Jump to content

Erratic mouse, can't shut down, win32.adawareBHO


DLGolfs
 Share

Recommended Posts

Been down this road before here are the results.

Lavasoft Adaware finds win32.AdawareBHO

Combofix ran, malwarebytes, dds, etc.

If you need anything else, just ask

sorry don't have the original post to do the cfscript.txt......for the notepad stuff

Thank you in advance for your help.

Link to post
Share on other sites

  • 3 weeks later...
Hi and welcome to Malwarebytes.

My apologies for the delay.

Please delete all copies of ComboFix that you have.

Next, please update MBAM, run a Quick Scan, and post its log.

-screen317

ACtually it has been so long that the problem returned after I posted this. So I ran malware, spybot, lavasoft adaware and nothing. I tried to download combofix but it is not available at this time. I rebottoed and it has not returned. Right before it came, spybot found 3 registry enteries and spybot supoosely deleted them. I probably should have checked to make sure that they are not there and/or were deleted. I ran Spybot again and nothing. Malware did dowload the new version, rebooted and then I ran it . it is attache.

MBAM attached. Combofix is deleted

Link to post
Share on other sites

  • Staff

Hi,

Please download and run ComboFix from here:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Ensure that all protection programs are disabled before proceeding, and be sure to install the Recovery Console when prompted to.

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

  • Staff

Hi,

Things are looking good. :)

Next, please use the Internet Explorer browser and click here to use the F-Secure Online Scanner.

  • Click Start Scanning.
  • You should get a notification bar (on top) to install the ActiveX control.
  • Click on it and select to install the ActiveX.
  • Once the ActiveX is installed, you should accept the License terms by clicking OK below to start the scan.
  • In case you are having problems with installing the ActiveX/starting the scan, please read here.
  • Click the Full System Scan button.
  • It will start to download scanner components and databases. This can take a while.
  • The main scan will start.
  • Once the scan has finished scanning, click the Automatic cleaning (recommended) button
  • It could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.
  • The cleaning can take a while, so please be patient.
  • Then click the Show report button and Copy/Paste what is present under results in your next reply.

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

Hi,

Things are looking good. :)

Next, please use the Internet Explorer browser and click here to use the F-Secure Online Scanner.

  • Click Start Scanning.
  • You should get a notification bar (on top) to install the ActiveX control.
  • Click on it and select to install the ActiveX.
  • Once the ActiveX is installed, you should accept the License terms by clicking OK below to start the scan.
  • In case you are having problems with installing the ActiveX/starting the scan, please read here.
  • Click the Full System Scan button.
  • It will start to download scanner components and databases. This can take a while.
  • The main scan will start.
  • Once the scan has finished scanning, click the Automatic cleaning (recommended) button
    Ran both programs, but forgot to get the file from F Online scanner, there was only one spyware file that was fixed. If i run it again, I probably will not duplicate the file. Attached is the security ck file
  • It could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.
  • The cleaning can take a while, so please be patient.
  • Then click the Show report button and Copy/Paste what is present under results in your next reply.

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

  • Staff

Hi,

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterwards. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program (if present):

Adobe Reader 8.1.6

Restart your computer.

Get the latest version of Adobe Reader.

my mouse is acting very weird.
Please describe this in as much detail as possible. Does the same behavior occur when you plug it into another computer?

-screen317

Link to post
Share on other sites

Hi,

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterwards. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program (if present):

Adobe Reader 8.1.6

Restart your computer.

I have not pluged the mouse into another computer, however I delted the Fonline scanner and the problem went away.....I will do the above and then? Any comments? Can you tell me why I continually get this mouse problem? My husband has 4 computers and he never gets this. I understand it is probably the sites I do to, I guess that are different than him.

Get the latest version of Adobe Reader.

Please describe this in as much detail as possible. Does the same behavior occur when you plug it into another computer?

-screen317

Link to post
Share on other sites

  • Staff

No, all you need to do is delete the .exe file.

If you are not experiencing any other issues, then now that your computer seems to be in proper working order, please take the following steps to help prevent reinfection:

1) It is vital that you have a firewall. The one that comes with Windows XP is not sufficient in that it only checks incoming data. I recommend selecting one of the following free firewalls. Be sure to only install one.

Kerio

Comodo

Outpost

2) Download and install Javacool's SpywareBlaster, which will prevent malware from being installed on your computer. A tutorial on it can be found here.

3) Download and install IE-Spyad, which will place over 5000 'bad' sites on your Internet Explorer Restricted List. A tutorial on it can be found here.

4) Make sure your programs are up to date! Older versions may contain security risks. To find out what programs need to be updated, please run Secunia's Software Inspector.

5) Go to Windows Update frequently to get all of the latest updates (security or otherwise) for Windows.

6) WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

  • Green to go
  • Yellow for caution
  • Red to stop

WOT has an addon available for both Firefox and IE.

7) Be sure to update your Antivirus and Antispyware programs often!

Finally, please also take the time to read Tony Klein's excellent article on: So How Did I Get Infected in the First Place?

Safe surfing,

-screen317

Link to post
Share on other sites

No, all you need to do is delete the .exe file.

If you are not experiencing any other issues, then now that your computer seems to be in proper working order, please take the following steps to help prevent reinfection:

1) It is vital that you have a firewall. The one that comes with Windows XP is not sufficient in that it only checks incoming data. I recommend selecting one of the following free firewalls. Be sure to only install one.

Kerio

Comodo

Outpost

2) Download and install Javacool's SpywareBlaster, which will prevent malware from being installed on your computer. A tutorial on it can be found here.

3) Download and install IE-Spyad, which will place over 5000 'bad' sites on your Internet Explorer Restricted List. A tutorial on it can be found here.

4) Make sure your programs are up to date! Older versions may contain security risks. To find out what programs need to be updated, please run Secunia's Software Inspector.

5) Go to Windows Update frequently to get all of the latest updates (security or otherwise) for Windows.

6) WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

  • Green to go
  • Yellow for caution
  • Red to stop

WOT has an addon available for both Firefox and IE.

7) Be sure to update your Antivirus and Antispyware programs often!

Finally, please also take the time to read Tony Klein's excellent article on: So How Did I Get Infected in the First Place?

Safe surfing,

-screen317

I have a firewall on my router, too in addition to the Microsoft Firewall. If I download, Kerio, for example, should I shut off the Microsoft Firewall? SHould I shut off the router firewall?

How should I configure my box?

I have Lavasoft running in the background (bought it , well got it for free by one of the offers, unitl 2/2010. ) I can disable it , but does spyblaster run in the background? I will run it and see.

HOw about the AVG? It that OK?

General question on AVG, it has an anti-spyware that cannto be shut off.

Just curious, if you answer the Malwarebytes forum, why suggest spyblaster? ACtually, Malware bytes has NEVER found anything on mycomputer to be honest. .......

Link to post
Share on other sites

  • Staff

Hi DLGolfs,

I have a firewall on my router, too in addition to the Microsoft Firewall. If I download, Kerio, for example, should I shut off the Microsoft Firewall? SHould I shut off the router firewall?
Leave the router firewall; however, I do recommend disabling the Windows firewall so you can install Kerio, as the Windows Firewall only protects in one direction.
I have Lavasoft running in the background (bought it , well got it for free by one of the offers, unitl 2/2010. ) I can disable it , but does spyblaster run in the background? I will run it and see.
SpywareBlaster can be installed without worry of conflict. It is passive protection that does not conflict with your other protection.
HOw about the AVG? It that OK?

General question on AVG, it has an anti-spyware that cannto be shut off.

AVG is fine, but if you want to keep using it, I would advise disabling other anti-malware programs' resident protection. Alternatively, you could try avast! or AntiVir; they are both free versions of commercial antivirus programs which do not include antispyware and would not conflict with Ad-Aware or any other program you install.
Just curious, if you answer the Malwarebytes forum, why suggest spyblaster? ACtually, Malware bytes has NEVER found anything on mycomputer to be honest. .......
SpywareBlaster is not a scanner and protects you differently than MBAM does. I am looking in your best interest and that is why I recommend different layers of protection. I would consider it a blessing that MBAM hasn't found anything; today's infections are disastrous and you would not be happy with the state of your computer if MBAM found many infections.

Let me know if there's anything else I can do you for you.

Link to post
Share on other sites

Hi DLGolfs,

Leave the router firewall; however, I do recommend disabling the Windows firewall so you can install Kerio, as the Windows Firewall only protects in one direction.

SpywareBlaster can be installed without worry of conflict. It is passive protection that does not conflict with your other protection.

AVG is fine, but if you want to keep using it, I would advise disabling other anti-malware programs' resident protection. Alternatively, you could try avast! or AntiVir; they are both free versions of commercial antivirus programs which do not include antispyware and would not conflict with Ad-Aware or any other program you install.

SpywareBlaster is not a scanner and protects you differently than MBAM does. I am looking in your best interest and that is why I recommend different layers of protection. I would consider it a blessing that MBAM hasn't found anything; today's infections are disastrous and you would not be happy with the state of your computer if MBAM found many infections.

Let me know if there's anything else I can do you for you.

Just to make sure....uninstalled AVG, installed Avira.......instlaled spywareblaster........installed Kerio, disabled IE firewall

Questions:

Do I need tea timer?

Do I need Lavasoft Adware that is a spyware program now? My license with Lavasoft is up in 2/2010 so I can go to Malwarebytes at that time

I assume that I do need a spyware program running in the background.

My other issue is my HP software (what a joke software) It keeps a temp file solutioncetner.msi in the "temp" file and a lot of programs such as microsoft one care deletes it. I have had this happen several times. Anyware in spyware blaster or avira to tell it to ignore these files for HP only?

Thank you in advance for your reply

Link to post
Share on other sites

  • Staff

Hi,

Please use the ADDREPLY button to reply instead of the "REPLY button.

Just to make sure....uninstalled AVG, installed Avira.......instlaled spywareblaster........installed Kerio, disabled IE firewall
Yes that looks good to me. ;)
Do I need tea timer?

Do I need Lavasoft Adware that is a spyware program now? My license with Lavasoft is up in 2/2010 so I can go to Malwarebytes at that time

I assume that I do need a spyware program running in the background.

It is important to have some type of anti-malware running in the background. My opinion of Ad-Aware has lessened over the years. TeaTimer is okay, but often it proves to be more of a hassle than help. My suggestion to you would be to get the paid version of MBAM, which contains great resident anti-malware protection, and to do uninstall Spybot and Ad-Aware. If you'd like to keep Ad-Aware until it expires, that's fine, but I can't vouch for its efficiency as a protection program anymore.
My other issue is my HP software (what a joke software) It keeps a temp file solutioncetner.msi in the "temp" file and a lot of programs such as microsoft one care deletes it. I have had this happen several times. Anyware in spyware blaster or avira to tell it to ignore these files for HP only?
Keep in mind that SpywareBlaster does not scan for, delete, or check for malware on your computer in any way. Its protection is different; it tries to protect you before you get infected, and wont do anything after the fact. Run a scan with Avira to see if it's picking up on the .msi file (that's really odd that they would put an installer in the temp folder, unless they wanted it to be deleted. Do you see any reason to keep that installer file?). In case Avira does target it, add an exception to it. See:

http://www.avira.com/en/support/kbdetails.php?id=420

Except instead of clicking on WebGuard, click the Scanner plus sign to add an exception to the scanner. Repeat with the Guard button.

Let me know how it goes.

-screen317

Link to post
Share on other sites

Hi,

Please use the ADDREPLY button to reply instead of the "REPLY button.

Yes that looks good to me. ;)

It is important to have some type of anti-malware running in the background. My opinion of Ad-Aware has lessened over the years. TeaTimer is okay, but often it proves to be more of a hassle than help. My suggestion to you would be to get the paid version of MBAM, which contains great resident anti-malware protection, and to do uninstall Spybot and Ad-Aware. If you'd like to keep Ad-Aware until it expires, that's fine, but I can't vouch for its efficiency as a protection program anymore.

Keep in mind that SpywareBlaster does not scan for, delete, or check for malware on your computer in any way. Its protection is different; it tries to protect you before you get infected, and wont do anything after the fact. Run a scan with Avira to see if it's picking up on the .msi file (that's really odd that they would put an installer in the temp folder, unless they wanted it to be deleted. Do you see any reason to keep that installer file?). In case Avira does target it, add an exception to it. See:

http://www.avira.com/en/support/kbdetails.php?id=420

Except instead of clicking on WebGuard, click the Scanner plus sign to add an exception to the scanner. Repeat with the Guard button.

Let me know how it goes.

-screen317

WHo knows with HP?????/ It is a VERY big file for an all in one printer. But it does access it in the "temp" file folder so have to keep putting it back there or it constantly gives me an error.

Will go to malwarebytes after the Holidays, thanks

Link to post
Share on other sites

  • 3 weeks later...
  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.