Jump to content

My computer is infected


Recommended Posts

I have a Dell XPS 8500, with Windows 7 Professional, SP1,
with Spywareblaster, SuperAntiSpware, Malwarebytes, Avast,
Windows Defender and Windows firewall.

 

(1) TB HD
Intel ®  Core i7-33-3770 CPU @ 3.40 GHz 3.40 GHz
Ram 12.0 GB
System type : 64-bit operating system


I have also have a Dell Dimension 8200 with XP, SP3, with
Spywareblaster, , SuperAntiSpware, Avast, Malwarebytes and
Windows firewall.

Seagate  Barracuda 7200 HD 160Gb
System type: 32-bit operating system

 

 

I've contracted some sort of virus on the Dell 8500 when I installed

what I thought was a JAVA update; Ever since, I have been getting

notices from Java to install it again? It just popped on my screen so

thought it was legitimate.  

and also this:

I've run Malwarebytes, Avast, SuperAntiSpyware, Autorun scans and

deleted selected items but the virus (Pup.Optional) keeps returning.

Everyday it's the same thing; Java pops open my Admin password box

and asks if I want to download it and I answer (NO). I then get a notification

on the system tray on the lower right for Java updates.

 

I would appreciate any help that you could give me in removing this

virus from my system.

 

Thank you,
Robert

 

post-156944-0-17427700-1408570599_thumb.

post-156944-0-52971700-1408570612_thumb.

post-156944-0-40788400-1408570624_thumb.

post-156944-0-92045500-1408570638_thumb.

post-156944-0-40487100-1408570651_thumb.

post-156944-0-41164000-1408570662_thumb.

post-156944-0-13127200-1408570716_thumb.

post-156944-0-75543400-1408570723_thumb.

post-156944-0-75218100-1408570732_thumb.

post-156944-0-77427500-1408570740_thumb.

post-156944-0-52792100-1408570748_thumb.

post-156944-0-34461200-1408570756_thumb.

Link to post
Share on other sites

Hello,
    
 
They call me TwinHeadedEagle around here, and I'll be working with you.
 
    
 
    
Before we start please read and note the following:

  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Do not paste the logs in your posts, attachments make my work easier. There is a Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
  • Stay with me to the end, the absence of symptoms doesn't mean that your machine is fully operational.
  • Note that we may live in totally different time zones, what may cause some delays between answers.
  • Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.

:excl: I can't foresee everything, so if anything unexpected happens, please stop and inform me!
:excl: There are no silly questions. Never be afraid to ask if in doubt!
 
 
 
  warning.gif Rules and policies
 
We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!
 
Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.
 
 
 
 

Please download Farbar Recovery Scan Tool and save it to your desktop.
 
Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Link to post
Share on other sites

Hello TwinHeadedEagle,

 

Thank you for assisting me,

 

To my knowledge, I do not have any illegal software of any kind on

my computer.

 

I clicked the link to download Farbar as per your instructions but

Avast immediately popped up with Threat detected! So I closed it.

 

 

Robert

Link to post
Share on other sites

Yes, because I'm disabled and have wrist injuries along with back and neck injuries. 

 

Sorry to hear that, I didn't want to be rude. You can try to edit your first post and to delete these attachments.

 

 

 

First, go to Control Panel and uninstall following (skip lines that cannot be uninstalled):

- FreeSoftToday 025.208

- Remote Desktop Access

- WindowsMangerProtect20.0.0.502

 

 

 

FRST.gif Fix with Farbar Recovery Scan Tool

 

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif

icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

 

Download attached fixlist.txt file and save it to the Desktop:

 

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    (XP users click run after receipt of Windows Security Warning - Open File).

  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please post it to your reply.

 

 

 

 

adwcleaner_new.png Fix with AdwCleaner

 

Please download AdwCleaner by Xplode and save the file to your desktop.

  • Right-click on adwcleaner_new.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Follow the prompts and click Scan.
  • When finished, please click Clean.
  • Upon completion, click Report. A log (AdwCleaner[s*].txt) will open.
  • Please include the contents of that file in your reply.

fixlist.txt

Link to post
Share on other sites

I ran all the scans and updated Spywareblaster after reading

your message and are attached along with the malwarebytes

report. It seems the system is clean.

 

I also contracted Win32:Eorezo - cy [pup] via a supposed

upgrade to Firefox. I was able to delete it and ran full

scans afterward twice and it appears clean. How do I

know what's a legitimate download and what's not? I

have another that popped up today for a updated version

for SuperAntiSpyware but I was leery of clicking on it

so I closed it.

 

Also Avast keeps popping up telling me there are updated

versions of programs available. So what is the best course

of action so this doesn't happen again?

 

Thanks,

Robert

post-156944-0-50253700-1409189339_thumb.

post-156944-0-26772600-1409189348_thumb.

post-156944-0-40586700-1409189358_thumb.

post-156944-0-69092900-1409189366_thumb.

post-156944-0-29532700-1409189376_thumb.

post-156944-0-66539100-1409189383_thumb.

post-156944-0-88593300-1409189391_thumb.

post-156944-0-39850500-1409189398_thumb.

Malwarebytes report (8-27-14).doc

Link to post
Share on other sites

Java update is OK, you need to install it.
 
 
 
Below you will find my thoughts about securing your machine. Go ahead through it, you will benefit from some useful advice about safe computing. 
 
 

Recommended reading:

 
 
icon_exclaim.gifMUST READ - security tips:

icon_exclaim.gifMUST READ - general maintenance:

The Importance of Software Updating:

 

 
In order to stay protected it is very important that you regularly update all of your software. Cybercriminals depend on the apathy of users around software updates to keep their malicious endeavor running.
 
Operating systems, such as Windows, and applications, such as Adobe Reader or JAVA, are used by tens of millions of computers and devices around the world, making them a huge target for cybercriminals. Downloading updates and installing them can sometimes be tedious, but the advantages you get from the updates are certainly worth it.

Recommended additional software:

 
 
icon_arrow.gifTFC - to clean unneeded temporary files.
icon_arrow.gifMalwarebytes' Anti-Malware - to scan your system from time to time in search for malware.
icon_arrow.gifMalwarebytes' Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities.
icon_arrow.gifMcShield - to prevent infections spread by removable media.
icon_arrow.gifCryptoPrevent - to secure yourself from very severe CryptoLocker infection.
icon_arrow.gifUnchecky - to prevent from installing additional foistware, implemented in legitimate installations.
icon_arrow.gifFiheHippo.com Update Checker - to keep your programs up-to-date.
icon_arrow.gifAdblock - to surf the web without annoying ads! 
 
 

Post-cleanup procedures:

 

 
Download DelFix by Xplode and save it to your desktop.

  • Run the tool by right click on the 51a5ce45263de-delfix.png icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
  • Push Run.
  • The program will run for a few seconds and display a notepad report. You do not need to attach it.

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning. 
 
 
 


My help is free for everybody.

If you're happy with the help provided and/or wish to buy me a beer for the assistance you received, then you can consider a donation: xbtn_donate_SM.gif.pagespeed.ic.MMi5tqVp

Thank you!

 
 
Stay safe,
TwinHeadedEagle   :)

Link to post
Share on other sites

You've given me allot of information to digest but as a quick reply:

 

The Java update is how I got infected in the first place.

 

I also had a pop-up for Adobe updates but didn't click on that either

because I'm leery of being infected.

 

The safest setting is to have your e-mail client set to view incoming

e-mails in text only - how do I do this? I already have my email set at

the highest priority even though I hardly get any emails from people

I know but my spam folders fills and I empty it on a regular basis.

Windows Vista and Windows 7

To turn on Automatic Updates yourself, follow these steps:

  1. Click Start, type Windows update in the search box, and then click Windows Update in the Programs list.
  2. In the left pane, click Change settings.
  3. Select the option that you want.
  4. Under Recommended updates, select the Give me recommended updates the same way I receive important updates or Include recommended updates when downloading, installing, or notifying me about updates check box, and then click OK.

I have my Windows 7 set up for automatic updates but it doesn't have any of the above.

I searched for Adobe Reader to upgrade it but I can't find it?

I already have malwarebytes Anti-Malware installed but you wish me to install the following

programs in addition to the ones I already have? Are these automatic or will I have to run them manually ?

 

 TFC - to clean unneeded temporary files.
Malwarebytes' Anti-Malware - to scan your system from time to time in search for malware.
Malwarebytes' Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities.
McShield - to prevent infections spread by removable media.
CryptoPrevent - to secure yourself from very severe CryptoLocker infection.
Unchecky - to prevent from installing additional foistware, implemented in legitimate installations.
FiheHippo.com Update Checker - to keep your programs up-to-date.
Adblock - to surf the web without annoying ads! 

 

I  ran the Del fix tool.

Can I now delete the AdwCleaner, FRST64 and fixlist from my desktop?  

 

I would have no problem reimbursing you for the time you've spent helping

me but I'm disabled and live from month to month on a fixed marginal income.

 

Thanks,

Robert

Link to post
Share on other sites

I started to download the files you gave me but I ran into


a few question marks (attached).


 


The first is one of the pop-ups Avast is giving me and I just wanted


you to see this.


 


The second shows MCShield had an error code


 


I don't understand what they are referring to by desktop gadgets?


 


Hippo update is showing Java but I already installed it using your link


so I suspect Hippo is showing viruses programs and I'm leery of the Beta


tag. This site makes me very nervous to use.


 


I didn't proceed with this because I was unsure. I had already clicked


to change the download to Firefox so this pop-up made me stop.


 


See what I mean? How is the average person to know?  Allot of this


information isn't clear. I'm still trying to figure out MCShield and 


when I installed malwarebytes Anti-Exploit it created an flame icon in the


system tray lower right but has since disappeared.


 


I think since Hippo brought up Java which is how I was infected in the


first place that the virus is still on my computer. Why would Java need


an update when I just installed it yesterday using the links you gave me?


 


 I still am unable to find it on my computer so I tried following your link to


download Windows 7 driver but I was leery of doing so because it came


up with another name.


 


Thoughts/suggestions,


Robert


post-156944-0-68280400-1409448002_thumb.

post-156944-0-02123500-1409448010_thumb.

post-156944-0-81959200-1409448016_thumb.

post-156944-0-67361400-1409448023_thumb.

post-156944-0-07585600-1409448033_thumb.

post-156944-0-14535800-1409448042_thumb.

Link to post
Share on other sites

I'm not understanding what you mean by email is OK

and Windows update too ? I'll go ahead and install

those programs you listed tonight but one question; will

these programs conflict with what I already have on the

computer?

 

You do not need to change anything in your email settins they are ok.

 

All programs I recommended can work together.

 

 

 

The first is one of the pop-ups Avast is giving me and I just wanted you to see this.

 

I think you should just ignore this.

 

 

The second shows MCShield had an error code

 

Leave it for now, I'll try to investigate.

 

 

 

 

I don't understand what they are referring to by desktop gadgets?

 

I think you should click Yes.

 

 

 

 

Hippo update is showing Java but I already installed it using your link so I suspect Hippo is showing viruses programs and I'm leery of the Beta tag. This site makes me very nervous to use.

 

 

Please hide results from programs you want including Java. It is described here

 

http://filehippo.com/updatechecker/faq

 

Please read this text too, to disable Beta updates

 

http://www.trishtech.com/2011/03/find-updates-to-installed-software-using-filehippo-update-checker/

 

 

I didn't proceed with this because I was unsure. I had already clicked to change the download to Firefox so this pop-up made me stop.

 

Install Adblock, pop-ups won't appear anymore.

 

 

 

See what I mean? How is the average person to know?  Allot of this information isn't clear. I'm still trying to figure out MCShield and when I installed malwarebytes Anti-Exploit it created an flame icon in the system tray lower right but has since disappeared. I think since Hippo brought up Java which is how I was infected in the first place that the virus is still on my computer. Why would Java need an update when I just installed it yesterday using the links you gave me? I still am unable to find it on my computer so I tried following your link to download Windows 7 driver but I was leery of doing so because it cameup with another name.

 

I was average person too, but I spent a lot of time reading and learning to realize how stuff work. Leave MCShield for now. About anti-exploit try to reinstall it or restart your PC. I have already explained about FileHippo. Java is legitimate software and should be updated regularly. You can disable this version now, you already have latest.

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.