Jump to content

Multiple Issues - Cannot access internet


Recommended Posts

As this computer doesn't live in my home, I can't tell you exactly what all its symptoms were. My adult son brought it to me saying it was "acting up" and asked me to remove the McAfee programs and put on what we use (AVG, Spybot, MBAM, TFC, MyDefrag, Secunia, Erunt and NTREGOPT) and instruct his girlfriend on a regular maintenance schedule.

Well first, when we first log on, we get the message in the screenshot attached.

When first presented with the computer, I installed and ran Malwarebytes. It found several items and the log follows here:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4052

Windows 6.0.6001 Service Pack 1

Internet Explorer 7.0.6001.18000

11/7/2010 12:37:36 AM

mbam-log-2010-11-07 (00-37-36).txt

Scan type: Quick scan

Objects scanned: 122684

Time elapsed: 10 minute(s), 5 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

I then uninstalled the McAfee programs, and attempted to download and install AVG, however at that point, I was no long able to access the internet. I tried several things, but I had to assume that something which was removed had disabled the computer. This is the same problem as my son's computer described in a separate post.

Following your instructions, I ran Defogger and rebooted (even though it did not prompt for a restart).

I ran DDS, and its log follows here:

DDS (Ver_10-11-08.01) - NTFSx86

Run by Heaven at 6:07:21.36 on Mon 11/08/2010

Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_18

Microsoft

post-40703-1289239930_thumb.jpg

Link to post
Share on other sites

post-32477-1261866970.gif

Please don't attach the scans / logs, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

I suggest you do this:

Internet Explorer (Windows)

1. Click "Tools", then click "Internet Options". This will bring up the Internet Options window.

2. Click the "Connections" tab, then click the "LAN Settings" button.

3. Uncheck the box labeled "Use a proxy server for your LAN". Click "OK", and click "OK" in the previous window. This will remove the proxy server settings in Internet Explorer.

Firefox (Windows)

1. Click "Tools", then click "Options" to bring up the Options window.

2. Click the "Advanced" button, then click the "Network" tab.

3. Click the "Settings" button, located next to "Configure how Firefox connects to the Internet".

4. Click the radio button labeled "No proxy". Click "OK" twice. This will remove the proxy server settings in Firefox.

Next:

Disable Internet Explorer Proxy Settings and Reset TCP/IP and Winsock

Disable Internet Explorer Proxy Settings and Reset TCP/IP

It is very important that these steps be carried out exactly as shown otherwise the fix will not work.

If you have any questions please ask before moving on.

  • Please start Notepad and using your mouse make sure you select and copy all the information below in the Code box into your new document.
  • Then save the file as "fixme.bat" to your Desktop
  • In the drop down box for Save as type: make sure you select All Files (*.*) and keep the quotes on the name as well. Then close the new file.
    @ECHO OFF
    reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f
    reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyOverride /f
    reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0 /f
    reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v GlobalUserOffline /t REG_DWORD /d 0 /f
    netsh int ip reset resetlog.txt
    netsh winsock reset catalog


  • On Windows XP you can double-click the file to run it.
  • On Vista/Win7 you need to Right click the file and choose Run as administrator to run it. With User Account Control on it should ask permission to run it. Click Yes
  • This will flash a black DOS box very quickly and go away, this is normal.
  • Restart your computer now.
  • Launch Internet Explorer and see if you can connect to the Internet.
  • Launch MBAM and check for Updates

Post a new HijackThis log

Link to post
Share on other sites

I am now able to connect to the internet.

I have updated Malwarebytes and am currently running a full scan.

I will post that log as soon as the scan is completed, however, your instructions say to post a new HijackThis log.

Please explain. Am I supposed to run that program as well?

Thank you for your help.

I really appreciate it.

Link to post
Share on other sites

Here is the log from the Malwarebytes scan. I did not take any corrective action as yet.

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 5076

Windows 6.0.6001 Service Pack 1

Internet Explorer 7.0.6001.18000

11/8/2010 8:12:49 PM

mbam-log-2010-11-08 (20-12-49).txt

Scan type: Full scan (C:\|D:\|)

Objects scanned: 282470

Time elapsed: 1 hour(s), 46 minute(s), 17 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load (Trojan.Agent) -> No action taken.

Registry Data Items Infected:

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (explorer.exe,C:\Users\Heaven\AppData\Roaming\Microsoft\Windows\shell.exe) Good: (Explorer.exe) -> No action taken.

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Users\Heaven\AppData\Roaming\Microsoft\stor.cfg (Malware.Trace) -> No action taken.

Thank you

Link to post
Share on other sites

Lets make sure we got it all.

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have SP3, use the SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

I know that you all asked me to not download anything or make any changes while we are doing this work, however, I am not comfortable leaving this computer completely unprotected. Therefore, I am going to go ahead and download Zone Alarm and Avira at this time ... just so you know.

Thank you.

Link to post
Share on other sites

Good job :thumbup:

The following will implement some cleanup procedures as well as reset System Restore points:

For XP:

  • Click START run
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

For Vista / Windows 7

  • Click START Search
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

Here's my usual all clean post

To be on the safe side, I would also change all my passwords.

This infection appears to have been cleaned, but as the malware could be configured to run any program a remote attacker requires, it's impossible to be 100% sure that any machine is clean.

Log looks good :lol:

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    1. From within Internet Explorer click on the Tools menu and then click on Options.
    2. Click once on the Security tab
    3. Click once on the Internet icon so it becomes highlighted.
    4. Click once on the Custom Level button.
    5. Change the Download signed ActiveX controls to Prompt
    6. Change the Download unsigned ActiveX controls to Disable
    7. Change the Initialize and script ActiveX controls not marked as safe to Disable
    8. Change the Installation of desktop items to Prompt
    9. Change the Launching programs and files in an IFRAME to Prompt
    10. Change the Navigate sub-frames across different domains to Prompt
    11. When all these settings have been made, click on the OK button.
    12. If it prompts you as to whether or not you want to save the settings, press the Yes button.
    13. Next press the Apply button and then the OK to exit the Internet Properties page.

    [*]Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week

    (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

    [*]Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.

    Without a firewall your computer is succeptible to being hacked and taken over.

    I am very serious about this and see it happen almost every day with my clients.

    Simply using a Firewall in its default configuration can lower your risk greatly.

    [*]Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.

    This will ensure your computer has always the latest security updates available installed on your computer.

    If there are new updates to install, install them immediately, reboot your computer, and revisit the site

    until there are no more critical updates.

Only run one Anti-Virus and Firewall program.

I would suggest you read:

PC Safety and Security--What Do I Need?.

How to Prevent Malware:

Link to post
Share on other sites

Unfortunately - something happened with that failed attempt to install Zone Alarm.

Now I can no longer access the internet on this computer. I have rechecked your first instructions regarding the No Proxy button, and it is still checked.

I have not yet completed the instructions in the previous post because of this.

Please help :lol:

Link to post
Share on other sites

Install or uninstall Zone Alarm?

http://www.bleepingcomputer.com/tutorials/tutorial143.html

Lets see if we can restore the pc back to where it worked right.

Close and save any documents that you may have open.

Click on the Start button to open your Start Menu.

When the Start Menu opens click on the All Programs menu option.

Click once on the Accessories Start Menu group.

Click once on the System Tools Start Menu group.

Click once on the System Restore icon. After you click on the icon, if a User Account Control window opens you should click on the Continue button.

You will now be at the System Restore screen

By default, Vista will already have selected the Recommended restore option. This restore point is one was made after a new program, driver, or update was installed. If you would like to use this restore point, you can click on the Next button to start the restore process. On the other hand, if there is a more recent restore point that you would like to restore you should select Choose a different restore point and press the Next button. This will bring you to a screen, as shown in Figure 2, that contains a listing of all the available restore points that you can restore to.

You should select the restore point that you would like to restore and press the Next button to start the restore process. Vista will display a Window showing your selected restore point and asking you to confirm that this is the one you would like to restore.

If you would like to select a different restore point press the Back button. Otherwise you can press the Cancel button to exit System Restore or the Finish button to begin the restore process. If you selected Finish, Vista will display a second prompt asking you to confirm that you would like to continue the restore.

If you are sure you want to do the restore, then press the Yes button. Vista will now log you off of the computer and start the System Restore process as shown in Figure 5 below.

When the restore has been completed, you computer will be restarted and when Vista boots back up it will be restored to its previous state. When you log in to Vista for the first time after the restore, you will see a message showing that the restore was successful.

If there are any problems with your computer due to the last restore, you can revert back to your previous settings by going back into the System Restore Utility and selecting the Undo System Restore option and pressing the Next button.

Your computer should now be working properly again.

Link to post
Share on other sites

Thank you for your suggestions and your patience.

This computer had System Restore turned off, so I am not able to use that function

I have now turned it ON, so it will be available in the future.

I went back and UNinstalled Zone Alarm, and then was able to access the internet on all 3 browers.

Then I went back to your instructions which started with the ::thumbup:: and uninstalled ComboFix.

I checked the settings for IE, and made those corrections.

I updated Avira.

I installed Zone Alarm.

I installed Windows Updates.

Do you have any other suggestions?

Everything seems to be running well now :-)

Many thanks,

Judy Lee

Link to post
Share on other sites

I thought it might be wise to get back with you regarding the results of the subsequent updates and scans I performed on this computer.

I installed and ran each of the programs I mentioned up, except using your recommended Avira instead of AVG.

Here is what Avira found:

Avira AntiVir Personal

Report file date: Thursday, November 11, 2010 15:13

Scanning for 3040644 virus strains and unwanted programs.

The program is running as an unrestricted full version.

Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus

Serial number : 0000149996-ADJIE-0000001

Platform : Windows Vista

Windows version : (Service Pack 2) [6.0.6002]

Boot mode : Normally booted

Username : SYSTEM

Computer name : HEAVENS-PC

Version information:

BUILD.DAT : 10.0.0.592 31823 Bytes 8/9/2010 11:00:00

AVSCAN.EXE : 10.0.3.1 434344 Bytes 8/2/2010 21:09:56

AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 18:57:04

LUKE.DLL : 10.0.2.3 104296 Bytes 8/2/2010 21:10:00

LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 05:40:49

VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 15:05:36

VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 01:27:49

VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 23:37:42

VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 22:37:42

VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 17:29:03

VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 21:10:03

VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 21:10:04

VBASE007.VDF : 7.10.9.165 4840960 Bytes 7/23/2010 21:10:06

VBASE008.VDF : 7.10.11.133 3454464 Bytes 9/13/2010 03:13:50

VBASE009.VDF : 7.10.13.80 2265600 Bytes 11/2/2010 03:13:57

VBASE010.VDF : 7.10.13.81 2048 Bytes 11/2/2010 03:13:57

VBASE011.VDF : 7.10.13.82 2048 Bytes 11/2/2010 03:13:57

VBASE012.VDF : 7.10.13.83 2048 Bytes 11/2/2010 03:13:57

VBASE013.VDF : 7.10.13.116 147968 Bytes 11/4/2010 03:13:58

VBASE014.VDF : 7.10.13.147 146944 Bytes 11/7/2010 03:13:59

VBASE015.VDF : 7.10.13.180 123904 Bytes 11/9/2010 03:14:00

VBASE016.VDF : 7.10.13.211 122368 Bytes 11/11/2010 20:11:25

VBASE017.VDF : 7.10.13.212 2048 Bytes 11/11/2010 20:11:25

VBASE018.VDF : 7.10.13.213 2048 Bytes 11/11/2010 20:11:25

VBASE019.VDF : 7.10.13.214 2048 Bytes 11/11/2010 20:11:25

VBASE020.VDF : 7.10.13.215 2048 Bytes 11/11/2010 20:11:25

VBASE021.VDF : 7.10.13.216 2048 Bytes 11/11/2010 20:11:26

VBASE022.VDF : 7.10.13.217 2048 Bytes 11/11/2010 20:11:26

VBASE023.VDF : 7.10.13.218 2048 Bytes 11/11/2010 20:11:26

VBASE024.VDF : 7.10.13.219 2048 Bytes 11/11/2010 20:11:26

VBASE025.VDF : 7.10.13.220 2048 Bytes 11/11/2010 20:11:27

VBASE026.VDF : 7.10.13.221 2048 Bytes 11/11/2010 20:11:27

VBASE027.VDF : 7.10.13.222 2048 Bytes 11/11/2010 20:11:27

VBASE028.VDF : 7.10.13.223 2048 Bytes 11/11/2010 20:11:27

VBASE029.VDF : 7.10.13.224 2048 Bytes 11/11/2010 20:11:28

VBASE030.VDF : 7.10.13.225 2048 Bytes 11/11/2010 20:11:28

VBASE031.VDF : 7.10.13.229 30720 Bytes 11/11/2010 20:11:28

Engineversion : 8.2.4.92

AEVDF.DLL : 8.1.2.1 106868 Bytes 8/2/2010 21:09:54

AESCRIPT.DLL : 8.1.3.46 1364347 Bytes 11/10/2010 03:14:16

AESCN.DLL : 8.1.6.1 127347 Bytes 8/2/2010 21:09:53

AESBX.DLL : 8.1.3.1 254324 Bytes 8/2/2010 21:09:53

AERDL.DLL : 8.1.9.2 635252 Bytes 11/10/2010 03:14:14

AEPACK.DLL : 8.2.3.11 471416 Bytes 11/10/2010 03:14:12

AEOFFICE.DLL : 8.1.1.8 201081 Bytes 8/2/2010 21:09:52

AEHEUR.DLL : 8.1.2.38 2990455 Bytes 11/10/2010 03:14:11

AEHELP.DLL : 8.1.14.0 246134 Bytes 11/10/2010 03:14:07

AEGEN.DLL : 8.1.3.24 401781 Bytes 11/10/2010 03:14:06

AEEMU.DLL : 8.1.2.0 393588 Bytes 8/2/2010 21:09:49

AECORE.DLL : 8.1.17.0 196982 Bytes 11/10/2010 03:14:05

AEBB.DLL : 8.1.1.0 53618 Bytes 8/2/2010 21:09:48

AVWINLL.DLL : 10.0.0.0 19304 Bytes 8/2/2010 21:09:56

AVPREF.DLL : 10.0.0.0 44904 Bytes 8/2/2010 21:09:55

AVREP.DLL : 10.0.0.8 62209 Bytes 6/17/2010 20:27:13

AVREG.DLL : 10.0.3.2 53096 Bytes 8/2/2010 21:09:55

AVSCPLR.DLL : 10.0.3.1 83816 Bytes 8/2/2010 21:09:56

AVARKT.DLL : 10.0.0.14 227176 Bytes 8/2/2010 21:09:54

AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 8/2/2010 21:09:55

SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 20:27:22

AVSMTP.DLL : 10.0.0.17 63848 Bytes 8/2/2010 21:09:56

NETNT.DLL : 10.0.0.0 11624 Bytes 6/17/2010 20:27:21

RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 19:10:20

RCTEXT.DLL : 10.0.58.0 97128 Bytes 8/2/2010 21:10:08

Configuration settings for the scan:

Jobname.............................: Complete system scan

Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp

Logging.............................: low

Primary action......................: interactive

Secondary action....................: ignore

Scan master boot sector.............: on

Scan boot sector....................: on

Boot sectors........................: C:, D:,

Process scan........................: on

Extended process scan...............: on

Scan registry.......................: on

Search for rootkits.................: on

Integrity checking of system files..: off

Scan all files......................: All files

Scan archives.......................: on

Recursion depth.....................: 20

Smart extensions....................: on

Macro heuristic.....................: on

File heuristic......................: medium

Start of the scan: Thursday, November 11, 2010 15:13

Starting search for hidden objects.

c:\program files\logitech\logitech webcam software\lu\lulnchr.exe

c:\Program Files\Logitech\Logitech WebCam Software\LU\LULnchr.exe

[NOTE] The process is not visible.

The scan of running processes will be started

Scan process 'svchost.exe' - '33' Module(s) have been scanned

Scan process 'vssvc.exe' - '50' Module(s) have been scanned

Scan process 'avscan.exe' - '80' Module(s) have been scanned

Scan process 'mcbuilder.exe' - '20' Module(s) have been scanned

Scan process 'avcenter.exe' - '71' Module(s) have been scanned

Scan process 'OSE.EXE' - '68' Module(s) have been scanned

Scan process 'InputPersonalization.exe' - '39' Module(s) have been scanned

Scan process 'iPodService.exe' - '33' Module(s) have been scanned

Scan process 'COCIManager.exe' - '41' Module(s) have been scanned

Scan process 'wmiprvse.exe' - '35' Module(s) have been scanned

Scan process 'GoogleDesktop.exe' - '91' Module(s) have been scanned

Scan process 'ehmsas.exe' - '24' Module(s) have been scanned

Scan process 'ONENOTEM.EXE' - '25' Module(s) have been scanned

Scan process 'Apntex.exe' - '26' Module(s) have been scanned

Scan process 'WDSmartWare.exe' - '109' Module(s) have been scanned

Scan process 'WDDMStatus.exe' - '31' Module(s) have been scanned

Scan process 'quickset.exe' - '81' Module(s) have been scanned

Scan process 'wmpnetwk.exe' - '89' Module(s) have been scanned

Scan process 'psi.exe' - '112' Module(s) have been scanned

Scan process 'DLG.exe' - '28' Module(s) have been scanned

Scan process 'TeaTimer.exe' - '41' Module(s) have been scanned

Scan process 'GoogleToolbarNotifier.exe' - '58' Module(s) have been scanned

Scan process 'Vid.exe' - '103' Module(s) have been scanned

Scan process 'ehtray.exe' - '31' Module(s) have been scanned

Scan process 'taskeng.exe' - '30' Module(s) have been scanned

Scan process 'iTunesHelper.exe' - '75' Module(s) have been scanned

Scan process 'HidFind.exe' - '28' Module(s) have been scanned

Scan process 'jusched.exe' - '26' Module(s) have been scanned

Scan process 'GoogleDesktop.exe' - '60' Module(s) have been scanned

Scan process 'wmpnscfg.exe' - '32' Module(s) have been scanned

Scan process 'sttray.exe' - '38' Module(s) have been scanned

Scan process 'avgnt.exe' - '53' Module(s) have been scanned

Scan process 'ApMsgFwd.exe' - '23' Module(s) have been scanned

Scan process 'EKIJ5000MUI.exe' - '34' Module(s) have been scanned

Scan process 'LWS.exe' - '69' Module(s) have been scanned

Scan process 'aolsoftware.exe' - '66' Module(s) have been scanned

Scan process 'PCMService.exe' - '58' Module(s) have been scanned

Scan process 'WLTRAY.EXE' - '64' Module(s) have been scanned

Scan process 'IAAnotif.exe' - '41' Module(s) have been scanned

Scan process 'igfxpers.exe' - '25' Module(s) have been scanned

Scan process 'igfxsrvc.exe' - '28' Module(s) have been scanned

Scan process 'hkcmd.exe' - '28' Module(s) have been scanned

Scan process 'Apoint.exe' - '38' Module(s) have been scanned

Scan process 'DellDock.exe' - '103' Module(s) have been scanned

Scan process 'Pen_Tablet.exe' - '42' Module(s) have been scanned

Scan process 'Pen_TabletUser.exe' - '24' Module(s) have been scanned

Scan process 'GoogleUpdate.exe' - '38' Module(s) have been scanned

Scan process 'WTouchUser.exe' - '38' Module(s) have been scanned

Scan process 'TabTip.exe' - '52' Module(s) have been scanned

Scan process 'WISPTIS.EXE' - '43' Module(s) have been scanned

Scan process 'taskeng.exe' - '84' Module(s) have been scanned

Scan process 'Explorer.EXE' - '155' Module(s) have been scanned

Scan process 'Dwm.exe' - '34' Module(s) have been scanned

Scan process 'taskeng.exe' - '49' Module(s) have been scanned

Scan process 'WLIDSvcM.exe' - '19' Module(s) have been scanned

Scan process 'xaudio.exe' - '17' Module(s) have been scanned

Scan process 'SearchIndexer.exe' - '62' Module(s) have been scanned

Scan process 'WLIDSVC.EXE' - '71' Module(s) have been scanned

Scan process 'svchost.exe' - '9' Module(s) have been scanned

Scan process 'WDSmartWareBackgroundService.exe' - '33' Module(s) have been scanned

Scan process 'WDDMService.exe' - '32' Module(s) have been scanned

Scan process 'ViewpointService.exe' - '33' Module(s) have been scanned

Scan process 'Pen_Tablet.exe' - '35' Module(s) have been scanned

Scan process 'svchost.exe' - '45' Module(s) have been scanned

Scan process 'STacSV.exe' - '38' Module(s) have been scanned

Scan process 'svchost.exe' - '41' Module(s) have been scanned

Scan process 'McciCMService.exe' - '33' Module(s) have been scanned

Scan process 'LVPrcSrv.exe' - '30' Module(s) have been scanned

Scan process 'ekdiscovery.exe' - '70' Module(s) have been scanned

Scan process 'avshadow.exe' - '36' Module(s) have been scanned

Scan process 'Iaantmon.exe' - '37' Module(s) have been scanned

Scan process 'mDNSResponder.exe' - '34' Module(s) have been scanned

Scan process 'AppleMobileDeviceService.exe' - '33' Module(s) have been scanned

Scan process 'avguard.exe' - '66' Module(s) have been scanned

Scan process 'svchost.exe' - '54' Module(s) have been scanned

Scan process 'aestsrv.exe' - '5' Module(s) have been scanned

Scan process 'PhotoshopElementsFileAgent.exe' - '29' Module(s) have been scanned

Scan process 'svchost.exe' - '34' Module(s) have been scanned

Scan process 'sched.exe' - '57' Module(s) have been scanned

Scan process 'spoolsv.exe' - '84' Module(s) have been scanned

Scan process 'bcmwltry.exe' - '74' Module(s) have been scanned

Scan process 'WLTRYSVC.EXE' - '18' Module(s) have been scanned

Scan process 'WLANExt.exe' - '45' Module(s) have been scanned

Scan process 'svchost.exe' - '90' Module(s) have been scanned

Scan process 'TabTip.exe' - '51' Module(s) have been scanned

Scan process 'WISPTIS.EXE' - '32' Module(s) have been scanned

Scan process 'WTouchService.exe' - '27' Module(s) have been scanned

Scan process 'DockLogin.exe' - '29' Module(s) have been scanned

Scan process 'svchost.exe' - '88' Module(s) have been scanned

Scan process 'SLsvc.exe' - '23' Module(s) have been scanned

Scan process 'svchost.exe' - '155' Module(s) have been scanned

Scan process 'svchost.exe' - '118' Module(s) have been scanned

Scan process 'svchost.exe' - '70' Module(s) have been scanned

Scan process 'svchost.exe' - '40' Module(s) have been scanned

Scan process 'svchost.exe' - '41' Module(s) have been scanned

Scan process 'lsm.exe' - '25' Module(s) have been scanned

Scan process 'lsass.exe' - '61' Module(s) have been scanned

Scan process 'winlogon.exe' - '31' Module(s) have been scanned

Scan process 'services.exe' - '34' Module(s) have been scanned

Scan process 'csrss.exe' - '14' Module(s) have been scanned

Scan process 'wininit.exe' - '27' Module(s) have been scanned

Scan process 'csrss.exe' - '14' Module(s) have been scanned

Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Boot sector 'D:\'

[iNFO] No virus was found!

Starting to scan executable files (registry).

The registry was scanned ( '1693' files ).

Starting the file scan:

Begin scan in 'C:\' <OS>

C:\Users\Heaven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\47af42d1-767f82d3

[0] Archive type: ZIP

[DETECTION] Contains recognition pattern of the JAVA/Agent.a Java virus

--> Keyworq.class

[DETECTION] Contains recognition pattern of the JAVA/Agent.a Java virus

C:\Users\Heaven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\2f02bb62-6ff6e6b7

[0] Archive type: ZIP

[DETECTION] Contains recognition pattern of the EXP/Java.Agent.U exploit

--> sklif/Hieeyfc.class

[DETECTION] Contains recognition pattern of the EXP/Java.Agent.U exploit

--> sklif/Hiydcxed.class

[DETECTION] Contains recognition pattern of the JAVA/Djewers.U Java virus

C:\Users\Heaven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\396d6f44-2e5031c8

[0] Archive type: ZIP

[DETECTION] Contains recognition pattern of the EXP/Java.Agent.B exploit

--> bin/c/Base64Coder.class

[DETECTION] Contains recognition pattern of the EXP/Java.Agent.B exploit

C:\Users\Heaven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\332a3d7c-7abc26c3

[0] Archive type: ZIP

[DETECTION] Contains recognition pattern of the JAVA/C-2009-3867.EH Java virus

--> vmain.class

[DETECTION] Contains recognition pattern of the JAVA/C-2009-3867.EH Java virus

C:\Users\Heaven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\1f68373d-266b3c42

[0] Archive type: ZIP

[DETECTION] Contains recognition pattern of the JAVA/Agent.J Java virus

--> F.class

[DETECTION] Contains recognition pattern of the JAVA/Agent.J Java virus

--> G.class

[DETECTION] Contains recognition pattern of the JAVA/Small.K Java virus

Begin scan in 'D:\' <RECOVERY>

Beginning disinfection:

C:\Users\Heaven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\1f68373d-266b3c42

[DETECTION] Contains recognition pattern of the JAVA/Small.K Java virus

[NOTE] The file was moved to the quarantine directory under the name '4901c5f3.qua'.

C:\Users\Heaven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\332a3d7c-7abc26c3

[DETECTION] Contains recognition pattern of the JAVA/C-2009-3867.EH Java virus

[NOTE] The file was moved to the quarantine directory under the name '518aea29.qua'.

C:\Users\Heaven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\396d6f44-2e5031c8

[DETECTION] Contains recognition pattern of the EXP/Java.Agent.B exploit

[NOTE] The file was moved to the quarantine directory under the name '03c9b0cf.qua'.

C:\Users\Heaven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\2f02bb62-6ff6e6b7

[DETECTION] Contains recognition pattern of the JAVA/Djewers.U Java virus

[NOTE] The file was moved to the quarantine directory under the name '65e0ff7e.qua'.

C:\Users\Heaven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\47af42d1-767f82d3

[DETECTION] Contains recognition pattern of the JAVA/Agent.a Java virus

[NOTE] The file was moved to the quarantine directory under the name '2055d232.qua'.

End of the scan: Thursday, November 11, 2010 16:32

Used time: 1:18:28 Hour(s)

The scan has been done completely.

30080 Scanned directories

308743 Files were scanned

7 Viruses and/or unwanted programs were found

0 Files were classified as suspicious

0 files were deleted

0 Viruses and unwanted programs were repaired

5 Files were moved to quarantine

0 Files were renamed

0 Files cannot be scanned

308736 Files not concerned

1476 Archives were scanned

0 Warnings

5 Notes

582659 Objects were scanned with rootkit scan

1 Hidden objects were found

I'm not sure if the 7 viruses which Avira found came from one of the updates suggested by Secunia. Updates were run for Java, Adobe products and iTunes, as well as several Windows updates. Or if they were there already and overlooked by the scans we did earlier, but I did think it was worth mentioning.

Thank you again,

Judy Lee

Link to post
Share on other sites

It doesn't appear that it did. You also need to uninstall any OLD Java.

Remove old

Please download JavaRa to your desktop and unzip it to its own folder

  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

Link to post
Share on other sites

This Java website is making me feel like a complete idiot! >.<

I clicked Update using Java's website.

I clicked Open Webpage.

I clicked the button with the steaming cup and the word "Java".

On the next screen, I chose Platform "Windows" and clicked Continue.

On the next page, I clicked the link under "Available Files"

... and I got a page that says:

Transmission Error

A transmission problem has prevented your transaction from being processed. The administrator has been notified by the system. Please try again later.

If this problem persists, please send us feedback to report this problem.

Thank you,

sun.com

sun.com

It has to be easier than this ... what am I missing?

Thank you for your help :-)

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.