26 replies to this topic

[Jo*]

Hi Sonja27,

now we need to do the following:

1. Java
1.1 Uninstall old Java versions (if present):

• Please go to Start > Control Panel > Programs and Features .
• Locate all Java Updates
• Uninstall them all.

1.2 Install latest Java 7 update. Click this link and click on the Free JAVA Download.

1.3 Find here instructions how to clear the java cache.
Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)
Under Temporary Internet Files, click the Delete Files button.
There are options in the window to clear the cache - Leave ALL Checked

• Applications and Applets
• Trace and log files

Click OK on Delete Temporary Files Window
Note: This deletes ALL the Downloaded Applications and Applets from the CACHE. Click OK to leave the Java Control Panel.

 

***

2. Malwarebytes' Anti-Malware
If this program is already installed: Skip the installation and run only the scan!
Download the free version of Malwarebytes' Anti-Malware and save it to your desktop.
Double-click mbam-setup****.exe and follow the prompts to install the program.
Note to Vista | Windows 7/8 users, please right-click and select Run as Administrator.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware.
• Then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform full scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. Please copy and paste the log back into your next reply.

Note 1: The log can also be found via the Logs tab when Malwarebytes' Anti-Malware is started.
Note 2: If you receive a notice that some of the items couldn't be removed and they have been added to the delete on reboot list, please reboot.

***

3. ESET Online Scanner

Connect any existing external hard drives and / or other removable media.

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.


If this program is already installed: Skip the installation and run only the scan!

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  ESET OnlineScan
• Click the button.

• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
• Click on to download the ESET Smart Installer. Save it to your desktop.
• Double click on the icon on your desktop.

• Check
• Click the button.
• Accept any security warnings from your browser.
• Check
• Make sure that the option "Remove found threats" is Unchecked
• Push the Start button.
• ESET will then download updates for itself, install itself, and begin
  scanning your computer. Please be patient as this can take some time.
• When the scan completes, push
• Push , and save the file to your desktop using a unique name, such as MyEsetScan. Alternatively, look for report in C:\Program Files\ESET\ESET Online Scanner\log.txt. Include the contents of this report in your next reply.
• Push the Back button.
• Select Uninstall application on close check box and push

***

How the computer is running now?

[Sonja27]

I completed the first task and did the malwarebites - but didn't get a log.

 

I have to leave town, will be back Tuesday - sorry about this delay.

[Jo*]

Hello,

it has been several days since I sent my last set of instructions to help with your computer problem.

Please let me know if you are having problems and still need help.

Note: Threads will be closed if no response after 3 days.

[Sonja27]

Sorry for the delay, I'm back and ready to scan again - hoping to get a log this time.

[Jo*]

Hi Sonja27,

go on with post #16:
http://forums.whatth...e=2#entry844402

[Sonja27]

C:\Program Files (x86)\Select-N-Go\136.dll    a variant of Win32/AdWare.AddLyrics.AA application
C:\Program Files (x86)\Select-N-Go\Select-N-Go_Up.exe    a variant of Win32/AdWare.AddLyrics.AF application
C:\Users\Larry\Downloads\Express_Installer.exe    a variant of Win32/AdWare.iBryte.J.gen application
C:\Windows\System32\config\systemprofile\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp.exe    a variant of MSIL/Adware.StrongVault.A application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp.exe    a variant of MSIL/Adware.StrongVault.A application
 

 

Computer seems faster according to the kids.

[Jo*]

Hello Sonja27,

1. Run OTL.exe

• Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
  
  

  :OTL
  FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linksicle@linksicle.com: C:\Program Files (x86)\Mozilla Firefox\extensions\linksicle@linksicle.com
  C:\Program Files (x86)\Select-N-Go
  C:\Users\Larry\Downloads\Express_Installer.exe
  C:\Windows\System32\config\systemprofile\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp.exe
  C:\Windows\SysWOW64\config\systemprofile\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp.exe 
  
  :Commands
  [purity]
  [emptytemp]
  

  
  
  NOTICE: This script was written specifically for this user, for use on that particular machine.
  Running this on another machine may cause damage to your operating system.
• Then click the Run Fix button at the top
• Let the program run unhindered, reboot when it is done
• Then post Fix OTL log as well as a new OTL log by rerunning it after reboot without custom scans script.

***

2. Uninstall old versions:
Please go to Start > Control Panel > Add Remove Programs (XP)
Or Start > Control Panel > Programs and Features ( Vista | Windows 7/8 ).

Locate the following programs:

• Adobe Reader 9, 10

Uninstall them all.

3. Install these programs:

• Install latest Adobe Reader:
• Go to http://get.adobe.com.../otherversions/
• Use the drop down menu's to select your operating system
• Select your language > Select The current version of Adobe Reader for your language
• Remove the check mark from the box "Install Chrome as standard browser and Google Toolbar for Internet explorer"
• Click the Download button, and follow the onscreen directions to complete the installation.

4. Restart your pc:

How the computer is running now?
Any remaining issues?

***

[Jo*]

still need help?

[Sonja27]

OTL log

 

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linksicle@linksicle.com not found.
File C:\Program Files (x86)\Mozilla Firefox\extensions\linksicle@linksicle.com not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Boys
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Larry
->Temp folder emptied: 46284718 bytes
->Temporary Internet Files folder emptied: 68202824 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 5347447 bytes
->Flash cache emptied: 2048 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 201402 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 743 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 114.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 03112014_144740

Files\Folders moved on Reboot...
C:\Users\Larry\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Users\Larry\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 

[Sonja27]

I'm uninstalling and installing the newest adobe reader now. The computer is running fine as far as I know. Should we do another scan to be sure?

[Jo*]

Hello Sonja27,

well done.

It Appears That Your Pc Is Now Clean!
 

***

Clean up:

***

Right-click AdwCleaner.exe and select Run As Administrator.

• Click on the Uninstall button.
• A window will open, press the Confirm button.
• AdwCleaner will uninstall now.

***

Run OTL.exe

• Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

:OTL

:Commands
[emptytemp]
[clearallrestorepoints]

• Close all other programs apart from OTL as this step may require a reboot
• Then click the Run Fix button at the top
• Let the program run unhindered.
• Say Yes to the prompt and then allow the program to reboot your computer.

***

Clean up with delfix:

• please download delfix to your desktop.
• Close all other programms and start delfix.
• Please check all the boxes and run the tool.
• delfix will now delete all found traces of our removal process

***

Delete the log files our tools created; they are located at your desktop or at the
"c:\users\{.......}\Downloads" folder.
Highlight them, and press the del or delete key on the keyboard.
You can browse to the location of the file or folder using either My Computer or Windows Explorer.

***

Here are some Preventive tips to reduce the potential for spyware infection in the future:

1. Browse more secure

• WOT - Know which websites to trust
  Web of Trust - this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam.

2. Enable Protected Mode in Internet Explorer. This helps Windows Vista, 7 / 8 users stay more protected from attack by running Internet Explorer with restricted privileges as well as reducing the ability to write, alter or destroy data on your system or install malicious code. To make sure this is running follow these steps:

• Open Internet Explorer
• Click on Tools > Internet Options
• Press Security tab
• Select Internet zone then place check next to Enable Protected Mode if not already done
• Do the same for Local Intranet, Trusted Sites and Restricted Sites and then press Apply
• Restart Internet Explorer and in the bottom right corner of your screen you will see Protected Mode: On showing you it is enabled.

3. Make sure you keep your Windows OS current.

• Windows XP users can visit Windows update regularly to download and install any critical updates and service packs.
• Windows Vista / 7 users can update via
  Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane).

4. Avoid P2P

• If you think you're using a "safe" P2P program, only the program is safe, not the data.
• You will share files from unsafe sources, and these may be infected.
• Some bad guys use P2P filesharing as an important chanel to spread their wares.

5. Use only one anti-virus software and keep it up-to-date.

6. Firewall
Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

7. Backup regularly
You never know when your PC will become unstable or become so infected that you can't recover it.

8. Use Strong passwords!

9. Email attachments
Do not open any unknown email attachments, which you received without asking for it!


Extra note:
Keep your Browser, Java, pdf Reader and Adobe Flash Up to Date.
Make sure your programs are up to date - because older versions may contain Security Leaks.
To find out what programs need to be updated, please run the Secunia Software Inspector Scan. http://secunia.com/software_inspector/

***

[Jo*]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please follow the instructions here http://forums.whatth...ed_t106388.html
and start a New Topic.