Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Can't get rid of malware, spyware animation [Solved]


  • This topic is locked This topic is locked

#46
psychson

psychson

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts

Hi again,

 

My computer no longer has that nasty animation, your tools did the job. 

I was having some speed issues, internet related and pages took forever to load. I assumed it was my internet provider and I called,  but as usual they say it is nothing on their side after some testing and updates.

My main problem/issue is solved and I was just wondering if after ComboFix there was anything else you would like me to do. If there isn't anything we can close the post. I just didn't want to have my post closed without telling you all is fine and working.

 

Thanks again.


  • 0

Advertisements


#47
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

It might be worth us running an FRST scan providing it will run to get a good look and see if anything is hanging around.
I'll repost instructions if you would like to continue.
 
Once we have confirmed you clean, we can post cleanup instructions to remove all the remnants of the tools.
 
Initial FRST Scan

Please download Farbar Recovery Scan Tool and save it to your Desktop. There will be 2 versions offered, if you know which version is the one you need, download that one, if not, download both, only one will work on your computer, that is the one you need.

  • Right click frst.png to run as administrator. When the tool opens click Yes to the disclaimer.
  • Ensure that the following are ticked as in the image below

    Drivers MD5
    shortcut.txt
    Addition.txt
    frst-addition.png
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • This will also generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

  • 0

#48
psychson

psychson

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts

Hi again,

 

I wish it would be that easier, run FRST Scan as you suggested and be done with it.

As I have said in 2 or 3 posts,  this tool does not want to run,  it flickers and does not open not even in safe mode. It gets by the notification area briefly and disappears. I had my antivirus disable to see if it was blocking but it didn't.

I went back to the very beginning and follow your instruction in what to do when it did not run for the first time.

I used:  Rkill, ASW, OTL and last ESET Online scanner, it found around 293 infected files , but it never ended. I decided to stop without finishing and cleaning because it seemed to be stuck for more than 1h in some specific file/folder and never got passed. I wIll run it again if you suggest it.

Any idea why FRST does not runt ?

Also, could you tell me why with a paid Trend Micro protection  I may have so many suspicious files ? How can I prevent it from happening?

Thanks.


  • 0

#49
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Hi, I think that the many files that are detected are remnants from what we did previously.

 

I think it is best that we clean up from the tools to see what difference that makes.

 

Tool Removal

We need to remove the tools we've used during cleaning your machine

  • Download Delfix from here and save it to your desktop.
  • Right click Delfix.exedelfix.png and select Run as Administrator.
  • Ensure Remove disinfection tools is ticked
    Also tick:
    [LIST]
  • Activate UAC
  • Create registry backup
  • Purge system restore

delfix-select.png
  • Click Run

The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply
 


  • 0

#50
psychson

psychson

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts

Hi again,

 

I've used the tool and I don't know why it was in Brazilian-Portuguese.

If you need me to translate what some things say, please let me know,

 

Thanks.

 

-------------------------------

# DelFix v10.8 - Relatório criado 13/12/2014 às 04:58:43
# Atualizado 29/07/2014 por Xplode
# Usuário : Suzie - SUZIE-MEGA
# Sistema Operacional : Windows 7 Ultimate Service Pack 1 (32 bits)
 
~ Ativando UAC ... OK
 
~ Removendo ferramentas de desinfecção ...
 
Removido : C:\Qoobox
Removido : C:\_OTL
Removido : C:\FRST
Removido : C:\ComboFix.txt
Removido : C:\Users\Suzie\Desktop\aswmbr (1).exe
Removido : C:\Users\Suzie\Desktop\FRST (1).exe
Removido : C:\Users\Suzie\Desktop\JRT.exe
Removido : C:\Users\Suzie\Desktop\OTL.exe
Removido : C:\Users\Suzie\Desktop\rkill.com
Removido : C:\Users\Suzie\Desktop\RogueKiller.exe
Removido : C:\Users\Suzie\Downloads\DDSMS - Lampadas fluorescentes.pps
Removido : C:\Users\Suzie\Downloads\Extras.Txt
Removido : C:\Users\Suzie\Downloads\FRST.exe
Removido : C:\Users\Suzie\Downloads\FRST64.exe
Removido : C:\Users\Suzie\Downloads\OTL.Txt
Removido : C:\Users\Suzie\Downloads\OTL (1).exe
Removido : C:\Users\Suzie\Downloads\rkill.exe
Removido : C:\Windows\grep.exe
Removido : C:\Windows\PEV.exe
Removido : C:\Windows\NIRCMD.exe
Removido : C:\Windows\MBR.exe
Removido : C:\Windows\SED.exe
Removido : C:\Windows\SWREG.exe
Removido : C:\Windows\SWSC.exe
Removido : C:\Windows\SWXCACLS.exe
Removido : C:\Windows\Zip.exe
Removido : HKLM\SOFTWARE\OldTimer Tools
Removido : HKLM\SOFTWARE\Swearware
Removido : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe
Removido : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR
 
~ Criando backup do registro ... OK
 
~ Limpando pontos da restauração do sistema ...
 
Removido : RP #252 [Windows Update | 12/10/2014 09:54:50]
Removido : RP #253 [Installed iCloud | 12/11/2014 07:09:25]
Removido : RP #254 [Windows Update | 12/12/2014 05:00:21]
 
Novo ponto de restauração criado !
 
~ Redefinindo configurações do sistema ... OK
 
########## - EOF - ##########

  • 0

#51
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts
It's ok thanks I can make it out. Just lol.
Now that the quarantines have gone.
Try an antivirus scan again.
Either using your own or the ESET we used previously.
Let's see if the results are much lower.
As an aside, I was hoping FRST would work due to your recent uograde but it would appear not :P
I actually suspect that it is Trend Micro stopping FRST, even though it is disabled but it is just a theory.
  • 0

#52
psychson

psychson

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts

Hi again.

Sorry for the Portuguese, but I did not choose a language it did itself.

Anyway,  I will ran ESET because Trend Micro never finds anything, however don't expect my next post anytime soon because last time ESET ran for over 8 hours and I cancelled  because my patience was gone.

Thanks.


  • 0

#53
psychson

psychson

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts

Hi .

ESET didn't take that long, only 3h and found one single file ad it shows below:

----------------------------------

C:\Users\Suzie\Downloads\Setup (2).exe Win32/VOPackage.E potentially unwanted application
 
That was it.
As you said all those files were related to previous tools.
I don't think you'll be needing to help me anymore.
 
Thanks a lot, I really appreciate all your help.

  • 0

#54
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

That's good news - all looks good. Just a couple of steps and we are all done here :D

Please manually delete the following file:

C:\Users\Suzie\Downloads\Setup (2).exe

We need to uninstall a program
Open Programs and Features by clicking the Start button, clicking Control Panel, clicking Programs, and then clicking Programs and Features.
Select the following programs from the list below, one at a time and click Uninstall.

  • ESET Online Scanner

Delete the following Files and Folders (If Present):
C:\Program Files (x86)\ESET
Delete any other .bat, .log, .reg, .txt, and any other files created during this process, and left on the desktop and empty the Recycle Bin.



Keep your machine updated

Due to the ever-present tide of malware, it is important to ensure your computer is kept up-to-date to minimize the risk of future infection. An important step is to ensure that automatic updates are enabled.


To enable automatic updates:

Windows 7
To turn on Automatic Updates yourself, follow these steps:

  • Click Start, type Windows update in the search box, and then click Windows Update in the Programs list.
  • In the left pane, click Change settings.
  • Select the option that you want.
  • Under Recommended updates, select the Give me recommended updates the same way I receive important updates or Include recommended updates when downloading, installing, or notifying me about updates check box, and then click OK.

It is recommended to install an anti-malware to help prevent reinfection.
Below are some free ones that can help keep you clean.

Malwarebytes AntiMalware

As you have installed Malwarebytes, I recommend that you keep this program and use it to help you stay clean.

The free version will scan your computer and fix the problems it finds but will not provide real-time protection. You must scan regularly to find any threats.
Consider purchasing the full version for active monitoring of threats.

JAVA Advice
WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article and this article.
I would recommend that you completely uninstall Java unless you need it to run an important software or need it to play games on-line.
In that instance I would recommend that you only use Firefox or Chrome to visit those sites and do the following:

  • For Firefox, install the NoScript add-on.
  • For Chrome, install the ScriptNo add-on.
    -->IMPORTANT<--: After installing the add-ons you will need to tell them that the site you are visiting is allowed to run Javascript. If you don't, the sites won't work properly. Or not at all. You can go to the NoScript home page here to learn how to use the add-on.
  • Disable Java in your browsers until you need it for that software and then enable it. (See How to disable Java in your web browser or How to unplug Java from the browser)

If you still want to update your Java, follow the instructions below:

A.
Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older versions of Java components and update:

  • Download the latest version of the Java Runtime Environment (JRE) Version from Here and save it to your desktop.
  • Look for "Java Platform, Standard Edition". You will see the current Java version and update number under listed under the heading. Example: The newest update is Java SE 8u25
  • Click the "Download button under "JRE".
  • On the Java SE Runtime Environment page, click the button to "Accept License Agreement".
  • Under the Java SE Runtime Environment 8u25 heading:
    To install the version for your system:
    • For Windows 64bit systems, look for Windows x64 - 88.37MB, click the jre-8u25-windows-64.exe file and save it to your desktop. Do Not run it from the Java site.
  • Close any programs you may have running - especially your web browser.

B.
Uninstall all versions of Java

  • Click Start > Control Panel > Add/Remove Programs. The list of installed programs will populate.
  • Click the Start Orb, then Control Panel. Under the Programs or Programs and Features section click Uninstall a program. The list of installed programs will populate.
  • Remove all older versions of Java. These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE or J2SE
    The versions I see on the computer are:
    • Java 7 Update
    • Java 8 (64-bit)
    • Java SE Development Kit 8
  • Right click each program and click Uninstall and follow the on screen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.

C.
Install the latest JAVA

Back on your desktop:

  • Right click the jre-8u25-windows-x64.exe file, click Run as Administrator and OK the UAC prompt to install the newest version.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.

[Note:] The Java Quick Starter (JQS.exe) adds a service to improve the initial start up time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > You will have to be in Classic View to see Java(It looks like a coffee cup). Double-click on Java click the Advanced Tab click Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.


Update Adobe Flash Player

NOTE: Depending on your settings, you may have to temporarily disable your antivirus software and firewall.

  • Please click here to go to the FlashPlayer Installation page.
  • In the first column, Adobe Flash Player, make sure the system version (64bit) and the browser are correct.
    • Note: If you use IE and other browsers you will need to install both Flash Player for IE and Flash Player for Other Browsers.
  • In the middle column, Optional offer:, UNCHECK the box next to Yes, install free McAfee Security Scan Plus
  • Click the Install now button. A download window for the install_flashplayer15x64_mssd_aaa_aih.exe file will open. Save it to the desktop.
  • Close the browser and all open windows.
  • Back on the desktop, right click the install_flashplayer15x64_mssd_aaa_aih.exe file and click Run as Administrator to install Flash Player.

Cryptolocker Warning
Go here for information about CryptoLocker Ransomeware.
The main thing with this infection is ~ Backup.
If you're using an external hard drive, keep it unplugged from the computer when you're not backing up files or using it. This will prevent the infection from getting to your backed up files if you ever do come across it.

Recommended Programs
Unchecky is a small service that runs in the background to help keep those "extra toolbars" and tag along search engines from automatically installing. By automatically directing you to a custom install with all the options unchecked, only what you manually choose and confirm gets installed.
CryptoPrevent is a free program that prevents CryptoLocker / ransomware from infecting your PC by locking down the OS so the malware can not get a grip on your system.
Web Of Trust is a browser add-on designed to alert the user before interacting with a potentially malicious website. It will highlight green if a site is known to be safe.

Adblock is a firefox browser add-on that blocks annoying banners, pop-ups and video ads.

General Advice

  • When browsing the internet, look closely at the links you click on. Some aren't always what they seem
  • Avoid Peer to Peer file sharing utilities, these are a minefield of malware infections.
  • Don't open email attachments unless you are expecting them. Even an email from your best friend can be infected, they might not have sent it.
  • Pay attention when installing a program to your computer, particularly to any check boxes that may appear during installation, it is common for unwanted software to be installed in this way.

  • 0

#55
psychson

psychson

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts

Thanks a lot for all the help.

I've done all that you suggested and my only issue is with Java in Chrome. It does not install the latest, but I will keep trying, nothing major.

Thanks again.


  • 0

Advertisements


#56
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

No problem, safe surfing :D


  • 0

#57
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP