Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

V-bates-Trovi-DuckDuckGo [Solved]


  • This topic is locked This topic is locked

#31
Elisheba

Elisheba

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts

Security Check Log:

 

 Results of screen317's Security Check version 0.99.83  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
avast! Antivirus   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 55  
 Adobe Flash Player 13.0.0.214  
 Adobe Reader XI  
 Mozilla Firefox (29.0.1) 
 Google Chrome 34.0.1847.137  
 Google Chrome 35.0.1916.114  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast avastui.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log`````````````````````` 

  • 0

Advertisements


#32
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Looks good, looks real good! Did you uninstall Dell System Detect? If not, go ahead and uninstall it and then reboot. Let me know if the error occurs on reboot. :)
  • 0

#33
Elisheba

Elisheba

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts

No didn't uninstall before, but I did now. Going to go reboot. Did you see Eset caught something? (A variant of win32/remote admin.remote exec. AA potentially unsafe application). Ok, going to go reboot. =D


  • 0

#34
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

No didn't uninstall before, but I did now. Going to go reboot. Did you see Eset caught something? (A variant of win32/remote admin.remote exec. AA potentially unsafe application). Ok, going to go reboot. =D


Yes, I did. I'm going to remove it with a small FRST fix shortly. :)
  • 0

#35
Elisheba

Elisheba

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts

Okay, restarted and no more message on restart. Yey. Whats next, boss?


  • 0

#36
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

Okay, restarted and no more message on restart. Yey. Whats next, boss?


Aweseome :) Let's remove that file ESET picked up.
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

Start
C:\Support\SIWPortable\SIWPortable.exe
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.
  • 0

#37
Elisheba

Elisheba

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts

Fixlog.txt:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-05-2014
Ran by Owner at 2014-05-23 18:38:08 Run:2
Running from C:\Users\Owner\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Start
C:\Support\SIWPortable\SIWPortable.exe
End
*****************
 
C:\Support\SIWPortable\SIWPortable.exe => Moved successfully.
 
==== End of Fixlog ====

  • 0

#38
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
And with that...

Great news, your logs are CLEAN! :thumbsup: :) but we still have a few things we need to address namely:
  • I need to remove the tools we installed on your machine.
  • We need to enable UAC on your machine as this can help prevent malware from installing itself on your machine.
  • I also have some information to help protect yourself and protection against a new ransomware program called CryptoLocker.
Step 1: Tool Removal and Creation of a Clean Restore Point
  • Download Delfix from here
  • Ensure Remove disinfection tools is ticked
    Also tick:
    • Create registry backup
    • Purge system restore
    delfix.jpg
  • Click Run
The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.

You can uninstall ESET Online Scanner at this time.

I recommend keeping Malwarebytes Anti-Malware installed. Make sure to update it and run it at least once a week. If it finds things such as PUP's (Potentially Unwanted Programs) you can delete those with no worries. However, if it finds something like a trojan, come see us.


Step 2: Enable UAC and Installation of FileHippo


Enable UAC in Windows 7
  • Open User Account Control Settings by clicking the Start button and then clicking Control Panel
  • In the Search Box, type in uac and then click Change User Account Control settings.
  • To turn on UAC, move the slider to choose when you want to be notified, and then click OK.
  • If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
Installation of FileHippo

Keeping your software updated

Another weapon against malicious programs and viruses is to keeping other programs updated. There are several programs out there that can check for out of date programs on your computer. One is Filehippo. You can run this on a weekly or monthly basis to check your programs for updates and then it will provide a link for you to download them.

Download Filehippo Updatechecker


Step 3: Tips, Information, and Protection against CryptoLocker


Watch what you open in your emails. If you get an email from an unknown source with any attached files, do not open it.

Be careful of the websites you visit.

When installing new programs, don't be "click happy" and click through the screens. Many programs come with adware in them and are set to install them by default. Several programs require that you uncheck or select no to prevent the installation. Take you time and read each screen as you go. :)

To help protect yourself while on the web, I recommend you read How did I get infected in the first place?

A warning about CryptoLocker

CryptoLocker is a ransomware program that was released around the beginning of September 2013 that targets all versions of Windows including Windows XP, Windows Vista, Windows 7, and Windows 8. This ransomware will encrypt certain files using a mixture of RSA & AES encryption. When it has finished encrypting your files, it will display a CryptoLocker payment program that prompts you to send a ransom of either $100 or $300 in order to decrypt the files. This screen will also display a timer stating that you have 72 hours, or 4 days, to pay the ransom or it will delete your encryption key and you will not have any way to decrypt your files. This ransom must be paid using MoneyPak vouchers or Bitcoins. Once you send the payment and it is verified, the program will decrypt the files that it encrypted.

Please download and install CryptoPrevent to lock your machine down from this infection.

CryptoPrevent_zps1835f65d.jpg

Are there any further issues I can assist you with?
  • 0

#39
Elisheba

Elisheba

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts

Weeeeeeeee!! Thank you so much! I just posted about this forum on my FB page. You guys are awesome. Now onto the removals. 


  • 0

#40
Elisheba

Elisheba

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts

Delfix log:

 

# DelFix v10.7 - Logfile created 23/05/2014 at 18:48:37
# Updated 27/04/2014 by Xplode
# Username : Owner - LISADAY
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
 
~ Removing disinfection tools ...
 
Deleted : C:\JRT
Deleted : C:\_OTL
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Owner\Desktop\Addition.txt
Deleted : C:\Users\Owner\Desktop\AdwCleaner[S1].txt
Deleted : C:\Users\Owner\Desktop\adwcleaner_3.210.exe
Deleted : C:\Users\Owner\Desktop\aswmbr.exe
Deleted : C:\Users\Owner\Desktop\aswMBR.txt
Deleted : C:\Users\Owner\Desktop\esetsmartinstaller_enu.exe
Deleted : C:\Users\Owner\Desktop\Extras.Txt
Deleted : C:\Users\Owner\Desktop\Fixlog.txt
Deleted : C:\Users\Owner\Desktop\FRST.txt
Deleted : C:\Users\Owner\Desktop\FRST64.exe
Deleted : C:\Users\Owner\Desktop\JRT.exe
Deleted : C:\Users\Owner\Desktop\JRT.txt
Deleted : C:\Users\Owner\Desktop\MBR.dat
Deleted : C:\Users\Owner\Desktop\OTL.Txt
Deleted : C:\Users\Owner\Desktop\OTL.exe
Deleted : C:\Users\Owner\Desktop\SecurityCheck.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR
 
~ Creating registry backup ... OK
 
~ Cleaning system restore ...
 
Deleted : RP #492 [Windows Update | 05/21/2014 10:27:24]
Deleted : RP #493 [Removed Embroidery Fonts Plus | 05/21/2014 16:17:20]
Deleted : RP #494 [OTL Restore Point - 5/22/2014 8:51:32 PM | 05/23/2014 03:51:34]
 
New restore point created !
 
########## - EOF - ##########
 
 
Can I keep Eset?
I enabled UAC and downloaded FileHippo.
And thank you for the CryptoPrevent. I appreciate that alot. 
 
And maybe we'll be talking more soon....If I make it into GeekU.  :thumbsup:
 
Thanks again.  :D

  • 0

Advertisements


#41
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

Can I keep Eset?
I enabled UAC and downloaded FileHippo.
And thank you for the CryptoPrevent. I appreciate that alot.

And maybe we'll be talking more soon....If I make it into GeekU. :thumbsup:

Thanks again. :D


You can. :) That little FileHippo program is a neat little item to have. It'll be your best friend when it comes to updating programs.

Good luck with GeekU, and you are quite welcome, it's been a pleasure working with you! :thumbsup:
  • 0

#42
Elisheba

Elisheba

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts

Thank you! One more question first, please?

 

The UAC? What setting should that be set on? I little window on start up asking me to allow Avast to run, ugh. Oh, I also forgot to turn on the Avast .. ACK where is my Avast? It's not in my little spot in the bottom right corner?  :blink: Lemme go try to find it. 


  • 0

#43
Elisheba

Elisheba

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts

I found it and turned the shields on. (whew)


  • 0

#44
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
I'd set it to Always Notify Me . That gives you the most secure setting. :thumbsup:
  • 0

#45
Elisheba

Elisheba

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts

Okay that's what I'm setting mine to then. Thank you for everything. =D


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP