[AAB1977]

I'm still a bit worried about posting this stuff on here - can it be used by others? This is a forum afterall. I mean, as a volunteer you are meant to be helpful and not really pressure me into posting.

[Advertisements]

I have just run another scan with MalwareBytes Anti-malware and it looks like everything has come through clean. Thanks very much for your help

[AAB1977]

I have just run another scan with MalwareBytes Anti-malware and it looks like everything has come through clean. Thanks very much for your help

[Satchfan]

This is a forum afterall

 

 

Exactly - a public forum. See this.

 

you are meant to be helpful and not really pressure me into posting.

 

 

I've pressured no-one into coming here for FREE help and all I have asked is within the forum's requirements; ie:

• you ask for help
• I respond and request logs in order to diagnose the problem

 

You then had two choices:

• you feel pressured by the forum rules and leave
• you respond and supply the logs in order for me to help you further

 

I personally have other people to help tonight before enjoying the rest of the evening with my family.

 

 

Although your computer has been partially cleaned, there are another couple of scans I need you to run before we can be sure that it is clean before tidying up.

 

I have no more time for this topic tonight but I'll send instructions for the required scans tomorrow. It is your choice whether or not you continue.

 

Satchfan

 

 

 

 

 

 

[Satchfan]

It's good that Malwarebytes found nothing but I just need to check your security and get you to run an online scan to be sure that everything is clean.


Run Security Check

Download Security Check by screen317 from here or here.

• save it to your Desktop.
• double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• a Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE: If you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED!, try rebooting the system and then run SecurityCheck again.

===================================================

Run ESET Online Scan

Note: This may take a long time so please be patient.

IMPORTANT Please make sure you uncheck the box next to Remove found threats. Eset will detect anything that looks even slightly suspicious, which could include legitimate program files. If you do not uncheck the box, Eset will automatically remove all suspicious files which could leave some of your software inoperable.

Note: You can use Internet Explorer, FireFox or  Chrome for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Hold down Control and click on the following link to open ESET OnlineScan in a new window.

ESET OnlineScan

• click the Eset online Scanner button
• for alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  

  
  o    click on esetinstaller.exe to download the ESET Smart Installer. Save it to your desktop.
  o    double click on the Eset installer icon on your desktop.
   

• check Yes, I accept the Terms of Use
• click the Start button
• accept any security warnings from your browser
• check Enable detection of potentially unwanted applications
• click Advanced settings and select the following:
  

  
  o    scan archives
  o    scan for potentially unsafe applications
  o    enable Anti-Stealth technology

  
  Note: Do not check Remove found threats
   

• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• when the scan completes, push List of found threats
• push Export to Text file and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  

  
  Note - if ESET doesn't find any threats, no report will be created.
   

• push the back button.
• push Finish

When the scan is complete:

If no threats were found:

o    put a checkmark in "Uninstall application on close"
o    close program
o    report to me that nothing was found
 

If threats were found:

o    click on "list of threats found"
o    click on "export to text file" and save it as ESET results and save to the desktop
o    Click on back
o    put a checkmark in "Uninstall application on close"
o    click on finish
o    close program
o    copy and paste the report here.
 

Thanks

Satchfan

[AAB1977]

You didn't include the link for EST

[AAB1977]

ESET online scan

[AAB1977]

yes you did - soz

[AAB1977]

Results of screen317's Security Check version 0.99.97  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
AVG AntiVirus Free Edition 2014   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 AVG PC TuneUp 2015  
 AVG PC TuneUp 2015 (en-GB)
 AVG PC TuneUp 2015  
 Java™ 6 Update 31  
 Java version 32-bit out of Date!
  Java 64-bit 8 Update 31  
 Adobe Flash Player     16.0.0.305  
 Adobe Reader 10.1.12 Adobe Reader out of Date!  
 Mozilla Firefox 35.0.1 Firefox out of Date!  
````````Process Check: objlist.exe by Laurent````````  
 AVG avgwdsvc.exe
 AVG avgrsx.exe
 AVG avgnsx.exe
 AVG avgemc.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 7%
````````````````````End of Log``````````````````````

[AAB1977]

C:\AdwCleaner\Quarantine\C\Program Files\Conduit\Community Alerts\Alert.dll.vir    Win32/Toolbar.Conduit.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\ConduitEngine\ConduitEngine.dll.vir    a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\RelevantKnowledge\rlls.dll.vir    a variant of Win32/Adware.RK.AM application
C:\AdwCleaner\Quarantine\C\Program Files\RelevantKnowledge\rlls64.dll.vir    a variant of Win32/AdWare.RK.AR application
C:\AdwCleaner\Quarantine\C\Program Files\RelevantKnowledge\rlservice.exe.vir    a variant of Win32/AdWare.RK.AR application
C:\AdwCleaner\Quarantine\C\Program Files\RelevantKnowledge\rlvknlg.exe.vir    a variant of Win32/Adware.RK.AE application
C:\AdwCleaner\Quarantine\C\Program Files\RelevantKnowledge\rlvknlg32.exe.vir    a variant of Win32/AdWare.RK.AR application
C:\AdwCleaner\Quarantine\C\Program Files\RelevantKnowledge\rlvknlg64.exe.vir    a variant of Win32/AdWare.RK.AR application
C:\AdwCleaner\Quarantine\C\Program Files\RelevantKnowledge\components\rlxg.dll.vir    a variant of Win32/Adware.RK.AM application
C:\AdwCleaner\Quarantine\C\Program Files\Vuze_Remote\tbVuze.dll.vir    a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Alex\AppData\LocalLow\Vuze_Remote\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.3\bin\PriceGongIE.dll.vir    a variant of Win32/PriceGong.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\hqv1h9q9.default\Extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\Plugins\npConduitFirefoxPlugin.dll.vir    a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Windows\system32\rlls.dll.vir    a variant of Win32/Adware.RK.AM application
C:\Program Files\Vuze\.install4j\user\mism.exe    Win32/Toolbar.Conduit.AP potentially unwanted application
C:\Users\Alex\AppData\Local\Mozilla\Firefox\Profiles\hqv1h9q9.default\cache2\entries\1A2F4648AB67E794D7D6E200E84AF32EAE4A1AA9    a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
 

[Satchfan]

Please copy all text in the code box below and paste it into Notepad:
 

@echo off
del /f /s /q "C:\Program Files\Vuze\.install4j\user\mism.exe”
del /f /s /q “C:\Users\Alex\AppData\Local\Mozilla\Firefox\Profiles\hqv1h9q9.default\cache2\entries\1A2F4648AB67E794D7D6E200E84AF32EAE4A1AA9”
del %0

• save the Notepad file to your desktop and name it delfiles.bat
• save type as "All Files"
• on your desktop, double-click on delfiles.bat to run it, (a black CMD window will flash, then disappear - this is normal).

The files/folders, if found, will have been deleted and the "delfile.bat" file will also be deleted.

The rest of the Online scan is only reporting what has already been quarantined: whatever is in these folders can't cause any harm and will be removed when we tidy up.

Can you tell me if there are any remaining problems. If all is well I’ll send instructions to tidy up and update some programs.

Satchfan

 

[AAB1977]

Does it matter about the colour of the text?

[Satchfan]

No. For some reason the forum software does that.

 

Just copy/paste as they are.

[AAB1977]

Done all that. You are a diamond

[Satchfan]

You’ve done a good job and your computer appears to be clean.

Now that you’re free from malware, as long as your computer seems to be running well, please follow these simple steps to tidy up you computer and decrease the likelihood of getting infected again:


Uninstall AdwCleaner

• double click on adwcleaner.exe to run the tool
• click on Uninstall
• confirm with Yes.

===================================================

Download & run Delfix

• download Delfix from here to remove many of the tools we've used during the cleaning process.
• ensure “Remove disinfection tools” is checked.

Also place a checkmark next to:

o    Create registry backup
o    Purge system restore

• click the Run button.

You can delete all other logs and programs we’ve used that are on your desktop. Just click on them and press Delete.

===================================================

Windows updates

I notice that Windows updates are waiting to be installed. Click here for information on how to get the latest Windows updates:

===================================================

Update installed programs

Your version of Adobe Reader is out-of-date and needs to be removed and updated. Also, you have an outdated version of Java on your computer which needs to be removed.

Having the latest updates and removing old versions ensures there are no security vulnerabilities in your system.

To remove them:

• click Start, Control Panel, Programs and Features.
• click on each of these programs, one at a time, name and then on Uninstall:

Java™ 6 Update 31
Adobe Reader 10.1.12

You can also uninstall Eset in the same way.

If you are prompted for an administrator password or confirmation, type the password or provide confirmation.

NEXT

Visit Adobe and download the latest version of Acrobat Reader.

===================================================

Recommended programs

SpywareBlaster. SpywareBlaster protects against bad ActiveX, it immunizes your PC against them. It blocks over 11,000 bad sites and uses no resources of your computer.

=========================

Update and run Malwarebytes. This really is an excellent program that you should also update and run on a regular basis, probably weekly.

=========================

It’s important to keep programs up to date so that malware doesn't exploit any old security flaws.

FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated.

=========================

MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

A couple of links with information here and here which can answer any questions you might have about installing/using it.

=========================

Unchecky

Be careful when downloading free software. Many free programs come bundled with adware, many of which cause redirects/popups and verge on being malware. There is a program that automatically “unckecks” the boxes you may not notice when downloading programs.

Download and install Unchecky .


I also recommend that you read the following:

How to prevent malware by miekiemoes

Help! My computer is slow! by miekiemoes

Simple and easy ways to keep your computer safe and secure on the Internet  by Lawrence Abrams

I will keep this open for 24 hours in case you have any problems, after which I’ll close the topic.

Safe computing

Satchfan

 

[Satchfan]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.