[pystryker]

stryker, I uninstalled it and let pc reload it works fine.WHEWWWW

Let's scan for remnants and check for out of date programs.



Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Scan with Malwarebytes


Please download Malwarebytes Anti-Malware to your desktop
Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits



Go back to the Dashboard and select Scan Now



If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.





On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop



Step 2: Scan with ESET Online Scanner


Please note: You can use Internet Explorer or Firefox for this step. Either browser used will have to be ran in admin mode.

Right click on either the Internet Explorer icon or the Firefox icon in the Start Menu or Quick Launch Bar on the Task bar and select Run as Administrator from the menu.

If you use Firefox, you will be prompted to download esetsmartinstaller_enu.exe. Please do so, then double click it to install it.

Please click on this link and then click the ESET Online Scanner bar ---->

• Select the option YES, I accept the Terms of Use then click on Start
• When prompted allow the Add-On/Active X to install.
• Make sure that the option Remove found threats is NOT checked.
• Make sure that the option Scan archives is checked.
• Now click on Advanced Settings and select the following:
• Scan for potentially unwanted applications
• Scan for potentially unsafe applications
• Enable Anti-Stealth Technology
• Now click on Start
• The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
• When completed the Online Scan will begin automatically. The scan may take several hours.
• Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
• Now click on Finish
• Use notepad to open the logfile located at C:\Program Files(x86)\ESET\EsetOnlineScanner\log.txt.
• Copy and paste that log as a reply to this topic.

Step 3: SecurityCheck Scan


Download Security Check by screen317 from here or here.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Things I need to see in your next post:

• ESET Scan Log
• MBAM Log
• SecurityCheck Log

[Advertisements]

hi stryker, I think I messed up again. Did I send any of the last logs you asked for?

[nickfjr]

hi stryker, I think I messed up again. Did I send any of the last logs you asked for?

[pystryker]

No, please run the steps in my previous post and post those logs when completed.

[nickfjr]

Results of screen317's Security Check version 0.99.83
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
(On Access scanning disabled!)
Error obtaining update status for antivirus!
`````````Anti-malware/Other Utilities Check:`````````
SpywareBlaster 4.4
SpywareGuard v2.2
Adobe Flash Player 13.0.0.214
Mozilla Firefox 12.0 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Malwarebytes Anti-Malware mbam.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK

[nickfjr]

Results of screen317's Security Check version 0.99.83
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
(On Access scanning disabled!)
Error obtaining update status for antivirus!
`````````Anti-malware/Other Utilities Check:`````````
SpywareBlaster 4.4
SpywareGuard v2.2
Adobe Flash Player 13.0.0.214
Mozilla Firefox 12.0 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Malwarebytes Anti-Malware mbam.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

[nickfjr]

sorry stryker I just can't post them right.

[pystryker]

No worries, please try again. You got the security check log, please look at the instructions for the location of the mbam and ESET logs.

When ready, post each log as a separate reply

[nickfjr]

No worries, please try again. You got the security check log, please look at the instructions for the location of the mbam and ESET logs.

When ready, post each log as a separate reply

 

sorry stryker I just can't post them right.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/21/2014
Scan Time: 12:22:01 AM
Logfile: Fixlog.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.05.20.05
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: nick

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 264929
Time Elapsed: 16 min, 14 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

[nickfjr]

 

No worries, please try again. You got the security check log, please look at the instructions for the location of the mbam and ESET logs.

When ready, post each log as a separate reply

 

sorry stryker I just can't post them right.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/21/2014
Scan Time: 12:22:01 AM
Logfile: Fixlog.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.05.20.05
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: nick

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 264929
Time Elapsed: 16 min, 14 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

 

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
 

[pystryker]

Great news, your logs are CLEAN! I see no signs of infection in the last logs you posted, but we still have a few things we need to address namely:

• I need to remove the tools we installed on your machine.
• We also have some programs on your machine that need updating to help protect you in the future.

Step 1: Tool Removal and Creation of a New Restore Point.

• Download Delfix from here
• Ensure Remove disinfection tools is ticked
  Also tick:
  • Create registry backup
  • Purge system restore
  
• Click Run

The program will run for a few moments and then notepad will open with a log. Please post the log in your next reply.

I recommend keeping Malwarebytes Anti-Malware installed. Make sure to update it and run it at least once a week. If it finds things such as PUP's (Potentially Unwanted Programs) you can delete those with no worries. However, if it finds something like a trojan, come see us.

You can uninstall ESET Online Scanner at this time.


Step 2: Program Updates and Installation of FileHippo


Your version of Firefox is out of date. Please update it by clicking Help and then About Firefox and Firefox will update itself.


Keeping your software updated

Another weapon against malicious programs and viruses is to keeping other programs updated. There are several programs out there that can check for out of date programs on your computer. One is Filehippo. You can run this on a weekly or monthly basis to check your programs for updates and then it will provide a link for you to download them.

Download Filehippo Updatechecker

Step 3: Tips, Information, and Protection Against CryptoLocker

Watch what you open in your emails. If you get an email from an unknown source with any attached files, do not open it.

Be careful of the websites you visit.

When installing new programs, don't be "click happy" and click through the screens. Many programs come with adware in them and are set to install them by default. Several programs require that you uncheck or select no to prevent the installation. Take you time and read each screen as you go.

To help protect yourself while on the web, I recommend you read How did I get infected in the first place?

A warning about CryptoLocker

CryptoLocker is a ransomware program that was released around the beginning of September 2013 that targets all versions of Windows including Windows XP, Windows Vista, Windows 7, and Windows 8. This ransomware will encrypt certain files using a mixture of RSA & AES encryption. When it has finished encrypting your files, it will display a CryptoLocker payment program that prompts you to send a ransom of either $100 or $300 in order to decrypt the files. This screen will also display a timer stating that you have 72 hours, or 4 days, to pay the ransom or it will delete your encryption key and you will not have any way to decrypt your files. This ransom must be paid using MoneyPak vouchers or Bitcoins. Once you send the payment and it is verified, the program will decrypt the files that it encrypted.

Please download and install CryptoPrevent to lock your machine down from this infection.



Are there any further issues I can assist you with?

[nickfjr]

# DelFix v10.7 - Logfile created 21/05/2014 at 23:19:06
# Updated 27/04/2014 by Xplode
# Username : nick - NICK-HP
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Program Files (x86)\Trend Micro\Hijackthis
Deleted : C:\Users\nick\Desktop\adwcleaner.exe
Deleted : C:\Users\nick\Desktop\aswmbr.exe
Deleted : C:\Users\nick\Desktop\aswMBR.txt
Deleted : C:\Users\nick\Desktop\Fixlog.txt
Deleted : C:\Users\nick\Desktop\FRST.txt
Deleted : C:\Users\nick\Desktop\FRST64.exe
Deleted : C:\Users\nick\Desktop\JRT.exe
Deleted : C:\Users\nick\Desktop\JRT.txt
Deleted : C:\Users\nick\Desktop\SecurityCheck.exe
Deleted : C:\Users\nick\Desktop\TFC.exe
Deleted : C:\Users\nick\Downloads\OTL.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #351 [Revo Uninstaller's restore point - Apple Software Update | 05/10/2014 05:53:19]
Deleted : RP #352 [Revo Uninstaller's restore point - Apple Application Support | 05/10/2014 05:59:16]
Deleted : RP #353 [Removed iTunes | 05/10/2014 06:06:40]
Deleted : RP #354 [Installed iTunes | 05/10/2014 06:22:53]
Deleted : RP #355 [Revo Uninstaller's restore point - Adobe AIR | 05/10/2014 08:24:14]
Deleted : RP #356 [Windows Update | 05/11/2014 04:44:11]
Deleted : RP #357 [Windows Update | 05/15/2014 04:43:01]
Deleted : RP #358 [Revo Uninstaller's restore point - DMUninstaller | 05/15/2014 04:49:14]
Deleted : RP #359 [Revo Uninstaller's restore point - DMUninstaller | 05/15/2014 05:00:32]
Deleted : RP #360 [Revo Uninstaller's restore point - Download Navigator | 05/15/2014 05:01:00]
Deleted : RP #361 [Removed Download Navigator | 05/15/2014 05:01:31]
Deleted : RP #362 [Revo Uninstaller's restore point - WinZipper | 05/15/2014 05:03:32]
Deleted : RP #363 [Revo Uninstaller's restore point - TidyNetwork.com | 05/15/2014 05:06:10]
Deleted : RP #364 [Revo Uninstaller's restore point - Optimizer Pro v3.2 | 05/15/2014 05:08:09]
Deleted : RP #365 [Revo Uninstaller's restore point - Mysearchdial | 05/15/2014 05:10:35]
Deleted : RP #366 [Windows Update | 05/15/2014 09:47:16]
Deleted : RP #367 [Revo Uninstaller's restore point - WeatherBug® | 05/15/2014 10:24:03]
Deleted : RP #368 [Revo Uninstaller's restore point - Malwarebytes' Anti-Malware version 1.51.2.1300 | 05/19/2014 10:06:45]
Deleted : RP #369 [Windows Update | 05/19/2014 10:09:08]

New restore point created !

########## - EOF - ##########

Great news, your logs are CLEAN! I see no signs of infection in the last logs you posted, but we still have a few things we need to address namely:

• I need to remove the tools we installed on your machine.
• We also have some programs on your machine that need updating to help protect you in the future.

Step 1: Tool Removal and Creation of a New Restore Point.

• Download Delfix from here
• Ensure Remove disinfection tools is ticked
  Also tick:
  • Create registry backup
  • Purge system restore
  
• Click Run

The program will run for a few moments and then notepad will open with a log. Please post the log in your next reply.

I recommend keeping Malwarebytes Anti-Malware installed. Make sure to update it and run it at least once a week. If it finds things such as PUP's (Potentially Unwanted Programs) you can delete those with no worries. However, if it finds something like a trojan, come see us.

You can uninstall ESET Online Scanner at this time.


Step 2: Program Updates and Installation of FileHippo


Your version of Firefox is out of date. Please update it by clicking Help and then About Firefox and Firefox will update itself.


Keeping your software updated

Another weapon against malicious programs and viruses is to keeping other programs updated. There are several programs out there that can check for out of date programs on your computer. One is Filehippo. You can run this on a weekly or monthly basis to check your programs for updates and then it will provide a link for you to download them.

Download Filehippo Updatechecker

Step 3: Tips, Information, and Protection Against CryptoLocker

Watch what you open in your emails. If you get an email from an unknown source with any attached files, do not open it.

Be careful of the websites you visit.

When installing new programs, don't be "click happy" and click through the screens. Many programs come with adware in them and are set to install them by default. Several programs require that you uncheck or select no to prevent the installation. Take you time and read each screen as you go.

To help protect yourself while on the web, I recommend you read How did I get infected in the first place?

A warning about CryptoLocker

CryptoLocker is a ransomware program that was released around the beginning of September 2013 that targets all versions of Windows including Windows XP, Windows Vista, Windows 7, and Windows 8. This ransomware will encrypt certain files using a mixture of RSA & AES encryption. When it has finished encrypting your files, it will display a CryptoLocker payment program that prompts you to send a ransom of either $100 or $300 in order to decrypt the files. This screen will also display a timer stating that you have 72 hours, or 4 days, to pay the ransom or it will delete your encryption key and you will not have any way to decrypt your files. This ransom must be paid using MoneyPak vouchers or Bitcoins. Once you send the payment and it is verified, the program will decrypt the files that it encrypted.

Please download and install CryptoPrevent to lock your machine down from this infection.



Are there any further issues I can assist you with?

 

# DelFix v10.7 - Logfile created 21/05/2014 at 23:19:06
# Updated 27/04/2014 by Xplode
# Username : nick - NICK-HP
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Program Files (x86)\Trend Micro\Hijackthis
Deleted : C:\Users\nick\Desktop\adwcleaner.exe
Deleted : C:\Users\nick\Desktop\aswmbr.exe
Deleted : C:\Users\nick\Desktop\aswMBR.txt
Deleted : C:\Users\nick\Desktop\Fixlog.txt
Deleted : C:\Users\nick\Desktop\FRST.txt
Deleted : C:\Users\nick\Desktop\FRST64.exe
Deleted : C:\Users\nick\Desktop\JRT.exe
Deleted : C:\Users\nick\Desktop\JRT.txt
Deleted : C:\Users\nick\Desktop\SecurityCheck.exe
Deleted : C:\Users\nick\Desktop\TFC.exe
Deleted : C:\Users\nick\Downloads\OTL.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #351 [Revo Uninstaller's restore point - Apple Software Update | 05/10/2014 05:53:19]
Deleted : RP #352 [Revo Uninstaller's restore point - Apple Application Support | 05/10/2014 05:59:16]
Deleted : RP #353 [Removed iTunes | 05/10/2014 06:06:40]
Deleted : RP #354 [Installed iTunes | 05/10/2014 06:22:53]
Deleted : RP #355 [Revo Uninstaller's restore point - Adobe AIR | 05/10/2014 08:24:14]
Deleted : RP #356 [Windows Update | 05/11/2014 04:44:11]
Deleted : RP #357 [Windows Update | 05/15/2014 04:43:01]
Deleted : RP #358 [Revo Uninstaller's restore point - DMUninstaller | 05/15/2014 04:49:14]
Deleted : RP #359 [Revo Uninstaller's restore point - DMUninstaller | 05/15/2014 05:00:32]
Deleted : RP #360 [Revo Uninstaller's restore point - Download Navigator | 05/15/2014 05:01:00]
Deleted : RP #361 [Removed Download Navigator | 05/15/2014 05:01:31]
Deleted : RP #362 [Revo Uninstaller's restore point - WinZipper | 05/15/2014 05:03:32]
Deleted : RP #363 [Revo Uninstaller's restore point - TidyNetwork.com | 05/15/2014 05:06:10]
Deleted : RP #364 [Revo Uninstaller's restore point - Optimizer Pro v3.2 | 05/15/2014 05:08:09]
Deleted : RP #365 [Revo Uninstaller's restore point - Mysearchdial | 05/15/2014 05:10:35]
Deleted : RP #366 [Windows Update | 05/15/2014 09:47:16]
Deleted : RP #367 [Revo Uninstaller's restore point - WeatherBug® | 05/15/2014 10:24:03]
Deleted : RP #368 [Revo Uninstaller's restore point - Malwarebytes' Anti-Malware version 1.51.2.1300 | 05/19/2014 10:06:45]
Deleted : RP #369 [Windows Update | 05/19/2014 10:09:08]

New restore point created !

########## - EOF - ##########

[pystryker]

Looks good! If you need us again, please don't hesitate to come back.

[pystryker]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.