24 replies to this topic

[OCD]

Will continue to test it and see.

[tahaminey]

Hi OCD, So far, no black screen when starting up or restarting. Is it safe to say that it's fixed?

[OCD]

Hi tahaminey,

So far, no black screen when starting up or restarting.

Is it safe to say that it's fixed?

We are making progress, please continue.

Malwarebytes' Anti-Malware

Locate Malwarebytes' Anti-Malware (it should be on your desktop).
If not, download it here

• • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
• Once the program has loaded, select the Update tab to get the latest updates before performing the scan.
• Select Perform quick scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected .
• When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
• Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

=========================


ESET Online Scanner

*Note:

• It is recommended to disable on-board antivirus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
• Please don't go surfing while your resident protection is disabled!
• Once the scan is finished remember to re-enable your antivirus along with your anti-spyware programs.

** You need to run your browser with Administrator Rights, to do so right click your browsers short cut and select "Run as Administrator".

= = = = = = = = = = = = = = = = = = = =

Go here to run ESET Online Scanner

(Note: You can use Internet Explorer or FireFox for this scan. If you use FireFox you will be asked to install an additional component. Please allow this.)

• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to install
• Disable your Antivirus software. You can usually do this with its Notification Tray icon near the clock
• Click Start
• Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is Checked.
• Click Scan.
• Wait for the scan to finish.
• When the scan completes, click List of found threats
• click Export to Text file and save the file to your desktop using a unique name, such as ESETScan.
• Include the contents of this report in your next reply
  
  Note - when ESET doesn't find any threats, no report will be created.
• Push the back button.
• Push Finish
• Re-enable your Antivirus software.

=========================

In your next post please provide the following:

• MBAM log
• ESET's log.txt
• How's the computer running, any symptoms?

[tahaminey]

Hi OCD, No black screen today either. I ran Malwarebytes and ESET online scanner but no report was generated from ESET. Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.09.30.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16686 KIEU :: KIEU-PC [administrator] 30/09/2013 6:24:21 PM mbam-log-2013-09-30 (18-24-21).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 214471 Time elapsed: 6 minute(s), 41 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)

[OCD]

Hi tahaminey,

Your log appears to be clean.

We have a few items to take care of before we get to the All Clean Speech.

=========================

Clean up with OTL:

• Right-click OTL.exe select "Run as Administrator" to start the program.
• Close all other programs apart from OTL as this step will require a reboot
• On the OTL main screen, press the CLEANUP button
• Say Yes to the prompt and then allow the program to reboot your computer.

=========================

You can now delete any tools and/or logs remaining on your desktop.

=========================

Delete All But the Most Recent Restore Point

• Open Disk Cleanup by clicking the Start button . In the search box, type Disk Cleanup, and then, in the list of results, click Disk Cleanup.
• If prompted, select the drive that you want to clean up, and then click OK.
• In the Disk Cleanup for (drive letter) dialog box, click Clean up system files. Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
• If prompted, select the drive that you want to clean up, and then click OK.
• Click the More Options tab, under System Restore and Shadow Copies, click Clean up.
• In the Disk Cleanup dialog box, click Delete.
• Click Delete Files, and then click OK.

=========================

With the above items taken care of let's move on to the All Clean part of the process.

The following procedures are recommendations for helping to keep your system running smoothly. If you are currently satisfied with how your system is running some or all of these may not pertain to you. Impliment what you need.

This infection appears to have been cleaned, but I can not give you any absolute guarantees. As a precaution, I would go ahead and change all of your passwords as this is especially important after an infection.

Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.

Here are some tips to reduce the potential for spyware infection in the future:

Make your Internet Explorer more secure - This can be done by following these simple instructions:

• From within Internet Explorer click on the Tools menu and then click on Options.
• Click once on the Security tab
• Click once on the Internet icon so it becomes highlighted.
• Click once on the Custom Level button.
• Change the Download signed ActiveX controls to Prompt
• Change the Download unsigned ActiveX controls to Disable
• Change the Initialize and script ActiveX controls not marked as safe to Disable
• Change the Installation of desktop items to Prompt
• Change the Launching programs and files in an IFRAME to Prompt
• Change the Navigate sub-frames across different domains to Prompt
• When all these settings have been made, click on the OK button.
• If it prompts you as to whether or not you want to save the settings, press the Yes button.
• Next press the Apply button and then the OK to exit the Internet Properties page.

Make your Mozilla Firefox more secure - This can be done by adding these add-ons:

• NoScript
• AdBlockPlus

Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.

Free Anti-Virus

• Avast Free Antivirus
• Avira Free Antivirus 2013
• PC Tools AntiVirus Free
• Ad-Aware Free Antivirus +

Free Firewall
Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly. A tutorial on firewalls can be found here.

• Online Armor Free
• Agnitum Outpost Firewall Free
• Comodo Firewall

Make sure you keep your Windows OS current. Windows XP users can visit Windows update regularly to download and install any critical updates and service packs. Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems. Without these you are leaving the back door open.

Consider a custom hosts file such as MVPS HOSTS. This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial by WinHelp2002
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.

WOT (Web of Trust) As "Googling" is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites. WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome.

Finally, I strongly recommend that you read TonyKlein's good advice So how did I get infected in the first place?

Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.

[tahaminey]

Hi OCD, Sorry for the late update but I had a blackout and then no internet yesterday. After I do the Disk Cleanup, I can't find the More Options tab for me to go to System Restore and Shadow Copies to delete the restore points.

[OCD]

Hi tahaminey,

Be sure to read the steps carefully. After you select the the disk to clean up you have to select the Clean Up System Files button, then reselect which drive to clean for the More Options menu to appear [Steps 3 & 4]

Delete All But the Most Recent Restore Point

• Open Disk Cleanup by clicking the Start button . In the search box, type Disk Cleanup, and then, in the list of results, click Disk Cleanup.
• If prompted, select the drive that you want to clean up, and then click OK.
• In the Disk Cleanup for (drive letter) dialog box, click Clean up system files. Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
• If prompted, select the drive that you want to clean up, and then click OK.
• Click the More Options tab, under System Restore and Shadow Copies, click Clean up.
• In the Disk Cleanup dialog box, click Delete.
• Click Delete Files, and then click OK.

=========================

[tahaminey]

Hi OCD, All done and no black screen. Thank you so much.

[OCD]

Hi tahaminey,

You're very welcome. Glad I was able to help. Have a great day.

[OCD]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please follow the instructions here http://forums.whatth...ed_t106388.html
and start a New Topic.