Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

25assist [Solved]


  • This topic is locked This topic is locked

#16
tjmcs

tjmcs

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 265 posts

Ran both scans again. This is malwarebytes. Eset just showed the same log as last time. Uninstalled it and deleted files. Will reinstall and run again tomorrow.

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 8/27/2014
Scan Time: 6:47:19 PM
Logfile: MBAM.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.08.27.08
Rootkit Database: v2014.08.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Joe

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 335018
Time Elapsed: 13 min, 5 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.iBryte, C:\Users\Joe\AppData\Local\Temp\setup.exe, Quarantined, [f3a611b87dfe063008b57462d2326f91],

Physical Sectors: 0
(No malicious items detected)

(end)


  • 0

Advertisements


#17
tjmcs

tjmcs

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 265 posts

Ruggie,

 

I removed Eset from my computer, redownloaded and ran the scan again.I am still getting the same log. Before I click "finish", it shows there are 13 infections.

 

joe


  • 0

#18
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts
Hi Joe.

I dont have proper access today and am on my phone but will continue tomorrow.
Shouldnt be a problem really, we will just have to look manually.
  • 0

#19
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Can you send a screenshot of the 13 infections please.


  • 0

#20
tjmcs

tjmcs

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 265 posts

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Torntv V9.0\51390.crx.vir JS/Toolbar.Crossrider.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Torntv V9.0\51390.xpi.vir JS/Toolbar.Crossrider.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Torntv V9.0\Torntv V9.0-buttonutil.exe.vir a variant of Win32/Toolbar.CrossRider.AA potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Torntv V9.0\Torntv V9.0-buttonutil64.dll.vir a variant of Win64/Toolbar.Crossrider.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Torntv V9.0\Torntv V9.0-buttonutil64.exe.vir a variant of Win64/Toolbar.Crossrider.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Torntv V9.0\Torntv V9.0-chromeinstaller.exe.vir a variant of Win32/Toolbar.CrossRider.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Torntv V9.0\Torntv V9.0-codedownloader.exe.vir a variant of Win32/Toolbar.CrossRider.T potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Torntv V9.0\Torntv V9.0-firefoxinstaller.exe.vir a variant of Win32/Toolbar.CrossRider.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Torntv V9.0\Torntv V9.0-updater.exe.vir a variant of Win32/Toolbar.CrossRider.W potentially unwanted application
C:\Users\Joe\Downloads\cbsidlm-cbsi188-RIOT_Extended_Plugin_for_IrfanView-ORG-10911921.exe a variant of Win32/CNETInstaller.B potentially unwanted application
C:\Users\Joe\Downloads\ccsetup412.exe.x8xzstz.partial Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Joe\Downloads\ccsetup415.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
 


  • 0

#21
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Hi there,

 

Nothing really to worry about there, it picked up some files in quarantine and they wil be removed when we clean up.

 

Can you navigate to C:\Users\Joe\Downloads\ and delete the following 3 files please.

 

C:\Users\Joe\Downloads\cbsidlm-cbsi188-RIOT_Extended_Plugin_for_IrfanView-ORG-10911921.exe
C:\Users\Joe\Downloads\ccsetup412.exe.x8xzstz.partial
C:\Users\Joe\Downloads\ccsetup415.exe


  • 0

#22
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Once you have done that:

Good news, it looks like your system is now clean. A good workman cleans up after himself so let's now attend to that :D

Clear Cache/Temp Files
Download TFC by OldTimer to your desktop

  • Please right click TFC.exe tfc.png and select Run as Administrator.. (Note: If you are running on XP, just double click the file.
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Tool Removal

We need to remove the tools we've used during cleaning your machine

  • Download Delfix from here
  • Ensure Remove disinfection tools is ticked
    Also tick:
    • Activate UAC
    • Create registry backup
    • Purge system restore
    delfix-select.png
  • Click Run

The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply

ie.png Internet Explorer

As you are running an outdated version of Internet Explorer, it is recommended that you update is as a priority to ensure you are receiving the most up date protection and features.

To update, GO HERE to download Internet Explorer 11 directly.


Keep your machine updated

Due to the ever-present tide of malware, it is important to ensure your computer is kept up-to-date to minimize the risk of future infection. An important step is to ensure that automatic updates are enabled.


To enable automatic updates:

Windows 7
To turn on Automatic Updates yourself, follow these steps:

  • Click Start, type Windows update in the search box, and then click Windows Update in the Programs list.
  • In the left pane, click Change settings.
  • Select the option that you want.
  • Under Recommended updates, select the Give me recommended updates the same way I receive important updates or Include recommended updates when downloading, installing, or notifying me about updates check box, and then click OK.

Malwarebytes AntiMalware

As you have installed Malwarebytes, I recommend that you keep this program and use it to help you stay clean.

The free version will scan your computer and fix the problems it finds but will not provide real-time protection. You must scan regularly to find any threats.
Consider purchasing the full version for active monitoring of threats.



Update Other Programs

Alongside keeping Windows updated, other programs installed on your computer should also be kept current as they too can introduce security risks.

Filehippo Update Checker will scan your computer for out of date programs and provide download links for the updates. This is worth doing on a regular basis.

Recommended Programs

Web Of Trust is a browser add-on designed to alert the user before interacting with a potentially malicious website. It will highlight green if a site is known to be safe.
Adblock is a firefox browser add-on that blocks annoying banners, pop-ups and video ads.

General Advice

  • When browsing the internet, look closely at the links you click on. Some aren't always what they seem
  • Avoid Peer to Peer file sharing utilities, these are a minefield of malware infections.
  • Don't open email attachments unless you are expecting them. Even an email from your best friend can be infected, they might not have sent it.
  • Pay attention when installing a program to your computer, particularly to any check boxes that may appear during installation, it is common for unwanted software to be installed in this way.

  • 0

#23
tjmcs

tjmcs

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 265 posts

# DelFix v10.8 - Logfile created 02/09/2014 at 17:04:23
# Updated 29/07/2014 by Xplode
# Username : Joe - JOE-PC
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Activating UAC ... OK

~ Removing disinfection tools ...

Deleted : C:\Qoobox
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Joe\Desktop\FRST-OlderVersion
Deleted : C:\ComboFix.txt
Deleted : C:\Users\Joe\Desktop\Addition.txt
Deleted : C:\Users\Joe\Desktop\adwcleaner_3.307.exe
Deleted : C:\Users\Joe\Desktop\aswmbr.exe
Deleted : C:\Users\Joe\Desktop\aswMBR.txt
Deleted : C:\Users\Joe\Desktop\Fixlog.txt
Deleted : C:\Users\Joe\Desktop\FRST.txt
Deleted : C:\Users\Joe\Desktop\FRST64.exe
Deleted : C:\Users\Joe\Desktop\FSS.exe
Deleted : C:\Users\Joe\Desktop\FSS.txt
Deleted : C:\Users\Joe\Desktop\JRT.exe
Deleted : C:\Users\Joe\Desktop\JRT.txt
Deleted : C:\Users\Joe\Desktop\MBR.dat
Deleted : C:\Users\Joe\Desktop\TFC.exe
Deleted : C:\Windows\grep.exe
Deleted : C:\Windows\PEV.exe
Deleted : C:\Windows\NIRCMD.exe
Deleted : C:\Windows\MBR.exe
Deleted : C:\Windows\SED.exe
Deleted : C:\Windows\SWREG.exe
Deleted : C:\Windows\SWSC.exe
Deleted : C:\Windows\SWXCACLS.exe
Deleted : C:\Windows\Zip.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #301 [Windows Update | 07/11/2014 01:13:19]
Deleted : RP #302 [Scheduled Checkpoint | 07/18/2014 23:34:25]
Deleted : RP #303 [Windows Update | 07/23/2014 21:44:46]
Deleted : RP #304 [Windows Update | 08/02/2014 22:22:55]
Deleted : RP #305 [avast! antivirus system restore point | 08/06/2014 23:03:20]
Deleted : RP #306 [Windows Update | 08/13/2014 01:45:28]
Deleted : RP #307 [Scheduled Checkpoint | 08/22/2014 23:32:48]
Deleted : RP #308 [Windows Update | 08/28/2014 03:10:53]

New restore point created !

########## - EOF - ##########

 

Hate viruses. Run Avast as main antivirus, adwcleaner almost daily, malwarebytes once a week. Still get thru.


  • 0

#24
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Excellent, you should be good to go now.

 

Is everything running as it should?


  • 1

#25
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

And yes they are a nightmare, but with some careful clicking, you should be able to keep them at bay.

 

On the last post I made, there was a link to web of trust.

 

It is well worth installing. Helps stay away from the nasties.


  • 0

Advertisements


#26
tjmcs

tjmcs

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 265 posts

Thank you for all the help. One question, how do I get rid of the icons of the downloads and the logs.


  • 0

#27
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

 Can you point to them specifically what is remaining? The delfix log shows that all the software tools have been removed along with any corresponding logs.

 

For example:

Deleted : C:\Users\Joe\Desktop\FRST-OlderVersion
Deleted : C:\ComboFix.txt
Deleted : C:\Users\Joe\Desktop\Addition.txt
Deleted : C:\Users\Joe\Desktop\adwcleaner_3.307.exe
Deleted : C:\Users\Joe\Desktop\aswmbr.exe
Deleted : C:\Users\Joe\Desktop\aswMBR.txt
Deleted : C:\Users\Joe\Desktop\Fixlog.txt
Deleted : C:\Users\Joe\Desktop\FRST.txt
Deleted : C:\Users\Joe\Desktop\FRST64.exe
Deleted : C:\Users\Joe\Desktop\FSS.exe
Deleted : C:\Users\Joe\Desktop\FSS.txt
Deleted : C:\Users\Joe\Desktop\JRT.exe
Deleted : C:\Users\Joe\Desktop\JRT.txt


  • 0

#28
tjmcs

tjmcs

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 265 posts

The JRT, TFC, FRST64, FSS, aswmbr program icons and the aswmbr, fixlog, JRT, FRST, MBR.dat, Addition, FSS log icons are still on the desktop. When I tried to remove them, I received a message stating:  Could not find this item.This is no longer located in C:\users\joe\desktop. Verify the item's location and try again.

 

Happens on all the above icons.


  • 0

#29
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Ahh, try just pressing F5


  • 0

#30
tjmcs

tjmcs

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 265 posts

Think my problem fixed itself. The icons stayed on the desktop after rebooting the computer following the last diagnostic. I had to leave for a while and shut the computer down. When I returned and booted up, the icons were gone. Thanks a lot. You were very helpful.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP