[BrianDrab]

Thanks. Two questions.

 

1. Is there any reason that you want to keep your C:\Windows.old directory? This is the old windows directory before your computer was upgraded.

2. How's your machine doing?

[Advertisements]

1.  I'm not sure what this is.  Can you explain?

2.  So far no pop-ups, redirects, or any other strange things.  But like you said, there is/was a trojan and the computer can't be guaranteed to be safe.  Is there anyway to check (either real time or at regular intervals) whether this trojan is still in the system?

[redleader74]

1.  I'm not sure what this is.  Can you explain?

2.  So far no pop-ups, redirects, or any other strange things.  But like you said, there is/was a trojan and the computer can't be guaranteed to be safe.  Is there anyway to check (either real time or at regular intervals) whether this trojan is still in the system?

[BrianDrab]

1. Sure. I'm assuming you or someone installed Windows on this computer, likely upgrading from XP or Vista at some point. During the install, the old installation was copied to this folder so is no longer needed. To remove this you can follow the instructions at the following link.

http://windows.micro...dows-old-folder

 

2. We can check periodically by doing a scan with Malwarebytes to see if anything is detected. I'll mention this in my closing remarks as well.

 

 

Let me know if you decide to remove the Windows.old partition. Thanks.

[redleader74]

I think i'll leave the old folder where it is for now.  Unless it takes up a ton of disk space.  Otherwise, are we done?

[BrianDrab]

No problem. One final fix.

 

Step#1 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop.  fixlist.txt   300bytes   136 downloads
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

[redleader74]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-01-2015
Ran by Peter Chang at 2015-01-23 22:34:12 Run:3
Running from C:\Users\Peter Chang\Desktop
Loaded Profiles: Peter Chang (Available profiles: Peter Chang)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CreateRestorePoint:
C:\Windows.old\Documents and Settings\Peter Loi Chang\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\6dad0650-5234572a    multiple threats
C:\Windows.old\Users\Peter Loi Chang\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\6dad0650-5234572a    multiple threats
EmptyTemp:
*****************

Restore point was successfully created.
"C:\Windows.old\Documents and Settings\Peter Loi Chang\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\6dad0650-5234572a    multiple threats" => File/Directory not found.
"C:\Windows.old\Users\Peter Loi Chang\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\6dad0650-5234572a    multiple threats" => File/Directory not found.
EmptyTemp: => Removed 25 MB temporary data.


The system needed a reboot.

==== End of Fixlog 22:34:43 ====

[BrianDrab]

OK! Well done, your computer is clean again! Part of our jobs here at G2G is to help you clean your computer. But beyond that and just as important is to provide you with some information to keep you safe and secure on the net as well as to share knowledge. Following is that information.
 

1. Clean Up!
We need to remove all the tools that we used so that should you ever be re-infected, you will download updated versions which may have updated detection logic.
1. Download Delfix from here.
2. Ensure everything is checked.
3. Click Run.
Note: The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.
Note: Delete any  other .bat, .log, .reg, .txt,  and any other files created during this process, and left on the desktop and empty the Recycle Bin.
 
2. Windows Updates
Another essential task is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats. Microsoft releases security updates that help your computer from becoming vulnerable. It is best if you have these set to download automatically. Follow the instructions below to ensure your settings are optimal.
1. Click the Start Orb in the lower left corner of the screen.
2. Type Windows Update in the search box that appears
3. Click on the Windows Update program that appears in the search results.

4. Click on Change Settings.

5. Select "Install updates automatically (recommended)" from the Important updates drop-down.

6. Choose a day and a time when you know the computer will be on and connected to the internet. The default is 3:00AM every day.
7. Ensure that all of the other check boxes are checked.
8. Click OK.
 
3. Keeping Programs Updated
You need to ensure that any programs installed on your machine are kept current. The bad guys exploit vulnerabilities that are found in older versions of software. A very good piece of software that keeps your programs up-to-date is Secunia Personal Software Inspector (PSI). You can download and install it from here. You can read more information about this free software as well as a video walkthrough from here.
 
4. Antimalware- Preventative

Note: Let's keep Malwarebytes installed as it's a fantastic piece of software. Malwarebytes is an anti-malware software and not an antivirus software so it won't conflict with the Antivirus that you are running. I would recommend that you open up this program, allow it to update and scan your machine at least quarterly...monthly if you can.
 
5. Crypto Warning!!!! - Complete Data Loss can occur!
There are particularly nasty infections out there at the moment that encrypt your data and hold it for ransom. You may read more about this here.
New strains of this are coming out all the time. In fact a very new strain called VirRansom (which is a hybrid of CrytoLocker and CryptoWall) has recently been identified and it's a true self-replicating parasitic virus.

 

• Download CryptoPrevent free for home use here following the instructions below.
• Save the file to your desktop from the link above and then open the program by clicking Run when prompted from your browser or by going to the desktop where the file was saved and double-clicking.
• Accept all the defaults during the install. The last screen of the install has a checkmark in "Launch CryptoPrevent". This is good and will launch the program once you click Finish.
• You will get a prompt asking if you purchased a Product Key for Automatic Updates. You can answer No.
• You will then be prompted to learn more about automatic updates or if you want to purchase a key. This is up to you but you don't have to.
• You will then be prompted to apply all default protections. Answer Yes.
• You may get a message stating that Windows Sidebar and Desktop Gadgets are a major security vulnerability and asking you if you want to disable them. If you don't use these features, answer Yes.
• That's it. The protection is in place.

Note: The free version doesn't provide automatic updates. Periodically, you should open up the program (there is a shortcut on your desktop now) and select the Updates! menu....and select Check for Updates to see if there are any as this infection has serious consequences.
 

 
 

For more information about computer security and how to protect yourself when on the internet, please read this guide Best Practices for Safe Computing
 
OK, all the best, and stay safe!
 
Items for your next post
1. Contents of the delfix log

[redleader74]

# DelFix v10.8 - Logfile created 24/01/2015 at 19:18:16
# Updated 29/07/2014 by Xplode
# Username : Peter Chang - PETERCHANG-PC
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Activating UAC ... OK

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Peter Chang\Desktop\FRST-OlderVersion
Deleted : C:\Users\Peter Chang\Desktop\Addition.txt
Deleted : C:\Users\Peter Chang\Desktop\AdwCleaner.exe
Deleted : C:\Users\Peter Chang\Desktop\AdwCleaner[S0].txt
Deleted : C:\Users\Peter Chang\Desktop\aswMBR.exe
Deleted : C:\Users\Peter Chang\Desktop\aswMBR.txt
Deleted : C:\Users\Peter Chang\Desktop\esetsmartinstaller_enu.exe
Deleted : C:\Users\Peter Chang\Desktop\Fixlog.txt
Deleted : C:\Users\Peter Chang\Desktop\FRST.txt
Deleted : C:\Users\Peter Chang\Desktop\FRST64.exe
Deleted : C:\Users\Peter Chang\Desktop\JRT.exe
Deleted : C:\Users\Peter Chang\Desktop\JRT.txt
Deleted : C:\Users\Peter Chang\Desktop\ListParts64.exe
Deleted : C:\Users\Peter Chang\Desktop\ListPartsfixlog.txt
Deleted : C:\Users\Peter Chang\Desktop\MBR.dat
Deleted : C:\Users\Peter Chang\Desktop\Result.txt
Deleted : C:\Users\Peter Chang\Desktop\SecurityCheck.exe
Deleted : C:\Users\Peter Chang\Desktop\TDSSKiller.3.0.0.42_19.01.2015_18.19.15_log.txt
Deleted : C:\Users\Peter Chang\Desktop\TDSSKiller.3.0.0.42_19.01.2015_18.22.46_log.txt
Deleted : C:\Users\Peter Chang\Desktop\tdsskiller.exe
Deleted : C:\Users\Peter Chang\Downloads\FRST64.exe
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #257 [Windows Update | 01/11/2015 04:35:19]
Deleted : RP #259 [Windows Modules Installer | 01/14/2015 18:25:16]
Deleted : RP #260 [Windows Update | 01/16/2015 19:12:27]
Deleted : RP #261 [Revo Uninstaller's restore point - AnyProtect | 01/16/2015 21:59:55]
Deleted : RP #262 [Revo Uninstaller's restore point - GeniusBox 2.0 | 01/16/2015 22:02:19]
Deleted : RP #263 [Revo Uninstaller's restore point - Pro PC Cleaner | 01/16/2015 22:10:15]
Deleted : RP #264 [Revo Uninstaller's restore point - Search Protect | 01/16/2015 22:14:15]
Deleted : RP #265 [Revo Uninstaller's restore point - SlimCleaner | 01/16/2015 22:21:49]
Deleted : RP #266 [Removed SlimCleaner | 01/16/2015 22:22:10]
Deleted : RP #267 [Revo Uninstaller's restore point - StormWatch | 01/16/2015 22:23:59]
Deleted : RP #268 [Revo Uninstaller's restore point - WinCheck | 01/16/2015 22:28:18]
Deleted : RP #269 [Revo Uninstaller's restore point - Zoompic | 01/16/2015 22:30:13]
Deleted : RP #271 [Restore Point Created by FRST | 01/16/2015 22:47:10]
Deleted : RP #272 [Windows Update | 01/18/2015 01:10:58]
Deleted : RP #274 [Restore Point Created by FRST | 01/20/2015 01:56:36]
Deleted : RP #275 [Windows Update | 01/21/2015 02:45:47]
Deleted : RP #277 [Windows Update | 01/24/2015 06:34:13]
Deleted : RP #278 [Restore Point Created by FRST | 01/24/2015 06:34:16]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########
 

[BrianDrab]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.