Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Cybertechexpert.com said ip address was infected by koobface virus


  • Please log in to reply

#16
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP
Clear the Java Cache by following the instructions on
 
You do not have the latest Java.
First go into Control Panel, Add/Remove Software (XP) or Programs and Features (Vista/Win 7) and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
I see:
Java™ 6 Update 14
 
Java has been very vulnerable to infection so unless you absolutely need it you should not reinstall it.
 
If you feel you must have Java:
Get the latest Java at:
 
Save it to your PC then close all browsers and install it.  Do not let it install the yahoo toolbar or other foistware.
Once installed, go into Control Panel, Java, Security and set the slider to the Highest then OK.
 
(If you also want the 64 bit version then use the 64 bit version of IE to get it.)
 
You also need to update Adobe Reader.  https://get.adobe.com/reader/
Uncheck the Optional Offers before Downloading.
 
RealPlayer is not happy.  I would uninstall it and if you need it then download a new version.
 
 
If you are still seeing the number, try booting into Safe Mode.
 
(Reboot and when you see the maker's logo, hear a beep or it talks about F8, start tapping the F8 key slowly.  Keep tapping until the Safe Mode Menu appears and choose Safe Mode with Networking.  Login with your usual login.)
 
 
 Do you still see it?

  • 0

Advertisements


#17
Amanda Martin

Amanda Martin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

Removed Java and Real Player. Number was still there when booted in safe mode.


  • 0

#18
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP
get autoruns from
 
Download Save and Run the program by right clicking and Run As Admin.   File, Save, to your desktop, autoruns.arn, OK
 
Either zip up the file if you have the ability (7-zip works nicely) or just rename it from autoruns.arn to autoruns.txt then ATTACH it.  Do not copy and paste.

  • 0

#19
Amanda Martin

Amanda Martin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

Attached File  autoruns.txt   76.92KB   29 downloads

 

File attached. Sorry it took so long to reply.


  • 0

#20
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP

Looking at your last FRST scan again I see:

 

(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe

 

This is probably a valid file but I cannot see how it starts running.  Also we usually use the cmd.exe file in C:\Windows\System32 not in SysWOW64.

 

Run Process Explorer again and sort things by name by clicking once or twice on Process.  Then find cmd.exe and right click on it and Suspend.  Does anything happen to your number?

 

Another possibility is something tacked into Explorer:

 

download ShellExView.
 
 
Use this download:
 
Once you get it installed, run it and look in the third or fourth column from the RIGHT. It should say MICROSOFT. Click once or twice on MICROSOFT so that items with NO are at the top.
Select all of the NO items and then click on the red led looking icon in the upper left. This should disable all of the non-microsoft additions to Explorer. Reboot and see if you still get the number.

  • 0

#21
Amanda Martin

Amanda Martin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

The number is still there but my mom's not really worried about it as long as there's nothing malicious associated with it. Unless this has become personal for you, I think we're good :)


  • 0

#22
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP

OK.  


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP