•
• Infected?

A community of volunteers who share their knowledge, and answer your tech questions. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. This message, and all ads will be removed once you have signed in.

Create an Account Login to Account

# Artemis!1498db62cea7c [Solved]

52 replies to this topic

### #16 oldman960

oldman960

Forum God

• Classroom Teacher
• 14,668 posts

Posted 07 April 2013 - 03:17 PM

Hi tortoise,

You have 2 antivirus programs installed. This will not give you more protection but rather less as the 2 will conflict and may cause system slow downs or lockups. Microsoft Security Essentials is pretty good. I suggest you keep it and uninstall Lavasoft Ad-Aware.

You have a very old vulnerable version of java installed.

Click on the Start button > Control Panel

• click on the Uninstall a program option under the Programs category.
• If you are using the Classic View of the Control Panel, then you would double-click on the Programs and Features icon instead.
Uninstall the following program

Java™ 6 Update 7

You can get the newest versions of Java from HERE.

Accept the licencing agreement amd scroll down to the bottom of the list. The file you want is jre-7u17-windows-i586.exe .

Next, openOTL.exe
• Under the Custom Scans/Fixes box at the bottom, paste in the following
• Do Not copy the word CODE
• please note the fix starts with the :
:Services

:OTL
O4 - HKCU..\Run: [PIXELA] C:\Users\Linda\AppData\Local\PIXELA\ewdamxaw.dll ()

:Files
C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L
C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U
C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}
c:\users\Linda\AppData\Local\{9109D45C-21E4-4367-A342-E2B2A824641C}\{216697C5-A77C-43A2-868D-285E6492C602}
c:\users\Linda\AppData\Local\{9109D45C-21E4-4367-A342-E2B2A824641C}

:Commands
[emptytemp]
[createrestorepoint]

Then click the Run Fix button at the top
• Let the program run unhindered
Please post the OTL fix log.

Next

Double Click mbam-setup.exe to install the application.
• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

• OTL fix log
• MBAM log
How's the computer?

### #17 tortoise

tortoise

Authentic Member

• Authentic Member
• 30 posts

Posted 07 April 2013 - 06:07 PM

OK more gray hair. Before I started the scans, my computer shut itself down. When it came back up, I got on the internet to get here, I had the ads that you see play just before a video playing. No video but just the sound. I shut everything off, unplugged the internet and went to task manager but nothing was running. Rebooted and same thing. So I did Java but ad ware wouldn't uninstall. I ran the OTL scan to fix it and I have had no log from it. It didn't save. I have the log from Malwarebytes . It had me reboot and when it did sidebar, Adobe Reader, Adobe Mgr, and cyberlink power stopped working. Stut down for a few minutes and No problem. The music is gone too. Here is the log I have Do you want me to run OTL again and get a log? Malwarebytes Anti-Malware (Trial) 1.70.0.1100 www.malwarebytes.org Database version: v2013.04.07.08 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 9.0.8112.16421 Linda :: LINDA-PC [administrator] Protection: Enabled 4/7/2013 7:10:39 PM mbam-log-2013-04-07 (19-10-39).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 219689 Time elapsed: 4 minute(s), 25 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected)

### #18 oldman960

oldman960

Forum God

• Classroom Teacher
• 14,668 posts

Posted 08 April 2013 - 02:51 AM

Hi tortoise,

The OTL fix log can be found at C:\_OTL\MovedFiles It will have a file name consisting of numbers that reflect the date and time stamp the fix was ran. It will be something similar to 04072013_111009.log . Please copy and paste the contents into your next reply.

The computer still doing ok?

### #19 tortoise

tortoise

Authentic Member

• Authentic Member
• 30 posts

Posted 08 April 2013 - 08:13 AM

### #20 oldman960

oldman960

Forum God

• Classroom Teacher
• 14,668 posts

Posted 08 April 2013 - 08:45 AM

Hi tortoise, How's the computer?

### #21 tortoise

tortoise

Authentic Member

• Authentic Member
• 30 posts

Posted 08 April 2013 - 09:54 AM

It seems to be running less hot. When I first came online, I had the ad noise running in the background. but it stopped after the ad finished and I haven't had it play since. Malwarebytes is stopping svchost .exe every 10 seconds so when the 14 days is up, it will 1000 pages in the log. lol

### #22 oldman960

oldman960

Forum God

• Classroom Teacher
• 14,668 posts

Posted 08 April 2013 - 11:24 AM

Hi tortoise,

• Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

• Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

• Click the Start Scan button.

• If a suspicious object is detected, the default action will be Skip, click on Continue.

• If malicious objects are found, they will show in the Scan results and offer three (3) options.
• Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

• Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

### #23 tortoise

tortoise

Authentic Member

• Authentic Member
• 30 posts

Posted 08 April 2013 - 12:40 PM

### #24 oldman960

oldman960

Forum God

• Classroom Teacher
• 14,668 posts

Posted 08 April 2013 - 04:16 PM

Hi tortoise, How is the computer? Is MBAM still blocking svchost?

### #25 tortoise

tortoise

Authentic Member

• Authentic Member
• 30 posts

Posted 08 April 2013 - 06:01 PM

No, it has stopped. It was annoying with the box always popping up but now it is gone, I miss it. LOL So far the computer is doing good.

Edited by tortoise, 08 April 2013 - 06:03 PM.

### #26 oldman960

oldman960

Forum God

• Classroom Teacher
• 14,668 posts

Posted 08 April 2013 - 06:26 PM

Hi tortoise,

Looks like there were 2 or 3 of these nasties.

Your system has been infected by one or more Rootkits/Backdoor Trojans.

This may allow hackers to remotely control your computer, steal critical system information and Download and Execute files

I strongly suggest you do the following immediately:
• From a known clean computer, change *all* your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups you belong to.
• DO NOT change passwords or do any transactions while using the infected computer until it has been cleaned.

Thanks

### #27 tortoise

tortoise

Authentic Member

• Authentic Member
• 30 posts

Posted 08 April 2013 - 07:20 PM

Edited by tortoise, 08 April 2013 - 07:24 PM.

### #28 tortoise

tortoise

Authentic Member

• Authentic Member
• 30 posts

Posted 08 April 2013 - 08:04 PM

### #29 oldman960

oldman960

Forum God

• Classroom Teacher
• 14,668 posts

Posted 09 April 2013 - 05:19 AM

Hi tortoise, Try disabling Ad-Aware before you uninstall it.

### #30 tortoise

tortoise

Authentic Member

• Authentic Member
• 30 posts

Posted 09 April 2013 - 07:58 AM

It worked but I also got rid of Mcafee too. I think Xfinity downloaded it on my desk with I signed up.