Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Dell Inspiron N7010 with Windows 7 Won't Boot, Has Malware [Solved


  • This topic is locked This topic is locked

#16
vveditor

vveditor

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Wow, that scan took a very long time to complete, but I guess it was worth it. The computer seems to be working fine now. Thank you so much. The log file is attached below. What is the next step?

[email protected] as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=8
# iexplore.exe=9.00.8112.16443 (WIN7_IE9_GDR.120227-2122)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=3202c76542023a4b88568e1fef091038
# engine=13899
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-05-24 08:52:52
# local_time=2013-05-24 04:52:52 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 69350084 120929022 0 0
# scanned=217290
# found=36
# cleaned=27
# scan_time=40925
sh=7716E0269CC27533E9533C03FC610DF9687F4898 ft=1 fh=72814eb2e30c0010 vn="Win64/Olmarik.AY trojan" ac=I fn="C:\Users\All Users\Microsoft\Windows\DRM\9CA5.tmp_1369231448.arl"
sh=E07401BDE324618EAC27B34D4E0655259BAF25BB ft=1 fh=72814eb2bf04741a vn="Win64/Olmarik.AY trojan" ac=I fn="C:\Users\All Users\Microsoft\Windows\DRM\9CA6.tmp_1369231448.arl"
sh=C7E61AB3DC1A8830725F91F1544570F353731D71 ft=0 fh=0000000000000000 vn="a variant of Win32/InstallCore.A application" ac=I fn="F:\LAPTOP-PC\Backup Set 2013-05-23 120209\Backup Files 2013-05-23 120209\Backup files 4.zip"
sh=2E70D9493925BC3EEFC3816BF84D1511DA191EB1 ft=0 fh=0000000000000000 vn="a variant of Win32/Toolbar.Zugo application" ac=I fn="F:\LAPTOP-PC\Backup Set 2013-05-23 120209\Backup Files 2013-05-23 120209\Backup files 7.zip"
sh=FC301BF4B96C829579795A2A55827ACA6A128FEC ft=0 fh=0000000000000000 vn="Win64/Olmarik.AY trojan" ac=I fn="F:\LAPTOP-PC\Backup Set 2013-05-23 120209\Backup Files 2013-05-23 120209\Backup files 10.zip"
sh=378058CC697529AD0DDE7F32A32B2B5D8171CC31 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="F:\LAPTOP-PC\Backup Set 2013-05-23 120209\Backup Files 2013-05-23 120209\Backup files 16.zip"
sh=3952C61B2F4F57E65E45C7B00843605B9622EDB7 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="F:\LAPTOP-PC\Backup Set 2013-05-23 120209\Backup Files 2013-05-23 120209\Backup files 53.zip"
sh=9F246CA4D37B08CE9632275BCDB6AF9B69E32751 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="F:\LAPTOP-PC\Backup Set 2013-05-23 120209\Backup Files 2013-05-23 120209\Backup files 54.zip"
sh=BFA2F7F158BFC96893FDBBA77EFE6A48C7309EDE ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="F:\LAPTOP-PC\Backup Set 2013-05-23 120209\Backup Files 2013-05-23 120209\Backup files 55.zip"
sh=BEECC76B48E507F64F722D06947390598AA64363 ft=1 fh=dc06cd59fe49de50 vn="a variant of Win32/InstallCore.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files (x86)\FoxTabAudioConverter\AudioConverter.exe"
sh=88DB826AFE20FB28DB8637C7B625F45A5434EC2B ft=1 fh=9ebbd690b224141f vn="a variant of Win32/Toolbar.Zugo application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files (x86)\VlcPlus\Extras\setup.exe"
sh=7716E0269CC27533E9533C03FC610DF9687F4898 ft=1 fh=72814eb2e30c0010 vn="Win64/Olmarik.AY trojan (cleaned by deleting - quarantined)" ac=C fn="C:\ProgramData\Microsoft\Windows\DRM\9CA5.tmp_1369231448.arl"
sh=E07401BDE324618EAC27B34D4E0655259BAF25BB ft=1 fh=72814eb2bf04741a vn="Win64/Olmarik.AY trojan (cleaned by deleting - quarantined)" ac=C fn="C:\ProgramData\Microsoft\Windows\DRM\9CA6.tmp_1369231448.arl"
sh=2D9670C434D90C3C7A3AC7FB727DC7CB890FEB9B ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.Agent.OFX trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\vinod\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\62b6b04a-589952b6"
sh=C73E3B3334E4A99A2FDD9D6D77CE29BB531DF6B9 ft=0 fh=0000000000000000 vn="Java/Exploit.CVE-2013-0422.AR trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\vinod\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\78504a95-790f3d6b"
sh=AC138E4FDCD8ABED69095EE5F2D8320F7858B805 ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2013-2423.AN trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\vinod\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\2353b316-1ecea5f9"
sh=2945041C3CC317D04F0A85AB8961FF80C5317F35 ft=0 fh=0000000000000000 vn="Java/Exploit.Agent.NEF trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\vinod\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\10636517-58c23189"
sh=280745DA8DD16BE45EC08F8E214C2726E9BD310D ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2012-1723.IM trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\vinod\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\3624f226-6574a7d7"
sh=DC69DDBCA6BEBA267C89950BADD4073F8BF50138 ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.Agent.OFX trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\vinod\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\7137ea6a-507e0c95"
sh=9A469CCD674259837CFCA4FC709946A255EB9C9D ft=0 fh=0000000000000000 vn="multiple threats (cleaned by deleting - quarantined)" ac=C fn="C:\Users\vinod\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\6d3e2a6c-6d0d84de"
sh=1C609E853D830C792AD2AB94722CEAD5B7239987 ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.Agent.OFX trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\vinod\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\2046986d-49ee4410"
sh=DC69DDBCA6BEBA267C89950BADD4073F8BF50138 ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.Agent.OFX trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\vinod\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\79e7456e-2cfd9088"
sh=D349F1D3A765DABF95ADC6A2A15C6612986DF48C ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.Agent.OFX trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\vinod\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\2af99f05-2029c69c"
sh=C73E3B3334E4A99A2FDD9D6D77CE29BB531DF6B9 ft=0 fh=0000000000000000 vn="Java/Exploit.CVE-2013-0422.AR trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\vinod\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\643780f7-57cc2983"
sh=2E18014549B49740950C289D4886DDE95F951C9B ft=0 fh=0000000000000000 vn="Java/Exploit.CVE-2013-0422.BE trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\vinod\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\6c44cc7b-14be5ec5"
sh=73FF5F4AC3379DA8B67ED3B48B0A3E27E4D5BF2B ft=0 fh=0000000000000000 vn="Java/Exploit.CVE-2012-1723.HZ trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\vinod\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\343eff3c-46eb4520"
sh=18232DF31BB5C381B290371173FF0A42C102DE98 ft=0 fh=0000000000000000 vn="Java/Exploit.CVE-2012-1723.IF trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\vinod\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\3cb5e748-7d30ee43"
sh=323F0C896B45E255764A11E7033EE2ECAC62CF09 ft=1 fh=7469dd682d3935e8 vn="a variant of Win32/Bundled.Toolbar.Ask application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\vinod\Downloads\7zip.exe"
sh=77A6829BF1AD6D6E1A0413A6CA67BCBDA2E6B467 ft=1 fh=c8c71fec879e5449 vn="a variant of Win32/InstallIQ application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\vinod\Downloads\applianflv.exe"
sh=0808A9E84F38E19112DECEBA0897486F66568B40 ft=1 fh=85960dd2f02dcc61 vn="a variant of Win32/Bundled.Toolbar.Ask application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\vinod\Downloads\disk-defrag-setup.exe"
sh=F275351D90F942D0D0C36BE11165CBD941BBFFD1 ft=1 fh=ba64db3cfbaf929d vn="Win32/DomaIQ.C application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\vinod\Downloads\FlashPlayer_V.81157774b.exe"
sh=50FCB603BF9C69ECCF53D2312766B4F24DE5AC2F ft=1 fh=9bc692a0c6c31c7e vn="a variant of Win32/Hao123.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\vinod\Downloads\iku2.1_setup.exe"
sh=7434CB8923F97E61CE79FFC3FBE334C1FAD6E18B ft=1 fh=fd37465d3fe66a81 vn="a variant of Win32/Bundled.Toolbar.Ask application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\vinod\Downloads\InstallFreeRARExtractFrog.exe"
sh=6732C3949ECE22CCBBF7AAC731BB077B294EFAC9 ft=1 fh=8e9590a503b24383 vn="a variant of Win32/MediaGet application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\vinod\Downloads\malayalam_bible_indexed_pdf_mediaget.exe"
sh=214AC7F1BAC4C834EBB43D2F589EC73738C59F60 ft=1 fh=5e313bcab63faf5a vn="a variant of Win32/InstallBrain.X application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\vinod\Downloads\VeohSetup.exe"
sh=2EE3FCEF89145C922B05BD4E31D09AD47D76141F ft=1 fh=3ccf4070ed52f334 vn="a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\vinod\Downloads\YouTubeDownloaderSetup27.exe"
  • 0

Advertisements


#17
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,008 posts
Hello vveditor,

I think you are good to go now. :thumbsup:

We have a couple of last steps to perform and then you're all set.Posted Image

Follow these steps to uninstall Combofix and tools used in the removal of malware. This will also clean out and reset your Restore Points.

  • Go to Start > Programs > Accessories and click on Run
  • Copy and paste the the bolded text below in the box then hit OK

    Combofix /Uninstall

    Posted Image
Step 2
  • Double-click OTL.exe to run it. (Vista users, please right click on OTL.exe and select "Run as an Administrator")
  • Click on the CleanUp! button
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.
Any other tools remaining may be deleted.

-------------------------------------------------------------------------------------------------------------------

A reminder: Remember to (re-install if uninstalled during cleaning) update and turn back on any anti-malware programs you may have turned off during the cleaning process.
-------------------------------------------------------------------------------------------------------------------

Here are some things that I think are worth having a look at if you don't already know about them:

---------------------------------------------------------------------------------------------------------------------

It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article Strong passwords: How to create and use them.

----------------------------------------------------------------------------------------------------------------------

Regularly check that your Java is up to date. Older versions are vunerable to malicious attack.

  • Download Java for Windows

    Reboot your computer.
    You also need to unininstall older versions of Java.
  • Click Start > Control Panel > Add or Remove Programs
  • Remove all Java updates except the latest one you have just installed.
--------------------------------------------------------------------------------------------------------------------

To help protect your computer in the future:



If you do not already have automatic updates set then it is recommended that you do set Windows to check, download and install your updates automatically.

* Click Start > Control Panel > System and Security > Windows Update
* Under Windows Update click on Turn automatic updating on or off
* Check items shown to ensure you receive updates automatically. Click OK.

Be aware of what emails you open and websites you visit.

Go here for some good advice about how to prevent infection.

A fun way to check your online safety literacy.

Quiz - getsafeonline

Have a safe and happy computing day!
  • 0

#18
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,008 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP