[Elisheba]

Security Check Log:

 

 Results of screen317's Security Check version 0.99.83  

 Windows 7 Service Pack 1 x64 (UAC is disabled!)  

 Internet Explorer 11  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

avast! Antivirus   

 Antivirus up to date!  (On Access scanning disabled!) 

`````````Anti-malware/Other Utilities Check:````````` 

 Java 7 Update 55  

 Adobe Flash Player 13.0.0.214  

 Adobe Reader XI  

 Mozilla Firefox (29.0.1) 

 Google Chrome 34.0.1847.137  

 Google Chrome 35.0.1916.114  

````````Process Check: objlist.exe by Laurent````````  

 Malwarebytes Anti-Malware mbamservice.exe  

 Malwarebytes Anti-Malware mbam.exe  

 Malwarebytes Anti-Malware mbamscheduler.exe   

 AVAST Software Avast AvastSvc.exe  

 AVAST Software Avast avastui.exe  

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C: 0% 

````````````````````End of Log`````````````````````` 

[Advertisements]

Looks good, looks real good! Did you uninstall Dell System Detect? If not, go ahead and uninstall it and then reboot. Let me know if the error occurs on reboot.

[pystryker]

Looks good, looks real good! Did you uninstall Dell System Detect? If not, go ahead and uninstall it and then reboot. Let me know if the error occurs on reboot.

[Elisheba]

No didn't uninstall before, but I did now. Going to go reboot. Did you see Eset caught something? (A variant of win32/remote admin.remote exec. AA potentially unsafe application). Ok, going to go reboot. =D

[pystryker]

No didn't uninstall before, but I did now. Going to go reboot. Did you see Eset caught something? (A variant of win32/remote admin.remote exec. AA potentially unsafe application). Ok, going to go reboot. =D

Yes, I did. I'm going to remove it with a small FRST fix shortly.

[Elisheba]

Okay, restarted and no more message on restart. Yey. Whats next, boss?

[pystryker]

Okay, restarted and no more message on restart. Yey. Whats next, boss?

Aweseome Let's remove that file ESET picked up.

• Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
• Right-click in the open notepad and select Paste).
• Save it on the desktop as fixlist.txt

Start
C:\Support\SIWPortable\SIWPortable.exe
End

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.

[Elisheba]

Fixlog.txt:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-05-2014

Ran by Owner at 2014-05-23 18:38:08 Run:2

Running from C:\Users\Owner\Desktop

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

Start

C:\Support\SIWPortable\SIWPortable.exe

End

*****************

 

C:\Support\SIWPortable\SIWPortable.exe => Moved successfully.

 

==== End of Fixlog ====

[pystryker]

And with that...

Great news, your logs are CLEAN! but we still have a few things we need to address namely:

• I need to remove the tools we installed on your machine.
• We need to enable UAC on your machine as this can help prevent malware from installing itself on your machine.
• I also have some information to help protect yourself and protection against a new ransomware program called CryptoLocker.

Step 1: Tool Removal and Creation of a Clean Restore Point

• Download Delfix from here
• Ensure Remove disinfection tools is ticked
  Also tick:
  • Create registry backup
  • Purge system restore
  
• Click Run

The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.

You can uninstall ESET Online Scanner at this time.

I recommend keeping Malwarebytes Anti-Malware installed. Make sure to update it and run it at least once a week. If it finds things such as PUP's (Potentially Unwanted Programs) you can delete those with no worries. However, if it finds something like a trojan, come see us.


Step 2: Enable UAC and Installation of FileHippo


Enable UAC in Windows 7

• Open User Account Control Settings by clicking the Start button and then clicking Control Panel
• In the Search Box, type in uac and then click Change User Account Control settings.
• To turn on UAC, move the slider to choose when you want to be notified, and then click OK.
• If you're prompted for an administrator password or confirmation, type the password or provide confirmation.

Installation of FileHippo

Keeping your software updated

Another weapon against malicious programs and viruses is to keeping other programs updated. There are several programs out there that can check for out of date programs on your computer. One is Filehippo. You can run this on a weekly or monthly basis to check your programs for updates and then it will provide a link for you to download them.

Download Filehippo Updatechecker


Step 3: Tips, Information, and Protection against CryptoLocker


Watch what you open in your emails. If you get an email from an unknown source with any attached files, do not open it.

Be careful of the websites you visit.

When installing new programs, don't be "click happy" and click through the screens. Many programs come with adware in them and are set to install them by default. Several programs require that you uncheck or select no to prevent the installation. Take you time and read each screen as you go.

To help protect yourself while on the web, I recommend you read How did I get infected in the first place?

A warning about CryptoLocker

CryptoLocker is a ransomware program that was released around the beginning of September 2013 that targets all versions of Windows including Windows XP, Windows Vista, Windows 7, and Windows 8. This ransomware will encrypt certain files using a mixture of RSA & AES encryption. When it has finished encrypting your files, it will display a CryptoLocker payment program that prompts you to send a ransom of either $100 or $300 in order to decrypt the files. This screen will also display a timer stating that you have 72 hours, or 4 days, to pay the ransom or it will delete your encryption key and you will not have any way to decrypt your files. This ransom must be paid using MoneyPak vouchers or Bitcoins. Once you send the payment and it is verified, the program will decrypt the files that it encrypted.

Please download and install CryptoPrevent to lock your machine down from this infection.



Are there any further issues I can assist you with?

[Elisheba]

Weeeeeeeee!! Thank you so much! I just posted about this forum on my FB page. You guys are awesome. Now onto the removals. 

[Elisheba]

Delfix log:

 

# DelFix v10.7 - Logfile created 23/05/2014 at 18:48:37

# Updated 27/04/2014 by Xplode

# Username : Owner - LISADAY

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

 

~ Removing disinfection tools ...

 

Deleted : C:\JRT

Deleted : C:\_OTL

Deleted : C:\FRST

Deleted : C:\AdwCleaner

Deleted : C:\Users\Owner\Desktop\Addition.txt

Deleted : C:\Users\Owner\Desktop\AdwCleaner[S1].txt

Deleted : C:\Users\Owner\Desktop\adwcleaner_3.210.exe

Deleted : C:\Users\Owner\Desktop\aswmbr.exe

Deleted : C:\Users\Owner\Desktop\aswMBR.txt

Deleted : C:\Users\Owner\Desktop\esetsmartinstaller_enu.exe

Deleted : C:\Users\Owner\Desktop\Extras.Txt

Deleted : C:\Users\Owner\Desktop\Fixlog.txt

Deleted : C:\Users\Owner\Desktop\FRST.txt

Deleted : C:\Users\Owner\Desktop\FRST64.exe

Deleted : C:\Users\Owner\Desktop\JRT.exe

Deleted : C:\Users\Owner\Desktop\JRT.txt

Deleted : C:\Users\Owner\Desktop\MBR.dat

Deleted : C:\Users\Owner\Desktop\OTL.Txt

Deleted : C:\Users\Owner\Desktop\OTL.exe

Deleted : C:\Users\Owner\Desktop\SecurityCheck.exe

Deleted : HKLM\SOFTWARE\OldTimer Tools

Deleted : HKLM\SOFTWARE\AdwCleaner

Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR

 

~ Creating registry backup ... OK

 

~ Cleaning system restore ...

 

Deleted : RP #492 [Windows Update | 05/21/2014 10:27:24]

Deleted : RP #493 [Removed Embroidery Fonts Plus | 05/21/2014 16:17:20]

Deleted : RP #494 [OTL Restore Point - 5/22/2014 8:51:32 PM | 05/23/2014 03:51:34]

 

New restore point created !

 

########## - EOF - ##########

 

 

Can I keep Eset?

I enabled UAC and downloaded FileHippo.

And thank you for the CryptoPrevent. I appreciate that alot. 

 

And maybe we'll be talking more soon....If I make it into GeekU. 

 

Thanks again. 

[pystryker]

Can I keep Eset?
I enabled UAC and downloaded FileHippo.
And thank you for the CryptoPrevent. I appreciate that alot.

And maybe we'll be talking more soon....If I make it into GeekU.

Thanks again.

You can. That little FileHippo program is a neat little item to have. It'll be your best friend when it comes to updating programs.

Good luck with GeekU, and you are quite welcome, it's been a pleasure working with you!

[Elisheba]

Thank you! One more question first, please?

 

The UAC? What setting should that be set on? I little window on start up asking me to allow Avast to run, ugh. Oh, I also forgot to turn on the Avast .. ACK where is my Avast? It's not in my little spot in the bottom right corner?  Lemme go try to find it. 

[Elisheba]

I found it and turned the shields on. (whew)

[pystryker]

I'd set it to Always Notify Me . That gives you the most secure setting.

[Elisheba]

Okay that's what I'm setting mine to then. Thank you for everything. =D