Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Norton keeps detecting security risk.proxy.dns endlessly


  • Please log in to reply

#16
Ja_pm83

Ja_pm83

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

Pause Norton and then redownload the fixlist and rerun it.  Once it reboots, do a new FRST scan.

Done as requested. Please see updated search files.

Thanks

Attached Files


  • 0

Advertisements


#17
RKinner

RKinner

    Malware Expert

  • Expert
  • 22,921 posts
  • MVP

Pause your anti-virus.

Download the attached fixlist.txt to the same location as FRST

Attached File  fixlist.txt   2.93KB   32 downloads

Run FRST and press Fix
A fix log will be generated please post that

Reboot if the fix doesn't reboot it for you

Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.


 


  • 0

#18
Ja_pm83

Ja_pm83

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

Pause your anti-virus.

Download the attached fixlist.txt to the same location as FRST

attachicon.gif fixlist.txt

Run FRST and press Fix
A fix log will be generated please post that

Reboot if the fix doesn't reboot it for you

Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.


 

As requested. See attached files. Thanks again.

Attached Files


  • 0

#19
Ja_pm83

Ja_pm83

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

 

Pause your anti-virus.

Download the attached fixlist.txt to the same location as FRST

attachicon.gif fixlist.txt

Run FRST and press Fix
A fix log will be generated please post that

Reboot if the fix doesn't reboot it for you

Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.


 

As requested. See attached files. Thanks again.

 

FYI UpdateAdmin or whatever its name was, just disappeared from Apps.


  • 0

#20
RKinner

RKinner

    Malware Expert

  • Expert
  • 22,921 posts
  • MVP

We are getting this error:

 

Error: (06/05/2020 06:21:06 PM) (Source: Microsoft-Windows-Directory-Services-SAM) (EventID: 16953) (User: NT AUTHORITY)
Description: La DLL de notificación de contraseña C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter no se pudo cargar y dio el error 126. Compruebe que la ruta de acceso de la DLL de notificación definida en el registro, HKLM\System\CurrentControlSet\Control\Lsa\Notification Packages, haga referencia a una ruta de acceso correcta y absoluta (<unidad>:\<ruta de acceso>\<nombre de archivo>.<ext>) y no a una ruta de acceso relativa o no válida. Si la ruta de acceso de la DLL es correcta, valide que los archivos auxiliares se encuentren en el mismo directorio, y que la cuenta del sistema tenga acceso de lectura tanto en la ruta de acceso de la DLL, como en los archivos auxiliares. Póngase en contacto con el proveedor de la DLL de notificación para obtener soporte adicional. Si desea obtener más detalles visite http://go.microsoft..../?LinkId=245898.

 

I think you had McAfee's TrueKey installed at one time and when it uninstalled it left an entry:
 

 

Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter

 

We should be able to remove it with a reg merge:

 

Download the attached lsa.reg and save it then right click and Merge.

Attached File  lsa.reg   360bytes   29 downloads

Ignore the warning.  Reboot then rerun the FRST scan.
 


  • 0

#21
Ja_pm83

Ja_pm83

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

We are getting this error:

 

Error: (06/05/2020 06:21:06 PM) (Source: Microsoft-Windows-Directory-Services-SAM) (EventID: 16953) (User: NT AUTHORITY)
Description: La DLL de notificación de contraseña C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter no se pudo cargar y dio el error 126. Compruebe que la ruta de acceso de la DLL de notificación definida en el registro, HKLM\System\CurrentControlSet\Control\Lsa\Notification Packages, haga referencia a una ruta de acceso correcta y absoluta (<unidad>:\<ruta de acceso>\<nombre de archivo>.<ext>) y no a una ruta de acceso relativa o no válida. Si la ruta de acceso de la DLL es correcta, valide que los archivos auxiliares se encuentren en el mismo directorio, y que la cuenta del sistema tenga acceso de lectura tanto en la ruta de acceso de la DLL, como en los archivos auxiliares. Póngase en contacto con el proveedor de la DLL de notificación para obtener soporte adicional. Si desea obtener más detalles visite http://go.microsoft..../?LinkId=245898.

 

I think you had McAfee's TrueKey installed at one time and when it uninstalled it left an entry:
 

 

Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter

 

We should be able to remove it with a reg merge:

 

Download the attached lsa.reg and save it then right click and Merge.

attachicon.gif lsa.reg

Ignore the warning.  Reboot then rerun the FRST scan.
 

done! please see attached.

Attached Files


  • 0

#22
RKinner

RKinner

    Malware Expert

  • Expert
  • 22,921 posts
  • MVP

That seems to have worked.  No new true key error.

 

I think this error:

Error: (06/06/2020 08:28:37 AM) (Source: WAS-LA) (EventID: 7005) (User: )
Description: El protocolo de adaptador de escuchas 'net.pipe' intentó comunicar con el servicio WAS (Windows Process Activation Service) pero no lo consiguió. Ahora el adaptador de escuchas se encuentra en estado incorrecto. Causa: esto se debe a falta de memoria o a errores entre el servicio WAS (Windows Process Activation Service) y el adaptador de escuchas. Solución: para resolver esta situación, detenga el adaptador de escuchas, luego el servicio WAS (Windows Process Activation Service), reinicie éste y finalmente reinicie el adaptador de escuchas.

 

is caused by a service being on that shouldn't be.

 

Search for

services.msc

and hit Enter

scroll down to net. something.

 

All of the services which start with net. should normally be disabled.  If any are not, right click and select Properties then change the Startup Type: to Disabled.  OK

Note there must be a DOT after net!  (There are a lot of services which start with net without the DOT.  (Netlogon, network) leave them alone.

 

Otherwise you have some Bonjour errors.  You have the latest version but it may be blocked by Norton's firewall.  Bonjour is an Apple program that detects Apple devices on the network.  Not usually they useful for us Windows folk.  You can uninstall it but it will come back when iTunes updates.

 

If it is running OK and you aren't getting any more ads then I think we are done.

 

Time to clean up:
If we used FRST to clean your PC:

right click on FRST.exe or FRST64.exe (whichever you used) and rename it to uninstall.exe.  Then right click on uninstall.exe and Run as Admin.

 

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.  Flash is now the most malware targeted program so it must be kept up to date.  Be careful with Adobe.  They are fond of offering optional downloads like yahoo or Ask toolbars or that worthless McAfee Security Scan.  Go slow and uncheck the optional stuff.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program.  There is an exploit out there now that can use it to get on your PC.  For Adobe Reader:  Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript.  OK Close program.  It's the same for Foxit reader except you uncheck Enable Javascript Actions.


If you use Chrome/Firefox/Edge then get the Ublock Origin extension.  For IE go to adblockplus.org  and get the program.
If Chrome/Firefox is slow loading make sure it only has the current Java add-on.  Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox. Close Chrome/Firefox/Skpe. Hit Optimize.   You can run it any time that Chrome/Firefox seems slow starting..
(If it complains about Chrome still running you can stop it with Task Manager or go into Chrome then go to:

chrome://settings/

Hit Advanced at the bottom of the page then scroll down to near the bottom where it says System.

Change
Continue running background apps when Google Chrome is closed
to Off (slide the blue thing to the left and it turns brown)
Close Chrome.


If the browser is still slow then go in and disable all of your extensions, close the browser and Optimize with SpeedyFox then restart the browser.  If that helps then one or more of your extensions is at fault.  Go back in and turn them on one at a time and see if you can figure out which ones slow things down the most.

If you are a Facebook user get the FB Purity extension for your browser:
http://www.fbpurity.com/
This will stop all of the suggested pages and ads so that Facebook loads much quicker.


Be warned:  If you use Limewire, utorrent or any of the other P2P programs you will probably be coming back to the Malware Removal forum.  If you must use P2P then submit any files you get to http://virustotal.combeforeyouopen them.

Due to a recent rise in the number of Cryptolocker infections I am now recommending you install:

https://www.bleeping...somware/dl/306/
It's currently a free version.

If you have a router, log on to it today and change the default password!  If using a Wireless router you really should be using encryption on the link.  Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business.   If you don't know how, visit the router maker's website.  They all have detailed step by step instructions or a wizard you can download.

Special note on Java.  Old Java versions should be removed after first clearing the Java Cache by following the instructions in:
http://www.java.com/...lugin_cache.xml
Then remove the old versions by going to Control Panel, Programs and Features and Uninstall all Java programs which are not the latest.  If in doubt uninstall all.  These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE.  Get the latest version from Java.com.  They will usually attempt to foist some garbage like the Ask toolbar, Yahoo toolbar or McAfee Security Scan on you as part of the download.  Just uncheck the garbage before the download (or install) starts.  If you use a 64-bit browser and want the 64-bit version of Java you need to use it to visit java.com.
Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it.  IF that is the case then go to Control Panel, Java, Security and slide it up to the highest level.  OK.

If you are running Win 10 you probably want OpenShell:

https://github.com/O...Open-Shell-Menu

  This program will make Win 10 act like Win 7 with the same controls you are used to.
Download Link:
https://github.com/O...tup_4_4_131.exe


Recommended software: (I'm not saying you should download these just that if you have a need for a new program these are safe and work)  
Compression:  7-zip.  Avoid WinRar and WinZip as the free versions have adware.
Video Player:  VLC  Unlike Windows Media Player it never seems to need extra files to work.
Office like free program:  Open Office: https://www.openoffice.org/download/
or
LibreOffice: https://www.libreoffice.org/
Free Anti-Virus:  Avast
Free Malware prevention:  MBAM: Free version at https://www.malwareb...m/mwb-download/
Can run with your anti-virus.
Paid Anti-Virus:  Kaspersky or BitDefender
Utilities:
Root Kit Detector:  MBAR: https://www.malwareb...om/antirootkit/
Process Explorer:  Show you what is running on the PC.  Like Task manager but better:  http://live.sysinter...com/procexp.exe
WhoCrashed: Why did your system crash?
http://www.resplendence.com/downloads
Then click on Download free home edition
where it says:
WhoCrashed 5.51
Comprehensible crash dump analysis tool
for Windows 10/8.1/8/7/Vista/XP/2012/2008/2003 (x86 and x64)
System Health:
Speccy:  
http://www.filehippo...download_speccy(Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  Decline CCleaner if offered.  Pay attention to SMART info on your hard drives and to temps.  If in doubt about temps try:
SpeedFan:  Try speedfan
http://www.filehippo...nload_speedfan/
Download, save and Install it (Win 7 or Vista right click and Run As Admin.) then run it.
Video Downloader Professional  To save online video.   This extension (available for Chrome or Firefox)  allows you to start a recording and then switch to a different window and record another video.

With Win 10 only there is a new Game recorder program.  It's supposed to only work for games but it works nicely to record any video you watch.  Hit the Win key + Alt + r to start the recorder.  The first time it asks you if it is looking at a game.  Just tell it yes.  After that it starts recording whenever you bring it up.  Videos are saved to the Captures folder under Videos.  You can only record what you watch so limited to only one video at a time.  Best to go to full screen before starting the recorder.

Avoid:  
Advanced System Care
SuperAntiSpyware
HitmanPro
Spybot S&D
Any P2P software especially if it comes from Conduit.
Registry Cleaners
Driver updating software.
PC fixing or Speed up software.
Running more than one anti-virus.
Seagate hard drives.  If you have one it's going to fail on you so backup your data now!



 


  • 0

#23
Ja_pm83

Ja_pm83

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

Search for

services.msc

and hit Enter

scroll down to net. something.

 

All of the services which start with net. should normally be disabled.  If any are not, right click and select Properties then change the Startup Type: to Disabled.  OK

Note there must be a DOT after net!  (There are a lot of services which start with net without the DOT.  (Netlogon, network) leave them alone.

 

 

 

I'm trying to follow every step you're telling me to.

 

1) Did you mean THESE "net" files? (picture attached)

Thanks

Attached Thumbnails

  • NET.JPG

  • 0

#24
RKinner

RKinner

    Malware Expert

  • Expert
  • 22,921 posts
  • MVP

Exactly.  They look different in Spanish.


  • 0

#25
Ja_pm83

Ja_pm83

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

Exactly.  They look different in Spanish.

I'd like to thank you again for all your tips. Problems solved and I learned a lot of stuff.

Really appreciate your help.

Jose


  • 0

Advertisements


#26
RKinner

RKinner

    Malware Expert

  • Expert
  • 22,921 posts
  • MVP

Glad I could help.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP