Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan Ransom.ed Trojan Ransom.end


  • Please log in to reply

#31
Steviep

Steviep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 311 posts

Hi thats me done both and all seems well with my PC, thank you :yeah:


Edited by Steviep, 09 April 2014 - 02:52 PM.

  • 0

Advertisements


#32
Steviep

Steviep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 311 posts

Hi, just came back to use my PC and I have this showing from my anti virus?

Attached Thumbnails

  • screen 2.jpg

  • 0

#33
Phel

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts

Follow these instructions.

 

May I see fresh Malwarebytes and ESET logs?


  • 0

#34
Steviep

Steviep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 311 posts

Hi when I go to system tools the only thing in there is internet explorer(no add ons)  ?    Here are the logs from last night

 

 

 

 

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== FILES ==========
C:\Documents and Settings\Stevie\My Documents\Downloads\ccsetup409.exe moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 0 bytes
 
User: Stevie
->Temp folder emptied: 115120511 bytes
->Temporary Internet Files folder emptied: 18765209 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 89232237 bytes
->Flash cache emptied: 21750 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 510577693 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 773861 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 1637010276 bytes
 
Total Files Cleaned = 2,262.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 04092014_214935

Files\Folders moved on Reboot...
C:\Documents and Settings\Stevie\Local Settings\Temp\avgnt.exe\Avira.OE.ExtApi.dll moved successfully.
C:\Documents and Settings\Stevie\Local Settings\Temp\JavaDeployReg.log moved successfully.
File\Folder C:\Documents and Settings\Stevie\Local Settings\Temp\~DF11B8.tmp not found!
File\Folder C:\Documents and Settings\Stevie\Local Settings\Temp\~DF62C.tmp not found!
File\Folder C:\Documents and Settings\Stevie\Local Settings\Temp\~DF7E0.tmp not found!
File\Folder C:\Documents and Settings\Stevie\Local Settings\Temp\~DFA1A.tmp not found!
File\Folder C:\Documents and Settings\Stevie\Local Settings\Temp\~DFA38.tmp not found!
File\Folder C:\Documents and Settings\Stevie\Local Settings\Temp\~DFDB2.tmp not found!
C:\Documents and Settings\Stevie\Local Settings\Temporary Internet Files\Content.IE5\XOHQ316V\like[2].htm moved successfully.
C:\Documents and Settings\Stevie\Local Settings\Temporary Internet Files\Content.IE5\XOHQ316V\page-2[2].htm moved successfully.
C:\Documents and Settings\Stevie\Local Settings\Temporary Internet Files\Content.IE5\WQ6SKSP9\8n77RrR4jg0[1].htm moved successfully.
C:\Documents and Settings\Stevie\Local Settings\Temporary Internet Files\Content.IE5\WQ6SKSP9\postmessageRelay[3].htm moved successfully.
C:\Documents and Settings\Stevie\Local Settings\Temporary Internet Files\Content.IE5\UTH5CR90\8n77RrR4jg0[1].htm moved successfully.
C:\Documents and Settings\Stevie\Local Settings\Temporary Internet Files\Content.IE5\T0SLRCVQ\cJZKeOuBrn4kERxqtaUH3fY6323mHUZFJMgTvxaG2iE[1].eot moved successfully.
C:\Documents and Settings\Stevie\Local Settings\Temporary Internet Files\Content.IE5\T0SLRCVQ\fastbutton[1].htm moved successfully.
C:\Documents and Settings\Stevie\Local Settings\Temporary Internet Files\Content.IE5\T0SLRCVQ\nQhiC-wSiJx0pvEuJl8d8A[1].eot moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 09/04/2014
Scan Time: 21:45:10
Logfile: mbamlog.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.04.09.09
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Stevie

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 276214
Time Elapsed: 11 min, 26 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 2
Trojan.FakeAlert.SA, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\2EOETFM3W2, Delete-on-Reboot, [3f0ebb6d2b50251128183a5da45ea759],
Trojan.FakeAlert.SA, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\D1T2EUR7FZ, Delete-on-Reboot, [6edf3eeaa4d7ad89cb0d36e26c97e51b],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)


  • 0

#35
Phel

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts

Okay, let's try it in another way:

 

  • Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    :Commands
    [CLEARALLRESTOREPOINTS]
    [REBOOT]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.

  • 0

#36
Steviep

Steviep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 311 posts

Hi I've done that :

 

========== COMMANDS ==========
Restore point Set: OTL Restore Point
 
OTL by OldTimer - Version 3.2.69.0 log created on 04102014_220509
 


  • 0

#37
Phel

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts

So, what's up with a problem?


  • 0

#38
Steviep

Steviep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 311 posts
I dont know what you mean? I've had the pc on all day today and it seems to be working ok. Do you think that it is now fixed?
  • 0

#39
Steviep

Steviep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 311 posts

Hi Phel,

 

I wonder if there is anything else I need to do now to my PC, it seems to be working fine now but I didnt know if you needed me to do anything else?


  • 0

#40
Phel

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts

it seems to be working fine

 
It is what I want to hear from you. :) And since I don't see any signs of malware in your logs

Congratulations, your PC is clean now. :)

However, you need to follow some important steps to remove tools and prevent infection again.

Warning! Windows XP is not supported anymore.

On 8th April 2014 Microsoft stopped supporting Windows XP. From this moment Windows XP is counted as outdated and new security patches won't be released for this OS. It means that your computer is potentially vulnerable and won't be protected from the newest threats. So, I strongly recommend thinking about migration to newer version of Windows.

Supported Operating Systems by Microsoft for home use are:

  • Windows Vista (only with Service Pack 2)
  • Windows 7
  • Windows 8/8.1

Step 1. Uninstalling Programs.

  • Open Start menu.
  • Click on Control Panel.
  • Click on Programs and Features. New window should appear.
  • Uninstall these programs one by one, selecting each program and clicking Uninstall button.

Programs to uninstall:

  • ESET Online Scanner
  • Malwarebytes Anti-Malware

Step 2. Uninstall AdwCleaner.

  • Run AdwCleaner on your Desktop.
  • Click Uninstall button.
  • AdwCleaner will be removed from your computer.

Step 3. CleanUp.

Run OTL.

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    :Commands
    [EMPTYTEMP]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
  • After reboot run OTL again.
  • Click on CleanUp button.
  • OTL will be removed from your computer.

Here are some recommendations for you, how to stay safe in the internet.

  • Keep your system up-to-date. It will increase your protection level, because sometimes malware can use system vulnerabilities.

    To learn more, how to turn Automatic Updates on, if you haven't turned it on before, click here.
     
  • Keep another software up-to-date too. Malware can often use third party software vulnerabilities.

    You can monitor news about vulnerabilities or just simply install software, which will scan your computer for outdated and vulnerable software versions. If outdated version is found, this software will notify you about it and even install updates automatically.

    One of these programs is Secunia Personal Software Inspector. It requires installation, you can learn more about it here. This software also has online version - Secunia Online Software Inspector. It's Java applet, which requires Java Runtime Environment. You can learn more about it here.

    Another good program is FileHippo.com Update Checker. It requires installation and it scans your computer very rapidly. You can learn more about it here.
     
  • Keep your antivirus software always up-to-date.

    Turn on automatic definition updates for your antivirus, if you haven't turned it on before, it's a basis of protection. Don't forget to keep your antivirus engine version up-to-date, new versions usually have advanced functionality. They can clean and prevent infections more effectively, than outdated versions.
     
  • Use limited user account. It will considerably increase your level of protection.

    90% of Malware won't work under limited user account, because they need administrator priveleges. If you are using Windows XP, then you can use DropMyRights while you are surfing in the internet. If you are using Windows 7/Vista, then you'll need to create new User with limited rights.
     
  • Invent strong and long passwords for your accounts, if you want to keep your personal and confidential data in safety.

    Sometimes malware have very dangerous functionality - they can crack your passwords. Please, set very strong password for your administrator account in Windows, then malware won't harm your PC. Here you can find a nice tutorial, how to create strong passwords. For each account in the internet create individual password.

Hope that these recommendations will help you and you will avoid malware infections in the future. Good luck and safe web to you! :)


  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP