Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malware has frozen my screen - wants to SELL ME A fix [Closed] [Solved


  • This topic is locked This topic is locked

#46
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,913 posts
Try downloading from the link below:
https://dl.dropboxus...staller_enu.exe

There are alternatives but I want to see why it is not working.
  • 0

Advertisements


#47
geeksugarbaby

geeksugarbaby

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 110 posts
...well, it's not that I can't download the file...



I did the Firefox version yesterday..... but my computer can't OPEN it.. as I shared in my earlier notes.



I have the file in my download folder.



Here's a screen shot.



=====================

Attached Thumbnails

  • Capture.PNG

  • 0

#48
geeksugarbaby

geeksugarbaby

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 110 posts
hello???





:-)
  • 0

#49
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,913 posts
Hi,

I had to attend an irl situation. I will post a fix for you later today. Thank you. :)
  • 0

#50
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,913 posts
Hi,

Delete your current version of OTL.exe and download a new version from here. Download the attached scan.txt file to your Desktop.


Right-click on OTL.exe and choose Run as administrator to run the program. Double-click on the "Custom Scans/Fixes" box to navigate to the scan.txt file which you downloaded earlier and click OK.

After the contents of the text file is loaded click on Run Fix and post the log when done.
  • 0

#51
geeksugarbaby

geeksugarbaby

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 110 posts
Got a big problem now..

I have ROBOFORM installed which is a password manager associated with Internet Explorer.

when I boot up I get:
=================================================================

robotaskbaricon.exe - system error

The program can't start because Roboform.DLL is missing from your computer.

Try reinstalling the program to fix this problem.
==================================================================
Also my home page disappeared from internet options... and it went back to Google...
My history links disappeared along with the quick link to this site... so I have had to scramble to get back to you...



I don't have the disk of roboform and it was apain in the [bleep] to get it set up from online with this new laptop...

can you just UNdo whatever registry change caused the .dll to disappear....??


I think the virus is gone....

Can you just get me back where I was before this last fix and we can just call it a day?





  • 0

#52
geeksugarbaby

geeksugarbaby

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 110 posts
Oh... here is that final log


All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4D2B801A-29FF-47E9-9B2C-654FCEBA8205}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4D2B801A-29FF-47E9-9B2C-654FCEBA8205}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{724d43a9-0d85-11d4-9908-00400523e39a}\ deleted successfully.
C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: WriterOne
->Temp folder emptied: 564618 bytes
->Temporary Internet Files folder emptied: 59262147 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 16664243 bytes
->Flash cache emptied: 1217 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 162460 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 238605354 bytes

Total Files Cleaned = 301.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 03102014_142710

Files\Folders moved on Reboot...
C:\Users\WriterOne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TL6E862G\iframe_geobanner_custom[1].htm moved successfully.
File\Folder C:\Users\WriterOne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TL6E862G\inbox[6].htm not found!
File\Folder C:\Users\WriterOne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TL6E862G\index[3].htm not found!
File\Folder C:\Users\WriterOne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TL6E862G\logo[1].htm not found!
File\Folder C:\Users\WriterOne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TL6E862G\lowerrighttextzone[2].htm not found!
File\Folder C:\Users\WriterOne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TL6E862G\menu[2].htm not found!
File\Folder C:\Users\WriterOne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TL6E862G\site[1].htm not found!
File\Folder C:\Users\WriterOne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TL6E862G\tools[1].htm not found!
C:\Users\WriterOne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TL6E862G\views[1].htm moved successfully.
C:\Users\WriterOne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TL6E862G\zoomin[1].cur moved successfully.
File\Folder C:\Users\WriterOne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TGKP7O0U\zone_women[1].htm not found!
C:\Users\WriterOne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OO7P9ATD\page__st__45__p__2381047__fromsearch__1[1].htm moved successfully.
C:\Users\WriterOne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OO7P9ATD\piclist[2].htm moved successfully.
C:\Users\WriterOne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\7A7E08C8-3FF5-45F2-873D-A84D669DC82F.dat moved successfully.
C:\Users\WriterOne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\WriterOne\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...



  • 0

#53
geeksugarbaby

geeksugarbaby

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 110 posts
all my passwords are gone also..... i can find no record of roboform on my laptop...

Please tell me you can undo this... I'm panicking
  • 0

#54
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,913 posts

Please tell me you can undo this... I'm panicking

Panicking won't help. Stay calm and read through my post.

Go to C:\_OTL\MOvedFiles\03102014_142710\C_\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll and copy it to C:\Program Files (x86)\Siber Systems\AI RoboForm folder.

Also my home page disappeared from internet options... and it went back to Google...
My history links disappeared along with the quick link to this site... so I have had to scramble to get back to you...

It was reset when the infected links were removed.

I think the virus is gone....

You sure? I won't be keeping you here if that was the case.

======

Do the copy/paste and re-boot and RoboForm. We may create a new registry entry if necessary. Also if you do not find try all the other folders in C:\_OTL folder.

Edited by Valinorum, 11 March 2014 - 03:49 AM.

  • 0

#55
geeksugarbaby

geeksugarbaby

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 110 posts
Whew! You are my hero once again, Valinorum. My RoboForm is back and working just fine.



One thing, though, now when I open up Internet Explorer, the MANAGE ADD ONS window opens up on top of it.

I have attached a screen shot.


It looks like it want me to select a SEARCH engine?? though I don't see a place to add this info.

Can you tell me how to make this window go away?

Might this have been a registry entry that can be changed too? I usually search with GOOGLE, but I didn't have it set up as an ADD-ON.



Thanks

Attached Thumbnails

  • Capture 1.PNG

  • 0

Advertisements


#56
geeksugarbaby

geeksugarbaby

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 110 posts
OK... we never got ESET to work on my computer.... remember?



However, MalwareBytes found 3 spyware and cleaned them all.



Can you tell me the result of the last few output notes that I have pasted..... do they show that my machine is clear????



Thanks
  • 0

#57
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,913 posts
Run MalwareBytes' Anti-Malware and click on the Logs tab and post content of the log.
  • 0

#58
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,913 posts

do they show that my machine is clear????

We caught all the big fishes. Now searching for remnants which may cause future infection.
  • 0

#59
geeksugarbaby

geeksugarbaby

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 110 posts
Glad the whales are gone....;-)

The minnows will be next.

Roger, Captain!!

Will send those later today or at latest tonight.

Over and out.
  • 0

#60
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,913 posts
Regarding your search provider issue, click on Find More Search Providers and a new window will open with Internet Explorer gallery from where you can pick your desired search option.

Will send those later today or at latest tonight.

I await the logs.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP