Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

"Prevent Attack" Popping Up


  • This topic is locked This topic is locked

#1
Abear1957

Abear1957

    New Member

  • Member
  • Pip
  • 6 posts
Trying to help my 80 yr old father-in law. He is not sure what he pushed or clicked on but on every program or page you try to access a window in the lower right corner a window pops up saying things like "prevent attack", "activate ultimate protection" an such. The only way to do anything at all is in Safe Mode. When I reboot a large window that looks similar to a windows security setup page opens saying all these pages were blocked by the firewall, errors were detected, etc. I cannot get into "msconfig" in either mode and cannot run AVG IN EITHER MODE. the pop up window appears for everything.
Any help would be greatly appreciated.
Abear1957
  • 0

Advertisements


#2
23red

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts
I'm 23red, and it'll be my pleasure to assist you with your problem. :D

While I await your response, I'd be grateful if you would note the following:

• As I am currently in training, I will be helping you under the supervision of our Expert Teachers. As such, there will likely be a delay between posts.

• Please make sure to carefully read every post completely before doing anything.

• If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!

• Please do not run any other scans or other software on your computer unless asked as it may make this repair more difficult.

• Please stick with me until all malware is gone from the system. Malware removal is not an instant process, just because you no longer see any symptoms it does not necessarily mean your system is completely clear of malware.

• Please save my instructions as a text file on your desktop, or print them out, as you may not be able to access this thread at times.

• Thanks for your understanding and patience.


Let's get started :)

Do this in safe mode (with Networking) if you have to:

Please download from this link ~> OTL <~ to your desktop.

• If it saves to another location, right click the OTL icon and select Cut then right click on Desktop and select Paste.

• Please right click on Posted Image on your Desktop and Run as Administrator, then accept UAC prompts to start the program.

• Please make sure the following boxes are checked:

• Scan All Users

• LOP Check

• Purity Check


• Copy the lines from inside the quote box to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click on the blue highlighted part and choose Copy):



netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
dir C:\ /S /A:L /C
[CREATERESTORPOINT]







• Click the Posted Image button. Do not change any settings unless otherwise told to do so. The scan wont take long.

• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL ~ Desktop

• Please copy (Edit ~> Select All, Edit ~> Copy) the logs it produces in your next reply.



When you return please post:
OTL .txt
Extras.txt
  • 0

#3
Abear1957

Abear1957

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
23red,
Thank you very much for such a rapid reply. Unfortunately my father in law lives about 11/2 hrs away so it won't be until this weekend until I can go and execute your repair. What I would like to know is should he even be using his computer even in safe mode which is how I left him. I told him to only use Yahoo for internet and his email. If he should leave it be until I fix it please let me know.
Thanks,
Abear1957
  • 0

#4
23red

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts
Hi Abear1957 :)

Do you have a Flash drive or USB stick we can put programs on for you to take with you?

This might make it easier.

Please let me know and we'll go from there.

Thank you :thumbsup:
  • 0

#5
Abear1957

Abear1957

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Yes I do have a flash drive. Just let me know what you would like me to do.

I spoke with my father in law today and let him know that he did have a virus but all would be ok. Is it ok that he is using the computer in Safe Mode?
  • 0

#6
23red

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts
Hi Abear1957 :)
Probably ok, NO banking or important log in places! Without logs it is hard to tell exactly. Make sure you ask him to be careful!
Since you have a USB, we'll make a mini toolbox and instructions you can print and take with you. That will help you make some progress. I'll need you to post all the logs back here for checking afterward. With a little luck, you can repost from there ;).
  • 0

#7
23red

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts
Hi Abear1957 :)

Let's do this:

Have the Window for your USB stick open on the Desktop so you can see the progress.


Step 1.

ADWCleaner

Please download AdwCleaner from ~> this link here <~ to your USB stick/Flash Drive. To do this:

When you click the above link to download Adwcleaner, on the UA download strip that pops up on the bottom of your screen, click the arrow button

Posted Image

Then click Save As

Posted Image

In the Window that opens, in the left side panel ~ click on Computer and you should see the USB to the right with Drive C: Here's how mine shows up:

Posted Image

Click on Drive {Your USB Drive Letter Here} ~ mine is Local Disk (E:)

Then click Save then Save again in the windows that open to save it to the USB stick.



Step 2.

Junkware Removal Tool

Please download Junkware Removal Tool to your USB stick saving using the same procedure as before:

On the UA download strip that pops up on the bottom of your screen, click the arrow button

Click Save As

In the Window that opens, in the left side panel ~ click on Computer and you should see the USB to the right ~ Click on it

Click Save then Save again in the windows that open to save it to the USB stick.



Step 3.

Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your Flash Drive.

On the UA download strip that pops up on the bottom of your screen, click the arrow button

Click Save As

In the Window that opens, in the left side panel ~ click on Computer and you should see the USB to the right ~ Click on it

Click Save then Save again in the windows that open to save it to the USB stick.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Since you're traveling, download both versions, just in case. Only one will work on the computer.



Step 4.

OTL


Please download OTL from this link ~> OTL here <~ to your USB stick.

On the UA download strip that pops up on the bottom of your screen, click the arrow button

Click Save As

In the Window that opens, in the left side panel ~ click on Computer and you should see the USB to the right ~ Click on it

Click Save then Save again in the windows that open to save it to the USB stick.

Confirm there are 4 tools on the USB stick.

I'd advise you print the instructions In addition, you could copy to Notepad and copy that to the USB stick as well.


Here's what you do once you get there:



In Safe Mode: Plug the USB into the infected computer.

Click Start or the Start Orb ~> Click on Computer ~> Locate the USB ~> Click to open the USB and reveal your tools and instructions too if you put a copy of them there.


Step 1.

ADWCleaner

Do the same for the other 3 Tools in turn:

Please right click and select Copy AdwCleaner in the USB window, then right click and select Paste to put AdwCleaner on the Desktop.

• Right click the Posted Image and choose Run as Administrator
Accept the UAC prompt.

• Once it opens Posted Image

• Click the Scan button

• Let AdwCleaner run thru.....

• Once scan completes Check the tabs for any listed items you might want to keep (likely none, but please check to be sure)

• Select Clean Posted Image

• It will remove all it finds.

• Once done it will ask to reboot, please allow this...

• On reboot a log will be produced for you open on your desktop. It is also copied to C:\ADWCleaner[XX].txt. Please post the log in your next post.



Step 2.

Junkware Removal Tool

Please Right click and select Copy Junkware Removal Tool from the USB, then right click on the Desktop and select Paste to paste JRT on your desktop.

• Shut down your protection software now to avoid potential conflicts before you start.

• Run the tool by double-clicking it. Note: If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select Run as Administrator

• The tool will open and start scanning your system, after you press any key to start

Posted Image

Please post the log it produces.



Step 3.

Farbar Recovery Scan

Please Right click and select Copy Farbar Recovery Scan Tool from the USB window, then right click on the Desktop and select Paste to set Farbar Recovery Scan Tool on the Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system try to run both of them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from. (Desktop)
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


Step 4.

OTL ~ Old Timer's Listit

Please Right click and select Copy OTL from the USB window, then right click on the Desktop and select Paste to set OTL on the Desktop.

Please right click on Posted Image on the Desktop and select Run as Administrator, then accept UAC prompts to open the program.

• Please make sure the following boxes are checked:

• Scan All Users

• LOP Check

• Purity Check

• In the Extra Registry box select Use Safe List

• Copy the lines from inside the quote box below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click on the page and choose Copy):



netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
c:\program files (x86)\Google\Desktop
c:\program files\Google\Desktop
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
dir C:\ /S /A:L /C
[CREATERESTORPOINT]






• Right Click Under Posted Image
in the textbox at the bottom of the OTL window and select Paste to paste the list there.

• Click the Posted Image button. Do not change any settings unless otherwise told to do so. The scan wont take long.

• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL ~ Desktop

• Please copy (Edit ~> Select All, Edit ~> Copy) the logs it produces in your next reply.


When you return, please post:
1. ADWCleaner log
2. JRT log
3. FRST.txt
4. Addition.txt
5. OTL log
6. Extras.txt
7. Please let me know what issues you are currently experiencing.
  • 0

#8
Abear1957

Abear1957

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
23red
Ok so one of my brother in laws that lives in the same area as my father in law went and ran the following programs without telling me. My father in law also did not tell him I was working on getting it fixed properly. The two programs are "malware bites" and "clary utilities". Not sure if I heard him correctly on the second one. He got him out of safe mode and running but I know this is a band aid at best.
I still have everything on my flash drive and will also bring my laptop with me this weekend. What I would like to know is has he screwed things up.
I am sorry for any confusion this May have caused. Please let me know how to proceed.
I also want to install a virus protection program for him and would like your recommendation.
Thanks
  • 0

#9
23red

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts
Hi Abear1957 :)

The two programs are "malware bites" and "clary utilities". Not sure if I heard him correctly on the second one. He got him out of safe mode and running but I know this is a band aid at best.
I still have everything on my flash drive and will also bring my laptop with me this weekend. What I would like to know is has he screwed things up.
I am sorry for any confusion this May have caused. Please let me know how to proceed.


Not a major problem. Don't raz him too much, he's just trying to help too ;) Lucky Father in Law to have so many who care!
Malwarebytes is a great program and may have got him out of safe mode, they second one may not have been any help but you've been armed :yeah: and you have some tools there which will help. Band aid yes, but you've got the surgical tools ~ or some anyway. Not to worry, it'll be fine.
Once we get moving it will be helpful if other tools are not run in between as thay may definately cause problems.
Please proceed as you were. We'll go with what we have and the Diagnostic Scans will help determine the exact state of the machine. Post all of the logs when you're done. I'd also like to see the Malwarebytes log.
It is located in the Logs tab of the Program:
Open the Malwarebytes program, click on the Logs tab.
Once the tab is opened, click the item to highlight it in the list, then click Open.
Right click on the Notepad page and choose Select all then right click again and choose copy to copy it elsewhere to be posted back here. Maybe making a running Notepad page of all of the logs would be helpful/easier for you.
We'll work an an Antivirus and Security issues when we know what Operating System is on the computer: XP,Vista, Windows 7 or 8, etc. and after it's cleaned up a little bit more ;)

Let me know how it goes, please :)
  • 0

#10
Abear1957

Abear1957

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hi 23red how are you today. I am at the infected computer. Do I start safe mode with internet access or just safe mode.
  • 0

#11
23red

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts
Hi Abear1957 :)
Sorry for the delayed answer ~ either way will work. :thumbsup:
  • 0

#12
Abear1957

Abear1957

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
23red
I performed all of the program runs that you graciously provided me. Based on what I could tell there seem to be no remaining problems. It will actually take a little time with my father in law using it to really know. I will forward all of the logs to you tomorrow or the next. Because it is hard for me to just run to his house I went ahead and installed AVG protection for him. For now thanks so much for your time and assistance. I will surely be making a donation to either you or the site, please advise me on how that works best.
Abear1957
  • 0

#13
23red

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts
Hi Abear1957 :)

I performed all of the program runs that you graciously provided me. Based on what I could tell there seem to be no remaining problems. It will actually take a little time with my father in law using it to really know.


Excellent! Glad it helped :thumbsup: Atleast he can boot normally and maneuver. It is likely not completely clean, there are likely other parts yet that need to be removed or that those Tools did not catch or see. That is why the Diagnostic scans were requested.

I will forward all of the logs to you tomorrow or the next.


Please :) When you're ready.

Because it is hard for me to just run to his house I went ahead and installed AVG protection for him.


Also good. That will definately work. :thumbsup:

For now thanks so much for your time and assistance. I will surely be making a donation to either you or the site, please advise me on how that works best.


You're very welcome :) If you would like to donate to the site there is a link here. that provides information about it.

Let me know when you're ready to proceed ;)
  • 0

#14
23red

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts
Hi Abear1957

I have not heard from you in a couple of few days so I am coming by to check on you to see if you maybe just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected.

Please let me know. If no, the post will be closed.

Thank you :)
  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
A slow computer does not mean there is malware present. I don't see anything in your Hijack This log to indicate that your problem is malware related. I will post the following info to get you started in the right direction, but if you need further help with this you will have to post a new topic in the proper Operating System Forum. I'm closing this topic.

Here are some routine maintenance practices that you should do on a regular basis to keep your machine running efficiently:

Disk Cleanup:

http://www.theelderg...nup_utility.htm

Defrag your HD:

http://artsweb.bham....rag-win2kxp.htm

Run chkdsk:

To use Chkdsk, click Start and My Computer. Right-click the hard drive you want to check, and click Properties. Select the Tools tab and click Check Now. Check both boxes. Click Start. You'll get a message that the computer must be rebooted to run a complete check. Click Yes and reboot. Chkdsk will take awhile, so run it when you don't need to use the computer for something else.

Remove unnecessary startups

This should be done through the System Configuration Utility. Go to Start > Run and type in msconfig.
Click OK or hit the Enter key.

Click on the "Startup" tab and remove the check by the items that you have determined are unnecessary. Click "Apply" then "Close"

You will be prompted to restart. Go ahead and restart.

Upon restart you will be confronted with a dialogue box warning about running in selective startup. Just ignore that message and put a check in the box by "Don't show me this message or launch the System Configuration Utility when Windows starts" and click "OK". You will not be bothered by the message again.

Keep in mind that some entries will be re-enabled in the startups each time you use that particular program. Therefore, you will have to find the option in that programs preferences that says something like "Load with Windows" or "Run when Windows Starts" and disable that option.

Go here for info on msconfig:

http://www.pacs-port...artup_index.htm

You can look up the startups at the following links to help determine what is needed and what is not:

http://computercops....tartupList.html

http://www.bleepingc...r.com/startups/

http://www.answersth...es/tasklist.htm

http://www.windowsst...start=50&end=75

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, have followed the steps above, and still suspect you may be infected, please contact a staff member with the address of the thread to have it reopened.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP