Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Suspecious Cloud.9


  • Please log in to reply

#1
Xellon

Xellon

    Member

  • Member
  • PipPip
  • 23 posts
My Norton removed several high threats but I'm not sure if it is a treat or not.

Its Au_.exe though Zu_.exe so a total of 26 and it looks like it may do this at reboot.

location is C\users\computer name\appdata\local\temp

Should I be concerned? Thanks in advance.
  • 0

Advertisements


#2
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Welcome to GeeksToGo Xellon,

Au_.exe suggests an installer, but perhaps some unwanted garbage-ware program. If you would like us to check things out together, then do the following:


If the system is Vista/Windows7, when running any of the scan files we use, be sure to right click the file, then select "Run as administrator" to start the scan/tool.

And To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types"


To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Here are some antivirus disable tips if needed.

-------

Click here and download OldTimer's OTL to your desktop, then click that to open the scan display. At the top click "Scan All Users", then click "Run Scan". Make no other changes at this time.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are also saved in the same location as OTL.exe. Post the contents of those back here please.
  • 0

#3
Xellon

Xellon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Thanks for the welcome Jintan. A little late but I followed the instructions and scanned my computer just now. Here are ther results:

OTL

Spoiler



Extra

Spoiler


EDIT - Oh, I guess I should mention I use msconfig often to disable processes I don't need when gaming. Should I scan with all processes on?

Update - Rescan OTL

Spoiler

Edited by Xellon, 06 August 2013 - 04:16 PM.

  • 0

#4
Xellon

Xellon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
^ Rescanned with normal boot up. Let me know if anything is wrong.

Thx in advance.

Edited by Xellon, 06 August 2013 - 04:20 PM.

  • 0

#5
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
You have an illegal install of very expensive Adobe software, so before we can go further, I will need you to uninstall Adobe Creative Suite 5 Master Collection (and any other illegally obtained software). Reboot, then download HijackThis from Here. Then click on the downloaded file, and install HijackThis.

In HijackThis, click Config - Misc Tools - Open Uninstall Manager.

Click on Save List, then save that to a location you can locate again (such as the desktop). Copy/paste the contents of that back here please.
  • 0

#6
Xellon

Xellon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Done.

Here is the list

Spoiler


Edit - Camtasia studio is not uninstalling automatically so I'm removing all registries manually

Edited by Xellon, 09 August 2013 - 12:27 PM.

  • 0

#7
Xellon

Xellon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Updated.

I rescanned the OTL and the uninstall list. I believe I completely removed camtasia, it gave me some trouble.

OTL

Spoiler


Uninstall List from Hijack This

Spoiler

  • 0

#8
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Okay, let's move forward now.

Be sure to continue to temporarily disable any protective software when running the scan tools we use here.


Go to Start - Control Panel - Programs - Programs and Features/Uninstall, then click on each of the following programs, if they show there, and click "Uninstall/Change".

XFINITY Toolbar

--------

Download RogueKiller from here to your desktop.

Close all open programs
Remember to right click -> run as administrator, and click the downloaded file.
Wen RogueKiller finises it's opening scan, press the Scan button..
A RKreport.txt will be created in the same location as the RogueKiller file.
If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe, and try again.

Please post the contents of the RKreport.txt.

---------

Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.

  • 0

#9
Xellon

Xellon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
@Jintan Thanks for your help thus far. This time I remembered to disable av softwares, ran softwares as admin.

My Scan with RogueKiller

Spoiler


My scan with adw cleaner

Spoiler


I did uninstall xfinity. Is it not necessary with norton toolbar?

Edited by Xellon, 09 August 2013 - 05:53 PM.

  • 0

#10
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
XFINITY is just another search hijacker etc. garbage software. RogueKiller shows quite a few proxy setting, which I am of a mind to suggest removing, but you have a few "hide me" programs running there. Some settings you have smack of what is called a "DNS hijacker", meant to redirect things to places the infection wants. But again you have those proxy etc. programs. Have to ask you - do we act and remove those settings, or leave them be?
  • 0

Advertisements


#11
Xellon

Xellon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

XFINITY is just another search hijacker etc. garbage software. RogueKiller shows quite a few proxy setting, which I am of a mind to suggest removing, but you have a few "hide me" programs running there. Some settings you have smack of what is called a "DNS hijacker", meant to redirect things to places the infection wants. But again you have those proxy etc. programs. Have to ask you - do we act and remove those settings, or leave them be?


Xfinity came from comcast site but I did notice a conflicting message from xfinity and/or norton toolbar (forgot which one). Doesn't matter, I'll keep it uninstalled.

Sounds like I should remove them then. I don't even remember setting up proxies. How would I go about removing them if their not necessary or have a risk lvl to it?

Edited by Xellon, 09 August 2013 - 06:20 PM.

  • 0

#12
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Let's just remove them for now. The programs, if you use them again, will reset them.

Be sure to continue to temporarily disable any protective software when running the scan tools we use here.



Run RogueKiller again.

•Please quit all programs
•Run RogueKiller
•Wait until the Prescan finishes
•Press: Scan
•Make sure the entries there are checked.
•Then, press the [Delete] button.

Please post the RKreport (Mode: Delete) created on the Desktop.

If it prompts for a reboot, go ahead and agree to it.

---------

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


Open AdwCleaner, and click the Uninstall button to have it remove itself.

----------

Disable your antivirus program and click here and download the esetsmartinstaller_enu.exe Eset installer. Then click that file to run the scanner.

If you accept the Terms of Use, check the box and click Start. It will take a couple minutes for the scanner to get ready. When the Computer scan settings display shows, check the following boxes:

Remove found threats
Scan unwanted applications


Next to "Current scan targets: Operating memory, Local drives", click the "Change" word. Make sure you place a check next to all disk drives, including any external drives that are attached (no need to check off the floppy or DVD/CD-Rom drives).

Then click the Advanced option, the place a check next to the following (if it is not already checked):

Enable Anti-Stealth technology

Click Start. This scan may take a while, so please be patient.

If infection is found, at the end of the scan click "List of found threats".

In that display, at the bottom, select the option to save the results as a text file, and save that to your desktop. Post that back here please.

Remember -Right click Eset/Run as Administrator.
  • 0

#13
Xellon

Xellon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Ok

RK report [0]_D_ is what you mean?

Spoiler


AdwCleaner log file (at system start up)

Spoiler


The esetsmartinstaller found some old nostalgic stuff on my drive that I forgot about. Old templates and old software from years ago.

Spoiler


Edit - I think that just about does it. Norton isn't going crazy anymore with alerts.

Really appreciate the help. Please let me know if you find anything wrong in those logs.

edit again - I remember now. The software "spybot search and destroy" that I use created an "immunization" in the browsers and host files. I heard it works pretty well so I actually will keep those in the host files.

Thanks for your help. Looks lime my computer is pretty clean of any malware now.

Edited by Xellon, 10 August 2013 - 09:35 AM.

  • 0

#14
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
And it looks clean. Spybot's host file blocks are likely pretty dated - sure you are not seeking to keep those Adobe blocks as well? :)

But your computer; your choice. Any other issues remaining before we just clean up what our work added there now?
  • 0

#15
Xellon

Xellon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

And it looks clean. Spybot's host file blocks are likely pretty dated - sure you are not seeking to keep those Adobe blocks as well? :)


I have no idea what your talking about *turns head and whistles* :P

Any other issues remaining before we just clean up what our work added there now?


Nope, no more issues here. Thanks a lot.

From me to the staff for your hard work:

Thank You Video

Edited by Xellon, 10 August 2013 - 06:25 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP