[blueblue]

testing to see if attachments go, reconfigured NoScript, if this don't work I'll go to IE after setting security. OK it doesn't look like it took. Darnit.

bb

Edited by blueblue, 10 March 2012 - 02:30 PM.

[Advertisements]

When you open OTL.txt in Notepad is it formated right? It should look like log in your first post in this topic.

Can you try to post result (not attach) one more time. If you fail then let's try to continue with steps to clean PC. We'll try run Combofix. After the scan please try to post log.

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

• Double click on ComboFix.exe & follow the prompts.
• Accept the disclaimer and allow to update if it asks
  
  
  
  
• When finished, it shall produce a log for you.
• Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

[maliprog]

When you open OTL.txt in Notepad is it formated right? It should look like log in your first post in this topic.

Can you try to post result (not attach) one more time. If you fail then let's try to continue with steps to clean PC. We'll try run Combofix. After the scan please try to post log.

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

• Double click on ComboFix.exe & follow the prompts.
• Accept the disclaimer and allow to update if it asks
  
  
  
  
• When finished, it shall produce a log for you.
• Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

[blueblue]

Hi I'm sorry to say I can't use that progam because it needs to update something on that machine but that machine is not set up to go online anymore. If I use it as is, the program won't be able to clean anything serious. That's what it said. bb

[maliprog]

OK. I manage to reconstruct your OTL log and there is nothing suspicious. We'll try VRT now.

Download Virus Removal Tool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right



Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan


Allow Virus Removal Tool to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post

[blueblue]

Hi, thanks for all your help. I put that program on the offline machine a few days ago, so I'm gonna run it now and post the log as soon as I can. Sincerely, bb

[blueblue]

Hi, the scan just finished, found 10 low level threats from mostly programs I had on there when I used to go online. Here's the log. This time I maximized the notepad program so it would be set up properly. I hope it's readable. Thanks again for all your help. bb Status: Vulnerability (events: 10) 3/12/2012 1:13:19 PM Vulnerability vulnerability http://www.securelis...dvisories/48089 C:\Documents and Settings\All Users\Application Data\Mozilla Firefox\firefox.exe Low 3/12/2012 1:35:30 PM Vulnerability vulnerability http://www.securelis...dvisories/47133 C:\Documents and Settings\Professor A\Desktop\Reader\AcroRd32.exe Low 3/12/2012 1:49:48 PM Vulnerability vulnerability http://www.securelis...dvisories/40775 C:\Documents and Settings\Professor A\My Documents\OpenOffice.org 3\program\soffice.bin Low 3/12/2012 1:55:16 PM Vulnerability vulnerability http://www.securelis...dvisories/41112 C:\Documents and Settings\sunset\temp\TeamViewer\Version5\TeamViewer.exe Low 3/12/2012 2:03:10 PM Vulnerability vulnerability http://www.securelis...dvisories/48009 C:\Program Files\Java\jre6\bin\java.exe Low 3/12/2012 2:08:58 PM Vulnerability vulnerability http://www.securelis...dvisories/40775 C:\Program Files\OpenOffice.org 3\program\soffice.bin Low 3/12/2012 3:17:26 PM Vulnerability vulnerability http://www.securelis...dvisories/47932 C:\WINDOWS\system32\Adobe\Shockwave 11\SwInit.exe Low 3/12/2012 3:29:54 PM Vulnerability vulnerability http://www.securelis...dvisories/47133 c:\Documents and Settings\Professor A\Desktop\Reader\AcroRd32.exe Low 3/12/2012 3:30:24 PM Vulnerability vulnerability http://www.securelis...dvisories/46618 c:\Program Files\QuickTime\QuickTimePlayer.exe Low 3/12/2012 3:30:28 PM Vulnerability vulnerability http://www.securelis...dvisories/40775 c:\Program Files\OpenOffice.org 3\program\soffice.exe Low

[maliprog]

OK. I don't see any infection now. How is your PC doing? Any specific problem?

[blueblue]

Hi, thank you for all your help. I fixed the main problem with the offline machine after getting a clean bill of health, it's working fine now. That problem had nothing to do with any AV, but I'm glad I checked it out anyway. I had to reinstall a driver for the audio. I'll be checking a 3rd machine that doesn't get online, to make sure I didn't transfer any malware to it, also. My online machine is having some other issues but since it seems to be clean, I can get help with those, they're OS issues; slow startup and shutdown, and I did my best with those, I may consult my "Windows 7 for Dummies" book on that one. The other problem is, when I create a new account, it won't load properly. I don't know when this started happening. A month ago I noticed this. I wish I could afford to donate something to you for all your help and patience. You are a very good geek. My big question now is, what about what's in the quarentine programs? I have 3 programs that have quarentined things, 2 may be false positives, another is the original one I came here about, the others came later. The other machine we worked on together also has something in quarentine, the same thing I came here about, the system32 file and, oh I have a question about some suspicious files that have a date of 1899. I think I blocked them with the firewall. I have a log I created with them listed in it, looked them up in the firewall program and copied them into a txt file. I'm really anxious to be sure everything's ok so I can apply to GeekU, then I can pay it forard and help someone else, if I graduate. Thank you again for all your help. Thumbs Up to you! Sincerely, bb

[maliprog]

Hi blueblue,

My big question now is, what about what's in the quarentine programs? I have 3 programs that have quarentined things, 2 may be false positives, another is the original one I came here about, the others came later.

The best thing to do is delete quarentine files. There is no need for them to be there.

Your logs and system are clean now. I'm glad we fix up your computer. We need to clean up your PC from programs we used.

Step 1

Please start OTL one more time and click CleanUp button. OTL will restart your system at the end. Remove all other application we used to clean your PC.

General recommendations

Here are some recommendations you should follow to minimize infection risk in the future:

1. Enable Windows Update

• Click Start, click Run, type sysdm.cpl, and then press ENTER.
• Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them option.
• Click OK button

2. Delete Temp files

Download TFC to your desktop

• Open the file and close any other windows.
• It will close all programs itself when run, make sure to let it run uninterrupted.
• Click the Start button to begin the process. The program should not take long to finish its job
• Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

  
3. Make Backups of Important Files

Please read this article Home Computer Data Backup.


4. Regularly update your software

To eliminate design flaws and security vulnerabilities, all software needs to be updated to the latest version or the vendor’s patch installed.

You should download Update Checker from here. The program will automaticly check for newer version of software installed on your system.

[blueblue]

Hi, I will do these things as soon as I can, today I have other stuff to do. Updating is something I do often, and I have Secunia PSI that tells me when a program in insecure, needs fixing or updating. Thank you for all your help. I will write again later. Sincerely, bb

[blueblue]

Hi, I ran the OTL cleanup. About that other update program, do I really need it, considering I have one that tells me when I need an update, or patch? It tells me when a program is insecure, what it needs, and usually has a link to the solution. Some programs update automatically, some don't. I like it a lot, have had it for about 4 years. Thanks again for all your help. If I can I will donate something to you, but it won't be much, though I feel your services are worth more than I could put a price on. Sincerely, bb

[maliprog]

You don't have to use Update Checker. It's OK.

Thank you for your donation! I really appreciate it! Goodbye and see you in Geek U

[maliprog]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.