852 Share Posted September 11, 2012 Correction:"Search Safer" is still on firefox when I open a new tab. Don't know if that's something I can easily remove please tell me if that's the case.And I was sloppy following the instructions this time. I forgot to turn off MSE when doing the scan. Apologise for that.. Link to post Share on other sites More sharing options...
Maurice Naggar Posted September 11, 2012 ID:595868 Share Posted September 11, 2012 Go to Control Panel >> Add-or-Remove ProgramsIf any of these are listed, then Un-install itAsk toolbarChatZum ToolbarIlivid PlayerSearch SaferIF Firefox or Chrome browser is having the issue with "partner37" then un-install itand instead get a browser from Comodoeither IceDragon http://www.comodo.com/home/browsers-toolbars/icedragon-browser.phporComodo Dragon http://www.comodo.com/home/browsers-toolbars/browser.phpHaving done that, that may reduce the issue to perhaps only Internet Explorer.We Need to Run a Batch ScriptPress the Windows-key on keyboard & select RUN {Start >>Run}.In the Run box, type notepad and press Enter.Highlight the contents of the following codebox, and copy and paste that text into NOTEPAD.rd /s /q C:\Program\ChatZum Toolbarrd /s /q c:\Documents and Settings\Anders\Lokala inställningar\Application Data\Ilivid Playerdel /f /q "%~f0"Select File -> Save AS.Press the Desktop button on the left side of the save dialog.In the box, type in Fix.bat.Press .Close Notepad.Double-click on Fix.bat to run it. It will run in a command-prompt window & finish very quickly.Now close all open browsers (if any).Go to Start > RunType iexplore.exe -extoffand press EnterDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our toolsFor directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware ProgramsDo NOT turn off the firewallUsing Internet Explorer browser only, go to ESET Online Scanner website:{Windows 7 & Vista users should start IE by Start >> Internet Explorer >> Right-Click and select Run As Administrator.}Press the ESET Online scanner" buttonCheck the I accept the terms box. Accept the Terms of Use and press Start button;Approve the install of the required ActiveX Control, then follow on-screen instructions;Un-check the Remove found threats option.Checkmark Scan Archives option.Click on Advanced Settings and checkmark the followingScan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology click Scan.After the scan completes, the Details tab in the Results window will display what was found and removed. A logfile is created and located at C:\Program Files\Eset\EsetOnlineScanner\log.txt. Look at contents of this file using Notepad or Wordpad.The Frequently Asked Questions for ESET Online Scanner can be viewed herehttp://www.eset.com/onlinescan/cac4.php?page=faq[*]Use of Internet Explorer for the online scan is preferred. If you use Firefox, you have to install IETab, an add-on. This is to enable ActiveX support.After the scan is done, re-enable your antivirus program.Reply with copy of the Eset scan log. Link to post Share on other sites More sharing options...
Anders03 Posted September 11, 2012 Author ID:595951 Share Posted September 11, 2012 Ok everything done. Uninstalled chrome and firefox and replaced it with IceDragon.Scan detected 25 infected files. Here's the log:ESETSmartInstaller@High as CAB hook log:OnlineScanner.ocx - registred OK# version=7# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)# OnlineScanner.ocx=1.0.0.6583# api_version=3.0.2# EOSSerial=c64f872ee0d05146b1887190d51147ba# end=finished# remove_checked=false# archives_checked=true# unwanted_checked=true# unsafe_checked=true# antistealth_checked=true# utc_time=2012-09-11 07:28:57# local_time=2012-09-11 09:28:57 (+0100, Västeuropa, sommartid)# country="Sweden"# lang=1033# osver=5.1.2600 NT Service Pack 3# compatibility_mode=5378 16777214 0 3 37602007 37602007 0 0# compatibility_mode=5891 16776869 42 92 678 15119856 0 0# compatibility_mode=8192 67108863 100 0 0 0 0 0# scanned=171018# found=25# cleaned=0# scan_time=6428C:\Documents and Settings\All Users\Application Data\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application (unable to clean) 00000000000000000000000000000000 IC:\Documents and Settings\Anders\Mina dokument\Downloads\cnet2_SolveigMM_HyperCam_3_4_1206_04_exe.exe a variant of Win32/InstallCore.D application (unable to clean) 00000000000000000000000000000000 IC:\Documents and Settings\Anders\Mina dokument\Downloads\freecorder setup.exe a variant of Win32/Soft32Downloader.B application (unable to clean) 00000000000000000000000000000000 IC:\Documents and Settings\Anders\Mina dokument\Downloads\iLividSetupV1 (1).exe Win32/Toolbar.SearchSuite application (unable to clean) 00000000000000000000000000000000 IC:\Documents and Settings\Anders\Mina dokument\Downloads\iLividSetupV1.exe Win32/Toolbar.SearchSuite application (unable to clean) 00000000000000000000000000000000 IC:\Documents and Settings\Anders\Mina dokument\Downloads\maxspywaredetectorm.exe a variant of Win32/MaxPCsecure application (unable to clean) 00000000000000000000000000000000 IC:\Documents and Settings\Anders\Mina dokument\Downloads\SoftonicDownloader_for_intel-indeo.exe Win32/SoftonicDownloader.D application (unable to clean) 00000000000000000000000000000000 IC:\Documents and Settings\Anders\Mina dokument\Downloads\SoftonicDownloader_for_vcam.exe a variant of Win32/SoftonicDownloader.D application (unable to clean) 00000000000000000000000000000000 IC:\Documents and Settings\Anders\Mina dokument\Downloads\SopCast-3.5.0.exe Win32/Bundled.Toolbar.Ask application (unable to clean) 00000000000000000000000000000000 IC:\Documents and Settings\Anders\Mina dokument\Hämtade filer\SoftonicDownloader_for_hamachi.exe a variant of Win32/SoftonicDownloader.D application (unable to clean) 00000000000000000000000000000000 IC:\Documents and Settings\Anders-2\Lokala inställningar\Application Data\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.1_0\background.html Win32/Adware.Yontoo.C application (unable to clean) 00000000000000000000000000000000 IC:\Program\redbet\pokerclient\Ny mapp\Downloads\cnet2_SetupMyVideoDownloader_v3_0_1_0_exe.exe a variant of Win32/InstallCore.D application (unable to clean) 00000000000000000000000000000000 IC:\Program\redbet\pokerclient\Ny mapp\Downloads\cnet_DTLite4413-0173_exe.exe a variant of Win32/InstallCore.D application (unable to clean) 00000000000000000000000000000000 IC:\Program\redbet\pokerclient\Ny mapp\Downloads\installer_daemon_tools.exe Win32/Toggle application (unable to clean) 00000000000000000000000000000000 IC:\Program\redbet\pokerclient\Ny mapp\Downloads\installer_daemon_tools_4_40_2__Swedish.exe multiple threats (unable to clean) 00000000000000000000000000000000 IC:\Program\redbet\pokerclient\Ny mapp\Downloads\installer_vlc_media_player_1_1_4_Swedish.exe multiple threats (unable to clean) 00000000000000000000000000000000 IC:\Program\redbet\pokerclient\Ny mapp\Downloads\installer_winrar_4_01_64_bits_Swedish.exe multiple threats (unable to clean) 00000000000000000000000000000000 IC:\Program\redbet\pokerclient\Ny mapp\Downloads\SoftonicDownloader_for_unlocker.exe Win32/SoftonicDownloader application (unable to clean) 00000000000000000000000000000000 IC:\System Volume Information\_restore{A27E3AA8-3559-4BED-BE2F-2CEF98306404}\RP389\A0046295.exe a variant of Win32/Toolbar.SearchSuite.A application (unable to clean) 00000000000000000000000000000000 IC:\System Volume Information\_restore{A27E3AA8-3559-4BED-BE2F-2CEF98306404}\RP389\A0046296.dll Win32/Toolbar.SearchSuite application (unable to clean) 00000000000000000000000000000000 IC:\System Volume Information\_restore{A27E3AA8-3559-4BED-BE2F-2CEF98306404}\RP389\A0046343.exe Win32/Somoto application (unable to clean) 00000000000000000000000000000000 IC:\System Volume Information\_restore{A27E3AA8-3559-4BED-BE2F-2CEF98306404}\RP390\A0046502.dll a variant of Win32/Toolbar.SearchSuite application (unable to clean) 00000000000000000000000000000000 IC:\System Volume Information\_restore{A27E3AA8-3559-4BED-BE2F-2CEF98306404}\RP390\A0046503.dll a variant of Win32/Toolbar.SearchSuite application (unable to clean) 00000000000000000000000000000000 IC:\System Volume Information\_restore{A27E3AA8-3559-4BED-BE2F-2CEF98306404}\RP430\A0063087.exe a variant of Win32/MaxPCsecure application (unable to clean) 00000000000000000000000000000000 IC:\System Volume Information\_restore{A27E3AA8-3559-4BED-BE2F-2CEF98306404}\RP445\A0067532.exe Win32/Graboid application (unable to clean) 00000000000000000000000000000000 I Link to post Share on other sites More sharing options...
Maurice Naggar Posted September 11, 2012 ID:595961 Share Posted September 11, 2012 (edited) The ESET scan found 18 items that need to be deleted.Seems to me, perhaps, you were in the habit of not scanning programs you downloaded off the internet.Reminder that not all free things on the 'net are free of malware. Always double check the reputation of the site or maker of the "stuff".Always scan the files with your antivirus and your anti-malware before installing or using any downloaded tool, freebie, or whatever.Run a ScriptPress the Windows-key on keyboard + R key. {or Start >> RUN }In the RUN box, type notepad and press Enter.Highlight the contents of the following codebox, and copy and paste that text into NOTEPAD.del /f /q C:\Documents and Settings\All Users\Application Data\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dlldel /f /q C:\Documents and Settings\Anders\Mina dokument\Downloads\cnet2_SolveigMM_HyperCam_3_4_1206_04_exe.exedel /f /q C:\Documents and Settings\Anders\Mina dokument\Downloads\freecorder setup.exedel /f /q C:\Documents and Settings\Anders\Mina dokument\Downloads\iLividSetupV1(1).exedel /f /q C:\Documents and Settings\Anders\Mina dokument\Downloads\iLividSetupV1.exedel /f /q C:\Documents and Settings\Anders\Mina dokument\Downloads\maxspywaredetectorm.exedel /f /q C:\Documents and Settings\Anders\Mina dokument\Downloads\SoftonicDownloader_for_intel-indeo.exedel /f /q C:\Documents and Settings\Anders\Mina dokument\Downloads\SoftonicDownloader_for_vcam.exedel /f /q C:\Documents and Settings\Anders\Mina dokument\Downloads\SopCast-3.5.0.exedel /f /q C:\Documents and Settings\Anders\Mina dokument\Hämtade filer\SoftonicDownloader_for_hamachi.exedel /f /q C:\Documents and Settings\Anders-2\Lokala inställningar\Application Data\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.1_0\background.htmldel /f /q C:\Program\redbet\pokerclient\Ny mapp\Downloads\cnet2_SetupMyVideoDownloader_v3_0_1_0_exe.exedel /f /q C:\Program\redbet\pokerclient\Ny mapp\Downloads\cnet_DTLite4413-0173_exe.exedel /f /q C:\Program\redbet\pokerclient\Ny mapp\Downloads\installer_daemon_tools.exedel /f /q C:\Program\redbet\pokerclient\Ny mapp\Downloads\installer_daemon_tools_4_40_2__Swedish.exedel /f /q C:\Program\redbet\pokerclient\Ny mapp\Downloads\installer_vlc_media_player_1_1_4_Swedish.exedel /f /q C:\Program\redbet\pokerclient\Ny mapp\Downloads\installer_winrar_4_01_64_bits_Swedish.exedel /f /q C:\Program\redbet\pokerclient\Ny mapp\Downloads\SoftonicDownloader_for_unlocker.exedel /f /q "%~f0"Select File -> Save AS.Press the Desktop button on the left side of the save dialog.In the box, type in Fix.bat.Press .Close Notepad.Double-click FIX.BAT to start it in a command-prompt-window It will run very quickly and then remove itself at the end.Step 2Download and Save McAfee Stinger to your Desktophttp://www.mcafee.co...ls/stinger.aspxClose all browsers before starting. Disable your antivirus program and anti-malware,if any.How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware ProgramsOn Windows 7 & Vista systems, Right Click and select Run as Administrator.On XP, double-click to start it.The GUI interface will look like thisThe C drive is the default for scanning.Press the Preferences button. In the top right-block "On virus detection", click RenameIn the bottom block "Heuristic network check for suspicious files" select HighClick the Scan Now button.When done, use the File menu and select Save report to fileStinger.txt is the log report and will be saved to your Desktop. I will need a copy of that log.Stinger is a standalone utility used to detect and remove specific malware. It is not a full scan for all types of malware or viruses.It is not intended as virus protection.Step 3Download the Microsoft® Windows® Malicious Software Removal Tool from the Microsoft Download Centerhttp://www.microsoft...&displaylang=enIt is suggested that you rename mrt.exe to some other name, such as Omega.exe, then run it.After a run of MSRT has finished, you will find the log at C:\WINDOWS\Debug\mrt.log or C:\WINNT\Debug\mrt.logThe file may be opened and viewed with Notepad or similar text editor.Additional information Microsoft® Windows® Malicious Software Removal Tool is here http://support.micro...om/?kbid=890830If no infections were found, you will see in your logResults Summary:----------------No infection found.Step 4Download, & save & then run the MS Safety scannerhttp://www.microsoft...us/default.aspxLet me know the result.Step 5Download Dr.Web CureIt to the desktop.Turn OFF your antivirus program.How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware ProgramsDoubleclick the drweb-cureit.exe file, then on Start and allow to run the express scanThis will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.Once the short scan has finished, chose the Complete Scan.Select all drives. A red dot shows which drives have been chosen.Click the green arrow at the right, and the scan will start.Click 'Yes to all' if it asks if you want to cure/move the file.When the scan has finished, look and see if you can click the following icon next to the files found: If so, click it and then click the next icon right below and select Move incurable as you'll see in next image: This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)After selecting, in the Dr.Web CureIt menu on top, click file and choose save report listSave the report to your desktop. The report will be called DrWeb.csvClose Dr.Web Cureit.Reboot your computer to allow files that were in use to be moved/deleted during reboot.After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.NOTE: During the scan, a pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.Re-Enable your antivirus program when all done.now, Tell me, How is the system now ? Edited September 11, 2012 by Maurice Naggar Link to post Share on other sites More sharing options...
Anders03 Posted September 12, 2012 Author ID:596247 Share Posted September 12, 2012 Stinger.txt:McAfee® Labs Stinger Version 10.2.0.782 built on Sep 11 2012Copyright © 2012 McAfee, Inc. All Rights Reserved.Virus data file v1000.0000 created on Sep 11 2012.Ready to scan for 4955 viruses, trojans and variants.Scan initiated on Tue Sep 11 22:56:45 2012Rootkit scan result : Clean Master Boot Record(s):....1 Possibly Infected:.............0 Boot Sector(s):.................1 Possibly Infected: ............0C:\Program\Celeris\Virtual Pool 3 DL\vp3.exe Found the Artemis!1F5E61C3BF37 trojan !!!C:\Program\Celeris\Virtual Pool 3 DL\vp3.exe is infected with the Artemis!1F5E61C3BF37 virus !!! Number of clean files: 33686 Number of infected files: 1 Number of files renamed: 1MSRT-log: (No infections. Posting just in case you want to look at it anyway)---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v3.20, June 2011Started On Mon Jul 04 13:33:26 2011Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Mon Jul 04 13:34:00 2011Return code: 0 (0x0)---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v3.20, June 2011Started On Mon Jul 04 13:34:05 2011Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Mon Jul 04 13:34:31 2011Return code: 0 (0x0)---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v3.21, July 2011Started On Tue Jul 26 18:34:21 2011Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Tue Jul 26 18:35:34 2011Return code: 0 (0x0)---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v3.22, August 2011Started On Fri Aug 19 23:46:58 2011Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Fri Aug 19 23:47:59 2011Return code: 0 (0x0)---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v4.0, September 2011Started On Thu Sep 15 02:07:11 2011Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Thu Sep 15 02:08:19 2011Return code: 0 (0x0)---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v4.0, September 2011Started On Thu Sep 29 01:14:24 2011Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Thu Sep 29 01:15:35 2011Return code: 0 (0x0)---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v4.1, October 2011Started On Fri Oct 14 01:47:13 2011Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Fri Oct 14 01:48:38 2011Return code: 0 (0x0)---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v4.2, November 2011Started On Thu Nov 10 00:47:13 2011Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Thu Nov 10 00:48:46 2011Return code: 0 (0x0)---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v4.3, December 2011Started On Fri Dec 16 02:13:30 2011Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Fri Dec 16 02:15:06 2011Return code: 0 (0x0)---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v4.4, January 2012Started On Thu Jan 12 00:14:18 2012->Scan ERROR: resource process://pid:1224 (code 0x00000490 (1168))Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Thu Jan 12 00:16:02 2012Return code: 0 (0x0)---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v4.5, February 2012Started On Thu Feb 16 12:18:03 2012Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Thu Feb 16 12:19:51 2012Return code: 0 (0x0)---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v4.6, March 2012Started On Wed Mar 14 10:34:01 2012Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Wed Mar 14 10:36:06 2012Return code: 0 (0x0)---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v4.7, April 2012Started On Thu Apr 12 00:45:51 2012Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Thu Apr 12 00:48:00 2012Return code: 0 (0x0)---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v4.8, May 2012Started On Fri May 11 02:16:36 2012->Scan ERROR: resource process://pid:1644 (code 0x00000490 (1168))Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Fri May 11 02:19:02 2012Return code: 0 (0x0)---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v4.9, June 2012Started On Thu Jun 14 03:01:04 2012Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Thu Jun 14 03:03:58 2012Return code: 0 (0x0)---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v4.10, July 2012Started On Thu Jul 12 01:57:02 2012Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Thu Jul 12 01:59:52 2012Return code: 0 (0x0)---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v4.11, August 2012Started On Thu Aug 16 02:02:06 2012Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Thu Aug 16 02:04:58 2012Return code: 0 (0x0)---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v4.12, September 2012Started On Tue Sep 11 23:09:28 2012Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Tue Sep 11 23:12:59 2012Return code: 0 (0x0)MS Safety Scanner didn't find any threats. I made both step 3 and step 4 with quick scans. Was this the right choice? It was also possible to do full scans.DrWeb: rlls.dll C:\Avenger Trojan.Damaged.1 Deleted. rlvknlg.exe C:\Avenger Trojan.Damaged.1 Deleted. copyright.txt C:\Documents and Settings\Anders\Lokala inställningar\Application Data\RavenBleuSA\bin\1.0.11.0 Adware.Zango.15 Incurable.Moved. analyze[1] C:\Documents and Settings\Anders\Lokala inställningar\Temporary Internet Files\Content.IE5\LNASMKQT Adware.Predictad.1 Incurable.Moved. analyze[2] C:\Documents and Settings\Anders\Lokala inställningar\Temporary Internet Files\Content.IE5\LNASMKQT Adware.Predictad.1 Incurable.Moved. analyze[1] C:\Documents and Settings\Anders\Lokala inställningar\Temporary Internet Files\Content.IE5\YGJ6PQXB Adware.Predictad.1 Incurable.Moved. analyze[2] C:\Documents and Settings\Anders\Lokala inställningar\Temporary Internet Files\Content.IE5\YGJ6PQXB Adware.Predictad.1 Incurable.Moved. script.js C:\Documents and Settings\Anders-2\Lokala inställningar\Application Data\Google\Chrome\User Data\Default\Extensions\jpihmmhdcob Program.FileSearch.1 Incurable.Moved. XTRANET.X32 C:\Program\Levande Böcker\Svea Rike II\XTRAS Probably DLOADER.Trojan Incurable.Moved. adlsoft_uncompressor_3_3_last.exe C:\Program\redbet\pokerclient\Ny mapp\Downloads Program.ADLSoft.1 - read error Invalid path to file cnet2_SetupMyVideoDownloader_v3_0_1_0_exe.exe C:\Program\redbet\pokerclient\Ny mapp\Downloads Adware.Downware.130 - read error Invalid path to file cnet_DTLite4413-0173_exe.exe C:\Program\redbet\pokerclient\Ny mapp\Downloads Adware.InstallCore.2 Incurable.Moved. installer_daemon_tools.exe C:\Program\redbet\pokerclient\Ny mapp\Downloads Adware.Downware.23 - read error Invalid path to file installer_daemon_tools_4_40_2__Swedish.exe C:\Program\redbet\pokerclient\Ny mapp\Downloads Adware.Downware.23 - read error Invalid path to file installer_vlc_media_player_1_1_4_Swedish.exe C:\Program\redbet\pokerclient\Ny mapp\Downloads Adware.Downware.23 - read error Invalid path to file installer_winrar_4_01_64_bits_Swedish.exe C:\Program\redbet\pokerclient\Ny mapp\Downloads Adware.Downware.23 - read error Invalid path to file SoftonicDownloader_for_unlocker.exe C:\Program\redbet\pokerclient\Ny mapp\Downloads Adware.Downware.82 - read error Invalid path to file install.rdf.vir C:\Qoobox\Quarantine\C\Program\Complitly\support@Complitly.com Adware.Searcher.1222 Incurable.Moved. ExTEnsion32.dll.vir C:\Qoobox\Quarantine\C\Program\Web Assistant Program.SysTreak.1 Incurable.Moved. A0046262.dll C:\System Volume Information\_restore{A27E3AA8-3559-4BED-BE2F-2CEF98306404}\RP388 Adware.Bandoo.5 Incurable.Moved. A0046325.dll C:\System Volume Information\_restore{A27E3AA8-3559-4BED-BE2F-2CEF98306404}\RP389 Adware.Bandoo.5 Incurable.Moved. A0063662.dll C:\System Volume Information\_restore{A27E3AA8-3559-4BED-BE2F-2CEF98306404}\RP436 Trojan.Damaged.1 Deleted. A0063663.dll C:\System Volume Information\_restore{A27E3AA8-3559-4BED-BE2F-2CEF98306404}\RP436 Trojan.Damaged.1 Deleted. A0063664.exe C:\System Volume Information\_restore{A27E3AA8-3559-4BED-BE2F-2CEF98306404}\RP436 Trojan.Damaged.1 Deleted. A0063665.exe C:\System Volume Information\_restore{A27E3AA8-3559-4BED-BE2F-2CEF98306404}\RP436 Trojan.Damaged.1 Deleted. A0063666.exe C:\System Volume Information\_restore{A27E3AA8-3559-4BED-BE2F-2CEF98306404}\RP436 Trojan.Damaged.1 Deleted. A0063667.exe C:\System Volume Information\_restore{A27E3AA8-3559-4BED-BE2F-2CEF98306404}\RP436 Trojan.Damaged.1 Deleted. A0063668.exe C:\System Volume Information\_restore{A27E3AA8-3559-4BED-BE2F-2CEF98306404}\RP436 Trojan.Damaged.1 Deleted. A0063669.exe C:\System Volume Information\_restore{A27E3AA8-3559-4BED-BE2F-2CEF98306404}\RP436 Trojan.Damaged.1 Deleted. A0063670.exe C:\System Volume Information\_restore{A27E3AA8-3559-4BED-BE2F-2CEF98306404}\RP436 Trojan.Damaged.1 Deleted. A0063672.exe C:\System Volume Information\_restore{A27E3AA8-3559-4BED-BE2F-2CEF98306404}\RP436 Trojan.Damaged.1 Deleted. A0063674.exe C:\System Volume Information\_restore{A27E3AA8-3559-4BED-BE2F-2CEF98306404}\RP436 Trojan.Damaged.1 Deleted. A0063675.exe C:\System Volume Information\_restore{A27E3AA8-3559-4BED-BE2F-2CEF98306404}\RP436 Trojan.Damaged.1 Deleted. A0063676.exe C:\System Volume Information\_restore{A27E3AA8-3559-4BED-BE2F-2CEF98306404}\RP436 Trojan.Damaged.1 Deleted. A0067590.dll C:\System Volume Information\_restore{A27E3AA8-3559-4BED-BE2F-2CEF98306404}\RP446 Program.SysTreak.1 Incurable.Moved. A0074594.exe C:\System Volume Information\_restore{A27E3AA8-3559-4BED-BE2F-2CEF98306404}\RP457 Program.SysTreak.1 Incurable.Moved. A0075292.dll C:\System Volume Information\_restore{A27E3AA8-3559-4BED-BE2F-2CEF98306404}\RP458 Trojan.Damaged.1 Deleted. A0075293.exe C:\System Volume Information\_restore{A27E3AA8-3559-4BED-BE2F-2CEF98306404}\RP458 Trojan.Damaged.1 Deleted. A0075294.exe C:\System Volume Information\_restore{A27E3AA8-3559-4BED-BE2F-2CEF98306404}\RP458 Program.ADLSoft.1 - read error Invalid path to file A0075295.exe C:\System Volume Information\_restore{A27E3AA8-3559-4BED-BE2F-2CEF98306404}\RP458 Adware.Downware.130 - read error Invalid path to file A0075296.exe C:\System Volume Information\_restore{A27E3AA8-3559-4BED-BE2F-2CEF98306404}\RP458 Adware.Downware.23 - read error Invalid path to file A0075297.exe C:\System Volume Information\_restore{A27E3AA8-3559-4BED-BE2F-2CEF98306404}\RP458 Adware.Downware.23 - read error Invalid path to file A0075298.exe C:\System Volume Information\_restore{A27E3AA8-3559-4BED-BE2F-2CEF98306404}\RP458 Adware.Downware.23 - read error Invalid path to file A0075299.exe C:\System Volume Information\_restore{A27E3AA8-3559-4BED-BE2F-2CEF98306404}\RP458 Adware.Downware.23 - read error Invalid path to file A0075300.exe C:\System Volume Information\_restore{A27E3AA8-3559-4BED-BE2F-2CEF98306404}\RP458 Adware.Downware.82 - read error Invalid path to file So far, partner37 hasnt occured with the new IceDragon browser. But I need some more time to really tell if it's gone or not. Link to post Share on other sites More sharing options...
Maurice Naggar Posted September 12, 2012 ID:596312 Share Posted September 12, 2012 Yes, you picked the right scan choices.Do you notice that you had a lot of adwares, and that a number were from stuff you downloaded ? !You must exercise much better judgement on what you download.Only download from reputable sites, those recommended by reputable sources.Always first scan any download with your antivirus and anti-malware (MBAM) before using or installing any download.Always make sure your antivirus is up-to-date.Always make sure MBAM is up to date.Scan your system, at least once a week with MBAM and antivirus.Download, & save & then run the MS Safety scannerhttp://www.microsoft.com/security/scanner/en-us/default.aspxLet me know the result.Get and use Web of Trust WOT add-on for your browser(s)http://www.mywot.com/en/downloadhttp://www.mywot.com/en/faq/add-onNote the links I have are for English language. Adjust selection for your location !! Link to post Share on other sites More sharing options...
Anders03 Posted September 12, 2012 Author ID:596345 Share Posted September 12, 2012 Yes thanks, I've been pretty carelesss of what to download and to run real scans. So when I've downloaded a software, I should right-click and scan with MBAB and MSE before install?Is it always necessary to delete the programs after detecting virus/malware in it? Just as an example now I saw my downloaded game virtual pool 3 had some trojans after the ESET scan (or whatever it was) detected it. Am I supposed to delete it now or is it safe once the the malware is removed? Maybe you will guide me in upcoming replies what I'm supposed to delete though?I ran the MS Safety scanner, again, with quick-scan, and again nothing was found.WOT add-on is now installed. Link to post Share on other sites More sharing options...
Maurice Naggar Posted September 12, 2012 ID:596374 Share Posted September 12, 2012 So when I've downloaded a software, I should right-click and scan with MBAB and MSE before install?YESYes, I would suggest you uninstall Virtual pool, as well as any other program that was tagged by the scan.You can disregard anything listed in C:\System Volume Information (because that is not active, and is the system restore area; so leave that alone.) Link to post Share on other sites More sharing options...
Anders03 Posted September 12, 2012 Author ID:596415 Share Posted September 12, 2012 And now? Still haven't seen any sign of partner37. Link to post Share on other sites More sharing options...
Maurice Naggar Posted September 12, 2012 ID:596453 Share Posted September 12, 2012 Now we can clean after the tools we used, and close this case.I see that you are clear of your original issues.If you have a problem with these steps, or something does not quite work here, do let me know.The following few steps will remove tools we used.We have to remove Combofix and all its associated folders. By whichever name you named it, ( you had named it Combo-Fix ), put that name in the RUN box stated just below.The "/uninstall" in the Run line below is to start Combofix for it's cleanup & removal function.Note the space after exe and before the slash mark.The utility must be removed to prevent any un-intentional or accidental usage, PLUS, to free up much space on your hard disk.Click Start, then click Run.In the text box that opens, type or copy/paste into the RUN boxC:\Documents and Settings\Anders\Skrivbord\Combo-Fix.exe /uninstall and then click OK.IF in the case Combofix un-install has an issue, skip that step.Download OTC to your desktop and run itClick Yes to beginning the Cleanup process and remove these components, including this application.You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.ERUNT you should keep and use on a periodic basis to backup Windows registry.To re-enable CD Emulation programs using DeFogger please perform these steps:Please download >> DeFogger <<and save it to your desktop.Once downloaded, double-click on the DeFogger icon to start the tool.The application window will appear.You should now click on the Enable button to re-enable your CD Emulation drivers.When it prompts you whether or not you want to continue, please click on the Yes button to continue.When the program has completed you will see a Finished! message. Click on the OK button to exit the program.If CD Emulation programs are present and have been enabled, DeFogger will now ask you to reboot the machine. Please allow it to do so by clicking on the OK button.Delete the following if still present:SecurityCheck.exefix.batFixpoliciesRKILLthe MS Safety scannerStinger.exeDrWeb Cure-ItYou may go to Control Panel >> Add-or-Remove Programs locate ESET Online scanner and un-install it.Safer practices & malware preventionHave a hardware router between the incoming internet-modem and your computer.Configure your Antivirus software to check for updates daily, at a time in which you are sure the computer will be on.Check in at Windows Update and install any Important or Critical Updates offered.Make certain that Automatic Updates is enabled.How to configure and use Automatic Updates in Windowshttp://support.microsoft.com/kb/306525Check on other update issues as well, visit Secunia Online Software Inspector (OSI)See How to detect vulnerable and out-dated programs using Secunia Personal Software InspectorDownload, install, and keep updated Spyware Blaster (free): http://www.javacools...areblaster.html (all Protections should be enabled at all times)Tutorial for Spywareblaster: Using SpywareBlaster to protect your computer from Spyware, Hijackers, and MalwareI'd recommend that you get and use MVP Mike Burgess' custom hosts file http://mvps.org/winhelp2002/hosts.htmSee the FAQ page http://mvps.org/winh...02/hostsfaq.htmThat would help to keep your browser away from known spyware/malware sites.Make regular backups of your system to removable media: DVD, USB external hard drive, etc.Having a total image backup of your system stored on DVD/CD is highly important.Get and make use of imaging-backup utilities and save them to offline media. That way you have something to fall back to if another disaster hits.Examples of image backup software: Acronis True Image, or the free (for personal use) Macrium Reflect http://www.macrium.com/reflectfree.aspor Paragon Backup & Recovery http://www.paragon-s...e/download.htmlConsider using Web of Trust WOT add-on for your browser(s)http://www.mywot.com/en/downloadhttp://www.mywot.com/en/faq/add-onOn some regular schedule, it is a good idea to do an online scan for viruses and malware. Here is a very short list of sites where this may be done:ESET Online ScannerBitDefender QuickscanTrend Micro HousecallF-Secure Online ScannerMicrosoft Safety ScannerPanda ActiveScanSee Six tips to help you stay safer onlineNever, ever download free games, free tools, videos, mutli-media files or anything free unless you can be absolutely sure the source is safe !We are finished here. Best regards. Link to post Share on other sites More sharing options...
Anders03 Posted September 12, 2012 Author ID:596484 Share Posted September 12, 2012 Thank you very much. I still have a lot left on my desktop so just going to ask a few questions then you can close this thread.Can I remove:iExplore.exeTFC.exeDrwebMicrosoft Windows Malicious Software Removal ToolMicrosoft Support Emergency Response ToolDefogger.exe?Also, would I be safe with google chrome and mozilla firefox if i reinstalled it now? Not saying I will cause I kind of like this IceDragon, but would it be safe, and would you recommend me to do it or not? Link to post Share on other sites More sharing options...
Maurice Naggar Posted September 12, 2012 ID:596494 Share Posted September 12, 2012 NO, not internet explorer. Unless the iExplore.exe is the version you got for the RKILL download.The real Internet Explorer needs to stay as is, otherwise you would cause problems for Windows.TFC is a temporary files cleaner. You can keep or delete as you choose.DrWeb should be deleted.You can delete the downloads for these 3Microsoft Windows Malicious Software Removal ToolMicrosoft Support Emergency Response ToolDefogger.exeThe more I have used IceDragon the more I personnaly prefer it over the others.If you do decide to get either of the Chrome or Firefox, it should be ok.The single most important thing is to be extremely careful in what add-ons you get, and to practice safer surfing.Cheers. Link to post Share on other sites More sharing options...
Maurice Naggar Posted September 14, 2012 ID:597113 Share Posted September 14, 2012 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts