Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

pum.bad.proxy - Keep on reappearing after cleaning it.

Started by bluewr , May 19 2011 11:56 PM

This topic is locked

#46
bluewr

Posted 23 May 2011 - 04:17 PM

Member

Topic Starter
Member
33 posts

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6643

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

2011/05/24 6:17:07
mbam-log-2011-05-24 (06-17-07).txt

Scan type: Quick scan
Objects scanned: 159482
Time elapsed: 3 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#47
Render

Posted 23 May 2011 - 04:35 PM

Trusted Helper

Malware Removal
4,195 posts

Hi,

So, you have no problems with your computer? Everything is working OK?

What worries me is that your computer doesn't like AVP Tool.

Could you please try to run it again and describe when it stops and with what error code:

Download fresh AVPTool from Here to your desktop

Run the program you have just downloaded to your desktop (it will be randomly named )

We will run a virus scan only

On the first tab select all elements down to including Computer and then select start scan (1)
Once it has finished select report (2) and post that.

Please be patient as this scan could take a long time to complete.
Click on Exit to uninstall AVP tool. You may need to restart your computer after that.

#48
bluewr

Posted 24 May 2011 - 05:15 AM

Member

Topic Starter
Member
33 posts

When I run the scann, as you asked.
Once it reach 84%(After 12+ Hour)
It freezes, and even if I press crtl+alt+Del, it doesn't appear, stating there is an error.
Then I had to restart my PC, where the scann tool would start again, but freeze, and I had to END PROCESS through window.
install it again, to remove it completely.

#49
Render

Posted 24 May 2011 - 06:33 AM

Trusted Helper

Malware Removal
4,195 posts

OK. Now please do this:

From the Start menu open your Computer
You should see something like this:

Posted Image

Right click your system partition (usually C) and select Properties

Posted Image

Select Tools tab and then Check now...
The second window will popup
Ensure you have ticks in both boxes
Then click Start
Windows will schedule it for the next boot
Reboot

Once that has completed:

Go to Start > All Programs > Accessories
Right click Command Prompt and select Run as administrator
When the prompt opens type the following bolded text and press enter

sfc /scannow (Note: There is a space between sfc and /scannow)

On completion reboot

Let me know then if there is any improvement

#50
bluewr

Posted 24 May 2011 - 03:51 PM

Member

Topic Starter
Member
33 posts

Finished both scan.
The second scan generated a log, but it's too big to be posted or attached

http://www.sendspace.com/file/vuergy

Edited by bluewr, 24 May 2011 - 03:51 PM.

#51
Render

Posted 24 May 2011 - 04:44 PM

Trusted Helper

Malware Removal
4,195 posts

Hi, bluewr

One for system not so important file has been repaired: mfds.dll (Media Foundation Direct Show wrapper).

As we can't scan your computer within Windows we will do it from external environment. For that you will need one blank CD-R and CD/DVD burner. Please follow instructions below:

Please go here and create Avira rescue CD
Boot your computer from that CD
For Boot Options choose 1 (Boot AntiVir Rescue System (default))
In Virus scanner tab click on Start scanner
When the scan is finished save the scan report and post it in your next reply
Eject and remove Avira Rescue CD
Restart your system in Windows

To set your computer BIOS to boot from a CD

Restart your computer. Watch the start-up instructions that are displayed on-screen.
A message will be displayed instructing you to press a named key (often F2, F12, or Delete) to go into settings/setup/configuration. (The key and the message will vary according to the type of computer that you are running.)
Press this key to enter the BIOS setup mode.
(If your computer is particularly fast, it may remove the message before you have the chance to press the key; in this case, try pressing the key once a second, starting the moment you reboot.)

Some examples:

On a Dell computer, you should hit F2 to enter the BIOS.
Other computers may require you to hit the DEL (Delete) button to enter the BIOS.
On newer computers, you may be able to hit F12 to select a temporary boot device rather than changing the permanent boot sequence in the BIOS itself. If your computer offers this option, simply select the CD or DVD drive containing the antivirus CD as your temporary boot device, and skip steps 2 and 3.

In the BIOS window, find the area that controls the boot sequence and rearrange the list of devices so that your CD or DVD drive is checked before your hard drive.
For most situations, a suitable sequence is:

CDROM (or DVDROM)
HD1 (or C).

If your drives are listed in this order, then when you keep the CD in your CD or DVD drive during a reboot, your computer will be told to run and check for viruses on your system. (If the hard drive is listed earlier than the CD drive, your computer will not detect the CDs presence and will simply boot into Windows.)
Save the settings and exit.
When your computer reboots, it will check the CD or DVD drive containing the disk before it checks the hard drive. You may press any key on your keyboard to boot from CD.

#52
bluewr

Posted 26 May 2011 - 11:53 AM

Member

Topic Starter
Member
33 posts

Sorry for not replying, I have other business to take care of, I'll do what you say during this weekend, and post the result next week.

#53
Render

Posted 26 May 2011 - 11:55 AM

Trusted Helper

Malware Removal
4,195 posts

OK.

#54
bluewr

Posted 03 June 2011 - 08:15 PM

Member

Topic Starter
Member
33 posts

Finished with the Avira scan.

It founeded only one virus.

/media/Disks/E:__(1.4T)/System Volume Information/_restore{4E4B45EE-05C0-4704-9ADA-5017E7C135BA}/RP2/A0001461.exe <<< Is the Trojan horse TR/Buzus.czdw [renamed]

But Malbyte is still finding the same error everytime I restart and scan it.

Edited by bluewr, 03 June 2011 - 08:17 PM.

#55
Render

Posted 04 June 2011 - 05:37 AM

Trusted Helper

Malware Removal
4,195 posts

Hi,

Looking good. Please follow the steps below:

Step 1

The steps that I am about to suggest involve modifying the registry. Modifying the registry can be dangerous so we will make a backup of the registry first.
Modification of the registry can be EXTREMELY dangerous if you do not know exactly what you are doing so follow the steps that are listed below EXACTLY. If you cannot perform some of these steps or if you have ANY questions please ask BEFORE proceeding.

Backing Up Your Registry

Download ERUNT
(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
Install ERUNT by following the prompts
(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
Start ERUNT
(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
Choose a location for the backup
(the default location is C:\WINDOWS\ERDNT which is acceptable).
Make sure that at least the first two check boxes are ticked
Press OK
Press YES to create the folder.

Step 2

Please copy the entire quted text below into Notepad:

Open Notepad (go to Start then Run and type in notepad and press Enter).
Copy the contents of the quote box below by selecting all text and press CTRL+C (or selecting all the text in the box, and right clicking on it and selecting Copy).

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"DefaultConnectionSettings"=hex:46,00,00,00,46,00,00,00,09,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,05,00,00,00,00,00,00,00,c0,4e,11,b5,af,16,cc,01,\
00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,02,00,00,00,c0,a8,01,65,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"SavedLegacySettings"=hex:46,00,00,00,4e,5d,00,00,01,00,00,00,14,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00
"Broadband Connection"=hex:46,00,00,00,39,00,00,00,01,00,00,00,14,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00
Now return to Notepad and use CTRL+V (or rightclick on the whitespace and Paste) to paste the script.
Verify that you have pasted the complete script.
Save the Notepad file to your Desktop as noproxy.reg using Save as Type: All files
Locate noproxy.reg on your desktop
Double click to run, and when prompted Allow the file to merge with your registry.

After that, Reboot your machine

If you have problems accessing the Internet after running the above script:

Open Internet Explorer go to: Tools >> Internet Options >> Connections Tab >> Lan Settings >> Under Proxy server, uncheck use a proxy server >> OK >> Apply >> OK

If you use Firefox go to Tools >> Options... >> Advanced Tab >> Network Tab >> Under Connection click Settings >> Under Configure Proxies to access the Internet, Set it to No Proxy >> OK

Step 3

Posted Image

Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

Open Malwarebytes' Anti-Malware.
Select the Update tab.
Click on Check for Updates button.
Click on OK.
Select the Scanner tab.
Select Perform quick scan, then click on Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

#56
bluewr

Posted 04 June 2011 - 01:19 PM

Member

Topic Starter
Member
33 posts

MABM quick scan comopleted

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6772

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

2011/06/05 3:19:10
mbam-log-2011-06-05 (03-19-10).txt

Scan type: Quick scan
Objects scanned: 180687
Time elapsed: 3 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#57
Render

Posted 04 June 2011 - 01:29 PM

Trusted Helper

Malware Removal
4,195 posts

Your logs shows that your system is clean. If you have no further issues with your computer, then please proceed with the following housekeeping procedures outlined below.

Removing the tools we used:

Uninstall ComboFix

Remove Combofix now that we're done with it.

Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
Now copy/paste this: ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /Uninstall, it needs to be there.
Please follow the prompts to uninstall Combofix.
This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.
You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

NEXT...

OTL Clean-Up:

Reopen on your desktop.
Click on
You will be prompted to reboot your system. Please do so.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

There are a few things I recommend you to do once your computer is completely clean:

Updates for Windows - One of the essentials is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats, Microsoft releases security updates that help your computer from becoming vulnerable. It is best if you have these set to download automatically.

How to turn on Automatic Updates for Windows:

Windows 7

Java and Adobe Reader updates

There are certain programs that are security vulnerabilities, it is recommended that you keep everything updated. Two of the main vulnerabilities are Java and Adobe Reader.

Java Updates - Java needs to be regularly updated to fix security vulnerabilities. You can download the latest version of the Java Runtime Environment (JRE) from here. Download, install and reboot your computer. You also need to uninstall older versions of Java:

Click Start
Select Control Panel
Select Add or Remove Programs
Remove all Java updates except the latest one you have just installed.

Update Adobe Acrobat Reader to latest version. You can download it HERE.

Suggestion:

Foxit is a great free PDF alternative. It uses fewer system resources and is not vulnerable to the exploits affecting Adobe Reader. Providing full PDF functionality, Foxit is rapidly becoming the PDF reader of choice for many. Get it here.

Other Software Updates - Go HERE to scan your computer for any out of date software at least once per week. The vast majority of virus, worm and spyware infections could have been prevented, if the user had kept their software up-to-date. You should do everything you can to keep your software up-to-date. Doing so will help you prevent infections and the headaches that follow them.

Web Browsers - Picking the right internet browser is very important. You need to find one that suits your needs but that is also safe. All browsers listed below are far more secure than Internet Explorer, immune to almost all known browser hijackers, and also have the best built-in pop up blockers.

Although, if you prefer staying with Internet Explorer I highly recommend you do this :

Make Internet Explorer more secure:

Click Start > Run
Type Inetcpl.cpl & click OK
Click on the Security tab
Click Reset all zones to default level
Make sure the Internet Zone is selected & Click Custom level
In the ActiveX section, set the options Download signed and unsigned ActiveX controls to Prompt, and Initialize and Script ActiveX controls not marked as safe to Disable.
Next click OK, then Apply button and then OK to exit the Internet Properties page.

Tips to protect yourself against malware and reduce the potential for re-infection:

Now after all these steps, your PC will be more secure. However it is important to note that you can still get infected if you are not careful. One of the best security programs you can have is common sense. As malware gets more sophisticated, you need to be more wary. If you do get caught though and the above steps can't help prevent it, we will be here to help you out.

Stay secure and thank you for choosing GeeksToGo.

#58
Render

Posted 12 June 2011 - 05:50 AM

Trusted Helper

Malware Removal
4,195 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.