[Dakeyras]

Hi.

OK, reinstalled IE8. Everything looking good! Back posting on my main computer. Internet Explorer working properly. No google redirects. Got all my icons and taskbar. No issues whatsoever that I can see!

Good.

Giving the nature of the infection(s) we have been dealing with I think it prudent to run one final scan to double check as follows...

TFC(Temp File Cleaner):

• Please download TFC to your desktop,
• Save any unsaved work. TFC will close all open application windows.
• Double-click TFC.exe to run the program.
• Click the Start button in the bottom left of TFC
• If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot.

ESET Online Scanner:

Note: You will need to disable your current installed Anti-Virus, how to do so can be read here.

• Please go here to run the scan...
• Select the option YES, I accept the Terms of Use then click on:
• When prompted allow the Add-On/Active X to install.
• Make sure that the option Remove found threats is Not checked, and the option Scan archives is checked.
• Now click on Advanced Settings and select the following:

• • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
• Now click on:
• The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
• When completed the Online Scan will begin automatically.
• Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
• When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
• Now click on:
• Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
• Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

[Advertisements]

OK, ran TFC.exe and online ESET scanner. One threat found. Here's the logfile:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=0de64c2d8de50c4695e075a26008e5c4
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-08-15 11:52:36
# local_time=2012-08-15 06:52:36 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 30326407 30326407 0 0
# compatibility_mode=1024 16777191 100 0 28837778 28837778 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=44294
# found=1
# cleaned=0
# scan_time=1740
C:\Documents and Settings\Bruce\Desktop\Setup files\driver_fusion_1.1.1.exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I

[brucers]

OK, ran TFC.exe and online ESET scanner. One threat found. Here's the logfile:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=0de64c2d8de50c4695e075a26008e5c4
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-08-15 11:52:36
# local_time=2012-08-15 06:52:36 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 30326407 30326407 0 0
# compatibility_mode=1024 16777191 100 0 28837778 28837778 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=44294
# found=1
# cleaned=0
# scan_time=1740
C:\Documents and Settings\Bruce\Desktop\Setup files\driver_fusion_1.1.1.exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I

[Dakeyras]

Hi.

One threat found.

That appears to be what is known as a False Positive detection against a installer for Treexy's Driver Fusion software. I do not know much about this particular application but from my own experience such types of so called Driver related tools rarely work as should and the chance they may create more problems than actually solve anything.

Anyway the actual installation file you have is out of date, so my friendly advice would be delete it and if you have installed the software recently, uninstall it etc.

New Adobe Reader Installation:

• Go here and click on AdbeRdr1014_en_US.exe to download the latest version of Adobe Reader.
• Save this file to your desktop and run it to install the latest version of Adobe Reader.
• After the new Reader is installed, Open Adobe Reader X.
• OK the license.
• Click on Edit and select Preferences.
• On the Left, click on the Javascript category and Uncheck Enable Acrobat Javascript.
• Click on the Security (Enhanced) category and Uncheck Automatically trust sites from my Win OS security zones.
• Click on the Trust Manager category and Uncheck Allow opening of non-PDF file attachments with external applications.
• Click the OK button

New Java Installation:

• Click here to visit Java's website.
• Scroll down to Java SE 7u6. Click on JRE Download.
• Check (tick) Java SE Runtime Environment 7u6 License Agreement box.
• Click on jre-7u6-windows-i586.exe link next to Windows x86 Offline to download it and save this to your desktop.
• Double-click on on jre-7u6-windows-i586.exe to install Java.

Next:

Let myself know when completed the above and if any further issues remaining. If not we will clean up all tools used during the Malware Removal process and I will provide some advice about online safety etc.

[brucers]

OK, uninstalled Driver Fusion and installed Adobe and Java. Everything looks good. No issues!

[Dakeyras]

Hi.

OK, uninstalled Driver Fusion and installed Adobe and Java. Everything looks good. No issues!

Good...Congratulations your computer appears to be malware free!

Now I have some tasks for your good self to carry out as part of a clean up process and some advice about online safety.

Importance of Regular System Maintenance:

I advice you read both of the below listed topics as this will go a long way to keeping your Computer performing well.

Help! My computer is slow!

Also so is this:

What to do if your Computer is running slowly

Uninstall ComboFix:

• Click on Start >> Run...
• Now type in ComboFix /Uninstall into the and click OK.
• Note the space between the X and the /Uninstall, it needs to be there.
• 

Note: The above process will also flush all (infected) System Restore points and create a new clean/safe one.

Clean up with OTL:

• Double-click OTL to start the program.
• Close all other programs apart from OTL as this step will require a reboot.
• On the OTL main screen, depress the CleanUp button.
• Say Yes to the prompt and then allow the program to reboot your computer.

Note: The above should clean up and remove the vast majority of scanners used and logs created etc.

Any left over merely delete yourself and empty the Recycle Bin.

Now some advice for on-line safety:

Malwarebyte's Anti-Malware:

This is a excellent application and I advise you keep this installed. Check for updates and run a scan at least once per week.

Other installed security software:

Your presently installed security application, AVG 2012 automatically checks for updates and downloads/installs them with every system reboot and or periodically if the machine is left running providing a internet connection is active.

I advise you also run a complete scan with this also at least once per week.

Erunt:

Emergency Recovery Utility NT. I advice you consider installing this, as a means to keep a complete backup of your registry and restore it when needed. Instructions can be read here.

Myself I would actually create a new back up once per week as this along with System Restore may prove to be invaluable if something unforeseen occurs!

Keep your system updated:

Microsoft releases patches for Windows and other products regularly:

Can be checked manually via Start >> All Programs >> Windows Update.

Also ensure Automatic Updates is selected once on the update site if not etc.

Be careful when opening attachments and downloading files:

Never open email attachments, not even if they are from someone you know. If you need to open them, scan them with your antivirus program before opening.
Never open emails from unknown senders.
Beware of emails that warn about viruses that are spreading, especially those from antivirus vendors. These email addresses can be easily spoofed. Check the antivirus vendor websites to be sure.
Be careful of what you download. Only download files from known sources. Also, avoid cracked programs. If you need a particular program that costs too much for you, try finding free alternatives on Sourceforge or Pricelessware.

Stop malicious scripts:

Windows by default allow scripts (which is VBScript and JavaScript) to run and some of these scripts are malicious. Use Noscript by Symantec or Script Defender by AnalogX to handle these scripts.

Avoid Peer to Peer software:

P2P may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. My advice is avoid these types of software applications.

Hosts File:

A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your computer will look up the website's IP address before you can view the website.

Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.

Here are some Hosts files:

• MVPS Hosts File
• hpHosts

Only use one of the above!

Consider Installing WinPatrol:

WinPatrol alerts you about possible system hijacks, malware attacks and critical changes made to your computer without your permission.

Download it from here.

You can find information about how WinPatrol works here.

Check your third party software is upto date:

Via visiting the Secunia Online Software Inspector periodically.

Next:

This is a very helpful/useful set of advice from Microsoft: Microsoft Safety & Security Center

Any questions? Feel free to ask, if not stay safe!

[brucers]

Dakeyras, thanks a bunch for your time and help! Your persistence prevailed!

[Dakeyras]

You're most welcome!

[Dakeyras]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.