Wondershare Issue And General SweepOut

[LiquidTension]

Hi Gary, 
 

Let me know if you really think I should remove these 4 OpenCandy items and I will.  Maybe I should scan these files individually on Kaspersky or another site that scans questionable singles?  Will do that first if that is necessary.

No, that isn't necessary. The files flagged are setup files/installers, that bundle a potentially unwanted programme (OpenCandy). OpenCandy is not malicious, but generally considered as unwanted. 
 
Here's an analysis on the file:
http://www.herdprotect.com/vistaglazzsetup.exe-6130e3bf38ee376f3302a6aca1cb918b61cf0669.aspx
 
You can see other vendors detect the setup file for the same reason as ESET. 
 

And I imagine hardly anybody knows this.  Your thoughts?

Yes, I agree. Those not particularly well versed in hardware and the like probably won't know this. 
I didn't - but then again, my experience in this area is somewhat limited. 
 

Oh yeah.....also had reinstalled "StickyPad", a little useful utility I had to remove because it was rejected by one of the scanners as risky....in case that pops up again in the above log.

Yes, looks OK. 
http://www.herdprotect.com/stickypad.exe-d5a8ec484b9ba3e856c21b1123ec136f9124dbfb.aspx
 
----------------
 
Subject to no further issues -
 
All Clean!
Congratulations, your computer appears clean! 
I no longer see signs of malware on your computer, and feel satisfied that our work here is done. The steps below will remove the tools we have used, and reset any settings changed. I have also provided a list of resources and tools that you may find useful. 
 
My help will always be free. But if you are happy with the help provided, and would like to support my fight against malware and/or buy me a beer, please consider a donation. 
 
 DelFix

• Please download DelFix and save the file to your Desktop.
• Double-click DelFix.exe to run the programme.
• Place a checkmark next to the following items:
  • Activate UAC
  • Remove disinfection tools
  • Create registry backup
  • Purge system restore
  • Reset system settings
• Click the Run button.

-- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).
 
======================================================
 
I have compiled below a list of resources you may find useful. The articles document information on computer security, common infection vectors and how you can stay safe on the Internet.

• Answers to common security questions - Best Practices by quietman7, MVP
• How Malware Spreads - How did I get infected? by quietman7, MVP
• Simple and easy ways to keep your computer safe and secure on the Internet by Lawrence Abrams, MVP
• How to Prevent Malware by miekiemoes, MVP
• How to backup and restore your data using Cobian Backup by YourHighness
• Slow Computer/browser? It May Not Be Malware by quietman7, MVP
   

The following programmes come highly recommended in the security community.

•  AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.
• CryptoPrevent places policy restrictions on loading points for ransomware (eg. CryptoWall), helping prevent the execution of malware. 
•  Malwarebytes Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
•  Malwarebytes Anti-Malware Premium (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
•  NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
•  Sandboxie isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
•  Secunia PSI will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you.
•  SpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
•  Web of Trust (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.

-- Please feel free to ask if you have any questions or concerns on computer security or the programmes above.
 
======================================================
 
Please confirm you have no outstanding issues, and are happy with the state of your computer. Once I have confirmation things are in order, we can wrap things up and I will close this thread. 
 
Thank you for using Malwarebytes.
 
Safe Surfing.     
Adam

[garyt53]

Hi Adam -

 

Not only good news, but really thorough. I will remove that OpenCandy stuff too but no need to redo the backup I made. Finally just a coupla questions:

 

1) DelFix “reset system settings”: Does it only reset those settings we changed for this investigation? I think only the UAC and Folder>View settings.

 

2) DelFix “purge sys restore”: I reset sysrestore and created a new restore point early on in this process and, since we found no real infections, can I safely turn off this option also? Or was “InstallMate” a real infection?

 

3) I already use most of the programs you list as “highly recommended” but regarding CryptoPrevent, MBAE, MBAM and SpywareBlaster.....is it really advised they run in conjunction with SymanticAV NIS? I thought the rule was AV programs always conflict.

 

We all know there is a glaring absence of simple and reliably effective system-backup utilities that support the common windows and linux filesystems. Does Cobian promise to meet this need providing dual-boot HDD imaging? Clonezilla's great for partition imaging but not as reliable when imaging multiple partitions with different filesystems such as NTFS and ext3/4 encountered when dual-booting. If you don't know right away don't look it up. I will. You know that “I don't know” is one of the coolest things an engineer can say. ha

 

But admitting a screw-up is a lot harder, albeit usually not necessary: I discovered where my forum notifications were going.....curiously, to my spam folder. I assumed (there's that word again) that since I got the first notification OK that the others would follow automatically. I hope I didn't waste any of your time when I reported them missing without checking my spam folder, but I suspect I may have.

 

And finally, Thank You for being there.....my trust has not been misplaced.

 

gt

[LiquidTension]

Hello Gary,
 

1) DelFix “reset system settings”: Does it only reset those settings we changed for this investigation? I think only the UAC and Folder>View settings.

This option will reset certain file and folder options (such as hiding files/folders normally hidden), and will hide extensions for known file types.
 

2) DelFix “purge sys restore”: I reset sysrestore and created a new restore point early on in this process and, since we found no real infections, can I safely turn off this option also? Or was “InstallMate” a real infection?

InstallMate isn't particularly serious, or something to be concerned by. 
Leave this option unchecked if you wish to keep your current System Restore Points intact.
 

3) I already use most of the programs you list as “highly recommended” but regarding CryptoPrevent, MBAE, MBAM and SpywareBlaster.....is it really advised they run in conjunction with SymanticAV NIS? I thought the rule was AV programs always conflict.

All four programmes mentioned above are not Anti-Virus software.  
 
CryptoPrevent is, in my opinion, one of the most useful prevention tools available. Whilst originally designed to combat file-encrypting ransomware, the policy restrictions the programme places will also block a whole array of other malware. You need only install the programme and apply the policy restrictions. The programme does not run in real-time, and does not need to be opened unless you wish to check for updates. Once installed, it will not consume any system resources. 
 
Malwarebytes Anti-Malware comes in two flavours - Free and Premium. The free version acts as an on-demand scanner. It does not provide real-time protection, but can be used to scan for and remove malware. I recommend running a Threat Scan once a week. Purchasing a Premium license upgrades the software, and provides a whole host of additional features, including real-time malware protection, malicious website blocking and a scan/update scheduler. MBAM Premium is designed to run alongside your resident Anti-Virus, and should not cause any conflicts. 
 
Malwarebytes Anti-Exploit also comes in Free and Premium versions. This programme runs in real-time regardless of the version, and is designed to protect the machine against malware that seeks to exploit vulnerabilities in popular software. There should be no issues running this programme alongside your Anti-Virus as well. 
 
SpywareBlaster is a form of passive protection, and blocks tracking cookies and other forms of malware by inserting killbits into the registry. Like CryptoPrevent, this programme will not consume any system resources. 
 

We all know there is a glaring absence of simple and reliably effective system-backup utilities that support the common windows and linux filesystems.

Have you come across Acronis True Image? 
http://www.acronis.com/en-gb/
 
I believe this software supports dual boot machines, but cannot expand any further as I do not dual boot. 
I use the software on my personal machines. 
 

And finally, Thank You for being there.....my trust has not been misplaced.

That's quite alright. You're welcome.

[AdvancedSetup]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!