Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Virus/Malware Infection [Solved]


  • This topic is locked This topic is locked

#16
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts
Thats excellent. When I get back to my computer I will post my closing speech.
It details how we clean up the tools we have used and also osme general advice on staying safe.
  • 0

Advertisements


#17
jt4211

jt4211

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts

thanks - looking forward to it!


  • 0

#18
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Good news, it looks like your system is now clean. A good workman cleans up after himself so let's now attend to that :D

Tool Removal

We need to remove the tools we've used during cleaning your machine

  • Download Delfix from here
  • Ensure Remove disinfection tools is ticked
    Also tick:
    • Activate UAC
    • Create registry backup
    • Purge system restore
    • Reset System Settings
    delfix-select.png
  • Click Run
  • The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply

    We need to uninstall a program
    Open Programs and Features by clicking the Start button, clicking Control Panel, clicking Programs, and then clicking Programs and Features.
    Select the following programs from the list below, one at a time and click Uninstall.
    • ESET Online Scanner
    Delete the following Files and Folders (If Present):
    C:\Program Files (x86)\ESET
    Delete any other .bat, .log, .reg, .txt, and any other files created during this process, and left on the desktop and empty the Recycle Bin.



    Keep your machine updated

    Due to the ever-present tide of malware, it is important to ensure your computer is kept up-to-date to minimize the risk of future infection. An important step is to ensure that automatic updates are enabled.


    To enable automatic updates:

    Windows 7
    To turn on Automatic Updates yourself, follow these steps:
    • Click Start, type Windows update in the search box, and then click Windows Update in the Programs list.
    • In the left pane, click Change settings.
    • Select the option that you want.
    • Under Recommended updates, select the Give me recommended updates the same way I receive important updates or Include recommended updates when downloading, installing, or notifying me about updates check box, and then click OK.
    It is recommended to install an anti-malware to help prevent reinfection.
    Below are some free ones that can help keep you clean.

    Malwarebytes AntiMalware

    As you have installed Malwarebytes, I recommend that you keep this program and use it to help you stay clean.

    The free version will scan your computer and fix the problems it finds but will not provide real-time protection. You must scan regularly to find any threats.
    Consider purchasing the full version for active monitoring of threats.

    java.jpgJAVA Advice
    WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
    See this article and this article.
    I would recommend that you completely uninstall Java unless you need it to run an important software or need it to play games on-line.
    In that instance I would recommend that you only use Firefox or Chrome to visit those sites and do the following:
    • For Firefox, install the NoScript add-on.
    • For Chrome, install the ScriptNo add-on.
      -->IMPORTANT<--: After installing the add-ons you will need to tell them that the site you are visiting is allowed to run Javascript. If you don't, the sites won't work properly. Or not at all. You can go to the NoScript home page here to learn how to use the add-on.
    • Disable Java in your browsers until you need it for that software and then enable it. (See How to disable Java in your web browser or How to unplug Java from the browser)
    If you still want to update your Java, follow the instructions below:

    A.
    Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older versions of Java components and update:
    • Download the latest version of the Java Runtime Environment (JRE) Version from Here and save it to your desktop.
    • Look for "Java Platform, Standard Edition". You will see the current Java version and update number under listed under the heading. Example: The newest update is Java SE 8u25
    • Click the "Download button under "JRE".
    • On the Java SE Runtime Environment page, click the button to "Accept License Agreement".
    • Under the Java SE Runtime Environment 8u25 heading:
      To install the version for your system:
      • For Windows 64bit systems, look for Windows x64 - 88.37MB, click the jre-8u25-windows-64.exe file and save it to your desktop. Do Not run it from the Java site.
    • Close any programs you may have running - especially your web browser.
    B.
    Uninstall all versions of Java
    • Click Start > Control Panel > Add/Remove Programs. The list of installed programs will populate.
    • Click the Start Orb, then Control Panel. Under the Programs or Programs and Features section click Uninstall a program. The list of installed programs will populate.
    • Remove all older versions of Java. These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE or J2SE
      The versions I see on the computer are:
      • Java 7 Update
      • Java 8 (64-bit)
      • Java SE Development Kit 8
    • Right click each program and click Uninstall and follow the on screen instructions for the Java uninstaller.
    • Repeat as many times as necessary to remove each Java version.
    • Reboot your computer once all Java components are removed.
    C.
    Install the latest JAVA

    Back on your desktop:
    • Right click the jre-8u25-windows-x64.exe file, click Run as Administrator and OK the UAC prompt to install the newest version.
    • When the Java Setup - Welcome window opens, click the Install > button.
    • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
    [Note:] The Java Quick Starter (JQS.exe) adds a service to improve the initial start up time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > You will have to be in Classic View to see Java(It looks like a coffee cup). Double-click on Java click the Advanced Tab click Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.


    Update Adobe Flash Player

    NOTE: Depending on your settings, you may have to temporarily disable your antivirus software and firewall.
    • Please click here to go to the FlashPlayer Installation page.
    • In the first column, Adobe Flash Player, make sure the system version (64bit) and the browser are correct.
      • Note: If you use IE and other browsers you will need to install both Flash Player for IE and Flash Player for Other Browsers.
    • In the middle column, Optional offer:, UNCHECK the box next to Yes, install free McAfee Security Scan Plus
    • Click the Install now button. A download window for the install_flashplayer15x64_mssd_aaa_aih.exe file will open. Save it to the desktop.
    • Close the browser and all open windows.
    • Back on the desktop, right click the install_flashplayer15x64_mssd_aaa_aih.exe file and click Run as Administrator to install Flash Player.
    Update Other Programs

    Alongside keeping Windows updated, other programs installed on your computer should also be kept current as they too can introduce security risks.

    Filehippo Update Checker will scan your computer for out of date programs and provide download links for the updates. This is worth doing on a regular basis.

    Cryptolocker Warning
    Go here for information about CryptoLocker Ransomeware.
    The main thing with this infection is ~ Backup.
    If you're using an external hard drive, keep it unplugged from the computer when you're not backing up files or using it. This will prevent the infection from getting to your backed up files if you ever do come across it.

    Recommended Programs
    Unchecky is a small service that runs in the background to help keep those "extra toolbars" and tag along search engines from automatically installing. By automatically directing you to a custom install with all the options unchecked, only what you manually choose and confirm gets installed.
    CryptoPrevent is a free program that prevents CryptoLocker / ransomware from infecting your PC by locking down the OS so the malware can not get a grip on your system.
    Web Of Trust is a browser add-on designed to alert the user before interacting with a potentially malicious website. It will highlight green if a site is known to be safe.

    Adblock is a firefox browser add-on that blocks annoying banners, pop-ups and video ads.

    General Advice
    • When browsing the internet, look closely at the links you click on. Some aren't always what they seem
    • Avoid Peer to Peer file sharing utilities, these are a minefield of malware infections.
    • Don't open email attachments unless you are expecting them. Even an email from your best friend can be infected, they might not have sent it.
    • Pay attention when installing a program to your computer, particularly to any check boxes that may appear during installation, it is common for unwanted software to be installed in this way.

  • 0

#19
jt4211

jt4211

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts

Ruggie -  below is the final log you requested - thank you for your timely and totally effective corrections for my system.  I will take your recommendations to heart and will perform these modifications.  Kudos to you and the service provided by G2G - a real computer lifesaver!  Good luck in your training (would have never known)! -- JT

 

# DelFix v10.8 - Logfile created 15/11/2014 at 10:08:01
# Updated 29/07/2014 by Xplode
# Username : TeamTkac - TEAMTKAC-PC
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Activating UAC ... OK

~ Removing disinfection tools ...

Deleted : C:\Qoobox
Deleted : C:\Combofix
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\ComboFix.txt
Deleted : C:\Windows\grep.exe
Deleted : C:\Windows\PEV.exe
Deleted : C:\Windows\NIRCMD.exe
Deleted : C:\Windows\MBR.exe
Deleted : C:\Windows\SED.exe
Deleted : C:\Windows\SWREG.exe
Deleted : C:\Windows\SWSC.exe
Deleted : C:\Windows\SWXCACLS.exe
Deleted : C:\Windows\Zip.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe
Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #412 [Removed Adobe AIR | 11/09/2014 02:07:32]
Deleted : RP #413 [Windows Update | 11/12/2014 00:10:01]
Deleted : RP #414 [Windows Update | 11/12/2014 20:39:22]
Deleted : RP #415 [Windows Update | 11/13/2014 13:59:04]
Deleted : RP #416 [Windows Update | 11/14/2014 10:38:14]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########


  • 0

#20
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts
You are most welcome. Thank you also for being patient and seeing it through.
Good luck and safe surfing. Its been a pleasure. :)
  • 0

#21
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP