Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Doubts about Malware, Spycatcher - Trovit [Solved]

trovit conduit

  • This topic is locked This topic is locked

#16
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts
Hello again Hari Prahlad,

Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you may need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

Disable your security programs.
  • Click the blue Run ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
     then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow/install to install. If your firewall asks whether you want to allow installation, say yes. If asked, click yes to allow the program to run on your computer.
  • Check "Enable detection of potentially unwanted applications"
  • Click Advanced Settings
  • Ensure that the boxes "Remove found threats" and Enable Anti-Stealth technology are checked.
  • Add a check to "Scan archives" and "Scan for potentially unsafe applications"
  • Click on Start and say yes to allow the program to proceed.
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed click "List of found threats" and click again on Copy to clipboard. Open notepad and past in the clipboard list. Save it as ESET log somewhere that you can find .
  • After that click the button "Back"
  • Select and check Uninstall application on close and Delete quarantined files.
  • Then click on: Finish
  • Copy and paste the ESET log back here and tell me how your machine is now.

  • 0

Advertisements


#17
Hari Prahlad

Hari Prahlad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts

Thanks emeraldnzl,

 

Will do as instructed and report back.


  • 0

#18
Hari Prahlad

Hari Prahlad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts

Hi emeraldnzl,

 

Copy to clipboard didn't work so I exported to txt file.  Hope it's okay.

 

C:\AdwCleaner\Quarantine\C\Program Files\FlvPlayer\FLVPlayer.exe.vir Win32/InstallCore.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\FlvPlayer\Uninstall\__Uninstall_.exe.vir a variant of Win32/InstallCore.OY potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Tbccint\ToolbarService\ToolbarService.exe.vir a variant of Win32/Conduit.SearchProtect.N potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\user-pc\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll.vir a variant of Win32/Toolbar.Conduit.Y potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\user-pc\AppData\Local\Conduit\Community Alerts\Alert.dll.vir a variant of Win32/Toolbar.Conduit.Y potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\user-pc\AppData\Local\Conduit\CT1142338\Softonic_EnglishAutoUpdaterHelper.exe.vir a variant of Win32/Conduit.SearchProtect.N potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\user-pc\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe.vir Win32/DealPly.S potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\user-pc\AppData\Roaming\Mozilla\Firefox\Profiles\1qmvxihn.default\Extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}\chrome\softonic_english.jar.vir Win32/Toolbar.Conduit.A potentially unwanted application deleted - quarantined
C:\Users\user-pc\Downloads\microsoft powerpoint 2010 setup(2).exe a variant of MSIL/Soft32Downloader.C potentially unwanted application deleted - quarantined
C:\Users\user-pc\Downloads\microsoft powerpoint 2010 setup.exe a variant of MSIL/Soft32Downloader.C potentially unwanted application deleted - quarantined
C:\Users\user-pc\Downloads\Setup.exe a variant of Win32/InstallCore.OY potentially unwanted application deleted - quarantined
C:\Users\user-pc\Downloads\youtube_downloader_hd_setup (1).exe Win32/OpenCandy potentially unsafe application deleted - quarantined
C:\Users\user-pc\Downloads\youtube_downloader_hd_setup.exe Win32/OpenCandy potentially unsafe application deleted - quarantined
C:\Users\user-pc\Downloads\YTDSetup (1).exe a variant of Win32/Toolbar.Widgi.G potentially unwanted application deleted - quarantined
C:\Users\user-pc\Downloads\YTDSetup.exe a variant of Win32/Toolbar.Widgi.G potentially unwanted application deleted - quarantined
C:\Windows\KJ\BIOS.EXE Win32/HackTool.SLICMod.C potentially unsafe application deleted - quarantined
C:\Windows\KJ\K.J_12.exe Win32/HackTool.SLICMod.C potentially unsafe application deleted - quarantined
C:\Windows\KJ\BIOS_Emulator\royal32.sys a variant of Win32/HackKMS.M potentially unsafe application deleted - quarantined
C:\Windows\KJ\OEM_info\oem.exe a variant of MSIL/HackTool.WinActivator.A potentially unsafe application deleted - quarantined
C:\Windows\KJ\Pirate\WinRR.exe a variant of Win32/HackTool.WinActivator.J potentially unsafe application deleted - quarantined
D:\backup\Realtek-7x64-drp.exe a variant of Win32/Toolbar.Babylon.A potentially unwanted application deleted - quarantined
D:\backup\Desktop\JINI\YTDSetup.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application deleted - quarantined
D:\backup\Desktop\JINI\CI Pendrive\club\desktop.ini Win32/VB.NEI worm cleaned by deleting - quarantined
D:\desk top\JINI\YTDSetup.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application deleted - quarantined
D:\desk top\JINI\CI Pendrive\club\desktop.ini Win32/VB.NEI worm cleaned by deleting - quarantined
D:\SAMSUNG-PC\Backup Set 2014-03-03 083413\Backup Files 2014-03-03 083413\Backup files 2.zip a variant of Win32/Toolbar.MyWebSearch.V potentially unwanted application deleted - quarantined
D:\SAMSUNG-PC\Backup Set 2014-03-03 083413\Backup Files 2014-03-03 083413\Backup files 3.zip Win32/VB.NEI worm deleted - quarantined
D:\SAMSUNG-PC\Backup Set 2014-03-03 083413\Backup Files 2014-04-28 062611\Backup files 2.zip a variant of Win32/CNETInstaller.B potentially unwanted application deleted - quarantined
 
 
Firefox and Chrome are okay but Internet Explorer gives the Script Error.
 
Thanks again.

  • 0

#19
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts

Firefox and Chrome are okay but Internet Explorer gives the Script Error.


I take it that the other problems have gone though. :cool:

Looking at the IE problem.

Firstly let's try this:

Please go to support Microsoft for instructions on how to repair/reinstall your Internet Explorer.

Come back and tell me how it went. :)
  • 0

#20
Hari Prahlad

Hari Prahlad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts

Hi emeraldnzl,

 

Thank you.  Will do as outlined.


  • 0

#21
Hari Prahlad

Hari Prahlad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts

Hi emeraldnzl,

 

Went to http://support.micro...37#manual steps  and followed the instructions.  Comp now works like a charm.  IE is fine too.

 

Thank you so much for your valuable time.  I owe you a lot.  

 

Thanks a million again!   :spoton:


  • 0

#22
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts

Comp now works like a charm.


Great news. I think you are good to go now. :thumbsup:

We have a couple of last steps to perform and then you're all set. :)

Follow these steps to uninstall Combofix and some tools used in the removal of malware. This will also clean out and reset your Restore Points

  • Click START then RUN (Vista users go to Programs > Accessories > Run)
  • Now type Combofix /Uninstall in the runbox  and click OK.  Note the space between the X and the U, it needs to be there.

    CF_Uninstall-1.jpg

After that please go here to download OTC.

Run this program to remove most of the remaining tools we have been using.

If you are asked to reboot the machine to finish the Cleanup process choose Yes.

MBAM can be uninstalled via control panel add/remove but it may be a useful tool to keep.

Any remaining tools may be deleted.

-------------------------------------------------------------------------------------------------------------------

A reminder:  Remember to (re-install if uninstalled during cleaning) update and turn back on any anti-malware programs you may have turned off during the cleaning process.
-------------------------------------------------------------------------------------------------------------------

Here are some things that I think are worth having a look at if you don't already know about them:

---------------------------------------------------------------------------------------------------------------------

It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article Strong passwords: How to create and use them.

----------------------------------------------------------------------------------------------------------------------

Java warning

Java is a popular point of entry to your computer for malicous programs. The United States Department of Homeland Security recommends that computer users disable Java, see here. Unless you need it to run an important software the safest approach is to completely uninstall Java. Where you do require it, then the next safest option is to disable it in your browsers until you need it, then enable it.

How to disable Java in your web browser and How to unplug Java from the browser

If you do still need Java then regularly check that it is up to date. Older versions are the most vulnerable to malicious attack.

  • Download Java for Windows

    Reboot your computer.
    You also need to unininstall older versions of Java.
  • Click Start > Control Panel > Add or Remove Programs
  • Remove all Java updates except the latest one you have just installed.

--------------------------------------------------------------------------------------------------------------------

CryptoLocker Warning

There is a particularly nasty infection out there at the moment.

Go here for information about CryptoLocker Ransomeware

Download CryptoPrevent free for home use.

--------------------------------------------------------------------------------------------------------------------

To help protect your computer in the future:



  • If you do not already have automatic updates set then it is recommended that you do set Windows to check, download and install your updates automatically.

        * Click Start > Control Panel > System and Security > Windows Update
        * Under Windows Update click on Turn automatic updating on or off
        * Check items shown to ensure you receive updates automatically. Click OK.


Be aware of what emails you open and websites you visit.

Go here for some good advice about how to prevent infection.

A fun way to check your online safety literacy.

Quiz - getsafeonline

Have a safe and happy computing day!


  • 0

#23
Hari Prahlad

Hari Prahlad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts

Thank you.  Just back from tour.  Apologies for the delayed reply.  Will do as instructed.


  • 0

#24
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts

:thumbsup:


  • 0

#25
Hari Prahlad

Hari Prahlad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts

Thank you so much, emeraldnzl.  I have done all that you have advised.  I owe you a lot.   :spoton:


  • 0

Advertisements


#26
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts

You are very welcome. :happy:

 

I will keep this topic open for a day or two in case any issues arise.


  • 0

#27
Hari Prahlad

Hari Prahlad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts

Thank you.  That is extremely considerate of you.


  • 0

#28
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics


Also tagged with one or more of these keywords: trovit, conduit

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP