Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Windows 7 Trojan-Downloader.Win32.Update.eou [Solved]


  • This topic is locked This topic is locked

#31
Dazed&Confused

Dazed&Confused

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

Phooey.  Microsoft Security Client is not listed among the programs listed when I click Uninstall.


  • 0

Advertisements


#32
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)

Phooey. Microsoft Security Client is not listed among the programs listed when I click Uninstall.

Ok lets merely take a slightly different approach again as follows...

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.
  • Please download the installer for Registry Backup from here or here and save to your desktop.
  • Right-click on tweaking.com_registry_backup_setup.exe and select Run as Administrator >> Follow the prompts for a default installation
  • Ensure the option Open "Tweaking.com - Registry Backup" When Install Completes is selected >> Next > >> Finish
  • Once the GUI(graphical user interface) has appeared/loaded:-
TCRB-1.jpg
  • Click on Backup Now >> once the process is complete, similar to the below will displayed in the GUI:-
TBRB-2.jpg
  • Close Tweaking.com - Registry Backup
Note: There will now be a folder at the root of the Hard-Drive named C:\RegBackup, do not delete this as it is the actual backup just created.

A tutorial for Registry Backup explaining the various features can be viewed here.

Custom Batch File:

Download the attached msemulti.bat below and save to your desktop.

[attachment=75705:msemulti.bat]

Right-click on msemulti.bat and select Run as Administrator to launch the batch file.

Once processed your machine will automatically reboot and the batch file will self delete.

Next:

Check if MSE can now be installed successfully or not.
  • 0

#33
Dazed&Confused

Dazed&Confused

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

Success!  I have installed MSE and the scan showed no issues.

 

BUT...

 

When I closed the MSE window, it sent me to this link:

 

http://windows.micro...r_Download_null

 

Does this mean it still thinks we're running XP?


  • 0

#34
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)

Success! I have installed MSE and the scan showed no issues.

Good.

Does this mean it still thinks we're running XP?

Actually that is the default action after a new installation of MSE regardless if you have Internet Explorer Version 11 or not. Anyway it will not occur again.

Next:

Congratulations your computer appears to be malware free!

Now I have some tasks for your good self to carry out as part of a clean up process and some advice about online safety.

Importance of Regular System Maintenance:

I advice you read both of the below listed topics as this will go a long way to keeping your Computer performing well.

Slow Computer/browser?

Also so is this:

What to do if your Computer is running slowly

Clean-Up with DelFix:

Please download DelFix to your desktop
  • Right-click on delfix.exe and select Run as Administrator to launch the application.
  • Referring to the image below, select all available options:
DelFix.gif
  • Then click on Run.
  • Once it has finished processing, a notepad file named DelFix.txt will open. Post the contents in your next reply for my review.
  • The log can also be located at the root of the system drive, C:\DelFix.txt.
  • After you have posted the aforementioned DelFix.txt, delete it and empty the Recycle Bin.
Note: The above application/overall process will flush old System Restore points and create a new clean one. It should also clean up and remove the vast majority of scanners used and logs created etc.

Any left over merely delete yourself and empty the Recycle Bin.

Now some advice for on-line safety:

Malwarebyte's Anti-Malware:

This is a excellent application and I advise you keep this installed. Check for updates and run a scan at least once per week.

Other installed security software:

Your presently installed security application, Microsoft Security Essentials automatically checks for updates and downloads/installs them with every system reboot and or periodically if the machine is left running providing a internet connection is active.

I advise you also run a complete scan with this also at least once per week.

Registry Backup:

Tweaking.com - Registry Backup, I advise you keep this installed as a means to keep a complete backup of your registry and restore it when needed.

Myself I would actually create a new back up once per week as this along with System Restore may prove to be invaluable if something unforeseen occurs!

Note: As mentioned prior a tutorial for Registry Backup explaining the various features be viewed here.

Further reading/resources:

This is a very helpful/useful set of advice from Microsoft: Microsoft Safety & Security Center

As is this: Computer Security - a short guide to staying safer online

And these are worth reading also: Understanding Windows Firewall settings & Securing Your Router

Keep Your System Updated:

Microsoft releases patches for Windows and other products regularly:
  • Click on Start(Windows 7 Orb) >> All Programs >> Windows Update.
  • In the navigation pane, click Check for updates.
  • After Windows Update has finished checking for updates, click View available updates.
  • Click to select the check box for any found, then click Install.
  • When completed Reboot(restart) your computer if not prompted to do so.
Plus check Automatic Updates is enabled.

Check your third party software is up to date:

Ceratin software such as Adobe related for example can be exploited by malware if it is not up-to date. I advise you consider downloading and installing Heimdal Free. Further infomation about this application can be read on the download page.

Be careful when opening attachments and downloading files:

1 - Never open email attachments, not even if they are from someone you know. If you need to open them, scan them with your antivirus program before opening.

2 - Never open emails from unknown senders.

4 - Beware of emails that warn about viruses that are spreading, especially those from antivirus vendors. These email addresses can be easily spoofed. Check the antivirus vendor websites to be sure.

5 - Be careful of what you download. Only download files from known sources. Also, avoid cracked programs. If you need a particular program that costs too much for you, try finding free alternatives at MajorGeeks

Stop malicious scripts:

Windows by default allow scripts (which is VBScript and JavaScript) to run and some of these scripts are malicious. Use Noscript by Symantec or Script Defender by AnalogX to handle these scripts.

Avoid Peer to Peer software:

P2P may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. It's really important, if you value your PC at all, to stay away from P2P file sharing programs, like utorrent, Bittorrent, Azureus, Limewire, Vuze. Criminals have "planted" thousands upon thousands of infections in the "free" shared files. Virtually all of these recent infections will compromise your Security, and some can turn your machine into a useless "doorstop".

I will further add; P2P software has the ability to create a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their infected dross onto your computer. Further to that, if your P2P software is not configured correctly you may be sharing more files than you realise. There have been cases where people's address books, passwords, other personal, private and financial details have been exposed to the file sharing network by a badly configured P2P applications

My friendly advice is to avoid these types of software applications.

Consider the below extra/layered security for your machine:

Custom Host File:

A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your computer will look up the website's IP address before you can view the website.

Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.

Here are some Hosts files:Only use one of the above!

CryptoPrevent Tool:

How to prevent your computer from becoming infected by CryptoLocker

WinPatrol:

WinPatrol alerts you about possible system hijacks, malware attacks and critical changes made to your computer without your permission.

Download it from here.

You can find information about how WinPatrol works here.

Next:

Any questions? Feel free to ask, if not stay safe!
  • 0

#35
Dazed&Confused

Dazed&Confused

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

This is great, thank you so much for your help!

 

Here is the Delfix log:

 

# DelFix v10.9 - Logfile created 28/02/2015 at 07:13:54
# Updated 27/02/2015 by Xplode
# Username : Guitar - GUITAR-PC
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)

~ Activating UAC ... OK

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Guitar\Desktop\AdwCleaner.exe
Deleted : C:\Users\Guitar\Desktop\aswmbr.exe
Deleted : C:\Users\Guitar\Desktop\FRST64.exe
Deleted : C:\Users\Guitar\Desktop\JRT.exe
Deleted : C:\Users\Guitar\Desktop\JRT.txt
Deleted : C:\Users\Guitar\Downloads\TFC(2).exe
Deleted : C:\Users\Guitar\Downloads\TFC.exe
Deleted : C:\Users\Guitar\Documents\Downloads\Extras.Txt
Deleted : C:\Users\Guitar\Documents\Downloads\OTL.Txt
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #202 [Windows Update | 02/17/2015 05:58:01]
Deleted : RP #203 [Windows Update | 02/18/2015 03:23:57]
Deleted : RP #204 [Installed Microsoft Fix it 50692 | 02/22/2015 14:54:59]
Deleted : RP #205 [Windows Update | 02/24/2015 12:45:58]
Deleted : RP #206 [Windows Update | 02/25/2015 16:37:44]
Deleted : RP #207 [Windows Update | 02/25/2015 19:04:45]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########
 


  • 0

#36
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
You're most welcome!
  • 0

#37
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP