Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

PC To A Grinding Hault - Malware! [Solved]


  • This topic is locked This topic is locked

#16
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Congratulations RSFlorida, you have done really well and all is looking good with your machine.

I would like you to perform the following steps to make sure your computer is really clean:


Step 1

Run Malwarebytes' Anti-Malware that you already have installed.

  • Now select the Settings tab, and check the box next to Scan for rootkits:
    MBAM3_zps83324155.png
  • Go back to the Dashboard tab, and click the Scan Now button:
    MBAM4_zpse3cd4a79.png
  • The scan may take some time to finish,so please be patient.
    MBAM5_zps36d7537b.png
  • When the scan is complete, it will show you the results. (This one is clean):
    MBAM65_zpsb0aa143c.png
  • Make sure that everything is checked, and click Quarantine All (or similar).
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note below) If the log doesn't open, select View detailed log in the Scan tab:
    MBAM7_zps782405f0.png
  • The log is automatically saved by MBAM and can be viewed by going to the History tab and clicking on Application Logs:
    MBAM9_zps1f87702b.png
  • Choose the latest Scan Log, and click on the View button:
    MBAM10_zps5a48f689.png
  • In the bottom of the Scanning History Log window that opens, you can click on Export > Save to Text file (*.txt). Save the report to your Desktop.
    MBAM8_zpsad402941.png
  • Copy & Paste the entire contents of the report log in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

*** In your next reply, I need you to Copy&Paste the contents of the MBAM log file.


Step 2

Please run a free online scan with the ESET Online Scanner

  • Click Run Eset Online Scanner

Runscan.png


Note: You will need to use Internet Explorer or Firefox (You will be prompted to install a helper program if you use firefox)for this scan.
Important: Please disable your existing AV software for the duration of the scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the option Enable detection of potentially unwanted applications is checked
  • Next click on Advanced Settings and select:

eset-selections.png

  • Make sure that the option Remove found threats is NOT checked
  • Scan archives
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology

eset-selections.png

  • Click Start, the virus database will update, this may take a while depending on your internet connection.
  • Once updated, the online scan will begin. (This scan can take several hours, so please be patient)
  • Once the scan is completed, click Finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Items I need to see in your next post:

  • Malware Bytes Log
  • Eset Log

  • 0

Advertisements


#17
RSFlorida

RSFlorida

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

Here are the logs:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 9/5/2014
Scan Time: 9:21:46 PM
Logfile: mbamscan 9-5-14.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.09.05.10
Rootkit Database: v2014.08.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Sean Strickling
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 367230
Time Elapsed: 14 min, 49 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Ask.com\precache.exe.vir a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Ask.com\SaUpdate.exe.vir a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Ask.com\UpdateTask.exe.vir a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Ask.com\Updater\Updater.exe.vir a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\Windows\Installer\440d7fd.msi a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
 
 
 

  • 0

#18
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Hi there.

We are about done now. All looks good. There is just one file that could do with removing, a remnant of ask toolbar installer.
Please navigate to:

C:\Windows\Installer\

and delete the file 440d7fd.msi

Good news, it looks like your system is now clean. A good workman cleans up after himself so let's now attend to that :D

Tool Removal

We need to remove the tools we've used during cleaning your machine

  • Download Delfix from here
  • Ensure Remove disinfection tools is ticked
    Also tick:
    • Activate UAC
    • Create registry backup
    • Purge system restore
    delfix-select.png
  • Click Run

The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply



Keep your machine updated

Due to the ever-present tide of malware, it is important to ensure your computer is kept up-to-date to minimize the risk of future infection. An important step is to ensure that automatic updates are enabled.


To enable automatic updates:

Windows 7
To turn on Automatic Updates yourself, follow these steps:

  • Click Start, type Windows update in the search box, and then click Windows Update in the Programs list.
  • In the left pane, click Change settings.
  • Select the option that you want.
  • Under Recommended updates, select the Give me recommended updates the same way I receive important updates or Include recommended updates when downloading, installing, or notifying me about updates check box, and then click OK.

Protection Software

You already have a built in anti-virus installed (Windows Defender) so remember to keep it updated, but I would look at an alternative that offers better protection.

Here is a well respected alternative to consider, but remember to only have one installed at a time or conflicts can occur.

AVAST Antivirus


It is recommended to install an anti-malware to help prevent reinfection.
Below are some free ones that can help keep you clean.

Malwarebytes AntiMalware

As you have installed Malwarebytes, I recommend that you keep this program and use it to help you stay clean.

The free version will scan your computer and fix the problems it finds but will not provide real-time protection. You must scan regularly to find any threats.
Consider purchasing the full version for active monitoring of threats.



Update Other Programs

Alongside keeping Windows updated, other programs installed on your computer should also be kept current as they too can introduce security risks.

Filehippo Update Checker will scan your computer for out of date programs and provide download links for the updates. This is worth doing on a regular basis.

Recommended Programs

Web Of Trust is a browser add-on designed to alert the user before interactingwith a potentially malicious website. It will highlight green if a site is known to be safe.
Adblock is a firefox browser add-on that blocks annoying banners, pop-upsand video ads.

General Advice

  • When browsing the internet, look closely at the links you click on. Some aren't always what they seem
  • Avoid Peer to Peer file sharing utilities, these are a minefield of malware infections.
  • Don't open email attachments unless you are expecting them. Even an email from your best friend can be infected, they might not have sent it.
  • Pay attention when installing a program to your computer, particularly to any check boxes that may appear during installation, it is common for unwanted software to be installed in this way.

  • 0

#19
RSFlorida

RSFlorida

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Glad to here system is clean!
 
Here's the log:
 
 
# DelFix v10.8 - Logfile created 09/09/2014 at 09:17:03
# Updated 29/07/2014 by Xplode
# Username : Sean Strickling - SEAN-PC
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
 
~ Activating UAC ... OK
 
~ Removing disinfection tools ...
 
Deleted : C:\AdwCleaner
Deleted : C:\Users\Sean Strickling\Desktop\AdwCleaner.exe
Deleted : C:\Users\Sean Strickling\Desktop\JRT.txt
Deleted : C:\Users\Sean Strickling\Downloads\AdwCleaner.exe
Deleted : C:\Users\Sean Strickling\Downloads\esetsmartinstaller_enu.exe
Deleted : C:\Users\Sean Strickling\Downloads\Extras.Txt
Deleted : C:\Users\Sean Strickling\Downloads\JRT (1).exe
Deleted : C:\Users\Sean Strickling\Downloads\JRT.exe
Deleted : C:\Users\Sean Strickling\Downloads\OTL.Txt
Deleted : C:\Users\Sean Strickling\Downloads\OTL.exe
Deleted : C:\Users\Sean Strickling\Downloads\TFC.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner
 
~ Creating registry backup ... OK
 
~ Cleaning system restore ...
 
Deleted : RP #224 [Windows Update | 08/19/2014 06:09:28]
Deleted : RP #225 [Installed Java 7 Update 67 | 08/25/2014 01:48:25]
Deleted : RP #226 [Windows Update | 08/28/2014 15:23:08]
Deleted : RP #227 [Installed Rapport | 09/02/2014 12:34:54]
 
New restore point created !
 
########## - EOF - ##########

  • 0

#20
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Thats it then all Done. :D

Thank you for staying to the end.


  • 0

#21
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP