AVG found this on my Win 7 a few days ago. path: c:\Users\AppData\Local\ospd_us_50\Download\majospd_gentleus.exe. I've Googled to no avail. I've deleted the folder and .exe myself. AVG says it is removed after a scan-but whenever I log back in I get another AVG detection notice.
Found MalSign.Generic.6E2 [Solved]
Posted 22 August 2014 - 05:26 PM
Hello JEISEN and welcome to Geeks to Go!
My name is Dan, and I'll be helping you with your issues. If someone else is helping you, please let me know so that I may direct my efforts to helping another user. ALL staff here at Geeks To Go are volunteers; please keep that in mind if I don’t answer your post as quickly as you’d like. I give what time I can.
I am currently in training, so there will be another person reviewing my work. This may cause a bit of a delay in my responses, but on the positive side, you will have two sets of eyes reviewing your logs instead of one...
- Please note that you should have Administrator rights to perform any fixes. Also note that multiple identity PC’s (family PC’s) can present a different problem; please tell me if your PC has more than one individual’s setting, but continue with the fix.
- Before we proceed, you may wish to print these instructions for easy reference during the fix, although please be aware that many of the required URLs are hyperlinks in the blue names shown on your screen. Part of the fix may require you to be in Safe Mode, which might not allow you to access the internet, or my instructions.
- Please understand that malware removal is a complicated, multi-step process. Therefore please stay with me until I tell you that your system is clean. Attempting malware removal or clean-up yourself will only extend the time it will take to get your system clean. If you get stuck or have questions, please stop and ask so I can help you.
- Be sure to back up any personal data files you need to keep (documents, photos, etc.) to a USB flash drive or external hard disk. While every attempt will be made to precisely repair the infections on your computer, due to the complexity and unpredictability of malware clean-up, there is always a risk of data loss.
OK, now we can get started...
We need to get a good look at your system.
Please download Farbar Recovery Scan Tool and save it to your Desktop.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
- Right click on FRST on your Desktop and choose Run as Administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens, if asked, click Yes to disclaimer.
- Make sure the Addition.txt check-box is checked.
- Press Scan button.
- It will produce a log called FRST.txt in the same directory the tool is run from.
- Please copy and paste that log back here.
- The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
Posted 23 August 2014 - 11:32 AM
Thank you for the welcome and taking the time for the detailed help instructions. You helped me fix the problem already. After my FRST scan I read the report and noticed some entry's that were not on my system before. It was OneSoftPerDay. This was a "gift" from using the Cnet website and not paying attention. For the one free program they give you-they offer six or more you don't need. There was a youtube video that explained how to use regedit to get rid of this problem. It is gone! I should have used NoNags for downloads I guess. Or if there is a better download site that could be recommended? So yes you are free to help someone else!
Posted 24 August 2014 - 07:10 AM
I'm glad you were able to take care of some items by yourself. I would be happy to review your logs (with an expert's second opinion) to ensure that your system is completely malware free...
The choice of course is yours, but since you did come here for help, why not get a free second (and third) opinion?
As far as download sites, I think CNET has gone downhill a bit over the years. I've found that these types of sites are not usually closely monitored for such "foistware" or unwanted additional software. Best practice is to offer the user the chance to select/deselect those items during the install process, but not all software providers follow this approach. Part of their revenue may be from advertising and/or including such packages, so some of this could be intentional.
Regardless of where you download software installers from, Unchecky can help protect you from any third-party program or adware that tries to sneak through the installation process.
If you do wish to proceed, please review/follow the instructions in the Malware and Spyware Cleaning Guide.
Posted 26 August 2014 - 03:38 PM
Hello JEISEN, did you want to proceed with further inspection of your system?
Please let me know either way. Thanks.
Posted 27 August 2014 - 10:55 PM
Sorry I didn't get back to you sooner. I'm not getting emails to post answers-and I forget to check back when I get busy with another project-like my friends laptop. Thanks for the Unchecky link! If I do run in to any more problems I will follow your instructions and post for further help-Thanks again!! J
Posted 28 August 2014 - 08:39 AM
Thanks for the reply.
Let's cover some additional steps to clean up your computer and help you avoid getting infected again...
Tools Cleanup and Housekeeping
The first thing we need to do is to remove all the tools that we have used. This is so that should you ever be re-infected, you will download updated versions. It will also remove the quarantined Malware from your computer.
- Click Here to download OTL
- Double-click OTL.exe to run it.
- Copy all of the below text in the code box and paste it into OTL in the Custom Scans/Fixes area:
- Click the Run Fix button. When it's done, click OK.
- Click the Clean up button.
- Click Yes to reboot.
Delete any logs that you have left over on your desktop.
Now let's take a few preventative measures to reduce the risk of further infections.
Automatic Updates for Windows 7
Another essential is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats, Microsoft releases security updates that help keep your computer from becoming vulnerable. It is best if you have these set to download automatically.
Turn ON Automatic Updates in Windows 7
Java is a popular point of entry to your computer for malicous programs. The United States Department of Homeland Security recommends that computer users disable Java. Read more about it here and here.
Unless you need it to run important software the safest approach is to completely uninstall Java. Where you do require it then the next safest option is to disable it in your browsers until you need it, then enable it.
How to diasble Java in your web browser and How to unplug Java from the browser
If you do still need Java then regularly check that it is up to date. Older versions are the most vunerable to malicious attack.
- Click Start>Control Panel>Add/Remove Programs.
- Uninstall all Java updates
- Reboot your computer if prompted
- Download Java for Windows.
- Once downloaded, run the installer program, making sure to uncheck "Install the Ask Toolbar and make Ask my default search provider". Disable any other optional software, settings or toolbars if offered.
- Reboot your computer.
Web Browser security
Your log shows you are using Internet Explorer [VERSION OF INTERNET EXPLORER], which is very outdated and has many known vulnerabilities. You should consider using Mozilla Firefox:
Most malware is exploiting Internet Explorer's vulnerabilities, with Firefox you will be more secure.
Note: If you are going to use Firefox, I would suggest the use of these add-ons:
- NoScript - for blocking ads and other potential website attacks.
- McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling.
Other Program updates
Your copy of Adobe Reader is outdated, and you should get the latest version and keep it updated. Best of all, its FREE:
- Get Adobe Reader
- Make sure to uncheck the check box labelled "Yes, install McAfee Security Scan Plus - optional", or any other optional "features".
You already have an excellent preventative program that will help to keep the nasties away - Malwarebytes Anti-Malware. I would advise running this at least once a month. If you need to download it again, you can get it from here:
Next let's look at Firewalls. These help to prevent unauthorized access both to and from the internet or your local network. A firewall is considered a first line of defense in protecting private information. Below are two free firewalls to choose from, if you do not already have one. Note: You only want to use one firewall your system.
You can use the built-in Windows 7 Firewall, OR use a third-party one, such as these:
- OnLine-Armour is a free fully functional firewall
- Agnitum - Outpost free is a free fully functional firewall
Anti Virus Programs
On to personal Anti Virus programs. One AV is a must have, but never more than one, as this can and will cause conflicts, system slow-downs, and false readings.
You already have [NAME OF EXISTING ANTI VIRUS] installed. If you wish to keep using it, please uninstall it, reboot, and re-install it from the original disc. Always make sure it is up to date and enabled.
- OR -
These FREE ones are as good as any paid subscription AV, as long as you allow them to update themselves:
- Microsoft Security Essentials
- Avast! Home Edition - a very good free AntiVirus.
- AVG Free Anti-virus - yet another good free AntiVirus
Almost done! If you like to use chat, MSN and Yahoo have vulnerabilities that can leave you open to infections. There are however a couple of very good, malware-free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN):
Finally, it is a good idea to clear out all your temp files every now and again. This will help keep your computer running optimally. It can detect registry errors, missing shortcuts, invalid files, etc. It also can assist in getting rid of files that may contain malicious code that could re-infect your computer.
- TFC by OldTimer is a free temporary file cleaner.
CryptoLocker is a particularly nasty infection which is becoming more prevalent..
Go here for information about CryptoLocker Ransomeware. Learning about what is out there may help you prevent infection. The best protection against this infectoin is to backup your files often. If you're using an external drive, keep it unplugged from the computer when you're not backing up files or using it. This will prevent the infection from getting to your backed up files if you ever have the frustrating experience of contracting it.
It is suggested to Download CryptoPrevent, which is free for home use. It will help prevent CryptoLocker infection.
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this excellent article, originally written by Tony Klein, and updated by SpySentinel.
I will keep this log open for the next couple of days, so if you have any further problems, you can post another reply here.
OK, happy computing, and stay safe!
Please reply again to this thread to acknowledge you have read my last post. If you have no further questions, this thread will be closed to prevent others from posting here.
Posted 28 August 2014 - 09:08 AM
I just wanted to let you know that I realize I have some comments in my last post in Step 4 - Web Browser Security and Step #8 - AntiVirus which you can ignore. Since you didn't post any logs, I couldn't fill those in...
Posted 28 August 2014 - 10:13 AM
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users