Jump to content

Trying to remove several infections


Recommended Posts

No, they were in your download folder and PUPs.

If there's no other problems:

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
MrC
Link to post
Share on other sites

Security Check result as follows

 

 Results of screen317's Security Check version 0.99.79  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Kaspersky Internet Security   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Ad-Aware 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 45  
 Java version out of Date! 
  Adobe Flash Player 12.0.0.44 Flash Player out of Date!  
 Adobe Reader 10.1.9 Adobe Reader out of Date!  
 Mozilla Firefox (28.0) 
 Google Chrome 32.0.1700.107  
 Google Chrome 33.0.1750.117  
 Google Chrome plugins...  
````````Process Check: objlist.exe by Laurent````````  
 Ad-Aware AAWService.exe is disabled! 
 Ad-Aware AAWTray.exe is disabled! 
 Kaspersky Lab Kaspersky Internet Security 14.0.0 klwtblfs.exe  
 Kaspersky Lab Kaspersky Internet Security 14.0.0 avp.exe  
 Kaspersky Lab Kaspersky Internet Security 14.0.0 avpui.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 2% 
````````````````````End of Log`````````````````````` 
Link to post
Share on other sites

Out dated programs on the system are vulnerable to malware.
Please update or uninstall them:


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Java 7 Update 45 <------please update, should be Update 51

Java version out of Date! <--------Go to control panel > Java > Update Tab > Update Now
Uncheck the box to install the Ask toolbar!!! and any other free "stuff".

If there's no update tab in Java, uninstall it and Download and install the latest version from Here
Uncheck the box to install the Ask toolbar!!! and any other free "stuff".

-----------------------------------------

Adobe Flash Player 12.0.0.44 Flash Player out of Date!
Flash Player:
Check for an update if available
Downloads are at the top of the page (uncheck the option for the McAfee Security Scan Plus)

-----------------------------------------

Adobe Reader 10.1.9 Adobe Reader out of Date! <---please check for an update if available or uninstall and download and install Foxit Reader which is less vulnerable to malware and much better than Adobe. Don't install any toolbars that may come with it (ASK Toolbar).

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter. (it may look like CF is re-installing but it's not)
This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

Please download OTC to your desktop. (This will clean up most of the tools and logs)
http://oldtimer.geekstogo.com/OTC.exe

Double-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")
Click on the CleanUp! button and follow the prompts.
(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)
You will be asked to reboot the machine to finish the Cleanup process, choose Yes.
After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.

Any other programs or logs you can manually delete. (right click.....Delete)
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall.

Note:
If you used FRST and can't delete the quarantine folder:
Download the fixlist.txt to the same folder as FRST.exe.
Run FRST.exe and click Fix only once and wait
That will delete the quarantine folder created by FRST.
The rest you can manually delete.

-------------------------------

Any questions...please post back.
If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Strangely had new Java update, but it had to installed. Also Adobe Flash Player site said i was up to date, so i uninstalled then reinstalled newer version.

 

Will follow clean up instructions in a minute however ran follow up Security Check just to confirm correct install of everything.

 

(ps Java installation never offered Ask toolbar option)

 

 Results of screen317's Security Check version 0.99.79  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Kaspersky Internet Security   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Ad-Aware 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 51  
  Adobe Flash Player 12.0.0.70 Flash Player out of Date!  
 Adobe Reader XI  
 Mozilla Firefox (28.0) 
 Google Chrome 32.0.1700.107  
 Google Chrome 33.0.1750.117  
 Google Chrome plugins...  
````````Process Check: objlist.exe by Laurent````````  
 Ad-Aware AAWService.exe is disabled! 
 Ad-Aware AAWTray.exe is disabled! 
 Kaspersky Lab Kaspersky Internet Security 14.0.0 avp.exe  
 Kaspersky Lab Kaspersky Internet Security 14.0.0 avpui.exe  
 Kaspersky Lab Kaspersky Internet Security 14.0.0 klwtblfs.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 3% 
````````````````````End of Log`````````````````````` 
Link to post
Share on other sites

Thank you MrC.

 

Is there anything else required to run ? Can I assume I am clean at this stage ? I will run another Kaspersky full scan.

 

Because I'm slightly paranoid, actually very paranoid at the moment, can you explain why I have 9 entries for Google Chrome in the Task Manager Processes when I only have one page open. And I am the only one logged on ?post-5527-0-87083900-1393252279_thumb.jp

 

post-5527-0-87083900-1393252279_thumb.jp

Link to post
Share on other sites

My Preventive Maintenance:

Now that the system is clean.

------------------------

Delete your system restore files and create a new restore point:

(you may have already done this)

Create new system restore point for Vista and W7

Create new system restore point for Windows XP

Clear old system restore points except for the last one

------------------------

If you have used ComboFix and have the XP Recovery Console installed I suggest you keep it on your XP system.

Here's a Tweak so the computer boots up faster with it.

If you would like to uninstall the Recovery Console, please let me know and I'll give you instructions to do so.

-------------------

Install all critical Windows Updates:

Visit Windows Update and install all the lastest critical updates.

--------------------

Optional programs you may need:

Please note:  DON'T download and install any scanner listed on THIS LIST.

They're scanners that are blacklisted because of their questionable reputation.

Note: Please only install one anti-virus program, one firewall and one anti-malware program that provides real-time protection.

I see a lot of people leave Windows Defender enabled even though they have another anti-virus program installed and running on the system.

Having two anti-virus programs running on a system only causes poor performance, conflicts and spotty protection.

How to Disable Defender

Dangers of running 2 anti-virus programs

A good security plan:

An anti-virus program, a firewall (For XP) - (Vista and Windows 7 firewalls are OK), an anti-malware program that provides realtime protection, keep the registry backed up (mainly for XP), and install the Windows XP Recovery Console.

What do I use and recommend: (I'm using XP pro)

Malwarebytes Anti-Malware Pro (provides realtime protection)

Microsoft Security Essentials (anti-virus)

PC Tools firewall (for XP)... (Vista and W7 firewalls are OK)

SpywareBlaster

Google Chrome

Keep the registry backed up

XP Recovery Console

WOT

OpenDNS

Malwarebytes Anti-Exploit

HitmanPro's CryptoGuard

Links below:

Anti-Virus (free):

Avast Free

AntiVir

Microsoft Security Essentials

Ad-Aware

Anti-malware with "real-time protection" (free):

Microsoft Security Essentials

Ad-Aware

SuperAntiSpyware Pro and Malwarebytes Pro Anti-Malware

will provide "real time protection" only if you purchase the upgraded version.

I highly recommend that you purchase MalwareBytes Anti-Malware, it's a one time fee, provides excellent protection and you won't regret it.          Read more HERE

Firewalls:

PC Tools Firewall Plus

Comodo Free Firewall w/anti-virus

ZoneAlarm*free

Free malware removal programs:

Malwarebytes' Anti-Malware

SUPERAntiSpyware (free edition)

Dr.Web CureIt!® Utility (Free)

VIPRE Rescue Program

Microsoft Security Essentials

SUPERAntiSpyware Portable Scanner

Free ESET Online Scanner

Microsoft Safety Scanner

Malwarebytes Anti-Exploit

It protects all major browsers (IE, Firefox, Chrome, Opera) and all browser components such as Java, Adobe Reader, Flash, and Shockwave. It blocks standard exploit kits like Blackhole, Sakura, Phoenix, Incognito without requiring signature updates.

HitmanPro's CryptoGuard is a universal solution against crypto ransomware. This type of ransomware encrypts your personal files and demands a ransom fee to be paid in order to regain access to your files. Read more....

AdwCleaner is a program that searches for and deletes Adware, Toolbars, Potentially Unwanted Programs (PUP), and browser Hijackers from your computer.  

SpywareBlaster Prevent the installation of spyware and other potentially unwanted software! Simple, effective, trusted.

Windows XP Recovery Console:

If a Windows XP-based computer does not start correctly or if it does not start at all, you may be able to use the Windows XP Recovery Console to help you recover the system software.

Recovery Console Tweak if you do have it installed

Back-up the registry: (everyday > important on XP)

ERUNT tutorial

Keep those temp files off your system:

CCleaner (free) (Stay away from the registry cleaner and any registry cleaner as they do no good!)

CCleaner tutorial

Sun Java:

Keep your Sun Java up-to-date  JRE Version **

Older versions are vulnerable to malware!

Delete ALL old versions from add/remove programs if listed first!

Most people have older versions installed on their system, once you get them cleared off > install the newest version and from then on all you have to do is go to Java in your control panel and click on update or just set Java to automatically check for updates.

Check HERE for all the information on the process.

Please consider using Foxit Reader instead of  Adobe Reader. Foxit Reader is less vulnerable to malware.

Latest versions of Java, Adobe Flash Player and Adobe Reader

Please consider using Google Chrome or FireFox  instead of Internet Explorer. They're more secure browsers!

Use OpenDNS, a very valuable feature that gives your PC the benefit of extra safety and increased browser speed.

OpenDNS – What is OpenDNS and Why You Absolutely Need It

Switching to a Better DNS Provider

Easy set-up Here

Confirm you're using OpenDNS

Install WOT (Web of Trust)

The WOT add-on shows you which websites you can trust based on millions of users' experiences.

Our safe surfing browser tool is easy-to-use, fast and completely free. Install it now!

Blocking Unwanted Parasites with a Hosts File "MVPS HOSTS"

Do Not Track Plus

Blocks tracking cookies

Removes those tracking cookies > Cookienator, run it once a week.

Panda USB and AutoRun Vaccine

All the tutorials you'll ever need

Useful information:

F.B. Purity - Clean Up and Customize Facebook

How to Avoid Toolbars, Unwanted Software and Other Installer Tricks

Reduce Online Fraud

Slow Computer - Check Here

and HERE

Is your hard drive running a well as it should?

Startuplite  provides a safe, easy, and efficient way to eliminate unnecessary applications that start when you turn on your computer.

Microsoft Fix it Center Fix those annoying Windows problems

How to Prevent the Online Invasion of Spyware and Adware

Miekiemoes Prevention Tips

Simple and easy ways to keep your computer safe and secure on the Internet

Three more sites to check: How did I get infected??

G2G

BleepingComputer

Tony Klein

Some of  My Tips:

Don't open e-mail attachments without first scanning them with an up-to-date anti virus program, even after doing that I would be very careful.

Don't click on any executables in e-mails or any other links that you're not sure of.

Don't believe e-mails from your bank, financial institution, etc asking for personal informations - they're most likely fraudulent no matter how authentic they look.

Don't download any  kind of Video Codec when prompted to while watching a movie...it's most likely malware.

Watch your surfing habits, don't click on or download anything you're not sure of.

Don't install a program that hasn't been recommended by a reputable organization.

Don't install toolbars.

If you suddenly get a pop-up or notice that you need to update a program > don't believe it > it may be malware attempting to gain access to your computer. If you what to check for an update , use the program itself > there should be an update tab or button to click on.

Peer-to-peer programs/cracks/keygens/warez warning:

Downloading cracks and keygens from p2p programs ( Limewire, eMule, uTorrent ) is the most common way computers get infected.

They are a security risk which can make your computer susceptible to a variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.

Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.

The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

Malware Fighter:

If you would like to become a malware fighter, there are schools offering free training and you are welcome to sign up. (it's not easy though!)

WhatTheTech Classroom

BleepingComputer

Malware Removal University

GeeksToGo University

Also Check Here

----------------------

Good luck and thanks for using the forum -  MrC

Link to post
Share on other sites

Good morning MrC. It would appear all is clear.

 

KIS 2014 did a full scan and reported 6 files 'not processed'. However frustratingly KIS will not generate a detailed report, instead it spends ages 'collating' the report and then crashes. Have looked on their forum but to be honest bit confused. Maybe im not typing in the correct search term on the forum to find an answer to this issue.

 

Although im slightly nervous about 6 items unprocessed if you think im clean then i will relax,slightly. 

 

Thank you once again for your help.

 

Mike

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.