Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Problem with internet browsers and flash/java [Solved]


  • Please log in to reply

#31
Absurdny

Absurdny

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
I started the scan but unfortunately I have to stop it because I have to do some work with this computer and I have to run a CPU intensive program. It has been scanning for about 4 hours so far and is at 40% finished and it has found some threats :) . Hopefully they are just in the tools that I have been using. I will run the full scan again overnight and post back the log tomorrow. Thank you so much for all the help so far.

Here is the scan that I had to stop early:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, February 26, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, February 26, 2009 19:15:16
Records in database: 1849126
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
J:\
K:\

Scan statistics:
Files scanned: 249352
Threat name: 3
Infected objects: 11
Suspicious objects: 0
Duration of the scan: 04:14:31


File name / Threat name / Threats count
D:\Documents and Settings\Absurd\DoctorWeb\Quarantine\A0169493.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 1
D:\Documents and Settings\Absurd\DoctorWeb\Quarantine\A0171101.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 1
D:\Documents and Settings\Absurd\DoctorWeb\Quarantine\A0172092.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 1
D:\Documents and Settings\Absurd\DoctorWeb\Quarantine\A0173084.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 1
D:\Documents and Settings\Absurd\DoctorWeb\Quarantine\A0173504.exe Infected: Virus.Win32.Virut.q 1
D:\Documents and Settings\Absurd\DoctorWeb\Quarantine\A0174204.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 1
D:\Documents and Settings\Absurd\DoctorWeb\Quarantine\A0175422.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 1
D:\Documents and Settings\Absurd\DoctorWeb\Quarantine\A0180680.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 1
D:\Documents and Settings\Absurd\DoctorWeb\Quarantine\A0189344.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 1
D:\Documents and Settings\Absurd\DoctorWeb\Quarantine\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 1
D:\Qoobox\Quarantine\D\Program Files\ZModeler\zmuninst.exe.vir Infected: Trojan.Win32.DelAll.ac 1

The scan was stopped by the user.

Edited by Absurdny, 26 February 2009 - 05:59 PM.

  • 0

Advertisements


#32
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Yep, they are in the tools we have been using, so okay so far. :)

Look forward to the finished result tomorrow.

regards
emeraldnzl
  • 0

#33
Absurdny

Absurdny

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
My system is looking very good :)

Here is the scan log:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, February 28, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, February 28, 2009 00:39:57
Records in database: 1854199
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
J:\
K:\

Scan statistics:
Files scanned: 508934
Threat name: 3
Infected objects: 11
Suspicious objects: 0
Duration of the scan: 09:39:27


File name / Threat name / Threats count
D:\Documents and Settings\Absurd\DoctorWeb\Quarantine\A0169493.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 1
D:\Documents and Settings\Absurd\DoctorWeb\Quarantine\A0171101.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 1
D:\Documents and Settings\Absurd\DoctorWeb\Quarantine\A0172092.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 1
D:\Documents and Settings\Absurd\DoctorWeb\Quarantine\A0173084.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 1
D:\Documents and Settings\Absurd\DoctorWeb\Quarantine\A0173504.exe Infected: Virus.Win32.Virut.q 1
D:\Documents and Settings\Absurd\DoctorWeb\Quarantine\A0174204.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 1
D:\Documents and Settings\Absurd\DoctorWeb\Quarantine\A0175422.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 1
D:\Documents and Settings\Absurd\DoctorWeb\Quarantine\A0180680.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 1
D:\Documents and Settings\Absurd\DoctorWeb\Quarantine\A0189344.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 1
D:\Documents and Settings\Absurd\DoctorWeb\Quarantine\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 1
D:\Qoobox\Quarantine\D\Program Files\ZModeler\zmuninst.exe.vir Infected: Trojan.Win32.DelAll.ac 1

The selected area was scanned.
  • 0

#34
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello Absurdny,

Exellant result :)

I think your machine is clean, those ones found by Kaspersky will be dealt with in this post.

We have a couple of last steps to perform and then you're all set.Posted Image

Follow these steps to uninstall Combofix and some tools used in the removal of malware
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    Posted Image
After that please go here to download OTCleanIt.

Run this program to remove the remaining tools we have been using.

You will be asked to reboot the machine to finish the Cleanup process choose Yes.

MBAM can be uninstalled via control panel add/remove but it may be a useful tool to keep. Erunt can also be uninstalled via the add/remove programs utility, for some though, it may be a useful backup program to hold on to. The JavaRa folder can be deleted as can the Dr Web folders/download files. HijackThis can be uninstalled via the Add or Remove Programs utility in the Control Panel.

-------------------------------------------------------------------------------------------------------------------

A reminder now: Remember to turn back on any anti-malware programs you may have turned off during the cleaning process.

-------------------------------------------------------------------------------------------------------------------

Now that you are clean here are some things I think are worth having a look at:

---------------------------------------------------------------------------------------------------------------------

Be sure and give the Temp folders a cleaning out now and then. This helps with security and your computer will run more efficiently. I clean mine once a week. For ease of use, you might consider the following free program:--------------------------------------------------------------------------------------------------------------------

A great way to check that your Microsoft and Java have the latest updates is to go to Software Inspector at Secunia.

I do this weekly. Not only do they tell you which programs need updating but they give you the link to follow.

To bolster your security go to Secunia.com to ensure essential programs are up to date.

---------------------------------------------------------------------------------------------------------------------

Make Internet Explorer more secure
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Consider using an alternate browser. Mozilla's Firefox browser is excellant; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up blocker (Note: this as an added benefit!) that I have seen. Firefox is my default browser but I retain Internet Explorer as well so that I can access the very few sites that require it.

Firefox may be downloaded from Here

-----------------------------------------------------------------------------------------------------------------------

Startuplite is a tool to help you stop some programs not needed when you start your computer from loading. They will begin automatically only when needed.

-----------------------------------------------------------------------------------------------------------------------

To help protect your computer in the future here are some free programs you can look at:


To learn more about how to protect yourself while on the internet read this article by Tony Klein: So how did I get infected in the first place?

Have a safe and happy computing day!
  • 0

#35
Absurdny

Absurdny

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
I have did the first step and when I got to the second step, I downloaded the OTCleanIt program but when I doubleclick it, it never starts. I checked in the task manager and it seems to be running in the processes. I'm not sure what the problem is. Maybe I should try to download the program again from a mirror site?
  • 0

#36
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Delete that copy and try running this one.

Please go here to download OTCleanIt.

Run this program to remove the tools we have been using.

You will be asked to reboot the machine to finish the Cleanup process choose Yes.

Tell me how you get on.
  • 0

#37
Absurdny

Absurdny

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
All the tools have been removed. Thank you so much for all your help. I will make sure to keep my system nice and clean from now on :). I will be making a donation shortly. Enjoy the rest of your day.

Edited by Absurdny, 28 February 2009 - 04:55 PM.

  • 0

#38
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

All the tools have been removed. Thank you so much for all your help. I will make sure to keep my system nice and clean from now on. I will be making a donation shortly. Enjoy the rest of your day.


You are very welcome and thankyou for your kind thought :)
  • 0

#39
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

#40
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello again Absurdny,

A colleague has just pointed out to me that one of those bad ones may not have been removed when we ran Clean up.

This is such a nasty infection we want to make doubly sure it is gone forever.

Now

1. Please download The Avenger by Swandog46 to your Desktop.
  • Right click on the Avenger.zip folder and select "Extract All..."
  • Follow the prompts and extract the avenger folder to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
D:\Documents and Settings\Absurd\DoctorWeb\Quarantine\A0173504.exe

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, open the avenger folder and start The Avenger program by clicking on its icon.
  • Right click on the window under Input script here:, and select Paste.
  • You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard.
  • Click on Execute
  • Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply along with a fresh Hijackthis log .
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP