Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Bloodhound.Exploit.343


  • This topic is locked This topic is locked

#31
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hello,

Don't forget to answer this two questions in your next reply:
  • Is your antivirus Microsoft Security Essentials?
  • Please tell me how's your computer running and if there are any other problems



Next:
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL

    :Services

    :Reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{610D4650-97C9-47CB-B8CB-7E27E3019FC0}" =-
    "TCP Query User{35139361-76A4-4C9C-8E78-AD0CED309B5A}C:\program files\garena\garena.exe" =-
    "TCP Query User{C85D13FD-D8A3-4D8C-A976-C8BA99603E62}C:\program files\funshion online\funshion\funshionservice.exe" =-
    "UDP Query User{5B650529-2A7E-4F6F-82B2-FFFE928B514E}C:\program files\funshion online\funshion\funshionservice.exe" =-
    "UDP Query User{D9B6F97A-F089-4E26-AB3F-6EEC7E4807C4}C:\program files\garena\garena.exe" =-

    :Files

    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.


Next:
Please go to Start, Click Control Panel , click Programs and then click Programs and Features
Uninstall the following programs:

Java™ 6 Update 3
Java™ 6 Update 5
Garena 2010


  • 0

Advertisements


#32
WizMaster

WizMaster

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
Hello!

Yes. Window Essential is my new antivirus. It prompt me to install when i didnt had one. So i just installed it.

Pc seems to be running alright now.

Uninstalled programmes which you have indicated.

Log as per requested.
--------------------------------------------------------------

All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{610D4650-97C9-47CB-B8CB-7E27E3019FC0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{610D4650-97C9-47CB-B8CB-7E27E3019FC0}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{35139361-76A4-4C9C-8E78-AD0CED309B5A}C:\program files\garena\garena.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{C85D13FD-D8A3-4D8C-A976-C8BA99603E62}C:\program files\funshion online\funshion\funshionservice.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{5B650529-2A7E-4F6F-82B2-FFFE928B514E}C:\program files\funshion online\funshion\funshionservice.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{D9B6F97A-F089-4E26-AB3F-6EEC7E4807C4}C:\program files\garena\garena.exe deleted successfully.
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: acer
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 5121498 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1046 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: TEMP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: TEMP.S10061269
->Temp folder emptied: 0 bytes

User: TEMP.S10061269.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1074043 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 6.00 mb


[EMPTYFLASH]

User: acer
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: TEMP
->Flash cache emptied: 0 bytes

User: TEMP.S10061269

User: TEMP.S10061269.000
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb



OTL by OldTimer - Version 3.2.22.3 log created on 06082011_230752

Files\Folders moved on Reboot...
C:\Users\acer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KNOSY6Y8\xd_proxy[1].htm moved successfully.
C:\Users\acer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\E4BGHNGT\like[1].htm moved successfully.
C:\Users\acer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1EKHYXS1\page__pid__2022094__st__30[1].htm moved successfully.

Registry entries deleted on Reboot...
  • 0

#33
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Congratulations! Your logs are clean! :) Now that you are clean, please follow these precautions in order to keep safe:


Over the course of the fix you've used a variety of special tools to help with the cleaning process - none of these are of any use to you now that you're clean, and it's best not to have them hanging around on your computer.

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done


Next:


Uninstall ComboFix from your computer:
  • Click on Start > Run
  • Type Combofix /Uninstall in the run box and click Ok. Note the space between the x and the /u, it needs to be there.
    Posted Image


Next:


Note: If you are using Firefox I would suggest the use of these add-ons:
  • NoScript - for blocking ads and other potential website attacks.
  • McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling.


Next:


Automatic Updates for Windows
  • Click Start.
  • Select Settings and then Control Panel.
  • Select Automatic Updates.
  • Click Automatic (recommended)
  • Choose a day and a time when you know the computer will be on and connected to the internet.
  • Click Apply then OK.


Next:


Antivirus - No need to explain how important is the use of ONE antivirus. It is not recommended to run more than one firewall or anti-virus program. Running more than one of these at a time can cause system crashes, high system usage and/or conflicts with each other
If you already have one installed, keep it.


Next:


Additional security programs - For additional security, the use of these tools is important:
  • Malwarebytes Anti-Malware. - Update the free version and scan with it often. It is an excellent scanning tool to have on your side.
  • Javacool's SpywareBlaster: - It will protect you from most spy/foistware in it's database by blocking installation of their ActiveX objects.
    Download and install, download the latest updates, and you'll see a list of all spyware programs covered by the program (NOTE: this is NOT spyware found on your computer)

    Press "Enable All Protection", and you're done.
    The spyware that you told Spywareblaster to set the "kill bit" for won't be a hazard to you any longer.
    Although it won't protect you from every form of spyware known to man, it is a very potent extra layer of protection.
    Don't forget to check for updates every week or so.
  • The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer. This little program packs a powerful punch as it block ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial

Next:

Upgrading Java:
  • Go here and click Do I have Java
  • It will check your current version and then offer to update to the latest version, if there are any.


Next:


Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.


Next:


Keep a backup of your important files to prevent future data loss.


Happy safe computing !! :unsure:
  • 0

#34
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
There's one last thing that remains to do, not so essential if you're not experiencing any problems, but if you want to proceed, tell me when you return :)
  • 0

#35
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP