Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Scan of my mothers computer [Solved]


  • This topic is locked This topic is locked

#16
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 585 posts

Computer tends to be a bit sluggish, but that could be due to what she has installed.

Yes, she has some HP pre-installed stuff that could be disabled/removed plus there is the TeamViewer and voice-changing software that doesn't need to start when the computer boots.

It will be simple to disable startup items with this tool.

Run HijackThis

Please download and install the latest version of HijackThis v2.0.4:

Click here to download the HijackThis Installer:

  • save HijackThis to your desktop
  • double-click on HijackThis.msie to run the program – Noteon Vista or Windows 7, right click on the file and select Run as Administrator
  • by default it will install to C:\Program Files\Trend Micro\HijackThis. Or C:\Programs files (x86)\... on a 64 bit operating system
  • accept the license agreement by clicking the "I Accept" button.
  • click on the Do a system scan and save a log file button: it will scan and then ask you to save the log
  • click Save log to save the log file and then the log will open in Notepad.
  • click on Edit -> Select All then click on Edit -> Copy to copy the entire contents of the log
  • come back here to this thread and paste the log in your next reply
  • if your system denies write access to Host files, run HijackThis as an Administrator
=================================================

Let's remove what Eset found.

Please copy all text in the code box below and paste it into Notepad:

@echo off
del /f /s /q "C:\ProgramData\APN\APN-Stub\W3IV6-G\APNIC.7z"
del /f /s /q "C:\ProgramData\APN\APN-Stub\W3IV6-G\APNIC.dll"
del /f /s /q "C:\Users\All Users\APN\APN-Stub\W3IV6-G\APNIC.7z"
del /f /s /q "C:\Users\All Users\APN\APN-Stub\W3IV6-G\APNIC.dll"
del /f /s /q "C:\Users\parentalUnit\Downloads\pdf_1.exe"
del %0

  • save the Notepad file to your desktop and name it delfiles.bat
  • save type as "All Files"
  • on your desktop, double-click on delfiles.bat to run it, (a black CMD window will flash, then disappear - this is normal).
Satchfan
  • 0

Advertisements


#17
Wolfie

Wolfie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts

Run HijackThis

Been awhile since I used HiJackThis!, didn't know it had gone open-source now.

Spoiler



Please copy all text in the code box below and paste it into Notepad:

@echo off
del /f /s /q "C:\ProgramData\APN\APN-Stub\W3IV6-G\APNIC.7z"
del /f /s /q "C:\ProgramData\APN\APN-Stub\W3IV6-G\APNIC.dll"
del /f /s /q "C:\Users\All Users\APN\APN-Stub\W3IV6-G\APNIC.7z"
del /f /s /q "C:\Users\All Users\APN\APN-Stub\W3IV6-G\APNIC.dll"
del /f /s /q "C:\Users\parentalUnit\Downloads\pdf_1.exe"
del %0

I pasted it directly into an elevated cmd prompt and for the 'All Users' files, it said they weren't found, otherwise ran just fine.
  • 0

#18
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 585 posts
I think we’re just about there.

Run HijackThis

Open HijackThis and click Do a system scan only.

Place a check mark next to:

O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe


Close all windows except for HijackThis and click Fix checked.

===============================================

Open ComboFix

Please do the following:

  • close any open browsers.
  • close/disable all anti virus and anti malware programs so that they do not interfere with the running of ComboFix.
  • open notepad and copy/paste the text in the codebox below into it:

File::
C:\ProgramData\APN\APN-Stub\W3IV6-G\APNIC.7z
C:\ProgramData\APN\APN-Stub\W3IV6-G\APNIC.dll
C:\Users\All Users\APN\APN-Stub\W3IV6-G\APNIC.7z
C:\Users\All Users\APN\APN-Stub\W3IV6-G\APNIC.dll
C:\Users\parentalUnit\Downloads\pdf_1.exe

Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe

Posted Image

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it produces a log at C:\ComboFix.txt. Post the contents of Combofix.txt in your next reply.

===================================================

Run Security Check

Download Security Check by screen317 from here or here.

  • save it to your Desktop.
  • double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • a Notepad document should open automatically called checkup.txt; please post the contents of that document.

Thanks

Satchfan
  • 0

#19
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 585 posts
Hi Wolfie

It has been several days since I sent my last set of instructions to help with your computer problem.

Please let me know if you are having problems.

Thanks

Satchfan
  • 0

#20
Wolfie

Wolfie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts

It has been several days since I sent my last set of instructions to help with your computer problem.

Sorry, dragged my feet a tad.


Run HijackThis

Open HijackThis and click Do a system scan only.

Place a check mark next to:

O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe


Close all windows except for HijackThis and click Fix checked.

Done. Though, if she decides that she wants the sidebar and/or OneNote to start on boot, are there instructions for how to reenable them?


Open ComboFix

ComboFix logfile:
Spoiler



Run Security Check

Security Check logfile:
Spoiler

  • 0

#21
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 585 posts
Are there any remaining problems?
  • 0

#22
Wolfie

Wolfie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Will have to see how it feels to her. I don't use it much at all. I can ask her later today.
  • 0

#23
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 585 posts
:thumbsup:
  • 0

#24
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 585 posts

if she decides that she wants the sidebar and/or OneNote to start on boot, are there instructions for how to reenable them?


The computer appears to be clean and as I haven’t heard from you for a couple of days I’m assuming that all is well.

Now that it’s free from malware, as long as the computer seems to be running well, please follow these simple steps to tidy up and decrease the likelihood of getting infected again:

Uninstall Combofix

Follow these steps to uninstall Combofix

  • click START then RUN
  • now type Combofix /uninstall in the runbox and click OK.
Note the space between the X and the /, it needs to be there.

Posted Image
  • please follow the prompts to uninstall Combofix.
  • once it's finished uninstalling itself you will receive a message saying Combofix was uninstalled successfully.
===================================================

Uninstall OTL

  • double-click OTL.exe
  • click the CleanUp! button.
  • select Yes when the Begin cleanup Process? prompt appears.
  • if you are prompted to reboot during the cleanup, select Yes.
  • the tool will delete itself once it finishes, if not delete it by yourself.
NOTE: If you receive a warning from your firewall or other security programs regarding OTL attempting to contact the internet, please allow it to do so.

===================================================

Uninstall AdwCleaner

  • double click on adwcleaner.exe to run the tool
  • click on Uninstall
  • confirm with Yes.
You can delete all other logs and programs we’ve used that are on your desktop. Just click on them and press Delete.

===================================================

Update installed programs

Your versions of Adobe Reader is out-of-date and needs to be updated.

  • click on Start, Control Panel, Programs and Features
  • scroll down the list and look for Adobe Reader 10.1.7, click on it and then on Remove.
Visit Adobe and download the latest version of Acrobat Reader.

Having the latest updates ensures there are no security vulnerabilities in your system.

===================================================

Recommended programs

SpywareBlaster. SpywareBlaster protects against bad ActiveX, it immunizes your PC against them. It blocks over 11,000 bad sites and uses no resources of your computer.

===================================================

Re-enable Spybot - Search and Destroy’s TeaTimer

  • open Spybot Search & Destroy
  • go to the Mode menu and make sure Advanced Mode is selected
  • choose Yes at the Warning prompt
  • expand the “Tools” menu
  • click Resident
  • check the Resident TeaTimer (Protection of overall system settings) active. box
  • in the File menu click Exit to exit Spybot Search & Destroy
  • if Teatimer gives you a warning that changes were made, click Allow Change when prompted.
    exit Spybot S&D.
Remember to scan your computer with the program on a regular basis as you would with your anti-virus software.

===================================================

Update and run Malwarebytes. This really is an excellent program that you should also update and run on a regular basis, probably weekly.

===================================================

It’s important to keep programs up to date so that malware doesn't exploit any old security flaws.

FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated.

===================================================

MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

A couple of links with information here and here which can answer any questions you might have about installing/using it.

===================================================

I also recommend that you read the following:

How to prevent malware by miekiemoes

I will keep this open for 24 hours in case you have any problems, after which I’ll close the topic.

Safe computing

Satchfan
  • 0

#25
Wolfie

Wolfie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
I tried asking her if the computer seemed any different (ie, better/faster vs same/slow) and she was like "I don't know" about it. Might have to ask her if it's seeming slow or any other problems in a few days. Go ahead and close this though, if she's still having issues, I can make a new topic and refer to this one.

Thanks for the assistance.

Edited by Wolfie, 13 June 2013 - 07:19 AM.

  • 0

Advertisements


#26
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 585 posts

Go ahead and close this

:thumbsup:

if she's still having issues, I can make a new topic and refer to this one.

I would say the computer is free of malware but it would be a good idea give a link to this topic if an issue returns very soon.

Thanks for the assistance.

You're welcome.
  • 0

#27
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 585 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP