Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

cgklwvnsvc.exe installing programs, unable to terminate internet slow.

malware rouge process frst log

  • Please log in to reply

#46
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,177 posts
  • MVP

Sometimes the default (normal) Word  template gets infected.  The usual fix is to close Word then search for all normal.dot and normal.dotx files and rename them to anormal.dot or anormal.dotx.  Then open Word from the All Programs, Office, Word shortcut and not by opening a document.  This will cause Word to create a new normal template.  Then open saved documents carefully and do not allow them to run Macros. 

 

Whatever MBAM found was probably not just a PUP.  Google says it's a random named thing so probably nasty malware.  Doesn't appear that it was active.

 

 

Have you let Windows Defender do a full scan?

 

Any credit card info you might have submitted may be compromised.  You've already seen the bank account was hit.  Change all of the passwords you use on line including your email, facebook, amazon etc.


  • 0

Advertisements


#47
r55741

r55741

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts

Sometimes the default (normal) Word  template gets infected.  The usual fix is to close Word then search for all normal.dot and normal.dotx files and rename them to anormal.dot or anormal.dotx.  Then open Word from the All Programs, Office, Word shortcut and not by opening a document.  This will cause Word to create a new normal template.  Then open saved documents carefully and do not allow them to run Macros. 

 

Ok i gave it enough time to make sure it's fixed and yes Im not sure what fixed it but i have been renaming the files many times and leaving the old copies as back ups,

 

Whatever MBAM found was probably not just a PUP.  Google says it's a random named thing so probably nasty malware.  Doesn't appear that it was active.

 

 

Have you let Windows Defender do a full scan?

I did and it found nothing!

 

Any credit card info you might have submitted may be compromised.  You've already seen the bank account was hit.  Change all of the passwords you use on line including your email, facebook, amazon etc.

 

yikes! this is an arduous process for an entire day! 

would opening suspicious files in sandboxie for the future be of any help?

 

Thanks!!


  • 0

#48
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,177 posts
  • MVP

Best to not open suspicious files but if you must sandboxie is a good idea.  Sometimes you can submit them or their website to virustotal.com and see if any  a-v detect anything.

 

Perhaps a free ESET scan might be worth the effort.  I haven't run one recently so my instructions may need tweaking but:

 

Use IE and go to https://www.eset.com...online-scanner/

  and click on SCAN NOW under ESET online Scanner.  Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).  

IF you don't use IE it will still work but you must download a program and run it.

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.

 


  • 0

#49
r55741

r55741

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts
In bold is the item that caused all these problems 
 
C:\Program Files (x86)\Tftpd32\tftpd32.exe a variant of Win32/TFTPD32.A potentially unsafe application
C:\Users\REEDEMER\AppData\Roaming\MidnightCrypt\MidnightCrypt.exe MSIL/HackTool.Crypter.AK potentially unsafe application
C:\Users\REEDEMER\Desktop\All Activation Windows 7-8-10 v9.5 + Office Activator [SadeemPC]\All activation Windows (7-8-10) v9.5.iso a variant of Win32/HackTool.SLICMod.D potentially unsafe application,a variant of Win32/HackTool.SLICMod.B potentially unsafe application,Win32/HackTool.SLICMod.C potentially unsafe application,a variant of MSIL/HackKMS.G potentially unsafe application,Win32/HackKMS.M potentially unsafe application,MSIL/HackKMS.C potentially unsafe application,a variant of MSIL/HackTool.WinActivator.J potentially unsafe application,a variant of Win32/HackTool.WinActivator.J potentially unsafe application,Win32/HackTool.WinActivator.I potentially unsafe application,a variant of Win64/HackKMS.I potentially unsafe application,a variant of Win32/HackKMS.AR potentially unsafe application,a variant of Win32/HackKMS.Q potentially unsafe application,a variant of MSIL/HackKMS.I potentially unsafe application,a variant of Win32/HackTool.KMSAuto.A potentially unsafe application,a variant of MSIL/HackTool.IdleKMS.E potentially unsafe application,Win32/HackKMS.A potentially unsafe application
C:\Users\REEDEMER\Downloads\ccsetup535.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\REEDEMER\Downloads\IObit-Malware-Fighter-Setup.exe a variant of Win32/IObit.L potentially unwanted application,a variant of Win32/IObit.E potentially unwanted application,a variant of Win32/IObit.M potentially unwanted application,Win32/IObit.D potentially unwanted application,a variant of Win32/IObit.D potentially unwanted application
C:\Windows\Temp\nstD310.tmp\HZetujlPVCp.dll a variant of Win32/Adware.Zdengo.BJA application
D:\$RECYCLE.BIN\S-1-5-21-1435351782-728466632-1125761908-1001\$R096TWA.zip a variant of Win32/HackTool.Patcher.AD potentially unsafe application
D:\$RECYCLE.BIN\S-1-5-21-1435351782-728466632-1125761908-1001\$RYCAKIZ.zip multiple threats,NSIS/TrojanDownloader.Adload.CF trojan,Win32/InstallCore.Gen.A potentially unwanted application
D:\$RECYCLE.BIN\S-1-5-21-1435351782-728466632-1125761908-1001\$RTXWR3P\Office 2013 KMS Activator Ultimate 1.5 .zip multiple threats,NSIS/TrojanDownloader.Adload.CF trojan,a variant of MSIL/Riskware.HackAV.S application
D:\$RECYCLE.BIN\S-1-5-21-1435351782-728466632-1125761908-1001\$RTXWR3P\Office 2013 KMS Activator Ultimate v1.5 Portable .zip multiple threats,NSIS/TrojanDownloader.Adload.CF trojan,a variant of MSIL/Riskware.HackAV.S application
D:\bmw\Coding\Codiprog\tacho\TachoSoft21.51.exe a variant of Win32/Packed.Bccrypt.A suspicious application
D:\downloads\EaseUS Data Recovery Wizard Technician 10.2.0 + Keygen [SadeemPC].zip Win32/Keygen.ACT potentially unsafe application
D:\downloads\Keygen.exe Win32/Keygen.HB potentially unsafe application
D:\downloads\Windows Loader v2.2.1. DAZ crack 7 DeGun TPB.zip Win32/HackTool.WinActivator.I potentially unsafe application
D:\downloads\YouTube Video Downloader (YTD) 5.7.1.0 Pro & Portable + Crack [4realtorrentz].zip a variant of Win32/YTDDownloader.A potentially unwanted application,a variant of Win32/Spigot.B potentially unwanted application,a variant of Win32/YTDDownloader.D potentially unwanted application
D:\downloads\Adobe Dreamweaver CC 2018 18.2.0.10165 (x64) + Crack [CracksNow]\Dreamweaver CC 2018\Dreamweaver CC 2018.zip multiple threats,NSIS/TrojanDownloader.Adload.CF trojan,a variant of Win32/HackTool.Crack.FS potentially unsafe application,BAT/HostsChanger.A potentially unsafe application
D:\downloads\Adobe Dreamweaver CC 2018 18.2.0.10165 (x64) + Crack [CracksNow]\Fix\Final Patch.zip multiple threats,NSIS/TrojanDownloader.Adload.CF trojan,a variant of Win32/HackTool.Crack.FS potentially unsafe application,BAT/HostsChanger.A potentially unsafe application
D:\downloads\Adobe Photoshop CC 2018 v19.1.2.45971 Repack + Portable x64\Setup\Adobe.Photoshop.CC.2018.v19.1.2.45971.x64.exe NSIS/TrojanDownloader.Adload.CF trojan
D:\downloads\Crysis.3.INTERNAL-RELOADED\DVD2\rld-crys3b.iso a variant of Win32/HackTool.Crack.P potentially unsafe application
D:\downloads\GetData Recover My Files Pro v7.1.0.1831 Including Crack\GetData Recover My Files Pro v7.1.0.1831 Including Crack.exe NSIS/TrojanDownloader.Adload.R trojan
D:\downloads\KMSpico 10.2.0 FINAL + Portable (Office and Windows 10 Activator) [TechTools]\KMSpico 10.2.0 FINAL + Portable (Office and Windows 10 Activator) [TechTools.NET].rar a variant of MSIL/HackTool.IdleKMS.E potentially unsafe application,MSIL/HackTool.IdleKMS.I potentially unsafe application
D:\downloads\Markable 2.2.8 (Keygen included)\keygen-markable2.exe a variant of Win32/Keygen.ADM potentially unsafe application
D:\downloads\MarkAble2\MarkAble.2.1.9\MarkAble2.exe a variant of MSIL/Packed.Sixxpack.B suspicious application
D:\downloads\MICROSOFT Office PRO Plus 2016 v16.0.4266.1003 RTM + Activator [TechTools.NET]\MICROSOFT Office PRO Plus 2016 v16.0.4266.1003 RTM + Activator [TechTools.NET].rar a variant of MSIL/HackKMS.I potentially unsafe application
D:\downloads\MP3 Cutter Joiner v2.20 with Crack Software\MP3 Cutter Joiner v2.20.zip Win32/Keygen.FL potentially unsafe application
D:\downloads\MP3 Cutter Joiner v2.20 with Crack Software\MP3 Cutter Joiner v2.20\Keygen_AudiotoolsFactory_MP3_Cutter_Joiner.exe Win32/Keygen.FL potentially unsafe application
D:\downloads\Nitro Pro 11.0.8.470 + Crack [CracksNow]\Fix\Keymaker.rar multiple threats,NSIS/TrojanDownloader.Adload.CF trojan,a variant of Win32/Keygen.AU potentially unsafe application
D:\downloads\Quick Macros v2.4.2.2 + Patch\Quick Macros v2.4.2.2 + Patch.tgz a variant of Win32/HackTool.Patcher.A potentially unsafe application
D:\downloads\TeamViewer Corporate&Premium10.0.41459 Multilingual + Portable + Patch&Crack - AppzDam\TeamViewer Corporate 10.0.41459 Multilingual + Portable - AppzDam\teamviewer.corporate.edition.10.xx-patch.rar a variant of Win32/HackTool.Patcher.AD potentially unsafe application
D:\downloads\WinRAR 5.40 [EN] 32bit + 64bit + Patch - Crackingpatching.com\Patch Winrar 32bit Universal Patch.exe a variant of Win32/RiskWare.HackTool.Agent.K application
D:\downloads\WinRAR 5.40 [EN] 32bit + 64bit + Patch - Crackingpatching.com\Patch Winrar 64bit Universal Patch.exe a variant of Win32/RiskWare.HackTool.Agent.K application
D:\livingston thumb drive back up\TeamViewer Corporate&Premium10.0.41459 Multilingual + Portable + Patch&Crack - AppzDam\TeamViewer Corporate 10.0.41459 Multilingual + Portable - AppzDam\teamviewer.corporate.edition.10.xx-patch.rar a variant of Win32/HackTool.Patcher.AD potentially unsafe application
D:\Movies\Sully 2016 720p BrRip x264 - TiTAN\XvidCodec.xz a variant of Generik.HCIOALD trojan
D:\Program Files (x86)\Mr DJ\Crysis 3\Bin32\rld.dll Win32/HackTool.Crack.CY potentially unsafe application
D:\thumb drive back up 64gb\kldumps.exe a variant of Win32/Packed.VMProtect.ACP trojan
D:\TMP\23078140\ic-0.93be59b29d326.exe a variant of Win64/Packed.Themida.EQ trojan
D:\TMP\23078140\ic-0.9d4fda64ad2a3.exe a variant of Win32/TrojanDownloader.Autoit.OPT trojan
D:\TMP\23078140\ic-0.c3d48de0edd2f.exe multiple threats,a variant of Win32/Injector.EAMM trojan,a variant of Win32/Injector.Autoit.DKS trojan
D:\TMP\23078140\ufiirygf.exe multiple threats,MSIL/Adware.Dotdo.BT application,a variant of MSIL/Adware.Dotdo.FB application
D:\TMP\270625\hacdyyhrxjf.exe multiple threats,MSIL/Adware.Dotdo.DP application,a variant of MSIL/Adware.Dotdo.FK application,a variant of MSIL/Adware.Dotdo.EY application,a variant of MSIL/Adware.Dotdo.DF application,a variant of MSIL/Adware.Dotdo.EI application
D:\TMP\db5\IobitDownloader.exe a variant of Win32/IObit.L potentially unwanted application
D:\TMP\is-129KJ.tmp\Setup.exe a variant of Win32/IObit.E potentially unwanted application
D:\TMP\is-Q3PFS.tmp-dbinst\Fusion.dll a variant of Win32/FusionCore.AB potentially unwanted application
D:\TMP\is-Q3PFS.tmp-dbinst\setup.exe a variant of Win32/IObit.I potentially unwanted application
D:\TMP\nsuCAA3.tmp\HZetujlPVCp.dll a variant of Win32/Adware.Zdengo.BJA application
Autostart locations a variant of Win32/TFTPD32.A potentially unsafe application unable to open
 
waiting for the final log....

Edited by r55741, 24 September 2018 - 07:35 AM.

  • 0

#50
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,177 posts
  • MVP

Looks like it was well worth the time.  Nice to see they agree with me about IOBIT.  I always remove their stuff.  I see winrar is also loaded with extras.  That's why I recommend against free versions of it and WinZip in my final goodbye.   Not sure why you would want a cracked version of TeamViewer.  The free home version is usually good enough.  It's common with cracks to come with a little extra.  Best to avoid them or at least check them on virustotal.com

 

I think I would run ESET a second time to make sure that it got it all.


  • 0

#51
r55741

r55741

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts

Looks like it was well worth the time.  Nice to see they agree with me about IOBIT.  I always remove their stuff.  I see winrar is also loaded with extras.  That's why I recommend against free versions of it and WinZip in my final goodbye.   Not sure why you would want a cracked version of TeamViewer.  The free home version is usually good enough.  It's common with cracks to come with a little extra.  Best to avoid them or at least check them on virustotal.com

 

I think I would run ESET a second time to make sure that it got it all.

 

That's such a good tip i did not know all of this stuff came loaded and I always hear people talk about virustotal checks. 

 

There was no log or file for eset after it finished. But I will run it a second time. 

 

I will be way more watchful going forward, this is been very informative as well as a huge time saver as I would have been really screwed if this system went down. you guys are really doing a good thing here helping people like me so thank you so much. 


  • 0

#52
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,177 posts
  • MVP

Virustotal.com will also check potentially bad webpages for you.  Just copy the URL and paste it into their URL tab.

 

Guess we are done here so time for my canned goodbye speech:

 

Time to clean up:
If we used FRST to clean your PC:

right click on FRST.exe or FRST64.exe (whichever you used) and rename it to uninstall.exe.  Then right click on uninstall.exe and Run as Admin.

 
If we installed Speccy it needs to be uninstalled.  Process Explorer, VEW, AdwCleaner, JRT  and their logs and Speccy's log can just be deleted.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.  Flash is now the most malware targeted program so it must be kept up to date.  Be careful with Adobe.  They are fond of offering optional downloads like yahoo or Ask toolbars or that worthless McAfee Security Scan.  Go slow and uncheck the optional stuff.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program.  There is an exploit out there now that can use it to get on your PC.  For Adobe Reader:  Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript.  OK Close program.  It's the same for Foxit reader except you uncheck Enable Javascript Actions.


If you use Chrome/Firefox/Edge then get the Ublock Origin extension.  For IE go to adblockplus.org  and get the program.
If Chrome/Firefox is slow loading make sure it only has the current Java add-on.  Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox. Close Chrome/Firefox/Skpe. Hit Optimize.   You can run it any time that Chrome/Firefox seems slow starting..
(If it complains about Chrome still running you can stop it with Task Manager or go into Chrome then go to:

chrome://settings/

Hit Advanced at the bottom of the page then scroll down to near the bottom where it says System.

Change
Continue running background apps when Google Chrome is closed
to Off (slide the blue thing to the left and it turns brown)
Close Chrome.

You can run it any time that Chrome/Firefox seems slow starting.

If the browser is still slow then go in and disable all of your extensions, close the browser and Optimize with SpeedyFox then restart the browser.  If that helps then one or more of your extensions is at fault.  Go back in and turn them on one at a time and see if you can figure out which ones slow things down the most.


If you use Facebook you need FB Purity: http://www.fbpurity.com/

To prevent a relatively new phishing attack:  In Firefox, type:

https://www.xn--80ak6aa92e.com/

If the URL changes to https://www.apple.cominstead of the correct value
type:
about:config

in the URL box and hit Enter.  You should get a new page of options (if you get a notice about voiding the warranty just cancel the warning).  In the Search box put in

puny

You should only get 2 options:
"network.IDN_show_punycode"
We want it to say True but by default it is False so double click on it to toggle from False to True.


 "network.standard-url.punycode-host" Leave this one at default of False.
Close and restart firefox.

If you are a Facebook user get the FB Purity extension for your browser:
http://www.fbpurity.com/
This will stop all of the suggested pages and ads so that Facebook loads much quicker.


Be warned:  If you use Limewire, utorrent or any of the other P2P programs you will probably be coming back to the Malware Removal forum.  If you must use P2P then submit any files you get to http://virustotal.combeforeyou open them.

Due to a recent rise in the number of Crytolocker infections I am now recommending you install:

CryptoPrevent
http://www.majorgeek...ptoprevent.html

The free version. When you install it the default is NONE which is kind of worthless so change it to Standard or default. If you have problems after installing CryptoPrevent you can just uninstall it.

If you have a router, log on to it today and change the default password!  If using a Wireless router you really should be using encryption on the link.  Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business.  See http://www.king5.com...0637284.htmlandhttp://www.seattlepi...ted-1344185.php for why encryption is important.  If you don't know how, visit the router maker's website.  They all have detailed step by step instructions or a wizard you can download.

Special note on Java.  Old Java versions should be removed after first clearing the Java Cache by following the instructions in:
http://www.java.com/...lugin_cache.xml
Then remove the old versions by going to Control Panel, Programs and Features and Uninstall all Java programs which are not the latest version.  These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE.  Get the latest version from Java.com.  They will usually attempt to foist some garbage like the Ask toolbar, Yahoo toolbar or McAfee Security Scan on you as part of the download.  Just uncheck the garbage before the download (or install) starts.  If you use a 64-bit browser and want the 64-bit version of Java you need to use it to visit java.com.
Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it.  IF that is the case then go to Control Panel, Java, Security and slide it up to the highest level.  OK.


Recommended software: (I'm not saying you should download these just that if you have a need for a new program these are safe and work)  
Compression:  7-zip.  Avoid WinRar and WinZip as the free versions have adware.
Video Player:  VLC  Unlike Windows Medi Player it never seems to need extra files to work.
Photo organizer and editor:  Google's Picasa.  While it has been discontinued by Google you can still get it at:
http://techfilehippo...-free-download/
Office like free program:  Open Office: https://www.openoffice.org/download/
or
LibreOffice: https://www.libreoffice.org/
Free Anti-Virus:  Avast
Free Malware prevention:  MBAM: Free version at https://www.malwareb...m/mwb-download/
Can run with your anti-virus.
Paid Anti-Virus:  Kaspersky or BitDefender
Utilities:
Root Kit Detector:  MBAR: https://www.malwareb...om/antirootkit/
Process Explorer:  Show you what is running on the PC.  Like Task manager but better:  http://live.sysinter...com/procexp.exe
WhoCrashed: Why did your system crash?
http://www.resplendence.com/downloads
Then click on Download free home edition
where it says:
WhoCrashed 5.51
Comprehensible crash dump analysis tool
for Windows 10/8.1/8/7/Vista/XP/2012/2008/2003 (x86 and x64)
System Health:
Speccy:  
http://www.filehippo.com/download_speccy (Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  Decline CCleaner if offered.  Pay attention to SMART info on your hard drives and to temps.  If in doubt about temps try:
SpeedFan:  Try speedfan
http://www.filehippo...nload_speedfan/
Download, save and Install it (Win 7 or Vista right click and Run As Admin.) then run it.
Download Flash and Video.  To save flash video.  Works with Firefox.  https://addons.mozil...lash-and-video/This allows you to start a recording and then switch to a different window and record another video.

With Win 10 only there is a new Game recorder program.  It's supposed to only work for games but it works nicely to record any video you watch.  Hit the Win key + Alt + r to start the recorder.  The first time it asks you if it is looking at a game.  Just tell it yes.  After that it starts recording whenever you bring it up.  Videos are saved to the Captures folder under Videos.  You can only record what you watch so limited to only one video at a time.  Best to go to full screen before starting the recorder.

Avoid:  
Advanced System Care
SuperAntiSpyware
HitmanPro
Spybot S&D
Any P2P software especially if it comes from Conduit.
Registry Cleaners
Driver updating software.
PC fixing or Speed up software.
Running more than one anti-virus.
Seagate hard drives.  If you have one it's going to fail on you so backup your data now!

My help is free but if you wish to show your appreciation, please donate to Kwiaht instead of me. It's an Orcas Island environmental organization that I volunteered with: http://www.kwiaht.org/donate.htm
(The name means something like "clean place" in one of the local native-American dialects)

Ron


  • 0

#53
r55741

r55741

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts

I am making my way trough your list. i indicated below where i am at 

 

i just want to add that I scanned the system with comodo and it picked up about 20 infections. 

 

also my tcf bank account had multiple log in attempts today and my amazon was hacked 2 days ago and my ebay had a different ship to address. 

 

is it possibly they still have accesses to my computer?

 

Virustotal.com will also check potentially bad webpages for you.  Just copy the URL and paste it into their URL tab.

 

Guess we are done here so time for my canned goodbye speech:

 

Time to clean up:
If we used FRST to clean your PC:

right click on FRST.exe or FRST64.exe (whichever you used) and rename it to uninstall.exe.  Then right click on uninstall.exe and Run as Admin.

 
If we installed Speccy it needs to be uninstalled.  Process Explorer, VEW, AdwCleaner, JRT  and their logs and Speccy's log can just be deleted.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.  Flash is now the most malware targeted program so it must be kept up to date.  Be careful with Adobe.  They are fond of offering optional downloads like yahoo or Ask toolbars or that worthless McAfee Security Scan.  Go slow and uncheck the optional stuff.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program.  There is an exploit out there now that can use it to get on your PC.  For Adobe Reader:  Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript.  OK Close program.  It's the same for Foxit reader except you uncheck Enable Javascript Actions.


If you use Chrome/Firefox/Edge then get the Ublock Origin extension.  For IE go to adblockplus.org  and get the program.
If Chrome/Firefox is slow loading make sure it only has the current Java add-on.  Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox. Close Chrome/Firefox/Skpe. Hit Optimize.   You can run it any time that Chrome/Firefox seems slow starting..
(If it complains about Chrome still running you can stop it with Task Manager or go into Chrome then go to:

chrome://settings/

Hit Advanced at the bottom of the page then scroll down to near the bottom where it says System.

Change
Continue running background apps when Google Chrome is closed
to Off (slide the blue thing to the left and it turns brown)
Close Chrome.

You can run it any time that Chrome/Firefox seems slow starting.

If the browser is still slow then go in and disable all of your extensions, close the browser and Optimize with SpeedyFox then restart the browser.  If that helps then one or more of your extensions is at fault.  Go back in and turn them on one at a time and see if you can figure out which ones slow things down the most.


If you use Facebook you need FB Purity: http://www.fbpurity.com/
Got up to this part so far!
To prevent a relatively new phishing attack:  In Firefox, type:

https://www.xn--80ak6aa92e.com/

If the URL changes to https://www.apple.cominstead of the correct value
type:
about:config

in the URL box and hit Enter.  You should get a new page of options (if you get a notice about voiding the warranty just cancel the warning).  In the Search box put in

puny

You should only get 2 options:
"network.IDN_show_punycode"
We want it to say True but by default it is False so double click on it to toggle from False to True.


 "network.standard-url.punycode-host" Leave this one at default of False.
Close and restart firefox.

If you are a Facebook user get the FB Purity extension for your browser:
http://www.fbpurity.com/
This will stop all of the suggested pages and ads so that Facebook loads much quicker.


Be warned:  If you use Limewire, utorrent or any of the other P2P programs you will probably be coming back to the Malware Removal forum.  If you must use P2P then submit any files you get to http://virustotal.combeforeyou open them.

Due to a recent rise in the number of Crytolocker infections I am now recommending you install:

CryptoPrevent
http://www.majorgeek...ptoprevent.html

The free version. When you install it the default is NONE which is kind of worthless so change it to Standard or default. If you have problems after installing CryptoPrevent you can just uninstall it.

If you have a router, log on to it today and change the default password!  If using a Wireless router you really should be using encryption on the link.  Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business.  See http://www.king5.com...0637284.htmlandhttp://www.seattlepi...ted-1344185.php for why encryption is important.  If you don't know how, visit the router maker's website.  They all have detailed step by step instructions or a wizard you can download.

Special note on Java.  Old Java versions should be removed after first clearing the Java Cache by following the instructions in:
http://www.java.com/...lugin_cache.xml
Then remove the old versions by going to Control Panel, Programs and Features and Uninstall all Java programs which are not the latest version.  These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE.  Get the latest version from Java.com.  They will usually attempt to foist some garbage like the Ask toolbar, Yahoo toolbar or McAfee Security Scan on you as part of the download.  Just uncheck the garbage before the download (or install) starts.  If you use a 64-bit browser and want the 64-bit version of Java you need to use it to visit java.com.
Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it.  IF that is the case then go to Control Panel, Java, Security and slide it up to the highest level.  OK.


Recommended software: (I'm not saying you should download these just that if you have a need for a new program these are safe and work)  
Compression:  7-zip.  Avoid WinRar and WinZip as the free versions have adware.
Video Player:  VLC  Unlike Windows Medi Player it never seems to need extra files to work.
Photo organizer and editor:  Google's Picasa.  While it has been discontinued by Google you can still get it at:
http://techfilehippo...-free-download/
Office like free program:  Open Office: https://www.openoffice.org/download/
or
LibreOffice: https://www.libreoffice.org/
Free Anti-Virus:  Avast
Free Malware prevention:  MBAM: Free version at https://www.malwareb...m/mwb-download/
Can run with your anti-virus.
Paid Anti-Virus:  Kaspersky or BitDefender
Utilities:
Root Kit Detector:  MBAR: https://www.malwareb...om/antirootkit/
Process Explorer:  Show you what is running on the PC.  Like Task manager but better:  http://live.sysinter...com/procexp.exe
WhoCrashed: Why did your system crash?
http://www.resplendence.com/downloads
Then click on Download free home edition
where it says:
WhoCrashed 5.51
Comprehensible crash dump analysis tool
for Windows 10/8.1/8/7/Vista/XP/2012/2008/2003 (x86 and x64)
System Health:
Speccy:  
http://www.filehippo.com/download_speccy (Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  Decline CCleaner if offered.  Pay attention to SMART info on your hard drives and to temps.  If in doubt about temps try:
SpeedFan:  Try speedfan
http://www.filehippo...nload_speedfan/
Download, save and Install it (Win 7 or Vista right click and Run As Admin.) then run it.
Download Flash and Video.  To save flash video.  Works with Firefox.  https://addons.mozil...lash-and-video/This allows you to start a recording and then switch to a different window and record another video.

With Win 10 only there is a new Game recorder program.  It's supposed to only work for games but it works nicely to record any video you watch.  Hit the Win key + Alt + r to start the recorder.  The first time it asks you if it is looking at a game.  Just tell it yes.  After that it starts recording whenever you bring it up.  Videos are saved to the Captures folder under Videos.  You can only record what you watch so limited to only one video at a time.  Best to go to full screen before starting the recorder.

Avoid:  
Advanced System Care
SuperAntiSpyware
HitmanPro
Spybot S&D
Any P2P software especially if it comes from Conduit.
Registry Cleaners
Driver updating software.
PC fixing or Speed up software.
Running more than one anti-virus.
Seagate hard drives.  If you have one it's going to fail on you so backup your data now!

My help is free but if you wish to show your appreciation, please donate to Kwiaht instead of me. It's an Orcas Island environmental organization that I volunteered with: http://www.kwiaht.org/donate.htm
(The name means something like "clean place" in one of the local native-American dialects)

Ron


  • 0

#54
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,177 posts
  • MVP

Don't know.   Comodo is a firewall but tends to install an antivirus and other stuff.  You might try Tiny Firewall:

https://tinywall.pados.hu/

 

And be very careful what you allow in or out.

 

Make sure when you change your passwords that you use different passwords for each and that they are at least 10 characters long with caps, punctuation marks and numbers and not just all small letters.  They know your login name so they may just be brute force guessing.

 

You might have an infected router.  Log on to it and see what DNS it uses and if there are any static routes.


  • 0






Similar Topics


Also tagged with one or more of these keywords: malware, rouge process, frst log

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP