Jump to content

Recommended Posts

I am currently experiencing the computer opening multiple internet sessions and dragging the speed to crawl.  These additional internet sessions are opening behind the Win7 desktop and unseen by me until shut down.  Once I select shut down and the desktop turns black, multiple sessions are displayed for a fraction of time before the computer turns off.  I have AVG Anti Virus software and Malware Pro installed.  I have recently ran both and found additional threats that have been removed.  However, something still remains and continues to reappear after a few hours / days.  I am including the attach.txt file, the dds.txt file did not create.  I have two hard drives and I run the Malware and AVG on both when scanning.

attach.txt

Link to post
Share on other sites

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Run Malwarebytes,  Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick scan

Make sure that everything is checked, and click Remove Selected on any found items.

 

Post the produced log

 

Next,

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Let me see those logs in your next reply..

 

Kevin...

Link to post
Share on other sites

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.

 


Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
When it's done you'll see: Pending: Uncheck any elements you don't want removed.
Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
Look over the log especially under Files/Folders for any program you want to save.
If there's a program you want to save, just uncheck it from AdwCleaner.
If you're not sure, post the log for review.
If you're ready to clean it all up.....click the Clean button.
After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder.
Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
To restore an item that has been deleted (if necessary):
Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

 

Next,

 

Download Dr.Web CureItto the desktop.

The download is nearly 104.6 MB in size

 

  • Turn OFF your antivirus program.
    How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
     
  • Turn off any other add-on security app {if you have them} like MBAM File System Protection.
     
  • If this system is Windows 8/7 or VISTA, then Right-click on Drweb-cureit-9_zpsa6b7b265.gif  drweb-cureit.exe and select Run as Administrator.
  • Otherwise, on Windows XP, doubleclick on Drweb-cureit-9_zpsa6b7b265.gif  drweb-cureit.exe file to start the tool.
     
     
  • You will see a screen similar to this:
    Drweb-cureit-1_zps34a2f747.gif
    Click the checkbox to participate, and then click on Continue button.
     
  • Next
    Drweb-cureit-2_zpsee7bdcb6.gif
     
    Click on Select onjects for scanning
     
  • Next
    Drweb-cureit-3_zps137b4332.gif
     
    Put a checkmark by clicking on the boxes as shown.
    Do not select Temporary files or System Restore points.
     
    Then click on Start scanning button
     
  • The scan in progress will be shown like this
    Drweb-cureit-4_zps211037d0.gif
     
  • IF something is detected, you will see a screen similar to this
    Drweb-cureit-5_zpsd7be6acf.gif
     
    For each item "detected", click on the Action column down arrow, like this
    Drweb-cureit-8_zpsb099f9d5.gif
    Your options will be Cure or Ignore
     
    IF you see an item that you are very sure is ok, then un-check the checkbox for that item.
    Typically, you will keep the Cure default.
     
    Then click on the Neutralize button.
     
  • When the actions are completed, you will see this
    Drweb-cureit-7_zpsd290a127.gif
     
  • Click on the green Open Report line.  It will pop-up the report in NOTEPAD.
    Save the report to your desktop. The report will be called Cureit.log
     
  • While in NOTEPAD, do a CTRL+A  to Copy all to clipboard.
  • You should be able to get back to your forum topic, start a new reply,
    click 1 time in the box
    and do a CTRL+V    (Paste}
    into reply.
     
  • Close Dr.Web Cureit.
  • Reboot your computer to allow files that were in use to be moved/deleted during reboot.
  • After reboot, post the contents of the log from Cureit.log you saved previously in your next reply.
    ONLY if the log is too large, then you may "attach" it.

 

Re-Enable your antivirus program when all done.

 

Let me see those logs, also give an update on any remaining issues or concerns..

 

Kevin

 

 

 

 

fixlist.txt

Link to post
Share on other sites

I have finished the Dr Web this morning here is the log file - again attached.  During the download of the DR web, I noticed that I had 4 internet sessions opened - not by me.  These all came to the Windows file association web site.  Almost like I was trying to run a program that the computer could not recognize the extension for.  Is there a reason that I am still unable to copy and paste to this website?  Thanks

 

cureit.log

Link to post
Share on other sites

IE 11.  Also the best guess that I have is that there were files that were trying to open and they were not known extensions.  I have noticed that at one point I had a window asking me to approve a download of a file that I did not request.  Obviously I closed this and said no.  Not sure if that was an internal virus creating requests or not.  I also know the computer works a lot faster now and the internet is flowing like it should again.  Any idea why the Malware would be stopping internet explorer requests?  Otherwise I just need to know which files to run and how often they need to be ran to keep the system operating as it should.  Certainly do not want to be getting this stuff back on again.  I do have some programs that I need to remove that were loaded in an attempt to do what you did in a matter of days that these could not fix - without $$$$$$$.

 

Thanks again.

Link to post
Share on other sites

Follow the instructions at this link: http://en.kioskea.net/faq/33289-how-to-reset-internet-explorer-11-to-default-settings and reset IE to default settings, see if it improves...

 

Next,

 

We need to remove FRST,  first it is very important to deal with its own Quarantine folder by using FRST itself..

 

OK, we continue:

 

Delete any fixlist.txt file previously used, continue:

 

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

 

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). That will confirm the removal action, delete if successful.

 

Next,

 

Download "Delfix by Xplode" and save it to your desktop.

 

"Delfix link mirror"

 

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

 

Make Sure the following items are checked:

 


    Activate UAC
    Remove disinfection tools
    Purge System Restore
    Reset system settings

 

Now click on "Run" and wait patiently until the tool has completed.

 

The tool will create a log when it has completed.

 

Let me know if you have any remaining issues or concerns...

 

Kevin

 

 

Delete FRST.exe from your Desktop or the folder it was saved to, navigate to and delete its folder C:\FRST

fixlist.txt

Link to post
Share on other sites

Good to all is well again, read the following link to fully understand PC security and best practices, you may find it useful....

 

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629

 

This is my own security set up that I use on Windows 7:

 

My own security set up is :-

 

Windows own Firewall, Microsoft Security Essentials and Malwarebytes Pro. Windows FW and MSE are free, MB does also have a free version, however I prefer the pro version as it provides auto updates and realtime protection.

 

As an extra layer I also use WinPatrol, the free version is adeqaute for general home use. Available here: http://www.winpatrol.com/download.html

 

For my browser I use Firefox with these addons: Web of Trust, Adblock Plus, Flash Block, NoScipt, Ghostery. When Firefox is open select these keys together :- Ctrl - Shift - A that will access Addons manger, this gives access to find addons, use, start, stop or disable those features etc....

Before using NoScript read from this link http://noscript.net/ makes it easy to understand....

 

Understanding Windows 7 Firewall - http://windows.microsoft.com/en-GB/windows7/Understanding-Windows-Firewall-settings

 

Understanding Microsoft Security Essentials - http://www.microsoft.com/en-gb/security/pc-security/mse.aspx

 

Understanding Malwarebytes, how to create an exclusion in MSE - http://forums.malwarebytes.org/index.php?showtopic=10138&st=0&p=162100entry162100

 

Understanding WinPatrol - http://www.winpatrol.com/features.html

 

I also use the Professional version of Sandboxie, I believe there is also free version available. Visit this link http://www.sandboxie.com/ for access to d/l, also make sure to use the "Help and FAQ" option to understand its uses, specifically how to run your browser sandboxed!.

 

I have also just started using CryptoGuard by Hitman Pro, once installed it will protect all Browsers against crypto ransomware infections, is also free. Go to following link for instructions, it will work with the set up I describe above..

 

http://www.surfright.nl/en/alert/cryptoguard'>http://www.surfright.nl/en/alert/cryptoguard

 

If no more issues/concerns are we ok to close out your thread...

 

Take care,

 

Kevin

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.