Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Service function NtMapViewOfSection Hook alert in AVG scan [Solved]


  • This topic is locked This topic is locked

#16
Paul432220

Paul432220

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts

Hi Jr0X,

Good news, i made


  • 0

Advertisements


#17
Paul432220

Paul432220

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts

Hi Jr0X,

 

Good news ! I made a new full scan with AVG and there was nothing reported any longer, so the system now appears to be clean.

I believe we can close this issue now.

 

Many thanks for the help and guidance !!

 

Cheers, Paul


  • 0

#18
Jr0x

Jr0x

    Malware removal team

  • Malware Removal
  • 1,825 posts
OK! Well done. :thumbsup: Here is the best part of the process! The mullygrubs are gone! That's a technical term for your log(s) appear to be clean! If you have no further issues with your computer, please complete the housekeeping procedures outlined below.
The first thing we need to do is to remove all the tools that we have used. This is so that should you ever be re-infected, you will download updated versions.

If you didn't uninstall ESET after running the program we will do it now.

Uninstall ESET
Please uninstall the following unwanted programs:

Note: If any of the programs are not listed, proceed to the next one and work through the list.
  • ESET
To do this:
Please go to Start Menu -> Control Panel -> Uninstall a program or Programs and Features
In the list of installed programs locate and click on the program to uninstall.
Click uninstall.

Delete the folders associated with the uninstalled programs.(Only do this if you uninstalled the program)

1. Using Windows Explorer (to get there right-click your Start button and click "Explore"), please delete the following folders(s) (if present):

C:\Program Files\ESET
C:\Program Files (86)\ESET

2. Close Windows Explorer.

Tools CleanUp with DelFix

Download Delfix and save it to the Desktop.
  • Right click the 34079650-4cb0ca87s.jpg and click Run as Administrator.
  • Ensure ALL boxes are checked.
    delfix.JPG
  • Click the Run button.
  • The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.
Delete the following Files and Folders (If Present):

Norton Removal Tool

Delete any other .bat, .log, .reg, .txt, and any other files created or downloaded during this process, and left on the desktop and empty the Recycle Bin.

Keeping your software updated

Windows Updates
  • Please go to Start Menu -> Control Panel
  • Under View by: select Large Icons, then tap or click Windows Update.
  • Click on Change Settings

    CheckForUpdates.JPG[/b]
  • Select "Install updates automatically (recommended)" from the Important updates drop-down.

    WUChangeSettings.JPG
  • Choose a day and a time when you know the computer will be on and connected to the internet. The default is 3:00AM every day.
  • Ensure that all of the other check boxes are checked.
  • Click OK.
Malwarebytes Anti-Malware

I recommend keeping Malwarebytes Anti-Malware installed. Make sure to update it and run it at least once a week. If it finds things such as PUP's (Potentially Unwanted Programs) you can delete those with no worries. However, if it finds something like a trojan, come see us.

Keep Java Updated

Java has become the #1 program exploited by thieves and hackers as of today. It's gotten so bad, the Department of Homeland Security recently recommended that users disable Java on their machines.

For more information regarding this, see the two articles below:

Forbes: US Department of Homeland Security Calls on user do disable Java

US warns on Java software

Unless you have software on your machine that absolutely requires Java, I highly recommend you completely remove it from your system.
If you do have software that requires it, then disable it until such time as it's needed by those programs.
Please click the link below for instructions to disable and uninstall Java.

How to Disable Java in your Web Browser

How to Completely Remove and Uninstall Java From Windows PC

Filehippo Updatechecker

Another weapon against malicious programs and viruses is to keeping other programs updated. There are several programs out there that can check for out of date programs on your computer. One is Filehippo. You can run this on a weekly or monthly basis to check your programs for updates and then it will provide a link for you to download them.

Download Filehippo Updatechecker

Tips, Information, and Optional Installation

Watch what you open in your emails. If you get an email from an unknown source with any attached files, do not open it.

Be careful of the websites you visit.

When installing new programs, don't be "click happy" and click through the screens. Many programs come with adware in them and are set to install them by default. Several programs require that you uncheck or select no to prevent the installation. Take you time and read each screen as you go.

To help protect yourself while on the web, I recommend you read Answers to common security questions - Best Practices

Installation of Unchecky (Optional)

This is a very good little program that will automatically uncheck any boxes during a software installation. This helps prevent the software from installing any malware that is by default checked while the program is being installed.

Click here to be taken to Unchecky.com

Click the very large Download button.

Click Save

Once downloaded, double click the program (Vista, Win 7, and 8, right click and Run as Administrator)

Once open, click the Install button.

eF6qWPr.jpg

Then click Finish

1YmbKwi.jpg

Unchecky is now installed and will help you keep unwanted check boxes unchecked.

Installation of CryptoPrevent (Optional)

CryptoPrevent is a free program that prevents CryptoLocker / ransomware from infecting your PC by locking down the OS so the malware can not get a grip on your system. You may read more about this here.

To download and install:
  • Click CryptoPrevent
  • Under the Free Edition column, enter your name and email and click on Request Download Link button to request for a download link
  • Once received a link in your email (may need to check your Junk mail), download the tool to your Desktop
  • Open the program by clicking Run when prompted from your browser or by going to the Desktop where the file was saved and right-click and select Run as Administrator
  • Accept all the defaults during the install. The last screen of the install has a checkmark in "Launch CryptoPrevent". This is good and will launch the program once you click Finish.
  • You will get a prompt asking if you purchased a Product Key for Automatic Updates. You can answer No.
  • You will then be prompted to learn more about automatic updates or if you want to purchase a key. This is up to you but you don't have to.
  • You will be prompted to click OK to continue and select your protection level. Go ahead and click OK.
  • Click the Apply button to set Default protection.
  • You may get a message stating that Windows Sidebar and Desktop Gadgets are a major security vulnerability and asking you if you want to disable them. If you don't use these features, answer Yes.
  • That's it. The protection is in place.
Note: The free version doesn't provide automatic updates. Periodically, you should open up the program (there is a shortcut on your desktop now) and select the Updates! menu....and select Check for Updates to see if there are any as this infection has serious consequences.

If you have any other questions, please feel free to ask me.
  • 0

#19
Paul432220

Paul432220

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts

Hi Jr0X,

 

I have uninstalled the tools (i already did for some before seeing your reply). I will post the DelFix log below here.

 

I also installed Filehippo update checker, Unchecky and Cryptoprevent( btw, i also installed those 3 on my desktop which is running W10 now, for sure these tools look a "must" to me to protect as much as possible your PC.)

 

Malwarebytes Pro is running on the infected laptop (and btw on all my PC's).

 

tx again for your assistance, my issue is solved and i learned a lot as well!   :-)

 

Cheers, Paul

 

# DelFix v1.013 - Logfile created 30/07/2016 at 11:54:40
# Updated 17/04/2016 by Xplode
# Username : BE76601 - T400
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)

~ Removing disinfection tools ...

Deleted : C:\Qoobox
Deleted : C:\Combofix
Deleted : C:\FRST
Deleted : C:\TDSSKiller_Quarantine
Deleted : C:\AdwCleaner
Deleted : C:\Log.txt
Deleted : C:\TDSSKiller.3.1.0.9_11.07.2016_16.29.28_log.txt
Deleted : C:\WINDOWS\grep.exe
Deleted : C:\WINDOWS\PEV.exe
Deleted : C:\WINDOWS\NIRCMD.exe
Deleted : C:\WINDOWS\MBR.exe
Deleted : C:\WINDOWS\SED.exe
Deleted : C:\WINDOWS\SWREG.exe
Deleted : C:\WINDOWS\SWSC.exe
Deleted : C:\WINDOWS\SWXCACLS.exe
Deleted : C:\WINDOWS\Zip.exe
Deleted : HKCU\console_combofixbackup
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe
Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart
Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys
Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart
Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #1280 [System Checkpoint | 07/01/2016 18:04:58]
Deleted : RP #1281 [Removed Lotus Notes 8.5.3. | 07/03/2016 14:58:07]
Deleted : RP #1282 [Removed Samsung Kies | 07/03/2016 15:12:45]
Deleted : RP #1283 [Verwijderd: Skypeâ„¢ 6.3 | 07/03/2016 15:20:05]
Deleted : RP #1284 [IBM Lotus Sametime Connect 8.5.1 verwijderd. | 07/03/2016 15:22:08]
Deleted : RP #1285 [Removed e-config | 07/03/2016 15:26:41]
Deleted : RP #1286 [Removed CompanionLink. | 07/07/2016 15:36:52]
Deleted : RP #1287 [Removed LotusLive Meetings for IBM | 07/07/2016 15:40:59]
Deleted : RP #1288 [Removed IBM Tivoli Storage Manager Client | 07/07/2016 15:41:46]
Deleted : RP #1289 [Verwijderd: IBM Personal Communications | 07/07/2016 15:43:14]
Deleted : RP #1290 [Removed IBM Tivoli Remote Control Ayúdame Premium Edition - Target. | 07/07/2016 15:44:00]
Deleted : RP #1291 [Removed Apple Application Support | 07/07/2016 15:47:21]
Deleted : RP #1292 [Verwijderd: Apple Software Update | 07/07/2016 15:48:48]
Deleted : RP #1293 [Removed Vodafone Mobile Connect Lite. | 07/07/2016 16:07:08]
Deleted : RP #1294 [Removed Tivoli Endpoint Manager Client. | 07/07/2016 16:10:07]
Deleted : RP #1295 [Removed Stickies | 07/07/2016 16:11:08]
Deleted : RP #1296 [Removed e-config Data Migration tool | 07/07/2016 16:13:17]
Deleted : RP #1297 [Removed GBS Solutions and Assets | 07/07/2016 16:13:56]
Deleted : RP #1298 [Removed Mobility Client | 07/07/2016 16:15:00]
Deleted : RP #1299 [Installed AVG 2016 | 07/07/2016 16:30:29]
Deleted : RP #1300 [Installed AVG | 07/07/2016 16:30:54]
Deleted : RP #1301 [System Checkpoint | 07/11/2016 15:07:20]
Deleted : RP #1302 [ComboFix created restore point | 07/17/2016 16:09:09]
Deleted : RP #1303 [System Checkpoint | 07/20/2016 13:48:54]
Deleted : RP #1304 [Removed Symantec Endpoint Protection. | 07/21/2016 19:49:48]
Deleted : RP #1305 [Removed Symantec Endpoint Protection. | 07/21/2016 19:50:51]
Deleted : RP #1306 [Restore Point Created by FRST | 07/21/2016 20:40:22]
Deleted : RP #1307 [System Checkpoint | 07/23/2016 17:08:00]
Deleted : RP #1308 [Restore Point Created by FRST | 07/25/2016 06:50:28]
Deleted : RP #1309 [Removed Foxit Reader | 07/25/2016 20:51:23]
Deleted : RP #1310 [Google Earth is verwijderd. | 07/25/2016 20:51:59]
Deleted : RP #1311 [Verwijderd: QuickTime | 07/25/2016 20:58:40]
Deleted : RP #1312 [Removed SourceGear DiffMerge | 07/25/2016 20:59:17]
Deleted : RP #1313 [IBM Lotus Symphony verwijderd. | 07/25/2016 21:02:19]
Deleted : RP #1314 [Removed Cookienator | 07/25/2016 21:08:55]
Deleted : RP #1315 [System Checkpoint | 07/27/2016 17:22:39]
Deleted : RP #1316 [System Checkpoint | 07/28/2016 18:52:12]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########
 


  • 0

#20
Jr0x

Jr0x

    Malware removal team

  • Malware Removal
  • 1,825 posts

Glad that I'm able to assist you.

 

Take care and stay safe.


  • 0

#21
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP