Help! possible virus
#16
Posted 08 September 2011 - 07:11 AM
#17
Posted 08 September 2011 - 03:16 PM
Please download Malwarebytes' Anti-Malware to your desktop.
- Double-click mbam-setup.exe and follow the prompts to install the program.
- At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select Perform quick scan, then click Scan.
- When the scan is complete, click OK, then Show Results to view the results.
- Be sure that everything is checked, and click Remove Selected .
- When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
- Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
This scan make take awhile depending on how many items are on the computer. You may want to run it at a time you won't be needing the machine. It should be run from IE and I'd recommend not doing anything else while it's running.
http://www.eset.eu/online-scanner
Go here to run an online scannner from ESET.
Click the green ESET Online Scanner button.
Read the End User License Agreement and check the box: YES, I accept the Terms of Use.
Click on the Start button next to it.
You may receive an alert on the address bar that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then click Insall ActiveX component.
A new window will appear asking "Do you want to install this software?"".
Answer Yes to download and install the ActiveX controls that allows the scan to run.
Click Start.
Uncheck Remove found threats.
Click Scan to begin.
If offered the option to get information or buy software. Just close the window.
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
Copy and paste that log as a reply to this topic.
Can you let me know if you are still experiencing the problem after these steps.
#18
Posted 12 September 2011 - 08:27 AM
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Database version: 7698
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
9/12/2011 10:20:08 AM
mbam-log-2011-09-12 (10-20-08).txt
Scan type: Quick scan
Objects scanned: 180824
Time elapsed: 3 minute(s), 39 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
#19
Posted 12 September 2011 - 09:05 AM
#20
Posted 12 September 2011 - 10:52 AM
C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll Win32/Adware.Yontoo.A application
C:\Qoobox\Quarantine\C\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application
C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000302 JS/Kryptik.BJ.Gen trojan
Operating memory Win32/Adware.Yontoo.A application
#21
Posted 12 September 2011 - 03:31 PM
The choice is yours, but if it were my machine, I would not want this program on there.Yontoo Layers or Drop Down Deals browser add-on - creates virtual layers that can be edited to create the appearance of having made changes to the underlying website. Has ads in the layers with no obvious warning on install.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:
File::
C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000302
Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe
Refering to the picture above, drag CFScript into ComboFix.exe. ComboFix may request an update; please allow it.
When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
Download TFC to your desktop
- This tool cleans files from temp locations, and empties the Recycle Bin. If you have an objection to these locations being cleaned please stop now and let me know.
- Close any open windows.
- Double click the TFC icon to run the program
- TFC will close all open programs itself in order to run,
- Click the Start button to begin the process.
- Allow TFC to run uninterrupted.
- The program should not take long to finish it's job
- Once its finished it should automatically reboot your machine,
- if it doesn't, manually reboot to ensure a complete clean
Can you please tell me how the machine is running now?
#22
Posted 13 September 2011 - 06:49 AM
#23
Posted 13 September 2011 - 07:39 AM
Download Revo Uninstaller
- Double click the installation file on the desktop to run the installer.
- Let it install to the default location.
- Double click the new Revo Uninstaller Icon on the desktop to start the program.
You will now see a list of installed programs that Revo Uninstaller can remove.
- Locate the program you are uninstalling Yontoo
- Right Click the Icon then choose Uninstall.
- Click yes to the warning and choose the Uninstall Mode
- Choose the Advanced option and then click Next.
- This will launch the programs built in uninstaller. Be patient it can take several seconds.
- Once the uninstaller is done click Next.
- Revo Uninstaller will now scan for leftover information. Be patient it can take several seconds.
- Once this scan is done click Next.
- You will then be presented of the leftover entries found by Revo Uninstaller
- Look at ALL of the entries to ensure they relate to the uninstall.
- Next click Select All > Delete to remove the entries.
- Click Next.
- If there are any program file folders left over you will be presented with a list to be removed.
- Again look at ALL of the entries to ensure they are related to the uninstall.
- Click Select All > Delete to remove the entries.
- Click Finish to go back to the uninstall list.
- Close the program
Can you tell me if you are still experiencing the typing issues?
#24
Posted 13 September 2011 - 07:41 AM
#25
Posted 13 September 2011 - 07:56 AM
Removing malware can be very frustrating. Tools that work for one thing may not work for another. It may take several different tools to try and remove infections. There are new infections released every day, and in some cases our tools can't even see them.
In my experience, the lower number of the Combofix scan are the slowest, and once it gets to higher stages it speeds up. However, that said, 45 minutes is a long time. If it does not move soon, you can cancel the scan and see if you can delete that file manually by browsing to it and choosing right-click and delete. You should also be sure to remove Yontoo with RevoUninstaller.
Please let me know if Combofix finishes or if you delete the file manually, as well as if you were able to successfully remove Yontoo with RevoUninstaller.
#26
Posted 13 September 2011 - 08:01 AM
#27
Posted 13 September 2011 - 08:18 AM
#28
Posted 13 September 2011 - 08:21 AM
#29
Posted 13 September 2011 - 08:23 AM
#30
Posted 13 September 2011 - 09:00 AM
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users