Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

I believe I might have a virus or malware


  • Please log in to reply

#16
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Lets check a few more things before I let you go.

Download Security Check by screen317 from Here or Here
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.
  • 0

Advertisements


#17
Shirleys961

Shirleys961

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts

Results of screen317's Security Check version 1.004  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
 Windows Firewall Disabled!  
Trend Micro Antivirus+   
 Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Java™ 6 Update 27  
 Java 7 Update 51  
 Java version 32-bit out of Date!
 Adobe Flash Player 18.0.0.160  
 Adobe Reader XI  
 Mozilla Firefox (38.0.5)
````````Process Check: objlist.exe by Laurent````````  
 Identity Force IDF Online Identity Protection Tools epservice.exe  
 Identity Force IDF Online Identity Protection Tools ep.exe  
 Identity Force IDF Online Identity Protection Tools dps.exe  
 Identity Force IDF Online Identity Protection Tools pl.exe  
 Trend Micro UniClient UiFrmWrk uiWatchDog.exe
 Trend Micro Titanium plugin Pt\PtSvcHost.exe
 Trend Micro Titanium plugin Pt\PtWatchDog.exe
 Trend Micro Titanium plugin Pt\PtSessionAgent.exe
 iolo Common Lib ioloServiceManager.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````
 


  • 0

#18
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
I'm getting conflicting messages about the windows Firewall. Lets make sure it's on by running the following,

Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.

start
CloseProcesses:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
Emptytemp:
Click Format and ensure Wordwrap is unchecked.
Save as Fixlist.txt to your Desktop (Must be in this location)
Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

Next
Your Java is out of date:

Note
Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it.
I would uninstall Java from the programs an Features menu, Click Start > Control Panel > Programs & Features, uninstall all Java.

Run the computer for a day and let me know how things are.

Joe
  • 0

#19
Shirleys961

Shirleys961

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts

ok, I'll try and get to all this tonight or tomorrow night. Got a bit hectic around here. Just wondering, what exactly does Java do and what might  I need it for?

 

thanks,


  • 0

#20
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Java is a programming language and used on some websites it's also used on some games. I uninstalled Java several years ago and have never missed it, nor needed it. I have seen that some online banking sites may require it.

Read more when time permits

http://betanews.com/...dont-need-java/

I also need to sign off early to-nite and address some things around the house....

Joe
  • 0

#21
Shirleys961

Shirleys961

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts

Fix result of Farbar Recovery Scan Tool (x64) Version:21-06-2015 01
Ran by Shirley at 2015-06-22 20:59:57 Run:3
Running from C:\Users\Shirley\Desktop
Loaded Profiles: Shirley (Available Profiles: Shirley)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CloseProcesses:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
Emptytemp:
*****************

Processes closed successfully.

=========  netsh advfirewall reset =========

Ok.


========= End of CMD: =========


=========  netsh advfirewall set allprofiles state ON =========

Ok.


========= End of CMD: =========

EmptyTemp: => 166.9 MB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 21:01:04 ====


  • 0

#22
Shirleys961

Shirleys961

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts

I also had shockwave player ( I think that's what it said) message come up and ask if I wanted to continue or stop the plug in. Haven't had that happen in a while.


  • 0

#23
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Plugins allow the browser to use more features so you can do things like view Flash animations or PDFs. They also help make some videos and audio files work better.

To answer your direct question, sometimes the plugin will fail and you may be prompted by that "continue or stop the plug in." You can choose stop the plugin and try whatever it was you were doing before the prompt.

Adobe Flash player will also do this too, adobe flash player is used to view UTube videos and other related videos on the web.

Back to the computer, since every scan we have run has turned up adware lets run a final scan called ESET.
This scan will take a long time, so don't wait for it, start it then have dinner :). You can post this Tomorrow or whenever you get time and I'll look at the results. Instructions to follow,


ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go >>HERE<< then click on: ESET1st.jpg

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the ESETexe.jpg icon to install.

    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: ESETsave.jpg
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: EOLS3.gif
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt).
  • Copy and paste that log as a reply to this topic.
  • Now click on: EOLS4.gif
    (Selecting Uninstall application on close if you so wish)
Post the ESET scan results when you can.....

Thanks
Joe :)
  • 0

#24
Shirleys961

Shirleys961

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
Hey Joe,
Just wanted to let you know I haven't forgotten about running that last scan. Haven't been home early enough to run it yet this week. Hopefully in the next day or so. Thanks for the help.
Shirley
  • 0

#25
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Thanks,

No problem take your time.

Joe
  • 0

Advertisements


#26
Shirleys961

Shirleys961

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts

OK, that was a hard file to find but here it is. Sorry for the delay, but I think my week of "3s" is past now :) Thanks for your patience

 

[email protected] as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
[email protected] as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=9447d6cb53245540928f88454b90c634
# end=init
# utc_time=2015-06-28 12:15:14
# local_time=2015-06-27 08:15:14 (-0500, Eastern Daylight Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 24536
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=9447d6cb53245540928f88454b90c634
# end=updated
# utc_time=2015-06-28 12:19:10
# local_time=2015-06-27 08:19:10 (-0500, Eastern Daylight Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=9447d6cb53245540928f88454b90c634
# engine=24536
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-06-28 03:52:30
# local_time=2015-06-27 11:52:30 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Trend Micro Antivirus+'
# compatibility_mode=529 16777213 100 100 0 28658854 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 60927103 187006999 0 0
# scanned=444219
# found=4
# cleaned=0
# scan_time=12798
sh=785DFABC46C9C7565399D88303FCCEEE74CC3232 ft=1 fh=aec9b4377c177968 vn="a variant of Win32/HiddenStart.A potentially unsafe application" ac=I fn="C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe"
sh=AA40C0DBA70C660B363B5863558169E1C323AD65 ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2012-4681.S trojan" ac=I fn="C:\Users\Shirley\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\7b616c5-457f040f"
sh=167266ED50E5E4FAD50D999FD7087E3518010A4D ft=1 fh=8e4288646b32d8e0 vn="a variant of Win32/InstallCore.QB potentially unwanted application" ac=I fn="C:\Users\Shirley\Downloads\Adobe_Flash_Setup.exe"
sh=A60CABC4FF3C3DE2B104D824693043F7479ED2D4 ft=1 fh=737fc4443e90df1a vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\Windows\Installer\MSI96BD.tmp"
 


  • 0

#27
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Hello,

There is nothing there to worry about. Your machine is free of malware / adware.

How is it running ?

Joe
  • 0

#28
Shirleys961

Shirleys961

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts

Well, the double log in hasn't happened recently. Firefox still crashes more than I would like but, hey it is a few years old. Replacing it will have to wait as I have to get a new a/c unit for my home. So, those 4 things at the bottom of the log aren't anything to worry about?


  • 0

#29
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
On second thought,

Lets get rid of 3 of them, the first one Dell data safe I'm leaving as is.

To fix those items

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.
start
C:\Users\Shirley\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\7b616c5-457f040f
C:\Windows\Installer\MSI96BD.tmp
C:\Users\Shirley\Downloads\Adobe_Flash_Setup.exe
Emptytemp:
Click Format and ensure Wordwrap is unchecked.
Save as Fixlist.txt to your Desktop (Must be in this location)
Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
  • 0

#30
Shirleys961

Shirleys961

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts

Fix result of Farbar Recovery Scan Tool (x64) Version:28-06-2015 01
Ran by Shirley at 2015-06-28 20:58:45 Run:4
Running from C:\Users\Shirley\Desktop
Loaded Profiles: Shirley (Available Profiles: Shirley)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
C:\Users\Shirley\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\7b616c5-457f040f
C:\Windows\Installer\MSI96BD.tmp
C:\Users\Shirley\Downloads\Adobe_Flash_Setup.exe
Emptytemp:
*****************

C:\Users\Shirley\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\7b616c5-457f040f => moved successfully.
C:\Windows\Installer\MSI96BD.tmp => moved successfully.
C:\Users\Shirley\Downloads\Adobe_Flash_Setup.exe => moved successfully.
EmptyTemp: => 398.1 MB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 20:59:22 ====


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP