Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Viruses and PUPs [Closed]


  • This topic is locked This topic is locked

#16
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,793 posts
OK. Thanks. I'll look at that code.

Lets finish cleaning up the malware/ adware first.. I want to reset firefox.

How to reset Firefox;
  • Click the menu button and then click help .
  • From the Help menu choose Troubleshooting Information. ...
  • Click the Reset Firefox… button in the upper-right corner of the
  • Troubleshooting Information page.
  • To continue, click Reset Firefox in the confirmation window that opens.
Let me know when that is done, and if it fixes any issues.

Thanks
Joe
  • 0

Advertisements


#17
mewsick75

mewsick75

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 258 posts

Firefox seems to be doing a lot better.

 

Whats next?


  • 0

#18
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,793 posts
Hello,

I think we have it all. But we need to do 1 more final Malware scan to double check. Start the scan and walk away because it may take some time. This scan will also find stuff we already took care of. Post the log from the scan results. Then we will look at the windows up date issue.

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go >>HERE<< then click on: ESET1st.jpg

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the ESETexe.jpg icon to install.

    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: ESETsave.jpg
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: EOLS3.gif
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt).
  • Copy and paste that log as a reply to this topic.
  • Now click on: EOLS4.gif
    (Selecting Uninstall application on close if you so wish)

  • 0

#19
mewsick75

mewsick75

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 258 posts

[email protected] as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=b17789f075cd8c4aab6eaa7822ab3931
# engine=23729
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-05-08 03:04:28
# local_time=2015-05-07 11:04:28 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 6384342 125127478 0 0
# scanned=205734
# found=17
# cleaned=16
# scan_time=6862
sh=DEDD8F0F9D5A4010092A2F3638C2E8AFB12BDD41 ft=1 fh=a2211db89c5209d0 vn="a variant of Win32/Komodia.A potentially unsafe application" ac=I fn="C:\Windows\SysWOW64\LavasoftTcpService.dll"
sh=6AAE6129A9B52026AABA28FF2DE5333957D61DEC ft=1 fh=c71c0011778c0325 vn="a variant of Win32/Adware.MultiPlug.IX application (cleaned by deleting - quarantined)" ac=C fn="C:\FRST\Quarantine\C\Program Files (x86)\TerminusBoost\TerminusBoost.dll"
sh=45E7449F1A82158B429BE44611AE49BCEFDAB6E1 ft=1 fh=dffb77abfb1a8bfc vn="Win32/ReImageRepair.F potentially unwanted application (deleted - quarantined)" ac=C fn="C:\FRST\Quarantine\C\Users\punjab\Downloads\ReimageRepair.exe.xBAD"
sh=F830EB161BB70F9C36B538174CFFAFA578A5E9DC ft=1 fh=3dabafaac0f90b7a vn="a variant of MSIL/Adware.PullUpdate.J.gen application (cleaned by deleting - quarantined)" ac=C fn="C:\FRST\Quarantine\C\Users\punjab\Downloads\Setup(8).exe.xBAD"
sh=71423ACE3D2D07E425843FA200A58C12AC3CA0AB ft=1 fh=0bb53edc40c9d9d9 vn="a variant of Win32/HiddenStart.A potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe"
sh=9C6ACFDE3711FB78004DD409BD3F8D4EA8DEB5D2 ft=1 fh=14e63b42c40538cc vn="a variant of Win32/HiddenStart.A potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe"
sh=040411854A4119D6AD86F901E49791348970E41A ft=1 fh=675e3947bb28c247 vn="a variant of Win32/DownloadAdmin.H potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\punjab\Downloads\JavaUpdate(1).exe"
sh=FD1F2747087AEB0E63BED2621B9484782A2EABF5 ft=1 fh=5f318195bb28c247 vn="a variant of Win32/DownloadAdmin.H potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\punjab\Downloads\JavaUpdate(2).exe"
sh=040411854A4119D6AD86F901E49791348970E41A ft=1 fh=675e3947bb28c247 vn="a variant of Win32/DownloadAdmin.H potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\punjab\Downloads\JavaUpdate(3).exe"
sh=040411854A4119D6AD86F901E49791348970E41A ft=1 fh=675e3947bb28c247 vn="a variant of Win32/DownloadAdmin.H potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\punjab\Downloads\JavaUpdate.exe"
sh=5972DC89A81805BC017133424D032A772D2CAE4D ft=1 fh=e37b012f82749e4d vn="a variant of Win32/InstallCore.SU potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\punjab\Downloads\Minecraft(1).exe"
sh=173F0E90E9F5E69D2731BD97CF3C2C4228FB017B ft=1 fh=e37b012fd3203ab2 vn="a variant of Win32/InstallCore.SU potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\punjab\Downloads\Minecraft(2).exe"
sh=5972DC89A81805BC017133424D032A772D2CAE4D ft=1 fh=e37b012f82749e4d vn="a variant of Win32/InstallCore.SU potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\punjab\Downloads\Minecraft(3).exe"
sh=C1CB329A97474B6C40E879324D65DD1CB102FD5D ft=1 fh=5e4ed3b6abf9c7aa vn="a variant of Win32/AdInstaller potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\punjab\Downloads\Retrogamer(2).exe"
sh=C1CB329A97474B6C40E879324D65DD1CB102FD5D ft=1 fh=5e4ed3b6abf9c7aa vn="a variant of Win32/AdInstaller potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\punjab\Downloads\Retrogamer.exe"
sh=34D4EBAF1664E64CEF48A5A5D4922DED6FFC37D9 ft=1 fh=4d6ba7479f3a0a25 vn="a variant of Win32/DownloadAssistant.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\punjab\Downloads\Setup(7).exe"
sh=DEDD8F0F9D5A4010092A2F3638C2E8AFB12BDD41 ft=1 fh=a2211db89c5209d0 vn="a variant of Win32/Komodia.A potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Windows\System32\LavasoftTcpService.dll"
 


  • 0

#20
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,793 posts
Lets start to look at the windows up date issue. The computer also has Internet Explorer 8, 3 versions behind that tells me up dates may have not been working for a while.

Windows 7 64Bit readiness tool: Please visit the page, download and run the tool then try windows up date again.
https://www.microsof...s.aspx?id=20858

Joe
  • 0

#21
mewsick75

mewsick75

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 258 posts

Still getting Errors when trying to do the Updates.

Error Code:  80070103


  • 0

#22
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,793 posts
Hello,

Can you please post a log for me....

Please post the contents of the log from the following location. C:\Windows\Logs\CBS\CheckSUR.log
  • 0

#23
mewsick75

mewsick75

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 258 posts

=================================
Checking System Update Readiness.
Binary Version 6.1.7601.22471
Package Version 26.0
2015-05-08 19:40

Checking Windows Servicing Packages

Checking Package Manifests and Catalogs

Checking Package Watchlist

Checking Component Watchlist

Checking Packages
(f)    CBS Registry Error    0x80070002    Package_7_for_KB2617657~31bf3856ad364e35~amd64~~6.1.1.0        failed to get CurrentState

Checking Component Store

Summary:
Seconds executed: 657
 Found 1 errors
  CBS Registry Error Total count: 1
 


  • 0

#24
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,793 posts
Hello mewsick75,

At this time I 'm going to have another member step in and guide you with the windows up date issue.
  • 0

#25
mewsick75

mewsick75

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 258 posts

ok, but are we clean with the viruses?


  • 0

Advertisements


#26
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,793 posts
Yes your log files are clean, are you experiencing any issues with pop ups etc ?
  • 0

#27
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Hi mewsick75 -
 
Let's try to get your Windows Update working again. Please do the following.
 
Step#1 - SFCFix Script
Warning: this fix is specific to the user in this thread. No one else should follow these instructions as it may cause more harm than good. If you are after assistance, please start a thread of your own.

  • Download SFCFix.exe (by niemiro) and save this to your Desktop. If you still have this on your desktop from downloading previously, you don't need to re-download.
  • Download the file below, SFCScript.txt, and save this to your Desktop.
  • Save any open documents and close all open windows.
  • On your Desktop, you should see two files: SFCFix.exe and SFCScript.txt.
  • Drag the file SFCScript.txt onto the file SFCFix.exe and release it.
  • SFCFix will now process the script.
  • Upon completion, a file should be created on your Desktop: SFCFix.txt.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this file into your next post for me to analyse please

Attached Files


  • 0

#28
mewsick75

mewsick75

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 258 posts

no more issues with pop-ups, etc


  • 0

#29
mewsick75

mewsick75

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 258 posts

SFCFix version 2.4.3.0 by niemiro.
Start time: 2015-05-08 20:49:14.423
Microsoft Windows 7  - amd64
Using .txt script file at C:\Users\punjab\Desktop\SFCScript.txt [0]




RegistryScript::
Successfully took ownership and permissions for registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_7_for_KB2617657~31bf3856ad364e35~amd64~~6.1.1.0.

WARNING: Failed to create backup for registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_7_for_KB2617657~31bf3856ad364e35~amd64~~6.1.1.0.

Successfully imported registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_7_for_KB2617657~31bf3856ad364e35~amd64~~6.1.1.0.

Successfully restored ownership and permissions for registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_7_for_KB2617657~31bf3856ad364e35~amd64~~6.1.1.0.
RegistryScript:: directive completed successfully.




Successfully processed all directives.
SFCFix version 2.4.3.0 by niemiro has completed.
Currently storing 1 datablocks.
Finish time: 2015-05-08 20:49:14.657
Script hash: 8mL4rzmePX33UBC86zoodv0bCNIjPTq1JAbXZyZgZHs=
----------------------EOF-----------------------


  • 0

#30
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Looks good. Let's re-run SURT and see if the corruption is fixed.

 

System Update Readiness Tool (SUR)
1. Download and run the following file.
2. When it asks you if you wish to install, please answer yes. Note: It could take 15 minutes or more to run. Please don't cancel.
3. You will get an Installation Complete screen when it's done running.
4. Please post the contents of the log from the following location. C:\Windows\Logs\CBS\CheckSUR.log


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP