[LiquidTension]

Hi Joanne, 

 

Yes, please remove Java SE Development Kit 7 Update 51, as well as all other versions (excluding the version just installed - Version 7 Update 60). 

[Advertisements]

ok.  fyi... on the control panel's add/remove programs, it states I installed Java v 60 on 8/1/2013.  I installed it today.  Is that right?  I'm continuing with your steps.

[jbcteacher]

ok.  fyi... on the control panel's add/remove programs, it states I installed Java v 60 on 8/1/2013.  I installed it today.  Is that right?  I'm continuing with your steps.

[jbcteacher]

malewarebytes program wouldn't allow me to copy the scanlog to a clipboard, I exported it and here it is...

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/9/2014
Scan Time: 3:03:04 PM
Logfile: malwarebyteslog.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.07.09.09
Rootkit Database: v2014.07.07.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Jarrett

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 282237
Time Elapsed: 18 min, 38 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.Ibryte, C:\Users\Jarrett\Desktop\Random Files\other\EZVID_Setup.exe, Quarantined, [5264afeda6d5f14571b8db621ce49b65],

Physical Sectors: 0
(No malicious items detected)

(end)

[jbcteacher]

the esetsmartinstaller_enu file didn't save as an executable.  Should I save as and then run...  It wants a program to run it

[LiquidTension]

Yes, that is fine.

[jbcteacher]

Do I want to enable or disable the potential of unwanted applications.  Screen one of 4 of the app.

[LiquidTension]

Enable. 

 

Apologies, it appears the programme has been updated recently, therefore making my instructions outdated. I believe my instructions should be OK from now onwards. 

[jbcteacher]

Do I want to enable or disable the potential of unwanted applications.  Screen one of 4 of the app...  Not sure if either option should be checked.

[jbcteacher]

duh... nevermind...  sorry

[jbcteacher]

Ugh. So it found 2 threats right away, I realized I didn't check the advanced settings, I stopped the scan, reran it, and it appears it skipped over what it found. There was a message that it was already started and it would resume, but appears that it skipped over what it initially found... Do I just let it continue? Sorry!

[jbcteacher]

Also, separately, before this, there was a pop up near the bottom toolbar that said, "dummy form"

[jbcteacher]

It's been stuck on the same file for a long time... I think it stopped.

[jbcteacher]

C:\AdwCleaner\Quarantine\C\Program Files (x86)\file scout\filescout.exe.vir a variant of Win32/FileScout.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Inbox Toolbar\Inbox.dll.old.vir Win32/Toolbar.Inbox.C potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\apn\APN-Stub\W3IV6-G\APNIC.7z.vir Win32/Bundled.Toolbar.Ask.B potentially unsafe application deleted - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\apn\APN-Stub\W3IV6-G\APNIC.dll.vir Win32/Bundled.Toolbar.Ask.B potentially unsafe application deleted - quarantined
C:\FRST\Quarantine\C\Program Files (x86)\Information\50368.crx JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Program Files (x86)\Information\50368.xpi JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll a variant of Win32/Toolbar.Visicom.B potentially unwanted application deleted - quarantined
C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawaretb.dll a variant of Win32/Toolbar.Visicom.A potentially unwanted application deleted - quarantined
C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe a variant of Win32/Toolbar.Visicom.C potentially unwanted application deleted - quarantined
C:\Users\Jarrett\AppData\Roaming\Angry_Birds\Angry_Birds.exe a variant of Win32/Toolbar.Iminent.C potentially unwanted application deleted - quarantined

 

The old Java's deleted.  Version 60 looks like it was installed 8/1/2013.  ESET did not uninstall...  I can do it manually but will wait for your reply.  Thank you.
 

[LiquidTension]

Hi Joanne,
 
Thanks for sticking it out with ESET. I was prepared to run an alternative online scan, but as ESET has completed I think we're OK.
 

Also, separately, before this, there was a pop up near the bottom toolbar that said, "dummy form"

This appears to be associated with an Acer programme; Acer Instant Update. The programme automatically refreshes webpages and email, amongst other things, as described here. Do you use the programme? 
 

Version 60 looks like it was installed 8/1/2013.

It is not uncommon for Programs and Features to display incorrect information, such as programme size and installation date.
 

ESET did not uninstall...  I can do it manually but will wait for your reply.

I will provide instructions on removing ESET, as well as the other tools we have used. 
 
 
How is the computer performing? Any outstanding issues?
 
STEP 1
 Update Outdated Software
Outdated software contain security risks that must be patched. Please download and install the latest version of the programmes below.

•  Adobe Flash Player (Uncheck "Yes, install McAfee Security Scan Plus - optional")
•  Follow these instructions to check for and download the latest Windows Updates.
   

STEP 2
 Remove Outdated Software

• Press the Windows Key  + r on your keyboard at the same time. Type appwiz.cpl and click OK.
• Search for the following programmes, right-click and click Uninstall one at a time.
  • Adobe Flash Player 11 Plugin
• Follow the prompts and reboot if necessary.
   

STEP 3
 Disable Java in Your Browser
Due to frequent exploits we recommend you disable Java in your browser. For information on Java vulnerabilities, please read the following article (point #7).

• Press the Windows Key  + s on your keyboard at the same time. Type Java Control Panel (or javacpl) in the search bar. 
• Click on the Java Control Panel. Once opened, click the Security tab.
• Deselect the check box for Enable Java content in the browser. This will disable the Java plug-in in the browser. 
• Click Apply. When the Windows User Account Control (UAC)  appears, allow permissions to make the changes. 
• Click OK in the Java Plug-in confirmation window.
• Restart your browser(s) for changes to take effect.
• More information can be found here and here.
   

STEP 4
 Security Check

• Please download SecurityCheck and save the file to your desktop.
• Double-click SecurityCheck.exe and follow the onscreen instructions inside the black box.
• A log (checkup.txt) will automatically open on your desktop.
• Copy the contents of the log and paste in your next reply.
   

======================================================
 
STEP 5
 Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

• checkup.txt
• Comments on how your computer is performing. 

Note: There are important steps to follow. Please ensure you continue following this topic until I give you the "All Clean".

[jbcteacher]

Got it. I've got errands to run and will do this upon return. We have not been using the computer because I wasn't sure if doing so would cause issues. Before we are done, I'd like to return the PC to Jarrett to use to make sure it operates well for him. Is that ok? I'll post the logs in a few hours.