Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer freezing up [Solved]


  • This topic is locked This topic is locked

#31
LiquidTension

LiquidTension

    Instructor

  • GeekU Moderator
  • 1,064 posts
Hi Lynn,
 

I followed your recommendations and uninstalled Hitman Pro and reinstalled mbam.  I ran a scan with mbam, it ran fine and found no issues!  I'm thrilled with the results!  The computer is running great and there doesn't seem to be any problems.  What's next?

Very good, I'm glad to hear. :)
 
Lets check for leftovers and we will be almost done!
 
STEP 1
GzlsbnV.png ESET Online Scan
Note: This scan will take a significant amount of time to complete. Please do not browse the Internet whilst your resident protection is disabled.
  • Please download ESET Online Scan and save the file to your desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Double-click esetsmartinstaller_enu.exe to run the programme.
  • Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then press Start.
  • Agree to the Terms of Use once more and click Start. Allow components to download.
  • Place a checkmark next to Enable detection of potentially unwanted applications.
  • Click Hide advanced settings. Place a checkmark next to Scan archives, Scan for potentially unsafe applications and Enable Anti-Stealth technology.
  • Ensure Remove found threats is unchecked.
  • Click Start.
  • Wait for the scan to finish. Please be patient as this can take some time.
  • Upon completion, click esetListThreats.png. If no threats were found, skip the next two bullet points.
  • Click esetExport.png and save the file to your desktop, naming it something unique such as MyEsetScan.
  • Push the Back button.
  • Place a checkmark next to KN1w2nv.png and click SzOC1p0.png.
  • Re-enable your anti-virus software.
  • Copy the contents of the log and paste in your next reply.
     
======================================================
 
STEP 2
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.
  • ESET Online Scan log

  • 0

Advertisements


#32
kaleb82

kaleb82

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts

There were 4 infected files.  Here is the log.

C:\Users\Mr B\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\4d2948dd-4806e0ab Java/Exploit.Agent.PLF trojan
C:\Users\Mr B\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\4d2948dd-69de0bd0 Java/Exploit.Agent.PLF trojan
C:\Users\Mr B\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\2f231b2e-1ae1c690 multiple threats
C:\Windows\Installer\2dc6047.msi a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
 


  • 0

#33
LiquidTension

LiquidTension

    Instructor

  • GeekU Moderator
  • 1,064 posts

Hi Lynn,
 
Lets remove those files and update your vulnerable software. 
 
STEP 1
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    start
    C:\Users\Mr B\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\4d2948dd-4806e0ab
    C:\Users\Mr B\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\4d2948dd-69de0bd0
    C:\Users\Mr B\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\2f231b2e-1ae1c690
    C:\Windows\Installer\2dc6047.msi
    end
    
  • Click File, Save As and type fixlist.txt as the File Name.
  • Important: The file must be saved in the same location as FRST64.exe.

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
     

STEP 2
CXrghb6.png Update Outdated Software

Outdated software contain security risks that must be patched. Please download and install the latest version of the programmes below.

STEP 3
EtQetiM.png Remove Outdated Software

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for the following programmes, right-click and click Uninstall one at a time.
    • Adobe Reader 9.5.5
  • Follow the prompts and reboot if necessary.
     

STEP 4
zANS9oB.png Disable Java in Your Browser
Due to frequent exploits we recommend you disable Java in your browser. For information on Java vulnerabilities, please read the following article (point #7).

  • Click the Windows Start Button 29Fou9c.jpg and type Java Control Panel (or javacpl) in the search bar.
  • Click on the Java Control Panel. Once opened, click the Security tab.
  • Deselect the check box for Enable Java content in the browser. This will disable the Java plug-in in the browser.
  • Click Apply. When the Windows User Account Control (UAC) AVOiBNU.jpg appears, allow permissions to make the changes.
  • Click OK in the Java Plug-in confirmation window.
  • Restart your browser(s) for changes to take effect.
  • More information can be found here and here.
     

STEP 5
oxliOQk.png Security Check

  • Please download SecurityCheck and save the file to your desktop.
  • Double-click SecurityCheck.exe and follow the onscreen instructions inside the black box.
  • A log (checkup.txt) will automatically open on your desktop.
  • Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 6
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Fixlog.txt
  • checkup.txt
  • Comments on how your computer is performing.

-- Note: There are important steps to follow. Please ensure you continue following this topic until I give you the "All Clean".


  • 0

#34
kaleb82

kaleb82

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts

Hi Adam,

Here are the logs you requested.  The computer is performing great! :D  I updated the outdated software, removed adobe reader 9.5.5 and disabled Java in my browser as you instructed.  Many thanks! :yes:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-08-2014
Ran by Mr B at 2014-08-06 13:38:28 Run:2
Running from C:\Users\Mr B\Desktop\Geekstogo
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
C:\Users\Mr B\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\4d2948dd-4806e0ab
C:\Users\Mr B\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\4d2948dd-69de0bd0
C:\Users\Mr B\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\2f231b2e-1ae1c690
C:\Windows\Installer\2dc6047.msi
end
*****************

C:\Users\Mr B\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\4d2948dd-4806e0ab => Moved successfully.
C:\Users\Mr B\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\4d2948dd-69de0bd0 => Moved successfully.
C:\Users\Mr B\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\2f231b2e-1ae1c690 => Moved successfully.
C:\Windows\Installer\2dc6047.msi => Moved successfully.

==== End of Fixlog ====

 

 Results of screen317's Security Check version 0.99.86 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Microsoft Security Essentials  
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 65 
 Adobe Reader XI 
 Google Chrome 35.0.1916.153 
 Google Chrome 36.0.1985.125 
````````Process Check: objlist.exe by Laurent```````` 
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 Symantec Norton Online Backup NOBuAgent.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````
 


Edited by kaleb82, 06 August 2014 - 03:29 PM.

  • 0

#35
LiquidTension

LiquidTension

    Instructor

  • GeekU Moderator
  • 1,064 posts

Hi Lynn,
 

The computer is performing great! :D

Very good. :)
 
Lets remove the tools we've used, and you're all set. 
 
STEP 1
Z2qgMOy.png OTL

  • Please download OTL and save the file to your desktop.
  • Double-click OTL.exe to run the programme. Ensure all other windows are closed
  • Copy the entire contents of the codebox below and paste into the 1wDyQ2v.png textbox.
    :OTL
    
    :Commands
    [emptytemp]
    [emptyjava]
    [clearallrestorepoints]
  • Click the j7yFJut.png button.
  • Let the programme run and reboot your computer if prompted
     

STEP 2
AFZxnZc.jpg DelFix

  • Please download DelFix and save the file to your Desktop.
  • Double-click DelFix.exe to run the programme.
  • Place a checkmark next to the following items:
    • Activate UAC
    • Remove disinfection tools
    • Create registry backup
    • Reset System Settings
  • Click the Run button.

-- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).
 
--- Malwarebytes Anti-Malware will still be present on your computer. I recommend keeping this programme, updating and scanning with it once a week to maintain security on your computer. If you do not wish to keep this programme on your computer, you can uninstall it by pressing the Windows Key pdKOQKY.png + r on your keyboard at the same time, typing appwiz.cpl, clicking OK and searching for Malwarebytes.

======================================================
 
All Clean!
Congratulations, your computer appears clean!  :thumbsup: 
I no longer see signs of malware on your computer, and feel satisfied that our work here is done. Below I have compiled a list of resources you may find useful. The articles document information on computer security/maintenance, common infection vectors and how you can stay safe on the Internet.

The following security/maintenance programmes come highly recommended in the security community.

  • JEP5iWI.png Web of Trust (WOT) is a browser add-on designed to alert the user before interacting with a potentially malicious website. 
  • 6YRrgUC.png Malwarebytes Anti-Malware Premium incorporates real-time protection and is designed to run alongside your anti-virus. 
  • j1OLIec.png SpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
  • A5RLVbX.png CCleaner (portable) is a handy temp file cleaner. Avoid the built-in registry cleaner => see this article for information. 
  • DgW1XL2.png Secuina PSI will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you.
  • hkxnADR.png StartupLite will scan your computer for unnecessary startup programmes. Disabling identified programmes may improve boot-time
  • jv4nhMJ.png NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology. 
  • KsUqI5A.png AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.
     

Wary of a particular file/website? Need a second opinion? Scan the file/URL using these free online scanner services:

-- Should you have any questions on the above tools, or computer security in general, please feel free to ask
 
 
======================================================
 
Please confirm you have no outstanding issues, and are happy with the state of your computer. Once I have confirmation things are in order, we can wrap things up and I will close this thread. 
 
Thank you for using WhatTheTech.
 
Safe Surfing.  :thumbsup: 
Adam (LiquidTension).


  • 0

#36
kaleb82

kaleb82

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts

Hi Adam,

I can't thank you enough.  The computer is running great, no problems.  I am keeping Malwarebytes on the system and will read recommended articles and use the recommended security/maintenance programs.  I ran OTL and DelFix.  I posted the logs below, for your review. I deleted the other remaining files.  I thank you again for all your help and for being so thorough. :D

 

All processes killed
========== OTL ==========
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 57311 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Guest
->Temp folder emptied: 50992 bytes
->Temporary Internet Files folder emptied: 6096526 bytes
 
User: Mr B
->Temp folder emptied: 230150096 bytes
->Temporary Internet Files folder emptied: 681845128 bytes
->Java cache emptied: 6350336 bytes
->Google Chrome cache emptied: 235202742 bytes
->Flash cache emptied: 61235 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 953379109 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42321310 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 757 bytes
RecycleBin emptied: 48556259 bytes
 
Total Files Cleaned = 2,102.00 mb
 
 
[EMPTYJAVA]
 
User: Administrator
 
User: All Users
 
User: Default
 
User: Default User
 
User: Guest
 
User: Mr B
->Java cache emptied: 0 bytes
 
User: Public
 
Total Java Files Cleaned = 0.00 mb
 
Restore point Set: OTL Restore Point
 
OTL by OldTimer - Version 3.2.69.0 log created on 08062014_212706

Files\Folders moved on Reboot...
C:\Users\Mr B\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

 

# DelFix v10.8 - Logfile created 06/08/2014 at 21:34:27
# Updated 29/07/2014 by Xplode
# Username : Mr B - MRB-HP
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Activating UAC ... OK

~ Removing disinfection tools ...

Deleted : C:\_OTL
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\log.txt
Deleted : C:\TDSSKiller.3.0.0.40_02.08.2014_12.40.57_log.txt
Deleted : C:\TDSSKiller.3.0.0.40_27.07.2014_07.02.20_log.txt
Deleted : C:\TDSSKiller.3.0.0.40_27.07.2014_17.23.53_log.txt
Deleted : C:\Users\Mr B\Desktop\OTL.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner

~ Creating registry backup ... OK

~ Resetting system settings ... OK

########## - EOF - ##########


  • 0

#37
LiquidTension

LiquidTension

    Instructor

  • GeekU Moderator
  • 1,064 posts
Hi Lynn,

You are more than welcome. :)

All the best,
Adam.
  • 0

#38
CatByte

CatByte

    GeekU Teacher

  • GeekU Moderator
  • 2,643 posts
  • MVP
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP