Jump to content

Anitvirus Soft


Recommended Posts

Hello ,

And :rolleyes: My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications.

-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.

Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

  • Please download OTL from one of the following mirrors:

    [*]Save it to your desktop.

    [*]Double click on the otlDesktopIcon.png icon on your desktop.

    [*]Click the "Scan All Users" checkbox.

    [*]Push the runscanbutton.png button.

    [*]Two reports will open, copy and paste them in a reply here:

    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

-------------------------------------------------------------

In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply

  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)

Link to post
Share on other sites

Thanks for prompt reply. About 15 hours ago my machine was infected with Antivirus Soft malware that was not recognized by Malwarebytes. I do have full operation in Safe Mode. I was able to do system restore but it was not successful in getting rid of it.

Another set of log files are attached.

Thanks - Tom

Hello ,

And :rolleyes: My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications.

-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.

Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

  • Please download OTL from one of the following mirrors:

    [*]Save it to your desktop.

    [*]Double click on the otlDesktopIcon.png icon on your desktop.

    [*]Click the "Scan All Users" checkbox.

    [*]Push the runscanbutton.png button.

    [*]Two reports will open, copy and paste them in a reply here:

    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

-------------------------------------------------------------

In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply

  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)

Desktop1.zip

Link to post
Share on other sites

Hello again,

OTL FIX

------------

We need to run an OTL Fix

  1. Please reopen otlDesktopIcon.png on your desktop.
  2. Copy and Paste the following code into the customFix.png textbox. Do not include the word "Code"
    :otl
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
    O4 - HKCU..\Run: [knrrhast] C:\Users\Tom\AppData\Local\wlohhw\lbyosftav.exe ()
    O4 - HKCU..\Run: [lmpdegjr] C:\Users\Tom\AppData\Local\bjscto\lccxsftav.exe ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    [2010/03/29 16:08:02 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\wlohhw
    [2010/03/29 16:07:54 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\bjscto

    :commands
    [resethosts]
    [emptytemp]


  3. Push runFixbutton.png
  4. OTL may ask to reboot the machine. Please do so if asked.
  5. Click btnOK.png.
  6. A report will open. Copy and Paste that report in your next reply.

Link to post
Share on other sites

Great work Elise - it appears to have solved the problem. Thanks for your help and prompt response :rolleyes: Tom

All processes killed

========== OTL ==========

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\knrrhast deleted successfully.

C:\Users\Tom\AppData\Local\wlohhw\lbyosftav.exe moved successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\lmpdegjr deleted successfully.

C:\Users\Tom\AppData\Local\bjscto\lccxsftav.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.

C:\Users\Tom\AppData\Local\wlohhw folder moved successfully.

C:\Users\Tom\AppData\Local\bjscto folder moved successfully.

========== COMMANDS ==========

File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Tom

->Temp folder emptied: 866721281 bytes

->Temporary Internet Files folder emptied: 43271498 bytes

->Java cache emptied: 61634171 bytes

->FireFox cache emptied: 79429957 bytes

->Flash cache emptied: 50859 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 1686666 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 2773044 bytes

%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33621285 bytes

%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 37494599 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 3487417343 bytes

Total Files Cleaned = 4,400.00 mb

OTL by OldTimer - Version 3.1.37.3 log created on 03302010_113235

Files\Folders moved on Reboot...

File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

File move failed. C:\Windows\SysNative\SET4DA4.tmp scheduled to be moved on reboot.

File move failed. C:\Windows\SysNative\SET4EB1.tmp scheduled to be moved on reboot.

File move failed. C:\Windows\SysNative\SET8F65.tmp scheduled to be moved on reboot.

File move failed. C:\Windows\SysNative\SET8FF5.tmp scheduled to be moved on reboot.

File move failed. C:\Windows\SysNative\SET9FB3.tmp scheduled to be moved on reboot.

File move failed. C:\Windows\SysNative\SET9FE5.tmp scheduled to be moved on reboot.

File move failed. C:\Windows\SysNative\SETBF88.tmp scheduled to be moved on reboot.

File move failed. C:\Windows\SysNative\SETBFAA.tmp scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Hello again,

OTL FIX

------------

We need to run an OTL Fix

  1. Please reopen otlDesktopIcon.png on your desktop.
  2. Copy and Paste the following code into the customFix.png textbox. Do not include the word "Code"
    :otl
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
    O4 - HKCU..\Run: [knrrhast] C:\Users\Tom\AppData\Local\wlohhw\lbyosftav.exe ()
    O4 - HKCU..\Run: [lmpdegjr] C:\Users\Tom\AppData\Local\bjscto\lccxsftav.exe ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    [2010/03/29 16:08:02 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\wlohhw
    [2010/03/29 16:07:54 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\bjscto

    :commands
    [resethosts]
    [emptytemp]


  3. Push runFixbutton.png
  4. OTL may ask to reboot the machine. Please do so if asked.
  5. Click btnOK.png.
  6. A report will open. Copy and Paste that report in your next reply.

Link to post
Share on other sites

Hi Elise: Here is the results f the latest fix. I will run new scan tonight and report back in the morning.

Files\Folders moved on Reboot...

File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

File move failed. C:\Windows\SysNative\SET4DA4.tmp scheduled to be moved on reboot.

File move failed. C:\Windows\SysNative\SET4EB1.tmp scheduled to be moved on reboot.

File move failed. C:\Windows\SysNative\SET8F65.tmp scheduled to be moved on reboot.

File move failed. C:\Windows\SysNative\SET8FF5.tmp scheduled to be moved on reboot.

File move failed. C:\Windows\SysNative\SET9FB3.tmp scheduled to be moved on reboot.

File move failed. C:\Windows\SysNative\SET9FE5.tmp scheduled to be moved on reboot.

File move failed. C:\Windows\SysNative\SETBF88.tmp scheduled to be moved on reboot.

File move failed. C:\Windows\SysNative\SETBFAA.tmp scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Great work Elise - it appears to have solved the problem. Thanks for your help and prompt response :rolleyes: Tom

All processes killed

========== OTL ==========

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\knrrhast deleted successfully.

C:\Users\Tom\AppData\Local\wlohhw\lbyosftav.exe moved successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\lmpdegjr deleted successfully.

C:\Users\Tom\AppData\Local\bjscto\lccxsftav.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.

C:\Users\Tom\AppData\Local\wlohhw folder moved successfully.

C:\Users\Tom\AppData\Local\bjscto folder moved successfully.

========== COMMANDS ==========

File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Tom

->Temp folder emptied: 866721281 bytes

->Temporary Internet Files folder emptied: 43271498 bytes

->Java cache emptied: 61634171 bytes

->FireFox cache emptied: 79429957 bytes

->Flash cache emptied: 50859 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 1686666 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 2773044 bytes

%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33621285 bytes

%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 37494599 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 3487417343 bytes

Total Files Cleaned = 4,400.00 mb

OTL by OldTimer - Version 3.1.37.3 log created on 03302010_113235

Files\Folders moved on Reboot...

File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

File move failed. C:\Windows\SysNative\SET4DA4.tmp scheduled to be moved on reboot.

File move failed. C:\Windows\SysNative\SET4EB1.tmp scheduled to be moved on reboot.

File move failed. C:\Windows\SysNative\SET8F65.tmp scheduled to be moved on reboot.

File move failed. C:\Windows\SysNative\SET8FF5.tmp scheduled to be moved on reboot.

File move failed. C:\Windows\SysNative\SET9FB3.tmp scheduled to be moved on reboot.

File move failed. C:\Windows\SysNative\SET9FE5.tmp scheduled to be moved on reboot.

File move failed. C:\Windows\SysNative\SETBF88.tmp scheduled to be moved on reboot.

File move failed. C:\Windows\SysNative\SETBFAA.tmp scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.45

www.malwarebytes.org

Database version: 3930

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18882

3/31/2010 11:36:31 PM

mbam-log-2010-03-31 (23-36-31).txt

Scan type: Full scan (C:\|)

Objects scanned: 294950

Time elapsed: 1 hour(s), 30 minute(s), 2 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 2

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Here are the results of the latest MB scan.

Thanks again - Tom

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> No action taken.

HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> No action taken.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

I didn't ask for a new OTL fix. I want you to update Malwarebytes Antimalware, and run a quick scan, so I can see if it still detects stuff.

Please do not use the quote button when replying, instead use the Add reply button :)

Link to post
Share on other sites

Your log shows No action taken, did you remove the found items afterwards?

How are things running now? Any problems left?

ESET ONLINE SCANNER

----------------------------

I'd like us to scan your machine with ESET OnlineScan

  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the esetOnline.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    1. Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.

    3. Check esetAcceptTerms.png
    4. Click the esetStart.png button.
    5. Accept any security warnings from your browser.
    6. Check esetScanArchives.png
    7. Push the Start button.
    8. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    9. When the scan completes, push esetListThreats.png
    10. Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
      Note - when ESET doesn't find any threats, no report will be created.
    11. Push the esetBack.png button.
    12. Push esetFinish.png

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.