I'm still a bit worried about posting this stuff on here - can it be used by others? This is a forum afterall. I mean, as a volunteer you are meant to be helpful and not really pressure me into posting.
Help me please [Solved]
#16
Posted 25 February 2015 - 04:05 PM
#17
Posted 25 February 2015 - 04:13 PM
I have just run another scan with MalwareBytes Anti-malware and it looks like everything has come through clean. Thanks very much for your help
#18
Posted 25 February 2015 - 04:59 PM
This is a forum afterall
Exactly - a public forum. See this.
you are meant to be helpful and not really pressure me into posting.
I've pressured no-one into coming here for FREE help and all I have asked is within the forum's requirements; ie:
- you ask for help
- I respond and request logs in order to diagnose the problem
You then had two choices:
- you feel pressured by the forum rules and leave
- you respond and supply the logs in order for me to help you further
I personally have other people to help tonight before enjoying the rest of the evening with my family.
Although your computer has been partially cleaned, there are another couple of scans I need you to run before we can be sure that it is clean before tidying up.
I have no more time for this topic tonight but I'll send instructions for the required scans tomorrow. It is your choice whether or not you continue.
Satchfan
#19
Posted 26 February 2015 - 01:51 AM
It's good that Malwarebytes found nothing but I just need to check your security and get you to run an online scan to be sure that everything is clean.
Run Security Check
Download Security Check by screen317 from here or here.
- save it to your Desktop.
- double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
- a Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE: If you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED!, try rebooting the system and then run SecurityCheck again.
===================================================
Run ESET Online Scan
Note: This may take a long time so please be patient.
IMPORTANT Please make sure you uncheck the box next to Remove found threats. Eset will detect anything that looks even slightly suspicious, which could include legitimate program files. If you do not uncheck the box, Eset will automatically remove all suspicious files which could leave some of your software inoperable.
Note: You can use Internet Explorer, FireFox or Chrome for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
- click the Eset online Scanner button
- for alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
o click on esetinstaller.exe to download the ESET Smart Installer. Save it to your desktop.
o double click on the Eset installer icon on your desktop.
- check Yes, I accept the Terms of Use
- click the Start button
- accept any security warnings from your browser
- check Enable detection of potentially unwanted applications
- click Advanced settings and select the following:
o scan archives
o scan for potentially unsafe applications
o enable Anti-Stealth technology
Note: Do not check Remove found threats
- ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
- when the scan completes, push List of found threats
- push Export to Text file and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Note - if ESET doesn't find any threats, no report will be created.
- push the back button.
- push Finish
When the scan is complete:
If no threats were found:
o put a checkmark in "Uninstall application on close"
o close program
o report to me that nothing was found
If threats were found:
o click on "list of threats found"
o click on "export to text file" and save it as ESET results and save to the desktop
o Click on back
o put a checkmark in "Uninstall application on close"
o click on finish
o close program
o copy and paste the report here.
Thanks
Satchfan
#20
Posted 26 February 2015 - 04:59 PM
You didn't include the link for EST
#21
Posted 26 February 2015 - 04:59 PM
ESET online scan
#22
Posted 26 February 2015 - 05:00 PM
yes you did - soz
#23
Posted 27 February 2015 - 01:02 AM
Results of screen317's Security Check version 0.99.97
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG AntiVirus Free Edition 2014
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
AVG PC TuneUp 2015
AVG PC TuneUp 2015 (en-GB)
AVG PC TuneUp 2015
Java 6 Update 31
Java version 32-bit out of Date!
Java 64-bit 8 Update 31
Adobe Flash Player 16.0.0.305
Adobe Reader 10.1.12 Adobe Reader out of Date!
Mozilla Firefox 35.0.1 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 7%
````````````````````End of Log``````````````````````
#24
Posted 27 February 2015 - 01:10 AM
C:\AdwCleaner\Quarantine\C\Program Files\Conduit\Community Alerts\Alert.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\ConduitEngine\ConduitEngine.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\RelevantKnowledge\rlls.dll.vir a variant of Win32/Adware.RK.AM application
C:\AdwCleaner\Quarantine\C\Program Files\RelevantKnowledge\rlls64.dll.vir a variant of Win32/AdWare.RK.AR application
C:\AdwCleaner\Quarantine\C\Program Files\RelevantKnowledge\rlservice.exe.vir a variant of Win32/AdWare.RK.AR application
C:\AdwCleaner\Quarantine\C\Program Files\RelevantKnowledge\rlvknlg.exe.vir a variant of Win32/Adware.RK.AE application
C:\AdwCleaner\Quarantine\C\Program Files\RelevantKnowledge\rlvknlg32.exe.vir a variant of Win32/AdWare.RK.AR application
C:\AdwCleaner\Quarantine\C\Program Files\RelevantKnowledge\rlvknlg64.exe.vir a variant of Win32/AdWare.RK.AR application
C:\AdwCleaner\Quarantine\C\Program Files\RelevantKnowledge\components\rlxg.dll.vir a variant of Win32/Adware.RK.AM application
C:\AdwCleaner\Quarantine\C\Program Files\Vuze_Remote\tbVuze.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Alex\AppData\LocalLow\Vuze_Remote\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.3\bin\PriceGongIE.dll.vir a variant of Win32/PriceGong.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\hqv1h9q9.default\Extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\Plugins\npConduitFirefoxPlugin.dll.vir a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Windows\system32\rlls.dll.vir a variant of Win32/Adware.RK.AM application
C:\Program Files\Vuze\.install4j\user\mism.exe Win32/Toolbar.Conduit.AP potentially unwanted application
C:\Users\Alex\AppData\Local\Mozilla\Firefox\Profiles\hqv1h9q9.default\cache2\entries\1A2F4648AB67E794D7D6E200E84AF32EAE4A1AA9 a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
#25
Posted 27 February 2015 - 02:12 AM
Please copy all text in the code box below and paste it into Notepad:
@echo off del /f /s /q "C:\Program Files\Vuze\.install4j\user\mism.exe” del /f /s /q “C:\Users\Alex\AppData\Local\Mozilla\Firefox\Profiles\hqv1h9q9.default\cache2\entries\1A2F4648AB67E794D7D6E200E84AF32EAE4A1AA9” del %0
- save the Notepad file to your desktop and name it delfiles.bat
- save type as "All Files"
- on your desktop, double-click on delfiles.bat to run it, (a black CMD window will flash, then disappear - this is normal).
The files/folders, if found, will have been deleted and the "delfile.bat" file will also be deleted.
The rest of the Online scan is only reporting what has already been quarantined: whatever is in these folders can't cause any harm and will be removed when we tidy up.
Can you tell me if there are any remaining problems. If all is well I’ll send instructions to tidy up and update some programs.
Satchfan
#26
Posted 27 February 2015 - 04:23 AM
Does it matter about the colour of the text?
#27
Posted 27 February 2015 - 05:45 AM
No. For some reason the forum software does that.
Just copy/paste as they are.
#28
Posted 27 February 2015 - 03:29 PM
Done all that. You are a diamond
#29
Posted 27 February 2015 - 04:40 PM
You’ve done a good job and your computer appears to be clean.
Now that you’re free from malware, as long as your computer seems to be running well, please follow these simple steps to tidy up you computer and decrease the likelihood of getting infected again:
Uninstall AdwCleaner
- double click on adwcleaner.exe to run the tool
- click on Uninstall
- confirm with Yes.
===================================================
Download & run Delfix
- download Delfix from here to remove many of the tools we've used during the cleaning process.
- ensure “Remove disinfection tools” is checked.
Also place a checkmark next to:
o Create registry backup
o Purge system restore
- click the Run button.
You can delete all other logs and programs we’ve used that are on your desktop. Just click on them and press Delete.
===================================================
Windows updates
I notice that Windows updates are waiting to be installed. Click here for information on how to get the latest Windows updates:
===================================================
Update installed programs
Your version of Adobe Reader is out-of-date and needs to be removed and updated. Also, you have an outdated version of Java on your computer which needs to be removed.
Having the latest updates and removing old versions ensures there are no security vulnerabilities in your system.
To remove them:
- click Start, Control Panel, Programs and Features.
- click on each of these programs, one at a time, name and then on Uninstall:
Java™ 6 Update 31
Adobe Reader 10.1.12
You can also uninstall Eset in the same way.
If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
NEXT
Visit Adobe and download the latest version of Acrobat Reader.
===================================================
Recommended programs
SpywareBlaster. SpywareBlaster protects against bad ActiveX, it immunizes your PC against them. It blocks over 11,000 bad sites and uses no resources of your computer.
=========================
Update and run Malwarebytes. This really is an excellent program that you should also update and run on a regular basis, probably weekly.
=========================
It’s important to keep programs up to date so that malware doesn't exploit any old security flaws.
FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated.
=========================
MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.
A couple of links with information here and here which can answer any questions you might have about installing/using it.
=========================
Unchecky
Be careful when downloading free software. Many free programs come bundled with adware, many of which cause redirects/popups and verge on being malware. There is a program that automatically “unckecks” the boxes you may not notice when downloading programs.
Download and install Unchecky .
I also recommend that you read the following:
How to prevent malware by miekiemoes
Help! My computer is slow! by miekiemoes
Simple and easy ways to keep your computer safe and secure on the Internet by Lawrence Abrams
I will keep this open for 24 hours in case you have any problems, after which I’ll close the topic.
Safe computing
Satchfan
#30
Posted 28 February 2015 - 04:54 PM
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
Similar Topics
Also tagged with one or more of these keywords: Adware Generic6.QJC, Adware Generic6.QDX, virus
|
Security →
Virus, Spyware, Malware Removal →
Having Powersheel.exe Issues ... Need fixlist.txtStarted by raj0171 , 19 Mar 2024 Virus, HELP, Malwarebytes |
|
|
|
|
Security →
Virus, Spyware, Malware Removal →
HP desktop - google.com is in Norwegian [Solved]Started by wayneman50 , 23 Jul 2023 internet, google, virus and 1 more... |
|
|
|
Security →
Virus, Spyware, Malware Removal →
Virus InfectionStarted by ForrestGump , 05 Oct 2022 Virus |
|
|
||
Security →
Virus, Spyware, Malware Removal →
Checkmate Ransomware detection / removal?Started by JcTcom , 18 Aug 2022 Checkmate, Ransomware, Virus and 5 more... |
|
|
||
|
Security →
Virus, Spyware, Malware Removal →
Virus on laptop - pop up screen and audio message [Solved]Started by bjorkstrait , 28 Jun 2022 Virus, lock screen and 1 more... |
|
|
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users