hijacked [Solved]
#46
Posted 14 February 2014 - 05:49 PM
#47
Posted 14 February 2014 - 08:23 PM
#48
Posted 14 February 2014 - 11:40 PM
How about the winning lottery numbers?Don't know how to thank you godawgs.
OK! Well done. Here is the best part of the process! The mullygrubs are gone! That's a technical term for your log(s) appear to be clean! If you have no further issues with your computer, please complete the housekeeping procedures outlined below.
The first thing we need to do is to remove all the tools that we have used. This is so that should you ever be re-infected, you will download updated versions.
If you didn't uninstall ESET after running the program we will do it now.
Step-1.
Uninstall ESET
1. Please click the Start Orb , click Control Panel. Under the Programs heading click Uninstall a program
1. Please click Start > Control Panel > Add/Remove Programs
2. In the list of programs installed, locate the following program(s):
ESET
3. Click on each program to highlight it and click Change/Remove. (Vista/7 users: right click the program and click Uninstall
4. After the programs have been uninstalled, close the Installed Programs window and the Control Panel.
5. Reboot the computer.
Delete the folders associated with the uninstalled programs.(Only do this if you uninstalled the program)
1. Using Windows Explorer (to get there right-click your Start button and click "Explore"), please delete the following folders(s) (if present):
C:\Program Files\ESET
2. Close Windows Explorer.
Step-2.
Uninstall AdwCleaner
Re-open AdwCleaner
- Click the Uninstall button
- Confirm with yes
Step-3.
OTL Cleanup
1. Please re-open on your desktop.
- Be sure all other programs are closed as this step will require a reboot.
- Click on
- You will be prompted to reboot your system. Please do so.
Step-4.
Delete the following Files and Folders (If Present):
MBR.dat
JRT.exe
JRT.txt
Securitycheck.exe
checkup.txt
jre-7u51-windows-i586.exe
esetsmartinstaller_enu.exe (If you used Firefox for the ESET scan
Delete any other .bat, .log, .reg, .txt, and any other files created during this process, and left on the desktop and empty the Recycle Bin.
Step-5.
Reset Hidden Files and Folders
1. Click Start.
2. Open My Computer.
4. Select the Tools menu and click Folder Options.
5. Select the View tab.
6. Under the Hidden files and folders heading UNSELECT Show hidden files and folders.
7. Click the Hide protected operating system files (recommended) option. Click Yes to confirm. Click OK.
Step-6.
Make a Fresh Restore Point, Clear the Old Restore Points, and Re-enable System Restore
The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected, but that's good news).
Note: Do not clear infected/old System Restore points before creating a new System Restore point first!Windows XP
- Click Start > All Programs > Accessories > System tools > System Restore. The System Restore Wizard opens.
- Note: If the System Restore Wizard does not open, the System Restore feature may be turned off. To turn System Restore on, follow these steps:
- Click Start, click Control Panel, and then double-click System.
- Click the System Restore tab.
- Make sure that the Turn off System Restore check box is not selected. Or, make sure that the Turn off System Restore on all drives check box is not selected.
- Click OK.
[*] Click NEXT
[*] Enter a name e.g. Clean
[*] Click CREATE
[*] Close System Restore[/list]Turn OFF System Restore.
- On the Desktop, right-click My Computer.
- Click Properties.
- Click the System Restore tab.
- Check Turn off System Restore.
- Click Apply, and then click OK.
Restart your computer.
- On the Desktop, right-click My Computer.
- Click Properties.
- Click the System Restore tab.
- UN-Check Turn off System Restore.
- Click Apply, and then click OK.
System Restore will now be active again.
Preventing Re-Infection
Below, I have included a number of recommendations for how to protect your computer against future malware infections.
SPECIAL NOTICE
“CryptoLocker” is the generic name for an increasingly prevalent and nasty strain of malicious software that encrypts the files on your computer until you pay a ransom. Some variants encrypt you personal files(MP3s, photos, doc files,ect;). But ither variants encrypy virtually every file, including system files. According to reports from security firms, CryptoLocker is most often spread through booby-trapped email attachments, but the malware also can be deployed by hacked and malicious Web sites by exploiting outdated browser plugins.
Unfortunately, there isn't a way to recover the files short of paying the ransom because the encryption uses 2048-bit RSA keys that would take like a quadrillion years to decrypt.
We haven't seen a lot of the CryptoLocker ransomeware in the wild yet, but if enough people pay the ransom to get their files back it will become more prevelant. You can read more about the CryptoLocker ransomware here
Fortunately there is a program that will help prevent this type of ransomeware and other malware. You should download it and install it now.
Click here to go to the CryptoPrevent web page. You can read about the program. There are also a couple of videos toward the end of the page that show the program in action.
Scroll to the bottom of the page and click the Download "CryptoPrevent Installer" button and download the file to the desktop. Close the browser and all open programs.
Double click the CryptoPreventSetup.exe file to install it.
Next, Double click the CryptoPrevent icon on the desktop to run the program.
When the program opens make sure all boxes are checked and then click the Block button to apply the protection.
NOTE: I don't think the free version has an update tab so you will need to check the web site from time to time to check for newer versions of the program. Or you can pay a one time fee of $15 and get the Premium Edition which includes an automatic updating function.
:Keep Windows Updated:-Windows Updates are constantly being revised to combat the newest hacks and threats. Microsoft releases security updates that help your computer from becoming vulnerable.
Please either enable Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.
XP Users: You must use Internet Explorer to Update Windows.
1. Click Start> All Programs, in the programs window that comes up, look for Windows Update toward the top of the list and click it.
:Turn On Automatic Updates:
XP Users:
1. Click Start, click Run, type sysdm.cpl, and then press ENTER.
2. Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them
: Keep Java Updated :
WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article and this article.
I would recommend that you completely uninstall Java unless you need it to run an important software or need it to play games on-line.
In that instance I would recommend that you only use Firefox or Chrome to visit those sites and do the following:
- For Firefox, install the NoScript add-on.
- For Chrome, install the Script-No add-on.
NOTE: After installing the add-ons you will need to tell them that the site you are visiting is allowed to run Java. - Disable Java in your browsers until you need it for that software and then enable it. (See How to disable Java in your web browser or How to unplug Java from the browser)
- Click the Start button
- Click Control Panel
- Double Click Java - Looks like a coffee cup. You may have to switch to Classical View on the upper left of the Control Panel to see it.
- Click the Update tab
- Click Update Now
- Allow any updates to be downloaded and installed
- Open Adobe Reader
- Click Help on the menu at the top
- Click Check for Updates
- Allow any updates to be downloaded and installed
NOTE: Many installers offer third-party downloads that are installed automatically when you do not uncheck certain checkboxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser.
:Web Browsers:
:Make your Internet Explorer more secure:
1. From within Internet Explorer click on the Tools menu and then click on Options.
2. Click once on the Security tab
3. Click once on the Internet icon so it becomes highlighted.
4. Click once on the Custom Level button.
5. Change the Download signed ActiveX controls to "Prompt"
6. Change the Download unsigned ActiveX controls to "Disable"
7. Change the Initialise and script ActiveX controls not marked as safe to "Disable"
8. Change the Installation of desktop items to "Prompt"
9. Change the Launching programs and files in an IFRAME to "Prompt"
10. When all these settings have been made, click on the OK button.
11. If it prompts you as to whether or not you want to save the settings, click the Yes button.
12. Next press the Apply button and then the OK to exit the Internet Properties page.
This webpage is worth bookmarking/reading for future reference:
Securing Your Web Browser
:Alternate Browsers:
If you use Firefox, I highly recommend these add-ons to keep your PC even more secure.
- NoScript - for blocking ads and other potential website attacks
- WebOfTrust - a safe surfing tool for your browser. Traffic-light rating symbols show which websites you can trust when you search, shop and surf on the Web.
- McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling
- MVPS Hosts file-replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.
Preventative programs that will help to keep the nasties away! We will start with Anti Spyware programs. I would advise getting a couple of them at least, and running a full scan at least once a month. Run Quick Scans at least once a week. Download the Free versions. And update the definitions before running scans.
========Anti Spyware========
- Malwarebytes-Free Version- a powerful tool to search for and eliminate malware found on your computer.
- SUPERAntiSpyware Free Edition-another scanning tool to find and eliminate malware.
- SpywareBlaster-to help prevent spyware from installing in the first place. A tutorial can be found here.
- WinPatrol - will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. Help file and tutorial can be found here.
========TEMP File Cleaners========
- TFC by OldTimer-A very powerful cleaning program for 32 and 64 bit OS. Note: You may have this already as part of the fixes you have run.
- CleanUP-Click the Download CleanUP! link. There is also a Learn how to use CleanUP! link on this page.
- Keep a backup of your important files.-Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
- ERUNT-(Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities.
A program that will do this is listed below. Download and install the program and run it monthly:
Filehippo Update Checker
Finally, please read How did I get infected in the first place? by Mr. Tony Cline
I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.
IF I have helped you and you want to say "thanks", you can do that by clicking the Rep+ button at the bottom right of this post.
I Will Keep This Open For 24 hours or so. If Anything Comes Up - Just Come Back And Let Me Know
Stay Safe
godawgs
#49
Posted 15 February 2014 - 07:53 AM
eset,security check,JRT not present in ad an remove
still on desktop after otl reboot
#50
Posted 15 February 2014 - 09:42 AM
Just delete the icons on the desktop and that will take care of them.
#51
Posted 15 February 2014 - 10:28 AM
#52
Posted 15 February 2014 - 11:06 AM
Stay safe on the net.
#53
Posted 16 February 2014 - 12:39 PM
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users