Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Particularly stubborn malware prevents internet access

Started by Noctis4 , Jun 11 2014 12:46 PM

  • Please log in to reply

#31
zep516
Posted 15 June 2014 - 03:29 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
OK.

Here's what we need to do in-stall an Anti Virus, Microsoft security essentials is good, it's what I use. Simple and effective. Light weight etc.

Get it from Here

Download it to the desktop, don't install yet.

Next

We need to run the AVG Un-installer located Here. Run the 64 Bit one for the version you had 2012, 2013, 2014 whatever it was. Important step to do this.....

Now after you do that install Microsoft Security Essentials. Double click the file you downloaded previously.

Let me know what that is done.

Joe
  • 1

Advertisements

#32
Noctis4
Posted 16 June 2014 - 07:16 AM

Noctis4

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts

Ok I used the AVG remover and installed the windows security essentials. Then I went ahead and ran a full scan. Everything came back clean.


  • 0

#33
zep516
Posted 16 June 2014 - 05:40 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
OK.

One more scan to double check for Malware,

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go >>HERE<< then click on: ESET1st.jpg

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the ESETexe.jpg icon to install.

    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: ESETsave.jpg
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: EOLS3.gif
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt).
  • Copy and paste that log as a reply to this topic.
  • Now click on: EOLS4.gif
    (Selecting Uninstall application on close if you so wish)
Post the ESET Log.

Thanks
Joe :)

As far as the connection I'm running out of ideas, we have checked everything. Lets run the eset scan, then clean up tools that I used. Verify the machine is Malware free and I'll get you to a Network person to look at it.
  • 1

#34
Noctis4
Posted 16 June 2014 - 09:03 PM

Noctis4

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts

I understand that your particular area is malware, security and such, but I greatly appreciate the time and effort you've put forth to help me solve my problem. Here is my log for ESET. Just let me know what I have to do to coordinate with the network guy and I'll do it. Thanks again for everything you've done so far. At the very least, once I figure out my wifi issue, I'm sure my computer will run a bit smoother and be a heck of a lot cleaner because of your help. :spoton:

 

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=8
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=
# engine=18747
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-06-17 02:31:52
# local_time=2014-06-16 09:31:52 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 0 25844706 0 0
# scanned=325221
# found=16
# cleaned=16
# scan_time=3689
sh=97BCCD25561F44E9B13F05F6EEF083C9CE9BA529 ft=1 fh=641f1fb3d2e699c4 vn="Win32/Toolbar.Conduit.Y potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir"
sh=FB2BCD5A889DB9658B02E8ED3A95043BAA0094E1 ft=1 fh=f6a034ccf475a4f7 vn="Win32/Toolbar.Conduit.AC potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\CT3309350\plugins\TBVerifier.dll.vir"
sh=4F84CDFE6288BE261BCBF2C60FC2A396765A1DC0 ft=1 fh=7a99a9715a891b9b vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\SPTool.dll.vir"
sh=96A0DF1606F3BC8E987BC511A9669CCE95818E4C ft=1 fh=186cfaeb931c5ae2 vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe.vir"
sh=1F574BFEF2A0958496E684ACA4F3F2E1F85DD6CE ft=1 fh=1abf73cff647d1b5 vn="a variant of Win32/Conduit.SearchProtect.I potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe.vir"
sh=E8A32149C1221F5B8694E2999BFF0B9ACFBE1DCC ft=1 fh=79afd1c4006030eb vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll.vir"
sh=AFA7B3C2D0452211D736AF40E5E94CDAACE0BC03 ft=1 fh=54ae330ed9e71419 vn="a variant of Win32/Conduit.SearchProtect.I potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe.vir"
sh=C66BE7E22C0AE8504254F55F900ED2EE60C42500 ft=1 fh=113606ed3bb5f6ba vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\iigplimlmgilpobjilfbfeilnpiigpgl\10.19.2.5_0\plugins\ConduitChromeApiPlugin.dll.vir"
sh=FB2BCD5A889DB9658B02E8ED3A95043BAA0094E1 ft=1 fh=f6a034ccf475a4f7 vn="Win32/Toolbar.Conduit.AC potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\iigplimlmgilpobjilfbfeilnpiigpgl\10.19.2.5_0\plugins\TBVerifier.dll.vir"
sh=1DA36F2CEBBB8BACCE6B13E4438FEEBCD11B284C ft=1 fh=72b5baba16092778 vn="Win32/Conduit.SearchProtect potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\iigplimlmgilpobjilfbfeilnpiigpgl\10.31.0.526_0\APISupport\APISupport.dll.vir"
sh=119B91098847A205621FA7388C8B4A2FC134F0EB ft=1 fh=a4ebcb24189af321 vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\iigplimlmgilpobjilfbfeilnpiigpgl\10.31.0.526_0\nativeMessaging\TBMessagingHost.exe.vir"
sh=8E6270F9DA8ECE45F03149274B3DBD370FF2F404 ft=1 fh=141990a027dc0992 vn="a variant of Win32/Conduit.SearchProtect.N potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\iigplimlmgilpobjilfbfeilnpiigpgl\10.31.0.526_0\plugins\ChromeApiPlugin.dll.vir"
sh=7A65EA62950217503592BE7FC705C3D16E77B222 ft=1 fh=c212ee35a333a7b0 vn="a variant of Win32/Amonetize.W potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Mark\Downloads\FlashPlayer__4369_i147646056_il14.exe"
sh=1DA36F2CEBBB8BACCE6B13E4438FEEBCD11B284C ft=1 fh=72b5baba16092778 vn="Win32/Conduit.SearchProtect potentially unwanted application (deleted - quarantined)" ac=C fn="E:\_OTL\MovedFiles\06152014_080302\C_Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\iigplimlmgilpobjilfbfeilnpiigpgl\10.31.0.526_0\APISupport\APISupport.dll"
sh=119B91098847A205621FA7388C8B4A2FC134F0EB ft=1 fh=a4ebcb24189af321 vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application (deleted - quarantined)" ac=C fn="E:\_OTL\MovedFiles\06152014_080302\C_Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\iigplimlmgilpobjilfbfeilnpiigpgl\10.31.0.526_0\nativeMessaging\TBMessagingHost.exe"
sh=8E6270F9DA8ECE45F03149274B3DBD370FF2F404 ft=1 fh=141990a027dc0992 vn="a variant of Win32/Conduit.SearchProtect.N potentially unwanted application (deleted - quarantined)" ac=C fn="E:\_OTL\MovedFiles\06152014_080302\C_Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\iigplimlmgilpobjilfbfeilnpiigpgl\10.31.0.526_0\plugins\ChromeApiPlugin.dll"
 


  • 0

#35
zep516
Posted 16 June 2014 - 09:19 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Hello Noctis4,

Looks like we got everything, all the files ESET shows are already in quarantine :)

Next

Since your log reports are clean and free of malware, lets clean up after ourselves.


OTL Clean-Up

Right click on the OTLicon.jpg icon on your desktop and choose Run as administrator to open the main window.

Next click on the CleanUpButtonOTL.jpg button.

Once clean up is complete you will be prompted to reboot your computer. Please do so.

This will remove most of the programs we have used including itself.

Next

Double-click on AdwCleaner.exe to run the tool again.
  • Click on the Uninstall button.
  • Click Yes when asked are you sure you want to uninstall.
  • Both AdwCleaner.exe, its folder and all logs will be removed.
Right click on the JRT Icon and select delete.
If there are any left over tools or logs on your computer please delete them now.

Next

Clear Restore Points

Go Start > All Programmes > Accessories > System tools
Right click Disc Cleanup and select run as administrator
When it pops up at the first prompt select OK after it has done some calculations the tabs will appear
Select More Options tab
Press Sytem Restore and Shadow Copies Cleanup button
disc%20clean.JPG

You usually get infected because your security settings are too low.

Here are a number of recommendations that will help tighten them, and which will contribute to making you a less likely victim:

Safe Computing Practices please read Here

Thanks
Joe :)

Let me get back to you on the network issue, I'll keep the thread open.
  • 1

#36
zep516
Posted 17 June 2014 - 03:45 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
About the network issue,

Try following these instructions Here

If that does not do it, start a new topic Here

Let me know how it goes

Thanks
Joe :)
  • 1

#37
Noctis4
Posted 17 June 2014 - 08:49 PM

Noctis4

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts

Thanks for all of your help, but that didn't seem to do it. I'll open up a new thread like you suggested. Thanks again!


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP