Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan.Viknok Activity 3


  • Please log in to reply

#61
hofner

hofner

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts

:yeah:

Bring 'em on...


  • 0

Advertisements


#62
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Ok, sorry that this took so long. The site is working now.

 

Let's get the rest of Spark Trust off the computer.

 

OTL Fix

  • Run OTL as you did before.
  • Copy the text in the quote box below (staring with and including the :Commands. All the way to, and including the [reboot] command) and paste in the in the box marked Custom Scans/Fixes as shown in the graphic below.

xotlrunfix.jpg.pagespeed.ic.wT-vY4tHzw.j

:Commands

[CREATERESTOREPOINT]

 

:OTL

[2014/07/11 14:52:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SparkTrust

[2014/07/19 12:24:50 | 000,000,474 | ---- | M] () -- C:\windows\tasks\SparkTrust Update Version3 Startup Task.job

[2014/07/19 12:17:31 | 000,000,552 | ---- | M] () -- C:\windows\tasks\SparkTrust AntiVirus Startup.job

[2014/07/11 17:33:30 | 000,000,422 | ---- | M] () -- C:\windows\tasks\SparkTrust Update Version3.job

[2013/11/28 17:04:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\Extensions

[2014/07/17 06:08:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\imt0iusk.default\extensions

[2014/06/13 15:20:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions

FF - user.js - File not found

[2014/06/13 15:20:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions



:Commands

[EMPTYTEMP]

[RESETHOSTS]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Assuming that the OTL fix worked, and we'll check for that at the end, Spark Trust will NOT be on you system. However, there may be a few locations that want to Run it. It won't be able to run, but let's remove the request anyway so that you won't have to see it.

 

Let's see if an Autostart entry for Spark Trust is available for removing.

 

Go to a Command Prompt. To do this Click the Start Button in the Lower Left. If you've used Command Prompt recently you'll find the program on the Tree that pops up. Just click it. If it's not there, navigate to Windows System and you'll find it there.

 

Inside of Command Prompt, type MSCONFIG and hit Return. On the Start Up tab look to see if SpartTrust is listed. If so, remove the Check Mark next to it.

 

 

Next steps...

 

javaicon.gif Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older versions of Java components and upgrade the application.

Upgrading Java :
Please download JavaRa to your desktop and unzip it to its own folder

  • Run JavaRa.exe, then click on Remove Java Runtime.
  • Select the Java version you have from the drop down list, and then click on Run Uninstaller
  • Press Yes if it asks to uninstall the product.
  • Allow the uninstaller to remove the installed version.
  • When its finished, go back to JavaRa, and click Back
  • Click on Update Java Runtime and then select Download and install latest version.
  • Press Next
  • Press Java Manual Download.
  • A browser window will open with the Java download page.
  • Click the Windows offline link to download Java.
  • Run the installer.
  • Close JavaRa

Update Adobe Flash Player

NOTE: Depending on your settings, you may have to temporarily disable your antivirus software and firewall.

You will need to download and install both the IE and non-IE versions of Adobe Flashplayer. Click here to go to the download page.

  • In the Adobe Flash Player column, under Step 1, click the down arrow and choose your operating system.
  • Under Step 2, click the down arrow and select the browser you want to install FlashPlayer for.

    You will need to download and install each version of FlashPlayer (Flash Player for Internet Explorer AND Flash Player for Other Browsers) seperately

  • In the Optional offer: cloumn, make sure to uncheck the box beside Yes, install free McAfee Security Scan Plus before downloading.
  • Click the Download now button. The File Download window will open.
  • Click Save File and save the install_flashplayerXXxXX_xxxx_xxx_xxx.exeset up file to the desktop.
  • Repeat the above for the other version of Flash Player.
  • Close the browse and all open windows.
  • Back on the desktop, double click on one of the Flash Player setup files to start the installation.
  • If you get a Security Warning box, click Run

    w7_ff4_stp3_v2.jpg
  • If you gat a UAC warning click Continue or Yes

    w7_ff4_stp4_v2_flash.jpg
  • Once the installation has completed, double click the other Flash Player setup file and repeat the above to install it.

 

Download Malwarebytes' Anti-Malware

 

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Threat Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

 

ESET Online Scanner:

Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

 

  • Click the green ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
    then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install.
  • Make sure that the option Remove found threats is unticked
  • If your firewall asks whether you want to allow installation, say yes.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first! located at C:\Program Files (x86)/ESET/ESET Online Scanner\log.txt
  • Then paste the Logfile in the thread
  • Then click on: Finish

To review,

  • Run the OTL Fix - (I'll have you Quick Scan at the end, so no need for a log here)
  • MSCONFIG - Let me know what you found. No log here either
  • Update Java - No log - Just let me know how it goes.
  • Update Flash - No log - Just let me know how it goes. NOTE - if you're concerned if you've gotten the right update for Java and Flash, feel free to re-run Security Check and looks for the Responses in Red.
  • Run MBAM - Post a log for this
  • Run ESET - Post a log for this as well
  • Now, re-run OTL with Quick Scan and post the log.

Last, let me know how the computer is running and if you have any concerns, pop-up, delays, etc. No is the time to fix em:)


  • 0

#63
hofner

hofner

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts

Hi there...did you want to see this reportv from OTL?

here it is anyway

 

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
C:\Program Files (x86)\Common Files\SparkTrust\UUS3\Images folder moved successfully.
C:\Program Files (x86)\Common Files\SparkTrust\UUS3 folder moved successfully.
C:\Program Files (x86)\Common Files\SparkTrust folder moved successfully.
C:\Windows\Tasks\SparkTrust Update Version3 Startup Task.job moved successfully.
C:\Windows\Tasks\SparkTrust AntiVirus Startup.job moved successfully.
C:\Windows\Tasks\SparkTrust Update Version3.job moved successfully.
C:\Users\owner\AppData\Roaming\mozilla\Extensions folder moved successfully.
C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\imt0iusk.default\extensions folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\META-INF folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults\preferences folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\chrome folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\distribution\extensions folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: owner
->Temp folder emptied: 2064 bytes
->Temporary Internet Files folder emptied: 183810 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 5196507 bytes
->Flash cache emptied: 506 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 263360 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 5.00 mb
 
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 07202014_190846

Files\Folders moved on Reboot...
C:\Users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File\Folder C:\windows\temp\fb_1804.lck not found!
File move failed. C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 


  • 0

#64
hofner

hofner

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts

I hope you're here....am I saving Java or opening it with Windows explorer?


  • 0

#65
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

I hope you're here....am I saving Java or opening it with Windows explorer?

I'm here now...I don't understand the question?


  • 0

#66
hofner

hofner

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts

When I click on your Java link I get a box that asks if I should have Firefox Open with Windows(default) or save the file?


  • 0

#67
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

I'm not getting that when I do it.

 

You should be downloading a Stand Alone Java Uninstaller. It's for getting rid of your old versions of Java. Once the old stuff is gone you can download the new one. You're using Javara right?

 

Upgrading Java :
Please download JavaRa to your desktop and unzip it to its own folder

  • Run JavaRa.exe, then click on Remove Java Runtime.
  • Select the Java version you have from the drop down list, and then click on Run Uninstaller
  • Press Yes if it asks to uninstall the product.
  • Allow the uninstaller to remove the installed version.
  • When its finished, go back to JavaRa, and click Back
  • Click on Update Java Runtime and then select Download and install latest version.
  • Press Next
  • Press Java Manual Download.
  • A browser window will open with the Java download page.
  • Click the Windows offline link to download Java.
  • Run the installer.
  • Close JavaRa

  • 0

#68
hofner

hofner

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts

The whole box says:  

"Opening JavaRa-2.6.zip

 

You have chosen  to open JavaRa2.6zip

which is compressed folder ...from... download.thewebatom.net"

and asks me to make the choice of what to do with it.  I just tried it again from the new post


  • 0

#69
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Ohhhh...that's just the unzip stuff. I guess we assume that you have an unzip utility. If you don't have one, you'll have to download one. If you've got one, just let is unzip the file to anywhere you want to unzip it. The Desktop is usually the easiest. When were done, I have a utility that cleans up all the tools we used.


  • 0

#70
hofner

hofner

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts

This was a little weird...It didn't look quite as I expected.  There was nothing to check or remove. 

Just let me know if you've gotta call it a night....I'm gonna try that eset.
Oh. Just looked at the instructions to see if I had any questions first...a couple hours?  I guess I'll catch you tomorrow then, eh?

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/20/2014
Scan Time: 9:20:02 PM
Logfile: malbytes.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.07.20.07
Rootkit Database: v2014.07.17.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: owner

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 285840
Time Elapsed: 6 min, 25 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)


  • 0

Advertisements


#71
hofner

hofner

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts

Just shoot me.  ESET wants to know if it should enable or disable detection of potentially unwanted applications.


  • 0

#72
hofner

hofner

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts

Yeah, me too.  I'll catch up with you tomorrow.  I feel as if I'm going where no man has gone before.

Good night Mr Spock.


  • 0

#73
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Just shoot me. ESET wants to know if it should enable or disable detection of potentially unwanted applications.

Yes, enable it.

Notice in my instructions, I gave you answers to the eset questions. :)
  • 0

#74
hofner

hofner

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts

Hello Biscuithd,

So you did.

My apologies.  I was tired and had a bad attitude about other stuff and never should have started anything last night.

Seeya later if you're around.  Still got a couple hours of eset I guess, so we'll see...

I do promise to read everything first.

As near as I can tell, the first five from "to review" are all ok.

In the past I kept getting notices about java updates and couldn't make it work.

Adobe I think I just ignored.

Thanks again for all of your help and patience.  I'll try to be a better student.  :prop: Don't know what that is, but....


Edited by hofner, 21 July 2014 - 12:38 PM.

  • 0

#75
hofner

hofner

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts

Need some (more) help here...I have not hit FInish on ESET yet...wanna make sure this is what you need or is there something after this?

 

C:\ProgramData\RogueKiller\Debug\physicaldrive0_LL1_mbr    Win32/Olmarik.AYX trojan
C:\ProgramData\RogueKiller\Debug\physicaldrive0_LL2_mbr    Win32/Olmarik.AYX trojan
C:\Users\All Users\RogueKiller\Debug\physicaldrive0_LL1_mbr    Win32/Olmarik.AYX trojan
C:\Users\All Users\RogueKiller\Debug\physicaldrive0_LL2_mbr    Win32/Olmarik.AYX trojan
C:\Users\owner\Downloads\speedzookasetup_99791115368417385861.exe    probably a variant of Win32/Adware.RegGenie application
C:\zoek_backup\C_PROGRA~2_Inbox Toolbar\FF_Install.cab    Win32/Toolbar.Inbox.F potentially unwanted application
 


Edited by hofner, 21 July 2014 - 05:50 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP