Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Firefox updater virus [Solved]


  • Please log in to reply

#16
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Your logs are looking really good, let's run an OTL Fix and check for out of date programs. :)

Please disable your anti-virus protection for the duration of my instructions. Don't forget to re-enable them afterward.


Step 1: OTL Fix

Before running this fix, please empty your Recycle Bin

Let's run an OTL fix:

Warning: This fix is to be used on this system and this system ONLY. Using this fix on any other machine other than yours can seriously damage it.

Be advised that when the fix commences, it will shut down all running processes and you may lose the desktop and icons, they will return on reboot.

Run OTL

  • Copy the text in the quote box below (do not copy the word "quote") and paste in the in the box marked Custom Scans/Fixes as shown in the graphic below.

Posted Image

:Commands
[createrestorepoint]

:Files

C:\$Recycle.Bin\S-1-5-21-3952761730-449561852-1052323754-1001\$ROK1AH1.rar
C:\Program Files (x86)\Mozilla Firefox\browser\nsprotector.js
C:\Users\Anthony O'Brocto\AppData\Roaming\Mozilla\Firefox\Profiles\sdhvehyp.default\extensions\[email protected]
C:\Users\Anthony O'Brocto\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\stub_data\stubinst_pkg_en-us.cab
C:\Users\Anthony O'Brocto\Documents\Computer fix\USB_MultiBoot_10.zip
C:\Users\Anthony O'Brocto\Documents\Computer fix\USB_MultiBoot_10\USB_MultiBoot_10\MULTI_CONTENT\wintools\othertools\ProduKey.exe
C:\Users\Anthony O'Brocto\Documents\Roots\iKReaM.605.19.NOSeNSe.ROM.v1.0-R3Ds.zip
C:\Users\Anthony O'Brocto\Documents\Roots\iLividSetupV1.exe
C:\Users\Anthony O'Brocto\Documents\Roots\JELLYBLUR-v1.3-THUNDERBOLT-SPJESTER.zip
C:\Users\Anthony O'Brocto\Documents\Roots\URBaN.NoNSenSe.ROM.v.1.5-R3Ds.zip
C:\Users\Anthony O'Brocto\Documents\Roots\Thunderbolt\clockworkmod\backup\2012-06-07.23.49.23\data.ext3.tar
C:\Users\Anthony O'Brocto\Documents\Roots\Thunderbolt\clockworkmod\backup\2012-06-19.00.38.40\data.ext3.tar
C:\Users\Anthony O'Brocto\Documents\Roots\Thunderbolt\clockworkmod\backup\2012-08-23-19.23.09\data.ext3.tar
C:\Users\Anthony O'Brocto\Documents\Roots\Thunderbolt\clockworkmod\backup\2012-08-23.23.52.19\data.ext3.tar
C:\Users\Anthony O'Brocto\Documents\Roots\Thunderbolt\clockworkmod\backup\2012-09-22.21.57.55\data.ext3.tar
C:\Users\Anthony O'Brocto\Documents\Roots\Thunderbolt\clockworkmod\backup\2012-09-24.23.12.59\data.ext3.tar
C:\Users\Anthony O'Brocto\Documents\Roots\Thunderbolt\clockworkmod\backup\2012-10-20.16.09.21\data.ext3.tar
C:\Users\Anthony O'Brocto\Documents\Roots\Thunderbolt\clockworkmod\backup\2012-10-28.03.16.18\data.ext3.tar
C:\Users\Anthony O'Brocto\Documents\Roots\Thunderbolt\clockworkmod\backup\2012-11-02.22.09.47\data.ext3.tar
C:\Users\Anthony O'Brocto\Documents\Roots\Thunderbolt\clockworkmod\backup\2012-11-13.02.52.43\data.ext3.tar
C:\Users\Anthony O'Brocto\Documents\Roots\Thunderbolt\clockworkmod\backup\2012-11-14.23.08.35\data.ext3.tar
C:\Users\Anthony O'Brocto\Documents\Roots\Thunderbolt\rerware\MyBackup\AllAppsBackups\AppsMedia_2012_07_25\Apps\coder.hamster.jp.butt_38.apk
C:\Users\Anthony O'Brocto\Documents\Roots\Thunderbolt\rerware\MyBackup\AllAppsBackups\AppsMedia_2012_07_25\Apps\com.advancedprocessmanager_44.apk
C:\Users\Anthony O'Brocto\Documents\Roots\Thunderbolt\rerware\MyBackup\AllAppsBackups\AppsMedia_2012_10_20\Apps\coder.hamster.jp.butt_43.apk
C:\Users\Anthony O'Brocto\Documents\Roots\Thunderbolt\rerware\MyBackup\AllAppsBackups\AppsMedia_2012_10_20\Apps\com.advancedprocessmanager_40.apk
C:\Users\Anthony O'Brocto\Documents\Roots\Thunderbolt\rerware\MyBackup\AllAppsBackups\AppsMedia_2012_10_20\Apps\com.outfit7.talkingtom_34.apk
C:\Users\Anthony O'Brocto\Documents\Roots\Thunderbolt\rerware\MyBackup\AllAppsBackups\AppsMedia_2012_10_20\Apps\com.shield.msensor_5.apk
C:\Users\Anthony O'Brocto\Documents\Roots\Thunderbolt\rerware\MyBackup\AllAppsBackups\AppsMedia_2012_10_20\Apps\com.superphunlabs.emf_9.apk
C:\Users\Anthony O'Brocto\Documents\S3\TitaniumBackup\coder.hamster.jp.butt-8855a2826b6182b98c12394b0bfd7e70.apk.gz
C:\Users\Anthony O'Brocto\Documents\S3\TitaniumBackup\com.advancedprocessmanager-53be5e4508c36adc3c1e81b69514df6a.apk.
C:\Users\Anthony O'Brocto\Documents\S3\TitaniumBackup\com.outfit7.talkingtom-6323b39201e377151c75b0e122aa16f7.apk.gz
C:\Users\Anthony O'Brocto\Documents\S3\TitaniumBackup\com.shield.msensor-76e8277c06e6791d220e0bf53ecde1d0.apk.gz
C:\Users\Anthony O'Brocto\Documents\S3\TitaniumBackup\com.superphunlabs.emf-b178cc6294fcfe186a63901940f98279.apk.gz
C:\Users\Anthony O'Brocto\Downloads\DowngradeBypass.zip
C:\Users\Anthony O'Brocto\Downloads\DowngradeBypass\support_files\fre3vo

:Commands
[reboot]



  • Click the Run Fix button at the top of the OTL control panel.
  • Let the program run until it's finished and then reboot the computer.
  • Once your machine has rebooted, a log will open. Please post that log in your next reply.

If you have any problems, questions, or need further explanation, please post a message in this thread and I will get back to you asap.


Step 2: SecurityCheck Scan


Download Security CheckPosted Image by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Things I need to see in your next post:

OTL Fix Log

Securitycheck Log

  • 0

Advertisements


#17
TonyO511

TonyO511

    Member

  • Topic Starter
  • Member
  • PipPip
  • 76 posts
if it's ok, I just got home and it's kind of late for me...I will run both test when I get home tomorrow night and post the results for you....
  • 0

#18
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

if it's ok, I just got home and it's kind of late for me...I will run both test when I get home tomorrow night and post the results for you....


That's completely fine. :) Have a good night and we'll get this whipped very soon. :thumbsup:
  • 0

#19
TonyO511

TonyO511

    Member

  • Topic Starter
  • Member
  • PipPip
  • 76 posts
after otl rebooted, it never popped up a log....here is the security check log....do you want me to re-rum OTL?

Results of screen317's Security Check version 0.99.74
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
(On Access scanning disabled!)
Error obtaining update status for antivirus!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
Java 7 Update 45
Java version out of Date!
Adobe Flash Player 11.9.900.117
Adobe Reader 10.1.8 Adobe Reader out of Date!
Mozilla Firefox (24.0)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
  • 0

#20
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello :)

Take a look in here C:\_OTL\MovedFiles and see if the fix log is in there. A copy of the fix log is automatically saved in this directory when a fix is run.
  • 0

#21
TonyO511

TonyO511

    Member

  • Topic Starter
  • Member
  • PipPip
  • 76 posts
Found it......

========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== FILES ==========
C:\$Recycle.Bin\S-1-5-21-3952761730-449561852-1052323754-1001\$ROK1AH1.rar moved successfully.
C:\Program Files (x86)\Mozilla Firefox\browser\nsprotector.js moved successfully.
C:\Users\Anthony O'Brocto\AppData\Roaming\Mozilla\Firefox\Profiles\sdhvehyp.default\extensions\[email protected] moved successfully.
C:\Users\Anthony O'Brocto\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\stub_data\stubinst_pkg_en-us.cab moved successfully.
C:\Users\Anthony O'Brocto\Documents\Computer fix\USB_MultiBoot_10.zip moved successfully.
C:\Users\Anthony O'Brocto\Documents\Computer fix\USB_MultiBoot_10\USB_MultiBoot_10\MULTI_CONTENT\wintools\othertools\ProduKey.exe moved successfully.
C:\Users\Anthony O'Brocto\Documents\Roots\iKReaM.605.19.NOSeNSe.ROM.v1.0-R3Ds.zip moved successfully.
C:\Users\Anthony O'Brocto\Documents\Roots\iLividSetupV1.exe moved successfully.
C:\Users\Anthony O'Brocto\Documents\Roots\JELLYBLUR-v1.3-THUNDERBOLT-SPJESTER.zip moved successfully.
C:\Users\Anthony O'Brocto\Documents\Roots\URBaN.NoNSenSe.ROM.v.1.5-R3Ds.zip moved successfully.
C:\Users\Anthony O'Brocto\Documents\Roots\Thunderbolt\clockworkmod\backup\2012-06-07.23.49.23\data.ext3.tar moved successfully.
C:\Users\Anthony O'Brocto\Documents\Roots\Thunderbolt\clockworkmod\backup\2012-06-19.00.38.40\data.ext3.tar moved successfully.
C:\Users\Anthony O'Brocto\Documents\Roots\Thunderbolt\clockworkmod\backup\2012-08-23-19.23.09\data.ext3.tar moved successfully.
C:\Users\Anthony O'Brocto\Documents\Roots\Thunderbolt\clockworkmod\backup\2012-08-23.23.52.19\data.ext3.tar moved successfully.
C:\Users\Anthony O'Brocto\Documents\Roots\Thunderbolt\clockworkmod\backup\2012-09-22.21.57.55\data.ext3.tar moved successfully.
C:\Users\Anthony O'Brocto\Documents\Roots\Thunderbolt\clockworkmod\backup\2012-09-24.23.12.59\data.ext3.tar moved successfully.
C:\Users\Anthony O'Brocto\Documents\Roots\Thunderbolt\clockworkmod\backup\2012-10-20.16.09.21\data.ext3.tar moved successfully.
C:\Users\Anthony O'Brocto\Documents\Roots\Thunderbolt\clockworkmod\backup\2012-10-28.03.16.18\data.ext3.tar moved successfully.
C:\Users\Anthony O'Brocto\Documents\Roots\Thunderbolt\clockworkmod\backup\2012-11-02.22.09.47\data.ext3.tar moved successfully.
C:\Users\Anthony O'Brocto\Documents\Roots\Thunderbolt\clockworkmod\backup\2012-11-13.02.52.43\data.ext3.tar moved successfully.
C:\Users\Anthony O'Brocto\Documents\Roots\Thunderbolt\clockworkmod\backup\2012-11-14.23.08.35\data.ext3.tar moved successfully.
C:\Users\Anthony O'Brocto\Documents\Roots\Thunderbolt\rerware\MyBackup\AllAppsBackups\AppsMedia_2012_07_25\Apps\coder.hamster.jp.butt_38.apk moved successfully.
C:\Users\Anthony O'Brocto\Documents\Roots\Thunderbolt\rerware\MyBackup\AllAppsBackups\AppsMedia_2012_07_25\Apps\com.advancedprocessmanager_44.apk moved successfully.
C:\Users\Anthony O'Brocto\Documents\Roots\Thunderbolt\rerware\MyBackup\AllAppsBackups\AppsMedia_2012_10_20\Apps\coder.hamster.jp.butt_43.apk moved successfully.
C:\Users\Anthony O'Brocto\Documents\Roots\Thunderbolt\rerware\MyBackup\AllAppsBackups\AppsMedia_2012_10_20\Apps\com.advancedprocessmanager_40.apk moved successfully.
C:\Users\Anthony O'Brocto\Documents\Roots\Thunderbolt\rerware\MyBackup\AllAppsBackups\AppsMedia_2012_10_20\Apps\com.outfit7.talkingtom_34.apk moved successfully.
C:\Users\Anthony O'Brocto\Documents\Roots\Thunderbolt\rerware\MyBackup\AllAppsBackups\AppsMedia_2012_10_20\Apps\com.shield.msensor_5.apk moved successfully.
C:\Users\Anthony O'Brocto\Documents\Roots\Thunderbolt\rerware\MyBackup\AllAppsBackups\AppsMedia_2012_10_20\Apps\com.superphunlabs.emf_9.apk moved successfully.
C:\Users\Anthony O'Brocto\Documents\S3\TitaniumBackup\coder.hamster.jp.butt-8855a2826b6182b98c12394b0bfd7e70.apk.gz moved successfully.
File\Folder C:\Users\Anthony O'Brocto\Documents\S3\TitaniumBackup\com.advancedprocessmanager-53be5e4508c36adc3c1e81b69514df6a.apk. not found.
C:\Users\Anthony O'Brocto\Documents\S3\TitaniumBackup\com.outfit7.talkingtom-6323b39201e377151c75b0e122aa16f7.apk.gz moved successfully.
C:\Users\Anthony O'Brocto\Documents\S3\TitaniumBackup\com.shield.msensor-76e8277c06e6791d220e0bf53ecde1d0.apk.gz moved successfully.
C:\Users\Anthony O'Brocto\Documents\S3\TitaniumBackup\com.superphunlabs.emf-b178cc6294fcfe186a63901940f98279.apk.gz moved successfully.
C:\Users\Anthony O'Brocto\Downloads\DowngradeBypass.zip moved successfully.
C:\Users\Anthony O'Brocto\Downloads\DowngradeBypass\support_files\fre3vo moved successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.69.0 log created on 10222013_172609
  • 0

#22
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello :)

Great news, your logs are CLEAN! :thumbsup: :) If there are no further issues we need to address, then I'll tidy up, and provide you with some links and some information, namely:

  • I need to remove the tools we installed on your machine.
  • We also have some programs on your machine that need updating to help protect you in the future.
  • We will remove your restore points and create a new one. We do this so that if you need to restore your system, you will have a clean restore point.


Please follow the instructions below.


Step 1: Remove old restore points and create a new one

  • Start OTL
  • Copy the text in the quote box below and paste it into the Custom Scans/Fixes box.
  • Click the Run Fix button. OTL will remove the old restore points and create a new one.

:Files
%systemroot%\sysnative\vssadmin delete shadows /for=c: /all /quiet /c

:Commands
[CreateRestorePoint]




Step 2: Program Updates


Keeping your software updated

Another weapon against malicious programs and viruses is to keeping other programs updated. There are several programs out there that can check for out of date programs on your computer. One is Secunia PSI, and another is Filehippo. You can run these on a weekly or monthly basis to check your programs for updates and then they will provide a link for you to download them.

Download Secunia PSI
Download Filehippo Updatechecker



A word about Java

Your current version of Java is out of date.

Java has become the #1 program exploited by thieves and hackers as of today. It's gotten so bad, the Department of Homeland Security recently recommended that users disable Java on their machines.

For more information regarding this, see the two articles below:

Forbes: US Department of Homeland Security Calls on user do disable Java

US warns on Java software

Unless you have software on your machine that absolutely requires Java, I highly recommend you completely remove it from your system.

If you do have software that requires it, then disable it until such time as it's needed by those programs.

Please click the link below for instructions to disable Java.

How to Disable Java in your Web Browser


If you wish to continue to use Java on your machine, please be sure to keep it updated by following the instructions below.




  • Click on this link Java Website and click Do I Have Java?
  • Then click the Verify Java Version button. It will scan your current version and show you if you have the most current version.

You can also download a tool called JavaRa that will automatically search for new updates and remove older versions of Java.
Click the link below to go to the download page to get the tool.

JavaRa

Once you have downloaded JavaRa

  • Unzip the files to the directory of your choice.
  • Double click the JavaRa icon in the directory and choose your language preference.
  • Click Remove Older Versions from the menu.
  • Click Yes.
  • If you get a warning that Internet Explorer needs to be closed, close it, then click ok.
  • JavaRa will then search for and remove old versions of Java from your machine.

You can find instructions for manually removing older versions for Windows XP, Vista, and 7 by clicking the link below:

Instructions for manually removing old versions of Java



Updating Adobe Reader

  • Malware will exploit any vulnerabilities it can find in outdated software. If you are using Adobe Reader for reading pdf files, try using FoxIt Reader. It is a very capable alternative to Adobe.
  • Please click here to download FoxIt Reader.
  • If you wish to continue to use Adobe Reader, then please update it by clicking here.
  • Please remember to uncheck the option to install McAfee's Security Suite.



Step 3: Tool Removal

  • You can delete Junkware Removal Tool from your desktop.
  • Start AdwCleaner and click the Uninstall button. AdwCleaner will remove the quarantined files and uninstall itself.
  • Start OTL and click the Cleanup button. OTL will remove the quarantined files and delete itself.
  • If you didn't uninstall it when you ran the scan, you can uninstall ESET Online Scanner at this time.


How is the machine running? Everything running smoothly?
  • 0

#23
TonyO511

TonyO511

    Member

  • Topic Starter
  • Member
  • PipPip
  • 76 posts
everything seems to be working fine....all programs have been deleted....thanks for helping me out...
  • 0

#24
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

everything seems to be working fine....all programs have been deleted....thanks for helping me out...


Awesome! You are very much welcome, and if you need us again, don't hesitate to come back. :)

Pystryker
  • 0

#25
TonyO511

TonyO511

    Member

  • Topic Starter
  • Member
  • PipPip
  • 76 posts
Will do, thank you my friend...
  • 0

Advertisements


#26
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
:thumbsup:
  • 0

#27
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP