Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Pup.crossfire, Trojandropper BCMiner, No Access [Solved]


  • This topic is locked This topic is locked

#16
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hi cyndi29,

We're getting close to being done. The infection is gone, but we need to make sure some parts of your system are running okay and tidy up a bit.

Step 1: Please try once more to install McAfee. If it doesn't work, we'll have to try another method.

Step 2: Restore files from ESET quarantine.

The hstart.exe files are legitimate files that were falsely detected by ESET. Could you please restore those files from the quarantine by following the directions here. Just restore the ones named hstart.exe; the other files are bad and need to be left in quarantine.

Step 3: Create a restore point.

We need to check if the system restore is running. Please try to create a new restore point.

  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Protection tab.
  • Click the button that says Create.

Let me know how all this goes and then we will see how to proceed. Please also let me know how your computer is working now. Any outstanding symptoms?
  • 0

Advertisements


#17
cyndi29

cyndi29

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
Hi Buddie,

I was able to install and run McAfee!!!

I was unable to restore the hstart files from the quarantine folder. I had checked the box to delete quarantine files. My bad. Datasafe does run. I'll figure out how to get the hstart files back later if necessary. I have them on my laptop. I can copy them over if that would work.

I was able to create a restore point.

System seems to be running quicker. Haven't encountered anything odd during these steps. Looks like we may have gotten it all!!

I am unable to turn windows defender on. Not sure why though.

Thanks again!!

Cyndi

Edited by cyndi29, 30 November 2012 - 05:58 PM.

  • 0

#18
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hi cyndi29,

It looks like we finally made it! Please ignore the above post.

Congratulations. Your computer now appears to be clean. Please complete the followings steps to finalize the cleaning process.

Please update these programs, as old versions pose a security risk.
  • Java
    Please download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Open JavaRa.exe again and select Search For Updates.
    • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.
  • Adobe Reader. You can get the latest version here.

Please uninstall these malware leftovers from your Programs and Features menu in the control panel. If they do not show up, don't worry about them.
  • Yontoo Layers Runtime 1.10.01
  • Freeze.com NetAssistant

Uninstall Combofix: Click the Windows key + "R" at the same time to bring up a "Run" box. Copy/paste "ComboFix /Uninstall" into the Run box and click OK. Please note the space between the "x" and the "/".

Clean up OTL:
  • Open OTL and select the "CleanUp" button.
  • Allow the computer to reboot.
  • Any logs or removal tools left over can be deleted now.

Delete possibly infected restore points. Your computer may have saved a restore point while it was infected, so we need to delete the old restore points and create a new, clean one.

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access.
  • Turn off System Restore.
    • On the Desktop, right-click My Computer.
    • Click Properties.
    • Click the System Protection tab.
    • Un-check the boxes next to your hard drives.
    • Click Apply, and then click OK.
  • Reboot.
  • Turn ON System Restore.
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Protection tab.
  • Check the boxes next to your hard drives.
  • Click Apply, and then click OK.

Ensure that Windows is always updated. Keeping Windows updated is very important to prevent security vulnerabilities. I recommend turning on automatic updates following the instructions below:
  • First, click on Start and click onAll Programs, then Windows Update.
  • Click on Change Settings in the left pane and then check the option for Automatic Updates.

Always ensure that your firewall and anti-virus program are updated and running. These are your first line of defense against infection.

Make sure that you keep all of your programs updated. Out-of-date programs can make your computer more vulnerable to infection. Software manufacturers release updates to fix security problems as they are discovered. Secunia Personal Software Inspector, free to download here, is a good program that will scan your computer looking for programs that need to be updated.

This article has good information about how computers get infected. You can read it for good tips on staying clean and safe.
  • 0

#19
cyndi29

cyndi29

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
Thank you so much Buddie!!!

I will do all these steps listed.

Where is the link to donate to you for your services?????

Good luck in your GeekU studies. I hope to be joining GeekU soon too.

Thanks again,
Cyndi
  • 0

#20
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
I am glad we were able to help. I can't take donations yet, but if you would like to donate to the site, the link is here.
  • 0

#21
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP