Jump to content

Recommended Posts

  • Replies 210
  • Created
  • Last Reply

Top Posters In This Topic

I'm probably going to go offline for a bit but will check back on you either much later tonight or over the weekend.
 
Once Dr Web is done then run the ESET one again as well and send me it's log too.
 
Then if both don't find anything run the FRST tool again (update it) and post that log.   Something has to find the file that's triggering this.
 
button_eos.gif

Please go here to run the online antivirus scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.
Link to post
Share on other sites

Mr.Ron, the scan results are as follows:

 

1)  Dr.Web Cureit :  scanned objects: 36431, No threats detected(scanned in Enhanced Protection Mode).

 

2) ESET online scanner :  scanned files:196963, Infected files: 0, Cleaned files: 0.

 

3) FRST scan log is attached.

FRST.txt

Link to post
Share on other sites

These plugins are a bit sketchy and I'd recommend removing them myself but that's up to you - I don't think they are the cause of your issue.
 

FF Extension: openwith - C:\Users\Kishore Reddy\AppData\Roaming\Mozilla\Firefox\Profiles\8l8f2rdt.default-1353771796483\Extensions\openwith@darktrojan.net.xpiCHR Plugin: (Free Download Manager Click Catcher Plug-In for Netscape, Opera, Mozilla) - C:\program files (x86)\google\chrome\application\plugins\npfdm.dll (FreeDownloadManager.org)

 
This one though is old and can be a threat to the system security.  Please remove it from Chrome

CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll

 
 
 
Please download Avast! Free Antivirus and save it to your computer.
Then close your browser and uninstall Microsoft Security Essentials and reboot the computer.

Then install the avast antivirus product and update it and then do a Full System scan with it and let me know if it finds anything or not.

Link to post
Share on other sites

Mr.Ron, removed all the chrome extentions earlier and presently no extensions available to disable or remove..(C:\Windows\SysWOW64\deployJava1.dll) this is present at the same location ,do you want me to delete this. thankyou

Link to post
Share on other sites

Okay please run TFC one more time, then reboot the computer and run Combofix one more time.

 

Please Run TFC by OldTimer to clear temporary files:

  • Download TFC from here and save it to your desktop.
  • http://oldtimer.geekstogo.com/TFC.exe
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

Link to post
Share on other sites

Great, that looks good.  The infected file that kept coming back now appears to be gone.  Let's run a few more scans just to make sure.

 

Please run the JRT and AdwCleaner tools again post back their logs.

 

Then run MBAM and check for updates and do a Quick Scan and post back that log as well.

 

Then run the Security Check again too.

 

Please download Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


 

Thanks

Link to post
Share on other sites

This almost has to be a software conflict with another security application. 

 

Please do the following.   Do not surf the Web while doing this or read emails.

 

Temporarily uninstall the Threatfire software and reboot.  Then run a new MBAM Quick Scan and see if those entries are still listed or not.

If they're not there anymore then stop and post back and let me know.  If they are still there then make sure you have the installer for avast on your local computer and then temporarily uninstall avast antivirus and restart the computer and run a new MBAM Quick Scan and see if those entries are gone now or not and let me know.

 

In either case once done testing make sure you reinstall your antivirus and make sure its updated and running.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.


Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.