Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

malware present on my system, security not able to add. [Solved]


  • This topic is locked This topic is locked

#16
d_may

d_may

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
I am having trouble knowing how to send you the ESET log file.
I open up Notepad< file<open<C:\Program Files\ESET\< I cannot fine the log file.
I see were you can open and view the log file on the application, but for the life of me I can't copy and paste, because
I can not get to the file in Notepad. :rolleyes:

Farbar Service Scanner Version: 24-10-2013
Ran by Dale (administrator) on 29-10-2013 at 21:31:03
Running from "C:\Users\Dale\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Disabled. The default start type is Auto.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2013-10-09 10:04] - [2013-09-13 20:10] - 0497152 ____A (Microsoft Corporation) 314C17917AC8523EC77A710215012A65

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2013-10-09 10:04] - [2013-09-07 21:30] - 1903552 ____A (Microsoft Corporation) 40AF23633D197905F03AB5628C558C51

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
  • 0

Advertisements


#17
d_may

d_may

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
I went ahead and went to services.msc and reset the security control to automatic instead of disable.
Thank-you,

Computer is running better, much better.
  • 0

#18
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Good job with the service. Posted Image
Actually, on your computer, the ESET log should be in C:\Program Files (x86)\ESET\EsetOnlineScanner\log.txt. If you can't open it, can you take a screen shot for me? I need to know which files were detected.
  • 0

#19
d_may

d_may

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
I am unable to do what you ask of me.
  • 0

#20
d_may

d_may

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.30.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
Dale :: DALE-PC [administrator]

10/30/2013 10:33:42 AM
mbam-log-2013-10-30 (10-33-42).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 224166
Time elapsed: 5 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#21
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Did ESET find any infections? Do you still have the ESET window open?
  • 0

#22
d_may

d_may

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
No infections, Window not open still, no issues
  • 0

#23
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Congratulations, d_may. :). Your computer now appears to be clean. Please complete the followings steps to finalize the cleaning process.

It would be a good idea also to reset your firewall in case the malware opened any ports.

Please update these programs, as old versions pose a security risk.
Your computer seems to be well up-to-date. One of the best I have seen. Posted Image

There is a new version of WinPatrol available here.

Remember to always keeps programs like Flash, Adobe Reader, and your internet browsers up-to-date.

Also, I would recommend securing Adobe Reader against the latest exploits as follows:

  • Launch Adobe Reader.
  • Click on Edit and select Preferences.
  • On the Left, click on the Javascript category and Uncheck Enable Acrobat Javascript.
  • Click on the Security (Enhanced) category and Uncheck Automatically trust sites from my Win OS security zones.
  • Click on the Trust Manager category and Uncheck Allow opening of non-PDF file attachments with external applications.
  • Click the OK button.

Clean up OTL:
  • Open OTL and select the "CleanUp" button.
  • Allow the computer to reboot.
  • Any logs or removal tools left over can be deleted now. If ESET is still installed, you can uninstall it from the "Programs and Features" menu in the control panel.

Delete possibly infected restore points. Your computer may have saved a restore point while it was infected, so we need to delete the old restore points and create a new, clean one.

First set up a new, clean restore point:
  • Open System by clicking the Start button, right-clicking Computer, and then clicking Properties.
  • In the left pane, click System protection. If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
  • Click the System Protection tab, and then click Create.
  • In the System Protection dialog box, type a description, and then click Create.

Then delete the old, infected ones:
  • Go Start > All Programs > Accessories > System Tools
  • Right click Disc Cleanup and select run as administrator
  • Then select the more options tab
  • Select system restore and shadow copies "Clean up"
  • Follow the prompts

Turn on UAC: You have UAC disabled on your computer. I would recommend turning it on, because it provides additional protection to keep malicious software from running on your computer with higher privileges. To turn it on, do the following:
  • Open User Account Control Settings by clicking the Start button, and then clicking Control Panel. In the search box, type uac, and then click Change User Account Control settings.
  • Move the slider to the default position, and then click OK. If you're prompted for an administrator password or confirmation, type the password or provide confirmation.

Empty temp files. I would recommend doing this every so often to free up some space on your computer.

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

Ensure that Windows is always updated. Keeping Windows updated is very important to prevent security vulnerabilities. I recommend turning on automatic updates following the instructions below:
  • First, click on Start and click onAll Programs, then Windows Update.
  • Click on Change Settings in the left pane and then check the option for Automatic Updates.

Always ensure that your firewall and anti-virus program are updated and running. These are your first line of defense against infection.

Make sure that you keep all of your programs updated. Out-of-date programs can make your computer more vulnerable to infection. Software manufacturers release updates to fix security problems as they are discovered. Secunia Personal Software Inspector, free to download here, is a good program that will scan your computer looking for programs that need to be updated.

This article has good information about how computers get infected. You can read it for good tips on staying clean and safe.
  • 0

#24
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP