Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

I think my computer is infected [Solved]


  • This topic is locked This topic is locked

#31
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hi McKinnik

OK. I'm going to ask you to reinstall spybot, then remove the immunization and then uninstall it to see if this resolves the hosts issue.
  • Download and install spybot Search and destroy from here.
  • Then uninstall it. To do this FIRST Undo your immunization before uninstalling
  • You can do that by clicking the Undo button with Spybot S&D
    immunize.JPG
  • then remove from Add/Remove programs.


    Then I am going to try removing Avira browser safety to see if this helps the speed of the browsers - this is a legitimate program but checks each url for safety so may be slowing things down. You have an AV and other protection so will still be protected.

    Step1 - Remove program

    Please uninstall the following programs:

    Avira Browser Safety

    To do this:
    Please go to Start Menu -> Control Panel -> Uninstall a program or Programs and Features
    In the list of installed programs locate and click on the program to uninstall e.g. Avira Browser Safety
    Click uninstall.


    Step2 - FRST fix


    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

    Open notepad and copy/paste the text in the quotebox below into it:

    CreateRestorePoint:
    BHO-x32: AviraBrowserSafety.BrowserSafety -> {c3c77255-42c0-499f-b664-6e981a0b1647} -> C:\windows\SysWOW64\mscoree.dll [2010-11-04] (Microsoft Corporation)
    Toolbar: HKU\S-1-5-21-851422437-3431464140-778240321-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    Handler-x32: abs - {E00957BD-D0E1-4eb9-A025-7743FDC8B27B} - C:\windows\SysWOW64\mscoree.dll [2010-11-04] (Microsoft Corporation)
    CHR DefaultSearchURL: Default -> hxxps://safesearch.avira.com/#web/result?source=omnibar&q={searchTerms}
    CHR DefaultSearchKeyword: Default -> Avira
    CHR DefaultSuggestURL: Default -> hxxps://safesearch.avira.com/suggestions?q={searchTerms}&li=ff&hl=en
    CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM\...\Chrome\Extension: [khjilmcjipkeokomeekfnhkpbnhmgaje] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [khjilmcjipkeokomeekfnhkpbnhmgaje] - hxxps://clients2.google.com/service/update2/crx
    Task: {D749846B-79C4-45C8-BE37-F658B18A5CB8} - System32\Tasks\Avira Browser Safety Updater Task => C:\Program Files (x86)\Avira\Browser Safety\AviraBrowserSafetyUpdater.exe [2015-03-11] (Avira Operations GmbH & Co. KG)
    C:\Program Files (x86)\Avira\Browser Safety
    AlternateDataStreams: C:\ProgramData\TEMP:4BB26BE9
    CMD: netsh advfirewall reset
    CMD: netsh advfirewall set allprofiles state ON
    CMD: ipconfig /flushdns
    CMD: netsh winsock reset catalog
    CMD: netsh int ip reset c:\resetlog.txt
    CMD: ipconfig /release
    CMD: ipconfig /renew
    CMD: netsh int ipv4 reset
    CMD: netsh int ipv6 reset
    Hosts:
    EmptyTemp:

  • Save this as fixlist.txt, in the same location as FRST.exe on your desktop.
    FRSTfix.JPG
  • Run FRST by right clicking on it and selecting Run as Administrator and press Fix
  • On completion a log (fixlog.txt) will be generated.
  • Please select all text in this fix, copy (CTRL + C) and then Paste (CTRL + V) in your next reply.


    Things for your next post:
  • fixlog.txt
  • How are the browsers performing now?

  • 0

Advertisements


#32
mckinnik

mckinnik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts

Did the spybot re-install ... got the wrong updated version so deleted it and got the old one installed. During the undo process Avira messaged me about blocking the host file so I turned off Avira and did the undo with no other issues. Got rid of Avira Browser Safety per your instructions ... I had it disabled because I didn't like it but did what you wanted. Again ... like always I had problems running the fix ... it hung up about four times when it reached Mozilla user profile ... so again I disable Avira. Results:  at first I was freaked because no browsers worked. After shutting down, wiping out cookies and all that stuff ... I'm up and working pretty good. Still a little slow on some web pages but nothing I can't live without. Chrome, Mozilla and Internet Explorer work better. Shut down and start up on computer have improved also. Facebook games a bit slow but improved. Her is the fixlog.text Thank you so much for all your help

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:20-12-2015
Ran by Karen McKinnis (2016-01-14 22:11:45) Run:11
Running from C:\Users\Karen McKinnis\Desktop
Loaded Profiles: Karen McKinnis (Available Profiles: Karen McKinnis & comp admin & Guest)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
BHO-x32: AviraBrowserSafety.BrowserSafety -> {c3c77255-42c0-499f-b664-6e981a0b1647} -> C:\windows\SysWOW64\mscoree.dll [2010-11-04] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-851422437-3431464140-778240321-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler-x32: abs - {E00957BD-D0E1-4eb9-A025-7743FDC8B27B} - C:\windows\SysWOW64\mscoree.dll [2010-11-04] (Microsoft Corporation)
CHR DefaultSearchURL: Default -> hxxps://safesearch.avira.com/#web/result?source=omnibar&q={searchTerms}
CHR DefaultSearchKeyword: Default -> Avira
CHR DefaultSuggestURL: Default -> hxxps://safesearch.avira.com/suggestions?q={searchTerms}&li=ff&hl=en
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [khjilmcjipkeokomeekfnhkpbnhmgaje] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [khjilmcjipkeokomeekfnhkpbnhmgaje] - hxxps://clients2.google.com/service/update2/crx
Task: {D749846B-79C4-45C8-BE37-F658B18A5CB8} - System32\Tasks\Avira Browser Safety Updater Task => C:\Program Files (x86)\Avira\Browser Safety\AviraBrowserSafetyUpdater.exe [2015-03-11] (Avira Operations GmbH & Co. KG)
C:\Program Files (x86)\Avira\Browser Safety
AlternateDataStreams: C:\ProgramData\TEMP:4BB26BE9
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
Hosts:
EmptyTemp:
*****************
 
Restore point was successfully created.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3c77255-42c0-499f-b664-6e981a0b1647} => key not found. 
HKCR\Wow6432Node\CLSID\{c3c77255-42c0-499f-b664-6e981a0b1647} => key not found. 
HKU\S-1-5-21-851422437-3431464140-778240321-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value not found.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found. 
HKCR\Wow6432Node\PROTOCOLS\Handler\abs => key not found. 
HKCR\Wow6432Node\CLSID\{E00957BD-D0E1-4eb9-A025-7743FDC8B27B} => key not found. 
Chrome DefaultSearchURL => not found.
Chrome DefaultSearchKeyword => not found.
Chrome DefaultSuggestURL => not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk => key not found. 
HKLM\SOFTWARE\Google\Chrome\Extensions\khjilmcjipkeokomeekfnhkpbnhmgaje => key not found. 
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk => key not found. 
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\khjilmcjipkeokomeekfnhkpbnhmgaje => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D749846B-79C4-45C8-BE37-F658B18A5CB8} => key not found. 
C:\windows\System32\Tasks\Avira Browser Safety Updater Task => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avira Browser Safety Updater Task => key not found. 
"C:\Program Files (x86)\Avira\Browser Safety" => not found.
"C:\ProgramData\TEMP" => ":4BB26BE9" ADS not found.
 
=========  netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  netsh advfirewall set allprofiles state ON =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
=========  netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
=========  netsh int ip reset c:\resetlog.txt =========
 
Reseting Interface, OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /release =========
 
 
Windows IP Configuration
 
No operation can be performed on Wireless Network Connection 2 while it has its media disconnected.
No operation can be performed on Local Area Connection while it has its media disconnected.
 
Wireless LAN adapter Wireless Network Connection 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Ethernet adapter Local Area Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Wireless LAN adapter Wireless Network Connection:
 
   Connection-specific DNS Suffix  . : 
   Link-local IPv6 Address . . . . . : fe80::d077:a736:697e:d796%10
   Default Gateway . . . . . . . . . : 
 
========= End of CMD: =========
 
 
=========  ipconfig /renew =========
 
 
Windows IP Configuration
 
No operation can be performed on Wireless Network Connection 2 while it has its media disconnected.
No operation can be performed on Local Area Connection while it has its media disconnected.
 
Wireless LAN adapter Wireless Network Connection 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Ethernet adapter Local Area Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Wireless LAN adapter Wireless Network Connection:
 
   Connection-specific DNS Suffix  . : 
   Link-local IPv6 Address . . . . . : fe80::d077:a736:697e:d796%10
   IPv4 Address. . . . . . . . . . . : 192.168.0.3
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.0.1
 
========= End of CMD: =========
 
 
=========  netsh int ipv4 reset =========
 
Reseting Interface, OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
=========  netsh int ipv6 reset =========
 
There's no user specified settings to be reset.
 
 
========= End of CMD: =========
 
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 302.6 MB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 22:15:42 ====

  • 0

#33
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hi Mckinnik

That's good news that the system seems to be running better now. :)

One final check on things ...

Step1 - Security Check
  • Download Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    Things for your next post:
  • checkup.txt
  • What issues, if any, remain?

  • 0

#34
mckinnik

mckinnik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts

Good Morning Bruce1270 

 

I'm happily reporting to you this morning that I'm not really having many issues with my computer since our last fix. While shutting down my computer last night did take several minutes, this mornings start up was considerably faster than it has been. It also connected to my router a lost faster than it has been. All three browsers are doing much better. The only issue now is with Internet Explorer. If I try to view a video, I get a pop up at the bottom of my screen informing me that Silver Light has been blocked because it is out of date.There are two buttons giving me the option to update or allow for one use. I did press the update button and I got another message that files of this type could harm my computer so I cancelled out of there pronto.My question is ... is it safe to update Silver Light or should I just continue pushing the allow for single use button?

 

Thank you once again for all your help and here is the checkup.txt you requested. By the way ... that scan took almost two hours last night. I was beginning to think it had hung up. Is it normal for it to take that long?

 

 Results of screen317's Security Check version 1.009  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Avira Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Out of date HijackThis  installed! 
 HijackThis 2.0.2    
 JavaFX 2.1.1    
 Java 7 Update 55  
 Java version 32-bit out of Date! 
 Adobe Flash Player 20.0.0.286  
 Mozilla Firefox (43.0.4) 
 Google Chrome (47.0.2526.106) 
 Google Chrome (47.0.2526.111) 
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
 Avira Antivirus sched.exe  
 Avira Antivirus avshadow.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 1% 
````````````````````End of Log`````````````````````` 

  • 0

#35
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hi Mckinnik
 

is it safe to update Silver Light


Yes. Silverlight is from Microsoft and is an application designed to enhance the web experience. It's similar in function to adobe flash. Not all websites will need it but it will grumble if it's not installed or out of date so you can safely update it.
 

that scan took almost two hours last night


That does seem a bit long, it would normally be quicker but it did complete successfully so hopefully all is OK. :)

The SecurityCheck has thrown up a couple of minor issues we will address.

1. Old HijackThis installed.

There is an old HijackThis application installed which is no longer needed. Please remove HijackThis 2.0.2 through Control Panel > Uninstall a Program.

2. Java version out of date!

javaicon.gif Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Upgrade Java : (32 bits)
  • Download the latest version of Java .
  • Click on accept if a prompt for cookies appears.
  • Under the Java SE Downloads, JAVA box, click the "Download" button.
  • Scroll down to Java SE Development Kit 8u72.
  • Check the box that says: "Accept License Agreement.".
  • Click on the link next to download windows x86 bit (jdk-Nunn-windows-i586.exe) and save it to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Click any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop right-click on the download to install the newest version and select "Run as an Administrator."
  • Follow the prompts.
  • Please remove any tick if it wants to install any additional software.


    Now if no further issues remain....


    Good News! - Your system now appears to be clean. :)
    Now for some clean up and "housekeeping" procedures.

    A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:
  • Download Delfix from here
  • Locate the file and right click on it. Click on Run as Administrator.
  • Ensure Remove disinfection tools is ticked
    Also tick:
  • Create registry backup
  • Purge system restore
  • Reset system settings

    delfix.jpg
  • Click Run

    The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply

    Maintenance Tasks
    Another essential task is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats. Microsoft releases security updates that help your computer from becoming vulnerable. It is best if you have these set to download automatically. Follow the instructions below to ensure your settings are optimal.
    1. Click the Start Orb in the lower left corner of the screen.
    2. Type Windows Update in the search box that appears
    3. Click on the Windows Update program that appears in the search results.
    Windows%20Update.JPG
    4. Click on Change Settings.
    CheckForUpdates.JPG
    5. Select "Install updates automatically (recommended)" from the Important updates drop-down.
    WUChangeSettings.JPG
    6. Choose a day and a time when you know the computer will be on and connected to the internet. The default is 3:00AM every day.
    7. Ensure that all of the other check boxes are checked.
    8. Click OK.

    Malwarebytes - Update and run weekly to keep your system clean.


    Additional Protection

    Crypto Warning!!!! - Complete Data Loss can occur!

    There are particularly nasty infections out there at the moment that encrypt your data and hold it for ransom. You may read more about this here
  • Download CryptoPrevent free for home use here following the instructions below.
  • Save the file to your desktop from the link above and then open the program by clicking Run when prompted from your browser or by going to the desktop where the file was saved and double-clicking.
  • Accept all the defaults during the install. The last screen of the install has a checkmark in "Launch CryptoPrevent". This is good and will launch the program once you click Finish.
  • You will get a prompt asking if you purchased a Product Key for Automatic Updates. You can answer No.
  • You will then be prompted to learn more about automatic updates or if you want to purchase a key. This is up to you but you don't have to.
  • You will be prompted to click OK to continue and select your protection level. Go ahead and click OK.
  • Click the Apply button to set Default protection.
  • You may get a message stating that Windows Sidebar and Desktop Gadgets are a major security vulnerability and asking you if you want to disable them. If you don't use these features, answer Yes.
    That's it. The protection is in place.

    Note: The free version doesn't provide automatic updates. Periodically, you should open up the program (there is a shortcut on your desktop now) and select the Updates! menu....and select Check for Updates to see if there are any as this infection has serious consequences.
    UpdatesV7.4.11.JPG

    Unchecky

    Unchecky is a small service that runs in the background to help keep those "extra toolbars" and tag along search engines from automatically installing. By automatically directing you to a custom install with all the options unchecked, only what you manually choose and confirm gets installed.
  • Download Unchecky to your desktop
  • Right click on the Unchecky_setup and choose to Run as Administrator
  • Once open click the Install button.
  • Then click on Finish
  • Unchecky is now installed and will help you keep unwanted check boxes unchecked

    Some preventative safety tips
  • Watch what you open in your emails. If you get an email from an unknown source with any attached files, do not open it.
  • Install and keep only one anti-virus on your machine. Update it and scan your machine with it at least once a week.
  • Be careful of the websites you visit.
  • When browsing the internet, look closely at the links you click on. Some aren't always what they seem.
  • Avoid Peer to Peer file sharing utilities, these are a minefield of malware infections.
  • Pay attention when installing a program to your computer, particularly to any check boxes that may appear during installation, it is common for unwanted software to be installed in this way.

    To learn more about how to protect yourself while on the internet read this little guide Best security practices.

    Go here for some good advice about how to prevent infection.

    Happy safe surfing!! :)

    Thats us completed the cleaning process. Many thanks for sticking with the topic and it's been a pleasure working with you. :)

    Please don't forget to post your Delfix log!

  • 0

#36
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP