Blocked connexions from opera/svchost

[Mortbise]

As far as I can tell, everything is back to normal. No sign of suspicious browser behavior, scans find nada. I'm pretty much sure it's a successful disinfection (well as much sure as one can hope to be when it comes to security).

Just a comment about SecurityChecker, remembering it mentioned a couple slightly outdated components, I updated them, but it still reports java (I just installed the latest update 26 suggested by java) and Thunderbird (just had a check to see if hot-fixes had come since I installed it 10-ish days ago) outdated though there's no update available.

Else, your fine job is, I guess, over (with me at least).

SecurityCheck and ESET report:

Results of screen317's Security Check version 0.99.7

Windows 7 (UAC is disabled!)

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Avira AntiVir Personal - Free Antivirus

ESET Online Scanner v3

WMI entry may not exist for antivirus; attempting automatic update.

Avira successfully updated!

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Java 6 Update 26

Out of date Java installed!

Adobe Flash Player 10.3.181.34

Mozilla Firefox (3.6.13)

Mozilla Thunderbird (5.0.) Thunderbird Out of Date!

````````````````````````````````

Process Check:

objlist.exe by Laurent

Avira Antivir avgnt.exe

Avira Antivir avguard.exe

``````````End of Log````````````

- - - - - - - - -

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)

# OnlineScanner.ocx=1.0.0.6528

# api_version=3.0.2

# EOSSerial=

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-07-08 03:22:24

# local_time=2011-07-08 05:22:24 )

# country="France"

# lang=9

# osver=6.1.7600 NT

# compatibility_mode=1797 16775165 100 94 18347 44299015 11143 0

# compatibility_mode=5893 16776574 100 94 2801217 61765818 0 0

# compatibility_mode=8192 67108863 100 0 2051049 2051049 0 0

# scanned=203395

# found=1

# cleaned=1

# scan_time=2576

D:\Applis\Softs\Unlocker1.9.0-x64.exe Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C

[screen317]

Hi,

That's fine.

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

Reboot and let me know what issues remain.

[Mortbise]

'Lo.

Uninstalling done, everything still fine, as far as I can tell.

No suspicious behavior spotted since tdsskiller ran.

Peace is back.

[screen317]

Great!

I highly recommend the PRO version of MBAM; with it, it's likely that this issue would have been prevented in the first place.

Now that your computer seems to be in proper working order, please take the following steps to help prevent reinfection:

1) Download and install Javacool's SpywareBlaster, which will prevent malware from being installed on your computer. A tutorial on it can be found here.

2) Go to Windows Update frequently to get all of the latest updates (security or otherwise) for Windows.

3) Make sure your programs are up to date! Older versions may contain security risks. To find out what programs need to be updated, please run Secunia's Software Inspector.

4) WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

• Green to go
  
• Yellow for caution
  
• Red to stop
  

WOT has an addon available for both Firefox and IE.

5) Be sure to update your Antivirus and Antispyware programs often!

Finally, please also take the time to read Tony Klein's excellent article on: So How Did I Get Infected in the First Place?

Safe surfing,

-screen317

[screen317]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!