[Relluc]

So, my computer upon restart loads this russian page hihikal.ru. Anyway I can get help removing it? Not sure if anything else is infected.

Attached Files

•  Addition.txt   69.51KB   243 downloads
•  FRST.txt   72.44KB   222 downloads

[Advertisements]

 

Download the attached fixlist.txt to the same location as FRST

 

 

Run FRST and press Fix

A fix log will be generated please post that 

 

 

 

Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer

 

NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.

 

Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).

 

 

Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

 

The report will be saved in the C:\AdwCleaner folder.

 

 

 

Junkware-Removal-Tool

 

Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site

• Pause your anti-virus.  Close all browsers.

Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".

The tool will open and start scanning your system.

Please be patient as this can take a while to complete depending on your system's specifications.

On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

Post the contents of JRT.txt into your next message.

 

 

You can uninstall:

Bonjour (detects Apple products on the network.  Not working.  You will get a new one next Apple update)

Intel Security True Key (password manager limited to only 15 passwords. Foisted on you by Adobe during updates

McAfee Security Scan Plus  Worthless.  Foisted on you by Adobe during updates

Skype Click to Call (The stupid program that turns every random 10 digit number into a telephone call link)  Not needed by Skype.

 

 

 

Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.

 

Is it gone?

 

[RKinner]

 

Download the attached fixlist.txt to the same location as FRST

 

 

Run FRST and press Fix

A fix log will be generated please post that 

 

 

 

Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer

 

NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.

 

Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).

 

 

Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

 

The report will be saved in the C:\AdwCleaner folder.

 

 

 

Junkware-Removal-Tool

 

Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site

• Pause your anti-virus.  Close all browsers.

Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".

The tool will open and start scanning your system.

Please be patient as this can take a while to complete depending on your system's specifications.

On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

Post the contents of JRT.txt into your next message.

 

 

You can uninstall:

Bonjour (detects Apple products on the network.  Not working.  You will get a new one next Apple update)

Intel Security True Key (password manager limited to only 15 passwords. Foisted on you by Adobe during updates

McAfee Security Scan Plus  Worthless.  Foisted on you by Adobe during updates

Skype Click to Call (The stupid program that turns every random 10 digit number into a telephone call link)  Not needed by Skype.

 

 

 

Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.

 

Is it gone?

 

[Relluc]

Downloaded Fixlist. Ran FRST "fix"

Ran Adw cleaner (system rebooted)      ************ Russian web page did not load when rebooted**************

Ran JRT.exe

Ran FRST.exe with addition checked.



Sir, it appears to me that everything is working wonderfully and that page did not load. I can't thank you enough!


-Tom C.



(I hope I followed the instruction in the right sequence; I attached all the .txts)

Attached Files

•  Fixlog.txt   17.07KB   205 downloads
•  AdwCleanerC3.txt   1.61KB   193 downloads
•  JRT.txt   896bytes   197 downloads
•  Addition.txt   62.82KB   188 downloads

[RKinner]

Missing the FRST.txt log.  Otherwise looks good.

[Relluc]

Here it is, sorry!

-Tom C.

Attached Files

•  FRST.txt   66.14KB   192 downloads

[RKinner]

No sign of the infection now.

 

There is one odd thing I meant to ask you about:

 

Do you know why integrity checks are disabled?  

 

nointegritychecks: ==> "IntegrityChecks" is disabled. <===== ATTENTION

 

 

This basically tells Windows to accept any driver even if it is not signed.  Can be an unsecure thing to do but sometimes it's necessary to get an old driver to work.  Didn't want to break anything so didn't put it in my fixlist.

 

Frst can enable integrity checks if you want them back on.  Just create a notepad file with the next line:

 

nointegritychecks: ==> "IntegrityChecks" is disabled. <===== ATTENTION

 

in it and save it as fixlist.  (notepad will automatically add the .txt to it.)  Then right click on Frst and Run As Admin and hit the Fix button.

 

Other than that it looks good so we can clean up unless you have other problems:

 

We usually clean up with Delfix.  This removes our tools and their logs and quarantines and also removes all but the latest System Restore point so there is no chance of the malware coming back with a system restore. Delfix has been a tad too aggressive recently and seems to dislike pdf files in the Downloads folder so if you have any you should move them to a different folder before running Delfix.

 

Download Delfix from http://general-chang...xplode/9-delfix

Ensure Remove disinfection tools is ticked

Also tick:

Create registry backup

Purge system restore

 

Click Run

The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply

 

 

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.  Flash is now the most malware targeted program so it must be kept up to date.  Be careful with Adobe.  They are fond of offering optional downloads like yahoo or Ask toolbars or that worthless McAfee Security Scan.  Go slow and uncheck the optional stuff.

 

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program.  There is an exploit out there now that can use it to get on your PC.  For Adobe Reader:  Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript.  OK Close program.  It's the same for Foxit reader except you uncheck Enable Javascript Actions. 

 

 

If you use Chrome/Firefox/IE then get the AdBlock Plus Add-on.  Go to adblockplus.org with each browser and get the add-on.  (It's actually a program for IE)

 

If Chrome/Firefox is slow loading make sure it only has the current Java add-on.  Then download and run Speedy Fox.

http://www.crystalidea.com/speedyfox.  Close Chrome/Firefox/Skpe. Hit Optimize.   You can run it any time that Chrome/Firefox seems slow starting..

 

Be warned:  If you use Limewire, utorrent or any of the other P2P programs you will probably be coming back to the Malware Removal forum.  If you must use P2P then submit any files you get to http://virustotal.combeforeyou open them.

 

Due to a recent rise in the number of Crytolocker infections I am now recommending you install:

 

CryptoPrevent

 

http://www.foolishIT.../cryptoprevent/

 

Last time I downloaded it you had to give them your IP address and they would send you the link to download it.  When it ran it asked if you were sure your PC was clean then it would try to allow everything on your PC to continue running.  The free version does not update on its own so you should check for updated versions once in a while.  If you have problems after installing CryptoPrevent you can just uninstall it.

 

If you have a router, log on to it today and change the default password!  If using a Wireless router you really should be using encryption on the link.  Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business.  See http://www.king5.com...0637284.htmlandhttp://www.seattlepi...ted-1344185.php for why encryption is important.  If you don't know how, visit the router maker's website.  They all have detailed step by step instructions or a wizard you can download.

 

Special note on Java.  Old Java versions should be removed after first clearing the Java Cache by following the instructions in:

http://www.java.com/...lugin_cache.xml

Then remove the old versions by going to Control Panel, Programs and Features and Uninstall all Java programs which are not Java Version 7 update 25 or better.  These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE.  Get the latest version from Java.com.  They will usually attempt to foist some garbage like the Ask toolbar, Yahoo toolbar or McAfee Security Scan on you as part of the download.  Just uncheck the garbage before the download (or install) starts.  If you use a 64-bit browser and want the 64-bit version of Java you need to use it to visit java.com.

Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it.  IF that is the case then go to Control Panel, Java, Security and slide it up to the highest level.  OK.

 

 

My help is free but if you wish to show your appreciation, please donate to Kwiaht instead of me. It's an Orcas Island environmental organization that I volunteered with: http://www.kwiaht.org/donate.htm

(The name means something like "clean place" in one of the local native-American dialects)

 

Ron