How are things working now? Are you still getting that persistant pop-up?
Encrypted Files, blackmail letter [Solved]
#16
Posted 23 October 2014 - 11:31 AM
#17
Posted 24 October 2014 - 10:03 AM
Explorer still does not work correctly. Explorer does open but it is totally blank. No preference opening page is set. I can navigate to some sites by typing the address directly in the bar but not all pages or sites load and the links on some pages won't work. After typing in a password the page doesn't change. Geekstogo is working fine though.
I have gotten a pop-up notification messages from Dell saying that I haven't set up Automatic backup and recovery schedules and haven't signed up for automatic updates. I am wondering if I should do so? Please advise.
Thanks Holly
#18
Posted 27 October 2014 - 06:11 AM
The pop-up is gone.
Good news!
Explorer still does not work correctly. Explorer does open but it is totally blank. No preference opening page is set. I can navigate to some sites by typing the address directly in the bar but not all pages or sites load and the links on some pages won't work. After typing in a password the page doesn't change. Geekstogo is working fine though.
Let's try resetting IE. The instructions below show work for your version of IE. If they are not exact, then they should be fairly close.
To reset Internet Explorer settings
-
Close all Internet Explorer and Windows Explorer windows that are currently open.
-
Open Internet Explorer by clicking the Start button . In the search box, type Internet Explorer, and then, in the list of results, click Internet Explorer.
-
Click the Tools button , and then click Internet options.
-
Click the Advanced tab, and then click Reset.
Select the Delete personal settings check box if you would also like to remove browsing history, search providers, Accelerators, home pages, Tracking Protection, and ActiveX Filtering data.
-
In the Reset Internet Explorer Settings dialog box, click Reset.
-
When Internet Explorer finishes applying default settings, click Close, and then click OK.
-
Close Internet Explorer.
Your changes will take effect the next time you open Internet Explorer.
I have gotten a pop-up notification messages from Dell saying that I haven't set up Automatic backup and recovery schedules and haven't signed up for automatic updates. I am wondering if I should do so? Please advise.
You should have a backup and restore plan. I can't speak to Dell's plan as I've not used it. For Windows systems I usually just buy an external disk (USB connect disk) and use that for backup. That doesn't mean Dell is bad, I just don't know about it.
Yes, you should signup for Automatic Updates.
Navigate this way and select Start (Button in Lower Left), Control Panel, All Control Panel Items, Windows Update, Change Settings. Then you'll find a pull down to set up Automatic Updates.
Once you have reset IE, give it a try and let me know how it works.
#19
Posted 30 October 2014 - 12:08 PM
Holly
#20
Posted 30 October 2014 - 02:16 PM
Most excellent news!!
Ok, although I don't expect there to be too much, let's clean out the junk and low level stuff.
- Right-click on icon and select Run as Administrator to start the tool.
- Follow the prompts and click Scan.
- Upon completion, click Report. A log (AdwCleaner[R*].txt) will open.
- Right-click on icon and select Run as Administrator to start the tool.
- Follow the prompts and let this process run uninterrupted.
- This scan can take a while, depending on your System specs.
- Upon completion, a log (JRT.txt) will open on your desktop.
- Install the progam and select update
- Once it has updated select Settings > Detection and Protection >Tick Scan for rootkits
- Go back to the Dashboard and select Scan Now
- If threats are detected, click the Apply Actions button, MBAM will ask for a reboot
- On completion of the scan (or after the reboot) select View Detailed Log
#21
Posted 31 October 2014 - 11:32 AM
Adwcleaner:
# AdwCleaner v3.311 - Report created 31/10/2014 at 10:28:51
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Holly - HOLLY-PC
# Running from : C:\Users\Holly\Desktop\AdwCleaner.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
File Found : C:\Users\Public\Desktop\eBay.lnk
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17344
-\\ Google Chrome v38.0.2125.111
[ File : C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
*************************
AdwCleaner[R0].txt - [987 octets] - [31/10/2014 09:51:16]
AdwCleaner[R1].txt - [908 octets] - [31/10/2014 10:28:51]
########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [967 octets] ##########
Jrt log:
unkware Removal Tool (JRT) by Thisisu
Version: 6.3.3 (10.21.2014:1)
OS: Windows 7 Professional x64
Ran by Holly on Fri 10/31/2014 at 9:57:06.82
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-534934637-3198636804-1178557441-1001\Software\Microsoft\Internet Explorer\Main\\Start Page
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 10/31/2014 at 9:59:19.47
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Malware log:
unkware Removal Tool (JRT) by Thisisu
Version: 6.3.3 (10.21.2014:1)
OS: Windows 7 Professional x64
Ran by Holly on Fri 10/31/2014 at 9:57:06.82
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-534934637-3198636804-1178557441-1001\Software\Microsoft\Internet Explorer\Main\\Start Page
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 10/31/2014 at 9:59:19.47
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Regarding AdwCleaner, I only scanned per your instructions. Should I have also cleaned? Thanks Holly
#22
Posted 31 October 2014 - 11:34 AM
The Malware log was left off so here it is.
Malware:
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 10/31/2014
Scan Time: 10:14:35 AM
Logfile: scan log malware.txt
Administrator: Yes
Version: 2.00.3.1025
Malware Database: v2014.10.31.09
Rootkit Database: v2014.10.22.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Holly
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 317401
Time Elapsed: 6 min, 13 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
Thanks Holly
#23
Posted 01 November 2014 - 08:36 AM
You did everything perfectly!
One last scan and one preventative program. Although you had a particularly nasty ransomeware program on your machine, there are others that are even worse (if you can imagine). CryptoPrevent will protect your computer from many flavors of Ransomeware.
I am also going to have you scan you computer with ESET. Sometimes ESET takes a long time to run, so maybe set it up to run overnight while you're sleeping. Last, I want to recheck all your products for versioning.
CryptoPrevent install this programme to lock down and prevent crypto ransome ware
Scan with Security Check
Please download Security Check by Screen317 and save it to your desktop.
- Right-click on icon and select Run as Administrator to start the tool.
- Follow onscreen instructions inside the black box. This scan won't take long.
- Soon a notepad document called checkup.txt will open automaticaly.
Please include the content of that document.
This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
Please visit ESET Online Scanner website.
Click there Run ESET Online Scanner.
If using Internet Explorer:
- Accept the Terms of Use and click Start.
- Allow the running of add-on.
If using Mozilla Firefox or Google Chrome:
- Download esetsmartinstaller_enu.exe that you'll be given link to.
- Double click esetsmartinstaller_enu.exe.
- Allow the Terms of Use and click Start.
To perform the scan:
- Make sure that Remove found threats is unchecked.
- Scan archives is checked.
- In Advanced Settings: Scan for potentially unwanted applications, Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked.
- Click Start
- The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
- When completed, the program will begin to scan. This may take several hours. Please, be patient.
- Do not do anything on your machine as it may interrupt the scan.
- When the scan is done, click Finish.
- A logfile will be created at C:\Program Files (x86)\ESET\ESET Online Scanner. Open it using Notepad.
Please include this logfile in your next reply.
Don't forget to re-enable previously switched-off protection software!
Last, let me know if everything is still working properly.
#24
Posted 04 November 2014 - 09:12 AM
We're you able to complete the last updates and scans?
#25
Posted 05 November 2014 - 01:56 PM
Been busy with work. Am working on last instructions now. Will send logs when finished. Thanks. Holly
#26
Posted 05 November 2014 - 03:29 PM
Here is the security check log:
#27
Posted 06 November 2014 - 07:32 AM
Antimalwarebytes is popping up quite frequently with messages: blocked outbound malicious, the majority are from internet explorer. Would those be from one of the trojans eset found? Thanks, Holly
Scan with ESET Online Scanner
This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
Please visit ESET Online Scanner website.
Click there Run ESET Online Scanner.
If using Internet Explorer:
- Accept the Terms of Use and click Start.
- Allow the running of add-on.
If using Mozilla Firefox or Google Chrome:
- Download esetsmartinstaller_enu.exe that you'll be given link to.
- Double click esetsmartinstaller_enu.exe.
- Allow the Terms of Use and click Start.
To perform the scan:
- Make sure that Remove found threats is checked.
- Scan archives is checked.
- In Advanced Settings: Scan for potentially unwanted applications, Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked.
- Click Start
- The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
- When completed, the program will begin to scan. This may take several hours. Please, be patient.
- Do not do anything on your machine as it may interrupt the scan.
- When the scan is done, click Finish.
- A logfile will be created at C:\Program Files (x86)\ESET\ESET Online Scanner. Open it using Notepad.
Please include this logfile in your next reply.
Don't forget to re-enable previously switched-off protection software!
#28
Posted 06 November 2014 - 01:19 PM
#29
Posted 06 November 2014 - 01:24 PM
When I ran eset this time it cleaned or quarantined 3 of 4 files. It did not save a log file though. I did notice that it found the same Trojans and files as the first scan. It only cleaned or quarantined 3 because poweliks was listed twice. Do you want me to run it again to get a log?
ESET is sneaky that way as far as the log is concerned. However, no need to re-run as it did the clean up on the remaining Poweliks exploit.
How the machine running now? Any issues at all?
#30
Posted 11 November 2014 - 01:05 AM
Had some time to run the computer. Seems to work fine except explorer (again). The free trial of McAfee is up and I don't want to purchase it. I've had the free Avast on prior computers. Thoughts on this?
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users