Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

I have been remiss and MBAM found over 100 items. General cleanup ? [

astromenda

  • This topic is locked This topic is locked

#16
elkski

elkski

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 144 posts

only thing now is the java update shield is flashing yellow. 


  • 0

Advertisements


#17
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Ok, that's good. Don't worry about the Java update right now, we'll take care of that at the end. :)

Let's take a look for orphans and remnants and check for out of date programs.

Please note: The ESET scan can take as long as a day to run, depending on the machine and it may appear to stop scanning when it hits certain files, but that is normal.


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Scan with Malwarebytes


Start the program and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings_zpsb6b9ada0.jpg

Go back to the Dashboard and select Scan Now

MBAMScan_zps8ba7d192.jpg

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot_zps9089ab30.jpg

MBAMLog_zpsade07f42.jpg

On completion of the scan (or after the reboot), start MBAM,

Click History, then Application Logs, then check the Select box by the first Scan Log in the list.

Click View, then click Export, select text file and save to the desktop as MBAM.txt and post in your next reply.



Step 2: Scan with ESET Online Scanner


Please note: You can use Internet Explorer or Firefox for this step. Either browser used will have to be ran in admin mode.

Right click on either the Internet Explorer icon or the Firefox icon in the Start Menu or Quick Launch Bar on the Task bar and select Run as Administrator from the menu.

If you use Firefox, you will be prompted to download esetsmartinstaller_enu.exe. Please do so, then double click it to install it.

Please click on this link and then click the ESET Online Scanner bar ---->esetbar_zps93905f48.jpg
  • Select the option YES, I accept the Terms of Use then click on Start
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • Now click on Finish
  • Use notepad to open the logfile located at C:\Program Files(x86)\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Step 3: SecurityCheck Scan


Download Security Checksecuritycheck_zpsb7736812.jpg by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Things I need to see in your next post:
  • ESET Scan Log
  • MBAM Log
  • SecurityCheck Log

  • 0

#18
elkski

elkski

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 144 posts

[email protected] as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# product=EOS
# version=8
# IEXPLORE.EXE=11.00.9600.16428 (winblue_gdr.131013-1700)
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=1af4b790cfba674d974bec12d64dd6cc
# engine=21704
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-12-25 05:10:19
# local_time=2014-12-25 10:10:19 (-0700, Mountain Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 7379972 90702241 0 0
# scanned=30863
# found=7
# cleaned=0
# scan_time=2202
sh=67D59D15A734F2B41373F1CAF8347D199215D42C ft=1 fh=86e026dc2bf78850 vn="a variant of Win32/Mobogenie.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\New_UpdateMoboGenie.exe.vir"
sh=EBF01B3EC4607AEB707184674F723440272D4EF5 ft=0 fh=0000000000000000 vn="a variant of Win32/Mobogenie.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Laptop\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie2.1.32.zip.vir"
sh=748E90CBB284A00D9E9396B9EE387AC5905FF8D1 ft=1 fh=ab95f3a7820679d6 vn="a variant of Win32/Mobogenie.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Laptop\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe.vir"
sh=D0E5E11ACDD3E7AF720794C6AD722169570CA169 ft=1 fh=afc8ab45c959803b vn="a variant of Win32/Mobogenie.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Laptop\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe.vir"
sh=A703E83DC6447E84E8582B80A3DBF6C03B77D04A ft=0 fh=0000000000000000 vn="a variant of Android/Mobserv.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Laptop\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\MUServer.apk.vir"
sh=67D59D15A734F2B41373F1CAF8347D199215D42C ft=1 fh=86e026dc2bf78850 vn="a variant of Win32/Mobogenie.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Laptop\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe.vir"
sh=F94EEFC27CDAA59450802E72A8A1DCD4BA6D50C6 ft=1 fh=cbc3b69d7cfa67ef vn="a variant of Win32/DealPly.F potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Laptop\AppData\Roaming\UpdaterEX\UpdateProc\UpdateTask.exe.vir"
 


  • 0

#19
elkski

elkski

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 144 posts

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 12/25/2014
Scan Time: 8:55:17 AM
Logfile: mbam.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2014.12.25.09
Rootkit Database: v2014.12.23.02
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Laptop

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 404413
Time Elapsed: 15 min, 59 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)


  • 0

#20
elkski

elkski

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 144 posts

 Results of screen317's Security Check version 0.99.93 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Microsoft Security Essentials  
  (On Access scanning disabled!)
 Error obtaining update status for antivirus! 
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 67 
 Java version 32-bit out of Date!
  Adobe Flash Player 15.0.0.246 Flash Player out of Date! 
 Adobe Reader XI 
 Mozilla Firefox 31.0 Firefox out of Date! 
 Google Chrome (39.0.2171.71)
 Google Chrome (39.0.2171.95)
````````Process Check: objlist.exe by Laurent```````` 
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbam.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 3%
````````````````````End of Log``````````````````````
 


  • 0

#21
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Looks like a clean bill of health. :) Everything found by ESET is already quarantined and we'll get rid of that starting now.


Great news, your logs are CLEAN! :thumbsup: :) but we still have a few things we need to address namely:
  • I need to remove the tools we installed on your machine.
  • We also have some programs on your machine that need updating to help protect you in the future.
Step 1: Tool Removal with Delfix and Creation of a clean restore point
  • Download Delfix from here
  • Ensure Remove disinfection tools is ticked
    Also tick:
    • Create registry backup
    • Purge system restore
    delfix.jpg
  • Click Run
The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.

You can uninstall ESET Online Scanner at this time.

I recommend keeping Malwarebytes Anti-Malware installed. Make sure to update it and run it at least once a week. If it finds things such as PUP's (Potentially Unwanted Programs) you can delete those with no worries. However, if it finds something like a trojan, come see us.


Step 2: Java Warning and Program Updates


A word about Java

Java has become the #1 program exploited by thieves and hackers as of today. It's gotten so bad, the Department of Homeland Security recently recommended that users disable Java on their machines.

For more information regarding this, see the two articles below:

Forbes: US Department of Homeland Security Calls on user do disable Java

US warns on Java software

Unless you have software on your machine that absolutely requires Java, I highly recommend you completely remove it from your system.

If you do have software that requires it, then disable it until such time as it's needed by those programs.

Please click the link below for instructions to disable Java.

How to Disable Java in your Web Browser


If you wish to continue to use Java on your machine, please be sure to keep it updated by following the instructions below.
  • Click on this link Java Website and click Do I Have Java?
  • Then click the Verify Java Version button. It will scan your current version and show you if you have the most current version.
You can find instructions for manually removing older versions for Windows XP, Vista, and 7 by clicking the link below:

Instructions for manually removing old versions of Java


Update Adobe Flash Player

Your current version of Adobe Flash is out of date. Please update it by clicking the link below.

Please make sure you Uncheck box to install the free McAfee Security Scan Plus software.

http://get.adobe.com/flashplayer/


Update Mozilla Fire Fox

Your current version of Firefox is out of date. Please update it by following the instructions below.

Click on Help and then click About Firefox. Firefox will automatically update itself.


Step 3: Tips, Information and Optional Installation of Unchecky


Watch what you open in your emails. If you get an email from an unknown source with any attached files, do not open it.

Install and keep only one anti-virus on your machine. Update it and scan your machine with it at least once a week.

Be careful of the websites you visit.

When installing new programs, don't be "click happy" and click through the screens. Many programs come with adware in them and are set to install them by default. Several programs require that you uncheck or select no to prevent the installation. Take you time and read each screen as you go. :)

To help protect yourself while on the web, I recommend you read How did I get infected in the first place?

Installation of Unchecky

This is a very good little program that will automatically uncheck any boxes during a software installation. This helps prevent the software from installing any malware that is by default checked while the program is being installed.

Click here to be taken to Unchecky.com

Click the very large Download button.

Click Save

Once downloaded, double click the program (Vista, Win 7, and 8, right click and Run as Administrator)

Once open, click the Install button.


unchecky1_zps667e512d.jpg


Then click Finish

unchecky2_zpsca4e7d0d.jpg


Unchecky is now installed and will help you keep unwanted check boxes unchecked. :thumbsup:

Things I need to see in your next post:

Delfix Log

  • 0

#22
elkski

elkski

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 144 posts

# DelFix v10.8 - Logfile created 25/12/2014 at 11:47:10
# Updated 29/07/2014 by Xplode
# Username : Laptop - LAPTOP-PC
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\_OTL
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Laptop\Desktop\AdwCleaner.exe
Deleted : C:\Users\Laptop\Desktop\esetsmartinstaller_enu.exe
Deleted : C:\Users\Laptop\Desktop\Fixlog.txt
Deleted : C:\Users\Laptop\Desktop\FRST64.exe
Deleted : C:\Users\Laptop\Desktop\FSS.exe
Deleted : C:\Users\Laptop\Desktop\FSS.txt
Deleted : C:\Users\Laptop\Desktop\JRT.exe
Deleted : C:\Users\Laptop\Desktop\JRT.txt
Deleted : C:\Users\Laptop\Desktop\OTL.Txt
Deleted : C:\Users\Laptop\Desktop\OTL.exe
Deleted : C:\Users\Laptop\Desktop\SecurityCheck.exe
Deleted : C:\Users\Laptop\Downloads\Addition.txt
Deleted : C:\Users\Laptop\Downloads\Extras.Txt
Deleted : C:\Users\Laptop\Downloads\FRST.txt
Deleted : C:\Users\Laptop\Downloads\JRT.exe
Deleted : C:\Users\Laptop\Downloads\OTL.Txt
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #162 [Windows Update | 11/30/2014 15:33:52]
Deleted : RP #163 [Windows Update | 12/03/2014 16:22:42]
Deleted : RP #164 [Windows Update | 12/07/2014 16:22:49]
Deleted : RP #165 [Removed WinZip 18.5 | 12/08/2014 14:57:29]
Deleted : RP #166 [Windows Update | 12/12/2014 02:02:30]
Deleted : RP #167 [Windows Update | 12/15/2014 15:48:55]
Deleted : RP #168 [Windows Update | 12/19/2014 15:46:55]
Deleted : RP #169 [Windows Update | 12/23/2014 14:31:14]
Deleted : RP #171 [Restore Point Created by FRST | 12/25/2014 05:13:44]
Deleted : RP #173 [Restore Point Created by FRST | 12/25/2014 14:31:58]

New restore point created !

########## - EOF - ##########


  • 0

#23
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Looks good! :thumbsup:

If we can help you again in the future, please don't hesitate to come see us. :)

Safe surfing

Pystryker :wave:
  • 0

#24
elkski

elkski

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 144 posts

I uninstalled java??  I couldnt get firefox to update but I never use.  


  • 0

#25
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

I uninstalled java??  I couldnt get firefox to update but I never use.


Hmm, it should have updated automatically when you click on help and then About Firefox. You can also download the latest version at the link below:

https://www.mozilla....US/firefox/new/
  • 0

Advertisements


#26
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics


Also tagged with one or more of these keywords: astromenda

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP