Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

TR/Crypt.XPACK.Gen8 and maybe some others problems. [Solved]


  • This topic is locked This topic is locked

#16
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,918 posts
Hi SunnySeven, :)

My apology for the delay. Did you made this folder
C:\Documents and Settings\All Users\Start Menu\Programs\γŠCƒAƒŠƒXŒΆžΩ'c

  • Step #7 Fix with FRST
    Make sure that you still have FRST.exe on your Desktop. If you do not have it, download the suitable version from here to your Desktop.
    • Open Notepad.exe. Do not use any other text editor software;
    • Copy and Paste the contents inside the code-box to your Notepad --
      Start
      HKLM\...\Run: [HotKeysCmds] - C:\WINDOWS\system32\hkcmd.exe [ ] ()
      C:\WINDOWS\system32\hkcmd.exe
      HKLM\...\Run: [KernelFaultCheck] - %systemroot%\system32\dumprep 0 -k
      %systemroot%\system32\dumprep
      HKCU\...\Run: [] - [x]
      HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files\DAEMON Tools Lite\DTLite.exe [369200 2009-10-30] (DT Soft Ltd)
      C:\Program Files\DAEMON Tools Lite
      MountPoints2: {489d45bb-311d-11e1-94d1-000f66ef5b22} - M:\setupSNK.exe
      MountPoints2: {a6916568-31c7-11e1-94d2-000f66ef5b22} - L:\setupSNK.exe
      BHO: No Name - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - No File
      BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
      DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} https://secure.gopet...v/GoPetsWeb.cab
      FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
      C:\Program Files\Pando Networks
      FF SearchPlugin: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\91b5e42t.default\searchplugins\aol-search.xml
      S2 awkxzbde; C:\WINDOWS\system32\cwlfb.dll [x]
      S2 kfkya; C:\WINDOWS\system32\cwlfb.dll [x]
      S2 yhfixnoho; C:\WINDOWS\system32\cwlfb.dll [x]
      C:\WINDOWS\system32\cwlfb.dll
      End
    • Click on File > Save as...
    • Inside the File Name box type fixlist.txt;
    • From the Save as type drop down list, choose All Files
  • Save the file to your Desktop;
  • Re-run FRST.exe and click Fix;
  • After the completion, a log will be produced;
  • Copy and Paste the contents of the log in your next reply.

 

  • Step #8 Fix with RogueKiller
  • Let the pre-scan finish. After that click on Scan and wait for the scan to finish;
  • Click on Delete;
  • Now again click on Scan and wait for the scan to finish;
  • Click on Report and a log file will open;
  • Copy and paste the whole content of that report in your next reply.

 

  • Required Log(s):
  • FRST Fix Log;
  • RogueKiller Report

Regards,
Valinorum
  • 0

Advertisements


#17
SunnySeven

SunnySeven

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Hello, yes I made C:\Documents and Settings\All Users\Start Menu\Programs\γŠCƒAƒŠƒXŒΆžΩ'c, it's just a game.


Here's the FRST Fix Logs also the logs said I needed to reboot so I did:


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 16-12-2013 02
Ran by HP_Administrator at 2013-12-16 12:40:34 Run:1
Running from C:\Documents and Settings\HP_Administrator\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
HKLM\...\Run: [HotKeysCmds] - C:\WINDOWS\system32\hkcmd.exe [ ] ()
C:\WINDOWS\system32\hkcmd.exe
HKLM\...\Run: [KernelFaultCheck] - %systemroot%\system32\dumprep 0 -k
%systemroot%\system32\dumprep
HKCU\...\Run: [] - [x]
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files\DAEMON Tools Lite\DTLite.exe [369200 2009-10-30] (DT Soft Ltd)
C:\Program Files\DAEMON Tools Lite
MountPoints2: {489d45bb-311d-11e1-94d1-000f66ef5b22} - M:\setupSNK.exe
MountPoints2: {a6916568-31c7-11e1-94d2-000f66ef5b22} - L:\setupSNK.exe
BHO: No Name - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - No File
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} https://secure.gopet...v/GoPetsWeb.cab
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
C:\Program Files\Pando Networks
FF SearchPlugin: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\91b5e42t.default\searchplugins\aol-search.xml
S2 awkxzbde; C:\WINDOWS\system32\cwlfb.dll [x]
S2 kfkya; C:\WINDOWS\system32\cwlfb.dll [x]
S2 yhfixnoho; C:\WINDOWS\system32\cwlfb.dll [x]
C:\WINDOWS\system32\cwlfb.dll
End
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HotKeysCmds => Value deleted successfully.
C:\WINDOWS\system32\hkcmd.exe => Moved successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite => Value deleted successfully.
C:\Program Files\DAEMON Tools Lite => Moved successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{489d45bb-311d-11e1-94d1-000f66ef5b22} => Key deleted successfully.
HKCR\CLSID\{489d45bb-311d-11e1-94d1-000f66ef5b22} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a6916568-31c7-11e1-94d2-000f66ef5b22} => Key deleted successfully.
HKCR\CLSID\{a6916568-31c7-11e1-94d2-000f66ef5b22} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} => Key deleted successfully.
HKCR\CLSID\{4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key deleted successfully.
HKCR\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key not found.
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} => Key deleted successfully.
HKCR\CLSID\{F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} => Key deleted successfully.
HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin => Key deleted successfully.
C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll not found.
C:\Program Files\Pando Networks => Moved successfully.
C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\91b5e42t.default\searchplugins\aol-search.xml => Moved successfully.
awkxzbde => Service deleted successfully.
kfkya => Service deleted successfully.
yhfixnoho => Service deleted successfully.
"C:\WINDOWS\system32\cwlfb.dll" => File/Directory not found.


The system needs a manual reboot.

==== End of Fixlog ====




Here's the RogueKiller Report:





RogueKiller V8.7.12 [Dec 14 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.co...es/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : HP_Administrator [Admin rights]
Mode : Scan -- Date : 12/16/2013 12:58:54
| ARK || FAK || MBR |

€€€ Bad processes : 1 €€€
[SUSP PATH] ALCWZRD.EXE -- C:\WINDOWS\ALCWZRD.EXE [7] -> KILLED [TermProc]

€€€ Registry Entries : 0 €€€

€€€ Scheduled tasks : 0 €€€

€€€ Startup Entries : 0 €€€

€€€ Web browsers : 0 €€€

€€€ Particular Files / Folders: €€€

€€€ Driver : [NOT LOADED 0xc0000033] €€€

€€€ External Hives: €€€

€€€ Infection : €€€

€€€ HOSTS File: €€€
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


€€€ MBR Check: €€€

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST3200822AS +++++
--- User ---
[MBR] b7ed535f510e2322b581a5a9a100d7fd
[BSP] 8a7884da59e414827f91c43dcf324e78 : Toshiba MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63 | Size: 8202 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 16798320 | Size: 182576 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_12162013_125854.txt >>
RKreport[0]_S_12162013_124738.txt
  • 0

#18
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,918 posts
Hi SunnySeven, :)

I made C:\Documents and Settings\All Users\Start Menu\Programs\γŠCƒAƒŠƒXŒΆžΩ'c, it's just a game.

I understand now. :)

I see you have too many System Restore points. Please read this to remove your old System Restore points.
After that, Update Avira and do a Full Scan and report me its findings. Also tell me how is your system running?

Regards,
Valinorum
  • 0

#19
SunnySeven

SunnySeven

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Alright so this is pretty much the run down.

Tuesday I did a full avria scan and nothing was found. I also managed to go idle for hours without avria detecting TR/Crypt.XPACK.Gen8.

Wensday I did another full avria scan and still nothing found. Next I did a full malwarebytes scan and had to pause it. Avria seems to detect 2 new worms, WORM/Conficker.AS [worm], same worm in two differant areas, here C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\AVSCAN-20090529-054026-F32C6994\ARKC4.tmp. and here C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\AVSCAN-20090727-152627-F53CB0DB\ARK9.tmp. Avria only seems to detect somewhere around the beginning of a full malwarebytes scan and removing it with avria doesn't seem to do anything once I restarted my malwarebytes scan and avria dected it again with the same name and location, so I'm guessing its a false report(I have the Advanced Heuristic Analysis and Detection for avria set on high).


Anyways, once I finished the full malwarebytes scan, it only found 2 new PUP.Optional(both with the same name but differant than the previous ones) in C:\AdwCleaner\Quarantine\C\Program Files\Conduit\Community Alerts\Alert.dll.vir and here C:\AdwCleaner\Quarantine\C\Program Files\Conduit\Community Alerts\Alert0.dll.vir. After that I did a RogueKiller scan and it didn't find anything bad.


So thats pretty much it. I don't think TR/Crypt.XPACK.Gen8. is on my computer anymore. Later today I'll redo some more scans just to be sure.:thumbsup:
  • 0

#20
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,918 posts
The files Avira detected are in the temporary files. We can rectify it. And the file detected by MBAM was already quarantined by AdwCleaner which will get removed when I give you the green signal. I will consult with my teacher before I give you specific instructions but since it is Christmas time you may experience some delay as helpers and teachers are busy with their family and life. Thank you for understanding. :)
  • 0

#21
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,918 posts
Hi SunnySeven, :)

Avira Warning
1. Open Avira AntiVir Personal. (There is likely an icon on your desktop, or in your system tray by the clock.)
2. Click the Configuration link on the main screen. This opens the configuration panel.
3. Check the Expert mode option.
4. Click on General > Security.
5. Uncheck the option titled Protect files and registry entries from manipulation.
6. Now de-select the option under the System Protection heading: Protect Windows hosts file from changes
7. Click the "OK" button.

Note: ou may re-enable the above after running the custom OTL script below. If Avira warns about the modification afterwards, merely acknowledge/allow it etc.

 

  • Step #9 Fix with OTL
  • Re-run OTL;
  • Under the Custom Scans/Fixes Box copy and paste the following contents inside the quote box. (Do not include the word 'quote').

    :Commands
    [emptytemp]

  • Click on "Run Fix" and let the program run unhindered;
  • Your PC will reboot automatically and a log will be opened;
  • Please post it in your next reply.

 

  • Step #10 Scan with Malwarebytes' Anti-Malware
  • Re-run MBAM;
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick Scan, then click Scan. The scan may take some time to finish, so please be patient.
    Posted Image
  • When the scan is complete, click OK, then Show Results to view the results.
    Posted Image
  • Make sure that everything is checked, and click Remove Selected.
    Posted Image
  • When disinfection is completed, a log will open in Notepad and you may be prompted to restart. Restart if it tells you to.
  • The log is automatically saved by Malwarebytes' Anti-Malware and can be viewed by clicking the Logs tab in the interface.
  • Copy and paste the entire report in your next reply.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

 

  • Step #11 Run ESET Online Scanner

    Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

    Vista / 7 users: You will need to to right-click on the either the Internet Explorer or Firefox icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
    • Please go here then click on: Posted Image

      Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
      All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

    • Select the option YES, I accept the Terms of Use then click on:Posted Image
    • When prompted allow the Add-On/Active X to install.
    • Uncheck the box beside Remove Found Threats
    • Make sure that the option Scan archives is checked.
    • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on:Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Wait for the scan to finish. Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.


When The Scan is Complete:

  • If No Threats Were Found:

    • Put a checkmark in "Uninstall application on close"
    • Close the program
    • Report to me that nothing was found
  • If Threats Were Found:
    • Click on "list of threats found"
    • Click on "export to text file" and save it to the desktop as ESET SCAN.txt
    • Click on Back
    • Put a checkmark in "Uninstall application on close" (Be sure you have saved the file first)
    • Click on Finish
    • Close the program
    • Copy and paste the report here


Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
 

  • Required Log(s):
  • OTL Fix Log;
  • MBAM Log;
  • ESET Scan Log

Regards,
Valinorum
  • 0

#22
SunnySeven

SunnySeven

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Sorry for the wait, the ESET site was down for a bit.

Here's the OTL logs:

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 18090 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: All Users

User: Default User
->Temp folder emptied: 18090 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: HP_Administrator
->Temp folder emptied: 238798998 bytes
->Temporary Internet Files folder emptied: 1610176 bytes
->Java cache emptied: 7830296 bytes
->FireFox cache emptied: 448974345 bytes
->Apple Safari cache emptied: 1430528 bytes
->Flash cache emptied: 53061 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 12937133 bytes
->FireFox cache emptied: 3781175 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1244766155 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 105692371 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 13103153 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 20752231 bytes
RecycleBin emptied: 877842 bytes

Total Files Cleaned = 2,003.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 12202013_130730

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...




MBAM Logs:


Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.20.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
HP_Administrator :: BAM [administrator]

12/20/2013 1:18:08 PM
mbam-log-2013-12-20 (13-18-08).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 243306
Time elapsed: 9 minute(s), 24 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)





And the ESET Log:


C:\AdwCleaner\Quarantine\C\Program Files\continuetosave\uninstall.exe.vir Win32/SProtector.B application
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\swfflv_player.exe Win32/Somoto.F application
C:\Nexon\Mabinogi\Mabinogi\Client.exe a variant of Win32/Packed.Themida application
C:\Program Files\Avira\AntiVir Desktop\apnic.dll a variant of Win32/Bundled.Toolbar.Ask application
C:\Program Files\Avira\AntiVir Desktop\apntoolbarinstaller.exe a variant of Win32/Bundled.Toolbar.Ask application
C:\Program Files\Avira\AntiVir Desktop\Offercast_AVIRAV7_.exe a variant of Win32/Bundled.Toolbar.Ask.D application
  • 0

#23
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,918 posts
Hi SunnySeven, :)

  • Step #12 Fix with FRST
    Make sure that you still have FRST.exe on your Desktop. If you do not have it, download the suitable version from here to your Desktop.
    • Open Notepad.exe. Do not use any other text editor software;
    • Copy and Paste the contents inside the code-box to your Notepad --
      Start
      C:\Documents and Settings\HP_Administrator\My Documents\Downloads\swfflv_player.exe
      C:\Nexon\Mabinogi\Mabinogi\Client.exe
      End
    • Click on File > Save as...
    • Inside the File Name box type fixlist.txt;
    • From the Save as type drop down list, choose All Files
  • Save the file to your Desktop;
  • Re-run FRST.exe and click Fix;Note: If FRST advises there is a new updated version to be downloaded, do so/allow this.
  • After the completion, a log will be produced;
  • Copy and Paste the contents of the log in your next reply.

 

How is your PC running?

  • Required Log(s):
  • FRST Fix Log

Regards,
Valinorum
  • 0

#24
SunnySeven

SunnySeven

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Here's the fig logs:


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 22-12-2013 01
Ran by HP_Administrator at 2013-12-22 15:08:58 Run:2
Running from C:\Documents and Settings\HP_Administrator\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\swfflv_player.exe
C:\Nexon\Mabinogi\Mabinogi\Client.exe
End
*****************

C:\Documents and Settings\HP_Administrator\My Documents\Downloads\swfflv_player.exe => Moved successfully.
C:\Nexon\Mabinogi\Mabinogi\Client.exe => Moved successfully.

==== End of Fixlog ====
  • 0

#25
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,918 posts
How is the PC running as we speak?
  • 0

Advertisements


#26
SunnySeven

SunnySeven

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Welp, I did some scans and found nothing. Everything is running fine and I gotta say you guys did an amazing job, fixed more than what I came here for. I just wanna say thank you all and I'll definitely recommend more people to here if needed. Sorry for taking up your time and happy hollidays :thumbsup:
  • 0

#27
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,918 posts
You are welcome but we are not done yet. We need to cleanup the quarantined files. I have prepared a cleanup procedure for you and will post after my teacher's approval. Please stay with me and do not disregard this.
  • 0

#28
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,918 posts
Hi SunnySeven, :)

By looking at your logs, I see no infection currently present in your system. Unless you are having any issue(s), the machine apprears to be Malware-free as we speak.

 

♣ Removal of Tools and Quarantined Files ♣


 

Despite the tools we have used are clean, they are powerful removal tools and made in a way so that they carry out any commands given to them without (most cases) asking for a confirmation. In the hands of an inept person, they can make the machine un-bootable -- a scenario we do not wish to see. Also, we need to remove the quarantined files/folders from your system as a dormant malware can be as bad as active ones if given the proper environment. I will now give you the guidelines to remove the tools and the quarantined files from your system.

Avira Warning
1. Open Avira AntiVir Personal. (There is likely an icon on your desktop, or in your system tray by the clock.)
2. Click the Configuration link on the main screen. This opens the configuration panel.
3. Check the Expert mode option.
4. Click on General > Security.
5. Uncheck the option titled Protect files and registry entries from manipulation.
6. Now de-select the option under the System Protection heading: Protect Windows hosts file from changes
7. Click the "OK" button.

Note: You may re-enable the above after removing the tools. If Avira warns about the modification afterwards, merely acknowledge/allow it etc.


Uninstall AdwCleaner
Re-run AdwCleaner and click Uninstall.
  • Cleanup with FRST
    Make sure that you still have FRST.exe on your Desktop.
    • Open Notepad.exe. Do not use any other text editor software;
    • Copy and Paste the contents inside the code-box to your Notepad --
      DeleteQuarantine:
    • Click on File > Save as...
    • Inside the File Name box type fixlist.txt;
    • From the Save as type drop down list, choose All Files
  • Save the file to your Desktop;
  • Re-run FRST.exe and click Fix;
  • Cleanup with OTL
  • Re-run OTL;
  • Click Cleanup. It will remove OTL and the quarantined files.

Remove RogueKiller.exe and JRT.exe from your Desktop.

 

♣ Prevention and Future Guidelines ♣


 

Prevention is better than cure -- goes the old saying. As much as we love to see you visit our site, we do not want to see you having your PC infected by malwares again.

  • Keep Windows up-to-date.
    It is extremely important that you keep your operating system (Windows) updated when updates are made available. It is set to alert you, so be sure not to ignore these notices and to allow the updates to install. Many of these are critical security packages which could very possibly be the difference between your picking up a future infiltration and simply passing right by it unharmed.

    Also, I see you are running Windows XP whose license will expire in April 2014 and not official updates will be released by Microsoft after that. I counsel you to upgrade to a newer version of Windows which includes options such as Vista, 7, and 8.
  • Run antivirus software and keep it up-to-date, too.
    Antivirus software is your safety net if all other protections fail. The first line of defense is smart computing, of course, but everyone needs a backup. You already have Avira Antivir in your system which was once a good vendor of anti-virus but now comes bundled with third-party sofware such as Ask toolbar which is marked as potential adware. If you check the ESET scan log you posted earlier, you will notice that Avira files were also detected as potential threat. We cannot remove them as it will stop Avira's shield as well. I'd recommend Microsoft Security Essentials or avast!, both of which are excellent, as well as free. Once they're installed, check periodically to ensure they have been successfully updating as well. An out-of-date antivirus is not a happy antivirus!
  • Keep your web browser plugins and other programs updated also.
    This tip is rarely shared by technicians and its importance is not widely recognized, but it's absolutely critical. Programs such as Java, Adobe Flash Player and Adobe Reader, Internet Explorer, and myriad other such web-exposed items are deeply vulnerable to attack, which can quickly lead to a hopelessly infected system no matter what protection you currently have installed. The reason is that these programs are ubiquitous, but are also not perfect and are extremely complex... and as such, security vulnerabilities are discovered and exploited by hackers hoping to gain control over your machine. By performing every update for these programs as soon as it's made available, you will greatly reduce your exposure to dangerous internet threats.

    A great way to do this is to install the Filehippo Update Checker and run it regularly. Also, try not to ignore any notifications you receive regarding updates to programs already installed on your PC.

    No scripts is an excellent security device too. I like it but it is not for everyone because it requires you to take action if you want to see some things (pop ups, banners etc.) on sites you visit.

    Download NoSript by Giorgio Maone.

    Note: Sometimes you will get a site telling you that you need to install Java when actually all you need to do is enable the site through the no script icon down on the right hand side of your computer.
  • Watch out for new threat named CryptoLocker
    CryptoLocker is a new type ransomware family malware that encrypts your important files and asks for a ransom to decrypt them. At the moment of posting this reply there are no tools that can undo the havoc this malware causes. We can help you to remove the malware from your system but the files that was encrypted cannot be recovered without the decryption key. So, I ask for your forbearance and practice constant vigilance. Please read the following article to acknowledge yourself about the safety measures.
    How to prevent your computer from becoming infected by CryptoLocker.
  • And last of all, surf smart.
    It doesn't matter how well the autopilot system works if the pilot keeps flying the plane into mountain ranges. Don't forget that no matter how much you have protecting yourself, your security ultimately begins and ends with you. Don't visit dangerous or questionable web sites, avoid suspicious links on Facebook and emails/email attachments you're unsure about, and just generally keep your wits about you, and you'll be much safer. Also, avoid illegal downloads, cracks, "warez", and all other too-good-to-be-true internet offerings: they're typically laden with malware. Be smart and you can avoid most threats lurking about the darker corners of the internet! And for even more tips, see our article, How Did I Get Infected in the First Place?

Regards,
Valinorum
  • 0

#29
SunnySeven

SunnySeven

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
I'm back, sorry didn't know there was still more to do till just a few mins ago. Temporarily turned off avria for a bit, got rid of AdwCleaner, cleaned up and got rid of FRST, and OTL. I rarely ever get virvus/malware, so I been pretty lax on doing scans this year, I also keep noscript around too. I've seen a CryptoLocker topic on another site awhile back, but only skimmed throught it and thinking it was just someone that forgot their password or something. I'll definitely look into preventing that and warn other people about it. Anyways, thanks again for all the help.

Edited by SunnySeven, 25 December 2013 - 02:32 AM.

  • 0

#30
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,918 posts
Surf safely. :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP