Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Serious infection [Solved]


  • This topic is locked This topic is locked

#16
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Hi :)
 
The things that were found are elements of your app - Family Tree Maker. Also, after our intervention, there's nothing to worry about for now - your machine is clean. One more thing - empty your downloads folder from time to time, just for a good maintanance. 

 

Now let's do some housekeeping and let's see how we can secure you in the future.

 
icon_exclaim.gif Two steps to perform - mind that the first one needs to be done (and log pasted here) before running DelFix!
 
 

= = = = = = = = = = = = = = = = = = = =

 
 
icon_arrow.gifFIRST
 
 
Download Security Check by screen317.
icon_arrow.gif Save it to your Desktop and:

  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt;

Please post the content of that document.
 
 

= = = = = = = = = = = = = = = = = = = =

 
 
icon_arrow.gifSECOND
 

Download DelFix by Xplode and save it to your desktop.

  • Run the tool by right click on the 51a5ce45263de-delfix.png icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
  • Push Run.
  • The program will run for a few seconds and display a notepad report.
  • Paste it for my review.
     
     

    = = = = = = = = = = = = = = = = = = = =

     
     
    Now in your next reply please include these ones for my review:
    icon_arrow.gif Security Check report
    icon_arrow.gif DelFix report
     
     
    I don't mind multiple posts if necessary.
     
    Cheers,
    Naat :)

  • 0

Advertisements


#17
MarkJohnson

MarkJohnson

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

Here are both logs:

 

 

 

 Results of screen317's Security Check version 0.99.83  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Norton Security Suite   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Adobe Reader 9 Adobe Reader out of Date! 
 Mozilla Firefox (29.0.1) 
 Google Chrome 34.0.1847.137  
 Google Chrome 35.0.1916.114  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 9% 
````````````````````End of Log`````````````````````` 
 
 
 
 

# DelFix v10.7 - Logfile created 07/06/2014 at 09:52:27
# Updated 27/04/2014 by Xplode
# Username : Mark - MARK-ASUS
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
 
~ Removing disinfection tools ...
 
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Mark\Desktop\Addition.txt
Deleted : C:\Users\Mark\Desktop\AdwCleaner.exe
Deleted : C:\Users\Mark\Desktop\esetsmartinstaller_enu.exe
Deleted : C:\Users\Mark\Desktop\Extras.Txt
Deleted : C:\Users\Mark\Desktop\Fixlog.txt
Deleted : C:\Users\Mark\Desktop\FRST.txt
Deleted : C:\Users\Mark\Desktop\FRST64 (1).exe
Deleted : C:\Users\Mark\Desktop\FRST_1.txt
Deleted : C:\Users\Mark\Desktop\FRST_2.txt
Deleted : C:\Users\Mark\Desktop\log.txt
Deleted : C:\Users\Mark\Desktop\OTL.Txt
Deleted : C:\Users\Mark\Desktop\RKreport_SCN_06012014_092436.log
Deleted : C:\Users\Mark\Desktop\RKreport_SCN_06012014_133145.log
Deleted : C:\Users\Mark\Desktop\RKreport_SCN_06022014_124243.log
Deleted : C:\Users\Mark\Desktop\RKreport_SCN_06032014_230801.log
Deleted : C:\Users\Mark\Desktop\SecurityCheck.exe
Deleted : C:\Users\Mark\Desktop\TFC.exe
Deleted : C:\Users\Mark\Downloads\AdwCleaner.exe
Deleted : C:\Users\Mark\Downloads\esetsmartinstaller_enu.exe
Deleted : C:\Users\Mark\Downloads\FRST64 (1).exe
Deleted : C:\Users\Mark\Downloads\FRST64.exe
Deleted : C:\Users\Mark\Downloads\OTL.exe
Deleted : C:\Users\Mark\Downloads\SecurityCheck.exe
Deleted : C:\Users\Mark\Downloads\tdsskiller.zip
Deleted : C:\Users\Mark\Downloads\TFC.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis
 
~ Cleaning system restore ...
 
Deleted : RP #34 [Installed PowerDVD | 05/29/2014 07:20:17]
Deleted : RP #35 [Removed BCL easyConverter SDK 3 (Word Version) 64. | 06/05/2014 02:07:31]
Deleted : RP #36 [Removed Optimum PC Boost | 06/05/2014 02:08:33]
Deleted : RP #37 [Removed WebEx Support Manager for Internet Explorer | 06/05/2014 02:09:09]
Deleted : RP #38 [Installed HDHomeRun | 06/06/2014 03:00:49]
Deleted : RP #39 [Installed SUABnR | 06/07/2014 08:15:29]
Deleted : RP #40 [Windows Update | 06/07/2014 08:18:05]
 
New restore point created !
 
~ Resetting system settings ... OK
 
########## - EOF - ##########
 

  • 0

#18
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Hi :)
 
Your Adobe Reader needs udpating urgently.
 
Updating Adobe Reader manually

  • Go here. You will see a download option there for the newest Adobe Acrobat version.
  • In the center part you will be prompted to install McAfee Security Scan Plus as a free program. This is foistware. Remember to leave the box for McAfee UNCHECKED.
  • Click on Install, save the file to a convenient location, double-click it and follow the prompts.

Also your HDD needs a little maintenance. Below is the link to a great article about good practices to maintain your machine:
What to do if your Computer is running slowly
 

 

And now, if subject to no further problems, you are ready to go :)


Below you will find some general tips and my personal recommendations for staying clean and secure.  Take a couple of minutes to read them, maybe some of them will help you to stay better protected in the future  :)

First of all, staying updated is crucial, not only for your operating system, but also for any third-party installed software. Exploits are often found in software that is delivered by external vendors.

icon_exclaim.gifjava.gif Actually Java is one of the most vulnerable third party software products to malware (especially exploits).  I highly recommend that you completely uninstall Java unless you need it to run an important piece of software, or at least disable it in your browsers.  If java is not necessary for you, but you want to keep it, please visit this link and disable it in your browsers.  Also remember to update it whenever a new release is available.

icon_exclaim.gifStart%20Orb.jpg Bare in mind that the bugs will always appear, as well as matching fixes.  The best way to stay always updated is to enable automatic updates.

icon_idea.gif How-to for Windows 7

 
icon_exclaim.gif A few good methods to keep your installed software up to date would be to use Secunia Personal Software Inspector or FileHippo.

icon_exclaim.gif For good maintenance of your computer, these two are must-have in my opinion:

icon_arrow.giftfc.pngTFC
A small tool that is used to clean unneeded temporary files.  Very simple - you just run it and press the Start button.  Be sure to finish all your work and save it before using TFC, because it will kill all processes and force a reboot to do its job properly. You already got it - keep it and run from time to time.
TFC Download
icon_arrow.gif 51a46ae42d560-malwarebytes_anti_malware.Malwarebytes' Anti-Malware
The best scanner ever, used frequently on many forums to deal with malware.  It should be your first move when any unexpected symptoms will appear on your machine.  As you already installed it, bare in mind what the wise people around here say: that it is good to perform a scan from time to time.   Also remember that the free version is not equipped with automatic updates - so you need to update it manually before every scan.
Malwarebytes' homepage


Now please sit down, grab some coke  :pepsi:  and read this great article by GaryR and Wingman:
icon_exclaim.gifComputer Security - a short guide to staying safer online. icon_exclaim.gif
It is written with a very simple language for the people who are just average computer users.  Read it carefully and you will benefit from some useful advice about safe computing.

After that you may fully enjoy your clean computer once again!  :yes:

Or, if you wish to do so, you may read about some more and add some additional security programs that are purely optional. I recommend them because they are very light (even invisible) but should limit your risk of getting infected in two cases involving infections spread by removable media and exploits.

icon_arrow.gifMcShield
McShield was designed to automaticaly scan and detect infections spread by any removable media like flash drives and media cards. After the first installation it will perform a scan of your machine to determine whether it is infected or not, and later it will automatically scan any plugged-in removable media to search for any infections before it is accessible.
McShield - homepage

icon_arrow.gifMalwarebytes' Anti-Exploit
This tool is still in its beta-stage, but as far as I am concerned Malwarebytes' research team is still improving its functionality.  It is able to catch and block many exploits we are vulnerable to when surfing the net.
Malwarebytes' website

icon_arrow.gifCryptoPrevent
The CryptoLocker infection is very severe and it leaves private files totally undecryptable. Many great minds in the Antimalware community are trying to find a way to decrypt these files, but the cure is still unknown due to a very complicated encryption key that this nasty little bug uses. The best way to prevent this is to use a small program called CryptoPrevent, which will set some extra policies for executing files in unusual locations.
CryptoPrevent - details & download

icon_arrow.gifUnchecky
Lately we have observed a great infestation of various browser hijackers and adware, which sneak-in into our systems together with 3rd party apps we are installing. This software runs silently in the background and discovers bundled toolbars and additional foistware that is trying to install itself. Obviously it does not cover all of the possibilities so we still need to be careful when installing any new software.
Unchecky - homepage

Well, that's really all from me, unless you have any other questions.  If so, just shoot me another message and I will be very glad to answer them  :thumbsup:

Cheers,
Naat :)


  • 0

#19
MarkJohnson

MarkJohnson

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

sweet, thanks a tone for your help.  I'll make sure everything is updated asap and  I'll go over those threads you linked.

 

Thanks again

-=Mark=-


  • 0

#20
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
You are welcome :thumbsup:
  • 0

#21
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP