Do you want me to do an Automatic Scan or the Manual Disinfection Scan?
Google desktop gadget virus (HJT log included)
#16
Posted 30 July 2011 - 01:24 PM
Do you want me to do an Automatic Scan or the Manual Disinfection Scan?
#17
Posted 30 July 2011 - 01:35 PM
#18
Posted 30 July 2011 - 06:09 PM
I know why this might be happening. 1 hour back, I was on a website (www.fnuz.com) trying to watch a movie online. It asked me to download the XVID codec/HD player,etc. to watch the movie in the browser. The XVID program I downloaded was bundled with some adware like ClickPotato, Shopper something,etc. I tried hard to remove them but they would freeze my PC when I clicked Uninstall in the Add/Remove programs. I finally used Malwarebytes' Anti-Malware's FileASSASSIN to delete the files in the C:\Program Files\Shopper,ClickPotato folders. I also emptied my entire LocalSettings\TEMP folder (not sure if I deleted some important files there). After that, to make sure I was rid of them (which I wasn't or maybe am not yet), I downloaded
1) Super Anti-Spyware 2) Spyware Blaster 3) Spybot S&D 4) Ad-aware 5) ESET Online Scanner and scanned with everything. All of them showed adware/trojans in the System Restore folders and others too (if I am not wrong) and the same goes for MBAM. I am attaching the logs of Ad-aware, ESET and MBAM if that helps.
How do I get the Kaspersky tool working now? Maybe something above screwed it up. I've already uninstalled all the programs except MBAM.
Attached Files
Edited by geekyandhow, 30 July 2011 - 06:42 PM.
#19
Posted 30 July 2011 - 06:33 PM
Attached Files
Edited by geekyandhow, 30 July 2011 - 06:36 PM.
#20
Posted 31 July 2011 - 03:15 AM
Never accept a codec download or a flashplayer update from any website except the legitimate site i.e. Adobe otherwise you will get infectedIt asked me to download the XVID codec/HD player,etc. to watch the movie in the browser. The XVID program I downloaded was bundled with some adware like ClickPotato, Shopper something,etc. I tried hard to remove them but they would freeze my PC when I clicked Uninstall in the Add/Remove programs.
OK lets start again
To ensure that I get all the information this log will need to be attached (instructions at the end) if it is too large to attach then upload to Mediafire and post the sharing link.
Download OTS to your Desktop
- Close ALL OTHER PROGRAMS.
- Double-click on OTS.exe to start the program.
- Check the box that says Scan All Users
- Under Additional Scans check the following:
Reg - Drivers32
Reg - NetSvcs
Reg - SafeBoot Minimal
Reg - Shell Spawning
Evnt - EventViewer Logs (Last 10 Errors)
File - Lop Check
- Under the Custom Scan box paste this in
%USERPROFILE%\..|smtmp;true;true;true /FP
%SYSTEMDRIVE%\*.exe
/md5start
volsnap.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
CREATERESTOREPOINT
- Now click the Run Scan button on the toolbar.
- Let it run unhindered until it finishes.
- When the scan is complete Notepad will open with the report file loaded in it.
- Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
#21
Posted 31 July 2011 - 06:44 AM
Yes, once bit twice shy, I will make sure never to download such codecs in future from rogue sites.
Attaching the OTS log below
Thanks
Attached Files
Edited by geekyandhow, 31 July 2011 - 06:45 AM.
#22
Posted 31 July 2011 - 07:42 AM
Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.
[Unregister Dlls] [Registry - Safe List] < FireFox Extensions [Program Folders] > -> YN -> No name found -> YY -> No name found -> C:\DOCUMENTS AND SETTINGS\NEVILLE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\98OQXJ7J.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI YY -> No name found -> C:\DOCUMENTS AND SETTINGS\NEVILLE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\98OQXJ7J.DEFAULT\EXTENSIONS\{B9615918-D3DE-44A4-AB65-76DF7EA1F1C1}.XPI YY -> No name found -> C:\DOCUMENTS AND SETTINGS\NEVILLE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\98OQXJ7J.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI < Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ YN -> CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> [Reg Error: Key error.] < Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ YN -> CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> [Reg Error: Key error.] < Internet Explorer Extensions [HKEY_USERS\S-1-5-21-1757981266-861567501-1606980848-1003\] > -> HKEY_USERS\S-1-5-21-1757981266-861567501-1606980848-1003\Software\Microsoft\Internet Explorer\Extensions\ YN -> {1FBA04EE-3024-11d2-8F1F-0000F87ABD16}\\"ButtonText" [HKLM] -> [Reg Error: Key error.] YN -> {1FBA04EE-3024-11d2-8F1F-0000F87ABD16}\\"CLSID" [HKLM] -> [{0000031A-0000-0000-C000-000000000046}] YN -> {1FBA04EE-3024-11d2-8F1F-0000F87ABD16}\\"Default Visible" [HKLM] -> [Reg Error: Key error.] YN -> {1FBA04EE-3024-11d2-8F1F-0000F87ABD16}\\"Exec" [HKLM] -> [Reg Error: Key error.] YN -> {1FBA04EE-3024-11d2-8F1F-0000F87ABD16}\\"HotIcon" [HKLM] -> [Reg Error: Key error.] YN -> {1FBA04EE-3024-11d2-8F1F-0000F87ABD16}\\"Icon" [HKLM] -> [Reg Error: Key error.] YN -> {1FBA04EE-3024-11d2-8F1F-0000F87ABD16}\\"MenuStatusBar" [HKLM] -> [Reg Error: Key error.] YN -> {1FBA04EE-3024-11d2-8F1F-0000F87ABD16}\\"MenuText" [HKLM] -> [Reg Error: Key error.] YN -> CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> [Reg Error: Key error.] < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ YN -> {F3F4529B-486A-495D-9B36-F1BDE61424DD}\\NameServer -> 59.185.0.50,59.185.0.23 (NVIDIA nForce Networking Controller) [Files/Folders - Created Within 30 Days] NY -> Xvid -> C:\Program Files\Xvid [Files - No Company Name] NY -> xvid.ax -> C:\WINDOWS\System32\xvid.ax [Purity] [Empty Temp Folders] [EmptyFlash] [CreateRestorePoint]
The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here
I will review the information when it comes back in.
Depending on what the fix contains, this process may take some time and your desktop icons might disappear or other uncommon behavior may occur.
This is no sign of malfunction, do not panic!
#23
Posted 31 July 2011 - 07:57 AM
Also, the taskbar works fine but when I open IE, multiple iexplore.exe processes open up. When I close one of the process in the task manager, IE says that one tab was closed or something, so I guess it's some tab problem, etc.
Also, all the other problems I mentioned in my original post are still there
#24
Posted 31 July 2011 - 08:11 AM
The Eset and Adaware are just reporting system restore elements - they are not a problem currently and will be removed when we clean up
With IE go to Control panel > internet options and ensure that you only have one start page
#25
Posted 31 July 2011 - 08:13 AM
Edited by geekyandhow, 31 July 2011 - 08:19 AM.
#26
Posted 31 July 2011 - 08:19 AM
#27
Posted 31 July 2011 - 08:22 AM
Everything else is OK for now.
#28
Posted 31 July 2011 - 08:26 AM
Subject to no further problems
I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems
Now the best part of the day ----- Your log now appears clean
A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
:Commands
[resethosts]
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
Uninstall ComboFix
Remove Combofix now that we're done with it.
- Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
- Now copy/paste this: ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /Uninstall, it needs to be there.
- Please follow the prompts to uninstall Combofix.
- This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.
- You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.
Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.
We will now confirm that your hidden files are set to that, as some of the tools I use will change that
- Click Start.
- Open My Computer.
- Select the Tools menu and click Folder Options.
- Select the View Tab.
- Under the Hidden files and folders heading select Do not show hidden files and folders.
- Click Yes to confirm.
- Click OK.
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application.
Upgrading Java:
- Go to this site and click Do I have Java
- It will check your current version and then offer to update to the latest version
SPRING CLEAN
Download and run Puran Disc Defragmenter
For the first run I would recommend a boot defrag and disk check
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Malwarebytes. Update and run weekly to keep your system clean
Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link
It is critical to have both a firewall and anti virus to protect your system and to keep them updated.
To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe
#29
Posted 31 July 2011 - 08:44 AM
When I tried to uninstall Combofix using the Run command, it says there is no such file. Maybe, I deleted it manually after we used it 2 days back itself.
Verified Java Version: Congratulations! You have the recommended Java installed (Version 6 Update 26).
I already have Smart Defrag, do I still need the Puran Disc Defragmenter? Is a boot defrag necessary? I read somewhere that it should not be done unless some MFT, pagefiles, etc I think have more than 5 fragments but I only have 1 as shown (excuse me if I am wrong, I am not that technically-literate).
For protection/cleaning, I have AVG Internet Security, Malwarebytes, WinPatrol and CCleaner. Do I need more programs?
Thanks
P.S. WinPatrol is showing me this alert (see Attachment) for some HOSTS file, should I accept the change?
Edited by geekyandhow, 31 July 2011 - 08:46 AM.
#30
Posted 31 July 2011 - 08:50 AM
No smart defrag is good
No for the antimalware/AV that is a good layered combination
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users