Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

do i still have a virus? [Solved]


  • This topic is locked This topic is locked

#16
lee81

lee81

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

[email protected] as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=bce170f1549822458353ad82292baca1
# engine=18222
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-05-12 12:59:44
# local_time=2014-05-12 10:59:44 (+1000, AUS Eastern Standard Time)
# country="Australia"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 71 76 34524 38138 0 0
# compatibility_mode=3592 16777213 100 81 431418 24029556 0 0
# compatibility_mode=5893 16776574 100 94 431415 151489834 0 0
# scanned=118336
# found=2
# cleaned=2
# scan_time=3200
sh=CFEA4966763430CC0959E80BE57007C4E6796BE8 ft=1 fh=72a97c1669f92c5b vn="a variant of Win32/Toolbar.SearchSuite.P potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\iMesh Applications\iMesh\Helper.dll.vir"
sh=1FED4583187586BDF4AAF45C6AE2ED609D0AF2D3 ft=1 fh=18ebdab93883d531 vn="Win32/Systweak.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Lee\Downloads\rcp_dcomnew_sec_300.exe"
 


  • 0

Advertisements


#17
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Excellent :)

Let's get rid of a couple of remnants.


Step 1: OTL Fix

Let's run an OTL fix:

Warning: This fix is to be used on this system and this system ONLY. Using this fix on any other machine other than yours can seriously damage it.

Be advised that when the fix commences, it will shut down all running processes and you may lose the desktop and icons, they will return on reboot.

Run OTL by double clicking it (Windows Vista, Windows 7, and 8, right click and select "Run as Administrator)
  • Copy the text in the quote box below (do not copy the word "quote") and paste in the in the box marked Custom Scans/Fixes as shown in the graphic below.
otlrunfix.jpg


:Commands
[createrestorepoint]

:OTL
FF - HKCU\Software\MozillaPlugins\iMeshPlugin: C:\Program Files (x86)\iMesh Applications\iMesh\npiMeshPlugin.dll File not found
O4 - HKCU..\Run: [iMesh] "C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe" --lightmode File not found

:Commands
[reboot]

  • Click the Run Fix button at the top of the OTL control panel.
  • Let the program run until it's finished and then reboot the computer.
  • Once your machine has rebooted, a log will open. If the log doesn't open upon reboot, you can find a copy of it here: C:\_OTL\MovedFiles Please post that log in your next reply.
If you have any problems, questions, or need further explanation, please post a message in this thread and I will get back to you asap.

Things I need to see in your next post:

OTL Fix Log

  • 0

#18
lee81

lee81

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

========= COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\iMeshPlugin\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\iMesh deleted successfully.
========== COMMANDS ==========
 
OTL by OldTimer - Version 3.2.69.0 log created on 05122014_133539


  • 0

#19
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello :)

Great news, your logs are CLEAN! :thumbsup: :) But we still have a few things we need to address namely:
  • I need to remove the tools we installed on your machine.
  • We also have some programs on your machine that need updating to help protect you in the future.
Step 1: Tool Removal and Creation of a New Clean Restore Point
  • Download Delfix from here
  • Ensure Remove disinfection tools is ticked
    Also tick:
    • Create registry backup
    • Purge system restore
    delfix.jpg
  • Click Run
The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply


Step 2: Program Updates, Teatimer Restart, and Installation of FileHipp


Updating Adobe Reader
  • Malware will exploit any vulnerabilities it can find in outdated software. If you are using Adobe Reader for reading pdf files, try using FoxIt Reader. It is a very capable alternative to Adobe.
  • Please click here to download FoxIt Reader.
  • If you wish to continue to use Adobe Reader, then please update it by clicking here.
  • Please remember to uncheck the option to install McAfee's Security Suite.
Re-Enable SpyBot's Teatimer


1.) Start Spybot S & D, in the Menu, Select Mode and Click Advanced Mode.

2.) Click Yes in the confirmation dialogue box.

3.) Now, in the left pane, click on Tools to expand the menu. Make sure that Resident is checkmarked in the right pane and then click Resident in the left pane.

4.) In the right pane checkmark Resident "Tea timer" (Protection of over-all system settings\active.

5.) Tea timer will now start and run from the systray. Henceforth it will start with Windows to alert you against any change to your key settings.


Keeping your software updated

Another weapon against malicious programs and viruses is to keeping other programs updated. There are several programs out there that can check for out of date programs on your computer. One is Filehippo. You can run this on a weekly or monthly basis to check your programs for updates and then it will provide a link for you to download them.

Download Filehippo Updatechecker


Step 3: Tips, Information, and Protection against CryptoLocker

Watch what you open in your emails. If you get an email from an unknown source with any attached files, do not open it.

Be careful of the websites you visit.

When installing new programs, don't be "click happy" and click through the screens. Many programs come with adware in them and are set to install them by default. Several programs require that you uncheck or select no to prevent the installation. Take you time and read each screen as you go. :)

To help protect yourself while on the web, I recommend you read How did I get infected in the first place?

[b]A warning about CryptoLocker


CryptoLocker is a ransomware program that was released around the beginning of September 2013 that targets all versions of Windows including Windows XP, Windows Vista, Windows 7, and Windows 8. This ransomware will encrypt certain files using a mixture of RSA & AES encryption. When it has finished encrypting your files, it will display a CryptoLocker payment program that prompts you to send a ransom of either $100 or $300 in order to decrypt the files. This screen will also display a timer stating that you have 72 hours, or 4 days, to pay the ransom or it will delete your encryption key and you will not have any way to decrypt your files. This ransom must be paid using MoneyPak vouchers or Bitcoins. Once you send the payment and it is verified, the program will decrypt the files that it encrypted.

Please download and install CryptoPrevent to lock your machine down from this infection.

CryptoPrevent_zps1835f65d.jpg

Are there any further issues I can assist you with?
  • 0

#20
lee81

lee81

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

Thank you so much, I reallr really have appreciated your time and effort to help me with these issues, u have been fantastic, i will also transfer money to my pay pal account over the next few days and give a donation, I know i are so greatful for everything you do and i am sure others are as well thank you!!!


  • 0

#21
lee81

lee81

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

# DelFix v10.7 - Logfile created 12/05/2014 at 14:25:17
# Updated 27/04/2014 by Xplode
# Username : Lee - LEE-PC
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\_OTL
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Lee\AppData\Desktop\mbar
Deleted : C:\log.txt
Deleted : C:\Users\Lee\AppData\Desktop\aswMBR.txt
Deleted : C:\Users\Lee\AppData\Desktop\log.txt
Deleted : C:\Users\Lee\AppData\Desktop\MBR.dat
Deleted : C:\Users\Lee\Downloads\adwcleaner.exe
Deleted : C:\Users\Lee\Downloads\aswmbr.exe
Deleted : C:\Users\Lee\Downloads\esetsmartinstaller_enu.exe
Deleted : C:\Users\Lee\Downloads\Extras.Txt
Deleted : C:\Users\Lee\Downloads\JRT.exe
Deleted : C:\Users\Lee\Downloads\OTL.Txt
Deleted : C:\Users\Lee\Downloads\OTL(1).exe
Deleted : C:\Users\Lee\Downloads\OTL(2).exe
Deleted : C:\Users\Lee\Downloads\OTL.exe
Deleted : C:\Users\Lee\Downloads\SecurityCheck.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #98 [Windows Update | 05/04/2014 01:44:34]
Deleted : RP #99 [Windows Update | 05/07/2014 17:00:20]
Deleted : RP #100 [Restore Operation | 05/11/2014 10:31:47]
Deleted : RP #102 [avast! antivirus system restore point | 05/11/2014 12:21:10]
Deleted : RP #103 [Installed Microsoft Fix it 50906 | 05/11/2014 14:06:26]
Deleted : RP #104 [OTL Restore Point - 12/05/2014 12:16:48 AM | 05/11/2014 14:16:50]
Deleted : RP #105 [avast! antivirus system restore point | 05/11/2014 15:23:33]
Deleted : RP #106 [Windows Update | 05/11/2014 23:31:17]
Deleted : RP #107 [OTL Restore Point - 12/05/2014 1:35:49 PM | 05/12/2014 03:35:50]

New restore point created !

########## - EOF - ##########
 


  • 0

#22
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

Thank you so much, I reallr really have appreciated your time and effort to help me with these issues, u have been fantastic, i will also transfer money to my pay pal account over the next few days and give a donation, I know i are so greatful for everything you do and i am sure others are as well thank you!!!


You are quite welcome, it's been good to work with you, and I appreciate your willing to donate. :thumbsup: Please don't hesitate to come back if you need our help again. :)

Pystryker :wave:
  • 0

#23
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP