[emeraldnzl]

It seems the culprit is Windows Live ID Sign-In Helper. I don't see a way to remove it from Add/Remove Programs. Any suggestions?

Interesting... I haven't seen a 64 bit infection myself before although others here have.

I thought it was a legit add-on.

Masquerading as legit.

Now

Please run OTL.exe

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  O2 - BHO: (Windows Live ID Sign-in Helper) - {7923162E-3359-1CF7-3F1B-2B900150328B} - C:\Windows\SysWOW64\oleautt32.dll ()
  
  :Commands
  [resethosts]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot when it is done
• It will produce a log for you on reboot, please post that log in your next reply.

[Advertisements]

It seems to be gone from Add-ons and no longer an issue. I'd say it's resolved! Thanks very much for the help.

[factory]

It seems to be gone from Add-ons and no longer an issue. I'd say it's resolved! Thanks very much for the help.

[emeraldnzl]

Hello factory,

Just a couple of things to do.

Firstly, often infection comes bundled so we should run a scan to make sure we haven't missed anything.

Secondly, we need to remove the tools we have been using and reset your machines restore points. Even when we remove infection it can still remain in System Restore.

Now

Please run a free online scan with the ESET Online Scanner
Note: ESET was designed to run with Internet Explorer, compatibility with other browsers has been added recently but if you find difficulty, go to using Internet Explorer

• Click the green ESET Online Scanner box
• Tick the box next to YES, I accept the Terms of Use
• You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
• Click Start and if your security program asks you if you want to allow the program, click yes.
• If you anti-virus is active you may see a panel appear warning you that this may affect performance. Disabling the programs listed may speed things along.
• Make sure that the options Remove found threats and Scan archives are checked (do not worry about advanced settings)
• Click Scan (This scan can take several hours, so please be patient)
• Once the scan is completed, you may close the window
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt (open Notepad > File > Open and navigate to the log.txt)
• Copy and paste that log as a reply to this topic.

After that, all going well we can go to clearing away the tools we have been using.

[factory]

I didn't save the log before uninstalling the scanner. Sorry about that. It did find one infection and I asked it to delete it. The file was oleautt32.dll from the DLLSTORE directory.

[emeraldnzl]

The file was oleautt32.dll from the DLLSTORE directory.

That one is responsible for redirects so maybe we have got the beggar.

How is your machine now?

[factory]

It seems just fine - back to normal. Thanks again. A great rest of the weekend to you and Happy Holidays!

[emeraldnzl]

Hello again factory,

We have a couple of last steps to perform and then you're all set.

• Double-click OTL.exe to run it. (Vista users, please right click on OTL.exe and select "Run as an Administrator")
• Click on the CleanUp! button
• You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

MBAM can be uninstalled via control panel add/remove but it may be a useful tool to keep.

Next, we need to clean your restore points and set a new one (if we don't do this infection can still hide in there even when we have removed it elsewhere):

Please go here for directions on how to do this. You need to turn System Protection off to delete all old restore points, reboot and then turn System Protection back on to create a new restore point.

-------------------------------------------------------------------------------------------------------------------

A reminder: Remember to turn back on any anti-malware programs you may have turned off during the cleaning process.

-------------------------------------------------------------------------------------------------------------------

Now that your machine is clean here are some things that I think are worth having a look at if you don't already know about them:

---------------------------------------------------------------------------------------------------------------------

Regularly check that your Java is up to date. Older versions are vunerable to malicious attack.

• Download from here Java Runtime Environment (JDK) Update
• Scroll to where it says "Windows XP/Vista/2000/2003/2008 online" and download and follow the instructions to install.
  
  Reboot your computer.
  You also need to uininstall older versions of Java.
  
• Click Start > Control Panel > Programs
• Remove all Java updates except the latest one you have just installed.

--------------------------------------------------------------------------------------------------------------------

Be sure and give the Temp folders a cleaning out now and then. This helps with security and your computer will run more efficiently. I clean mine once a week.

For ease of use, you might consider the following free program:

• TFC.exe

---------------------------------------------------------------------------------------------------------------------

To reduce the amount of fragmentation in your machines file system occasionally run a defragmenter utility. You can use your built in program (Start > Programs > Accessories > System Tools > Disk Defragmentor) or alternatively here is a program you can download and use: Puran Disc Defragmenter

---------------------------------------------------------------------------------------------------------------------

Make Internet Explorer more secure

• Click Start > Run
• Type Inetcpl.cpl & click OK
• Click on the Security tab
• Click Reset all zones to default level
• Make sure the Internet Zone is selected & Click Custom level
• In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
• Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* Consider using an alternate browser.

Opera may be downloaded from here. It is one of the least targeted of all browers.

Avant may be downloaded from here. Another one that is less well known.

Firefox may be downloaded from Here. I use Firefox because I like it. Used to be one of the safest but now targeted probably as much as IE.

Adblock Plus is a good Add-on for Firefox that helps prevent those annoying pop ups.

-----------------------------------------------------------------------------------------------------------------------

To help protect your computer in the future here are some free programs you can look at:

• If you do not already have automatic updates set then it is recommended that you do set Windows to check, download and install your updates automatically.
  
  * Click Start > Control Panel > System and Security > Windows Update
  * Under Windows Update click on Turn automatic updating on or off
  * Check items shown to ensure you receive updates automatically. Click OK.
  
  And to keep your system clean consider choosing from these free for home use malware scanners and updating and running weekly.
  
• Malwarebytes
• SuperAntiSpyWare

Be aware of what emails you open and websites you visit.

Go here for some good advice about how to prevent infection.

Have a safe and happy computing day!

[emeraldnzl]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.