Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

V9 Portal Security Virus

Started by Elisheba , Jun 02 2013 11:33 PM

Please log in to reply

#16
emeraldnzl

Posted 08 June 2013 - 09:02 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Hello Elisheba,

Please run OTL.exe

Under the Custom Scans/Fixes box at the bottom, copy and paste the content of the quote box below:

:OTL
PRC - [2010/02/06 10:45:24 | 003,043,840 | ---- | M] (abelhadigital.com) -- C:\Program Files (x86)\HostsMan\hm.exe
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[2012/06/23 21:00:31 | 000,003,749 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml

:Files
C:\Program Files (x86)\HostsMan
ipconfig /flushdns /c

:Commands
[emptytemp]
Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
It will produce a log for you on reboot, please post that log in your next reply.The log is saved in the same location as OTL.

#17
Elisheba

Posted 08 June 2013 - 09:14 PM

Member

Topic Starter
Member
43 posts

Here is the log:

All processes killed
========== OTL ==========
No active process named hm.exe was found!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml moved successfully.
========== FILES ==========
C:\Program Files (x86)\HostsMan folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Owner\Downloads\cmd.bat deleted successfully.
C:\Users\Owner\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: Owner
->Temp folder emptied: 3609 bytes
->Temporary Internet Files folder emptied: 14615 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 31525600 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 3821 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 11320 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 35349 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 78240 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 718847 bytes

Total Files Cleaned = 31.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 06082013_200959

Files\Folders moved on Reboot...
C:\Users\Owner\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
File move failed. C:\Windows\SysWow64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

#18
emeraldnzl

Posted 08 June 2013 - 09:19 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Hello Elisheba,

Making good progress I think.

Now

Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

Click the green ESET Online Scanner box
Tick the box next to YES, I accept the Terms of Use
then click on: Start
You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
Make sure that the option Scan archives is checked.
Now click on Advanced Settings and select the following:
- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology
Click on Start
The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically. The scan may take several hours.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When completed select Uninstall application on close, make sure you copy the logfile first!
Then click on: Finish
Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
Copy and paste that log as a reply to this topic and tell me how your machine is now.

#19
Elisheba

Posted 08 June 2013 - 10:45 PM

Member

Topic Starter
Member
43 posts

Here is the log that was in the ESET folder in my Programs (x86) folder:

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=e7a5ff433f8c254eb3a63eb0d70e2c28
# engine=14029
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-06-09 04:36:09
# local_time=2013-06-08 09:36:09 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 89 248278 146544441 0 0
# compatibility_mode=5893 16776573 100 94 0 122296019 0 0
# scanned=120319
# found=6
# cleaned=6
# scan_time=3457
sh=81C2C3354F11ECE49D7667538CEFE9F2B2395319 ft=1 fh=cca4b3788ffc60aa vn="a variant of Win32/Bundled.Toolbar.Ask application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files (x86)\Common Files\DVDVideoSoft\AskTB\ApnIC.dll"
sh=99DD33D629341F95D9853B1E63FCE454EC654560 ft=1 fh=08803d4e54260720 vn="a variant of Win32/Bundled.Toolbar.Ask application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files (x86)\Common Files\DVDVideoSoft\AskTB\ApnToolbarInstaller.exe"
sh=AEC8EAC0C2A684EB8CA0C55FAE59D11F0E19439F ft=1 fh=b0b28a38659a8ae9 vn="multiple threats (cleaned by deleting - quarantined)" ac=C fn="C:\Support\imf-setup.exe"
sh=45A52616153B64CFEF0E9D1D8D6DCDF4E977F32F ft=1 fh=619bc0d1d2c10029 vn="a variant of Win32/1AntiVirus application (cleaned by deleting - quarantined)" ac=C fn="C:\Support\trojankiller2112-setup.exe"
sh=0569983E158F15CDB493A8174004226179EE0545 ft=1 fh=fa8e74241a8ecd59 vn="a variant of Win32/RegistryReviver application (deleted - quarantined)" ac=C fn="C:\Support\Double Driver 4.10\DRP\Driver Reviver Portable.exe"
sh=CBE2AE9F94DE6E508F871DCD9F2D762ED1AA6AAA ft=1 fh=de64fbe190bfe797 vn="a variant of Win32/ELEX.D application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Owner\AppData\Roaming\eIntaller\014791A9E4B24e548D08D4B16C89DD06\eXQ.exe"

Here is also the log that came up when it was finished scanning:

C:\Program Files (x86)\Common Files\DVDVideoSoft\AskTB\ApnIC.dll a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Program Files (x86)\Common Files\DVDVideoSoft\AskTB\ApnToolbarInstaller.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Support\imf-setup.exe multiple threats cleaned by deleting - quarantined
C:\Support\trojankiller2112-setup.exe a variant of Win32/1AntiVirus application cleaned by deleting - quarantined
C:\Support\Double Driver 4.10\DRP\Driver Reviver Portable.exe a variant of Win32/RegistryReviver application deleted - quarantined
C:\Users\Owner\AppData\Roaming\eIntaller\014791A9E4B24e548D08D4B16C89DD06\eXQ.exe a variant of Win32/ELEX.D application cleaned by deleting - quarantined

I'm not sure what exactly to do now. Gonna wait till you tell me the next step.

#20
Elisheba

Posted 08 June 2013 - 10:48 PM

Member

Topic Starter
Member
43 posts

So apparently it found six things, and quarantined. I cant figure out if it got rid of them though.

#21
emeraldnzl

Posted 08 June 2013 - 11:27 PM

GeekU Instructor

GeekU Moderator
20,051 posts

I cant figure out if it got rid of them though.

It says it has deleted and quarantined them. They can't do anything in quarantine. You might have been given the option to delete them. If so, yes, delete them. You don't have to worry about them though, they have been dealt with.

Copy and paste that log as a reply to this topic and tell me how your machine is now.

What about my question. How is your machine now?

#22
Elisheba

Posted 08 June 2013 - 11:35 PM

Member

Topic Starter
Member
43 posts

I restarted my computer and I dont see it redirecting to the search page that it was switched to, so I'm thinking we must have fixed it. I appreciate all your help. I really do. G2G is awesome and you all work so hard. Totally appreciate it. Thank you.

#23
emeraldnzl

Posted 08 June 2013 - 11:40 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Hello again Elisheba,

I think you are good to go. :thumbsup:

We have a couple of last steps to perform and then you're all set. Posted Image

Double-click OTL.exe to run it. (Vista users, please right click on OTL.exe and select "Run as an Administrator")
Click on the CleanUp! button
You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

To uninstall ESET OnlineScanner if it is still there.

Go to Start and type in the Search programs and files box ESET

Click on the ESET folder

Right Click on OnlineScannerUninstaller and run as Administrator

Click yes to run.

Any other tools remaining may be deleted.

Next, we need to clean your restore points and set a new one:

Open System by clicking the Start button, right-clicking Computer, and then clicking Properties.

In the left pane, click System protection. Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
Under Protection Settings, click the radio button Configure.
Under Disk Space Usage, click the radio button Delete.
Click Continue, and then click OK.

-------------------------------------------------------------------------------------------------------------------

A reminder: Remember to (re-install if uninstalled during cleaning) update and turn back on any anti-malware programs you may have turned off during the cleaning process.
-------------------------------------------------------------------------------------------------------------------

Here are some things that I think are worth having a look at if you don't already know about them:

---------------------------------------------------------------------------------------------------------------------

It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article Strong passwords: How to create and use them.

----------------------------------------------------------------------------------------------------------------------

Regularly check that your Java is up to date. Older versions are vunerable to malicious attack.

Download Java for Windows

Reboot your computer.
You also need to unininstall older versions of Java.
Click Start > Control Panel > Add or Remove Programs
Remove all Java updates except the latest one you have just installed.

--------------------------------------------------------------------------------------------------------------------

To help protect your computer in the future:

If you do not already have automatic updates set then it is recommended that you do set Windows to check, download and install your updates automatically.

* Click Start > Control Panel > System and Security > Windows Update
* Under Windows Update click on Turn automatic updating on or off
* Check items shown to ensure you receive updates automatically. Click OK.

Be aware of what emails you open and websites you visit.

Go here for some good advice about how to prevent infection.

A fun way to check your online safety literacy.

Quiz - getsafeonline

Have a safe and happy computing day!

#24
Elisheba

Posted 08 June 2013 - 11:44 PM

Member

Topic Starter
Member
43 posts

Wow thanks. That's alot of stuff to do. I'm gonna spend some time reading the things you suggested. And finishing the removal of those two things. Again, really. Thank you very much. :thumbsup: