123 replies to this topic

[Ultilee Stupid]

I tried to uninstall but got

Wise Uninstall

Could not open INSTAL.LOG file.

Program Compatibility

then this

This program might not have uninstalled correctly

Uninstall using recommended setting

Clicked but it wouldn't uninstall. For both.

Should i do the scans now.

Edited by Ultilee Stupid, 08 May 2011 - 03:20 PM.

[oldman960]

Hi Ultilee Stupid

I tried to uninstall but got

That message was from Revo Uninstaller regarding Antivir?

[Ultilee Stupid]

No, you asked me to do this Click on the Start button > Control Panel Depending on your setings, either * click on the Uninstall a program option under the Programs category. * If you are using the Classic View of the Control Panel, then you would double-click on the Programs and Features icon instead. Uninstall the following programs My.Freeze.com Toolbar Softonic_English Toolbar

[Ultilee Stupid]

Should i do the scans now?

[oldman960]

Hi Ultilee Stupid,

Thanks for the clarification, I wasn't sure where you were at.

Have a look in C:\Program Files for folders related to MYFreeze and Softonic_English Toolbar. If you find the folder, open it and see if there is a file named install.log

Go ahead with the rest.

[Ultilee Stupid]

all that was in the folders

Myfreeze

NetAssistant.dll
remove
settings_
uninstall_app
tbhelper.dll
uninst
uninstall
update
whiteList_plugin.dll


Softonic_English Toolbar

Softonic_EnglishToolbar
tbSoft.ddll
toolbar.cfg
UNWISE


On the paypal issue, should i contact my bank and change details? my bank is connected to paypal

Is http://safeweb.norton.com/ a good site to check if a website is safe? apologies for all the questions just nervous about going on anything at the moment.

Edited by Ultilee Stupid, 08 May 2011 - 05:08 PM.

[oldman960]

Hi

On the paypal issue, should i contact my bank and change details? my bank is connected to paypal

While this infection doesn't appear to have keylogger or password stealing abilities you can never be sure with any infection. It may be worthwhile to talk to your bank about the situation. Perhaps a short watch period may put your mind at ease.

Is http://safeweb.norton.com/ a good site to check if a website is safe?

Seems to be. Just a word of caution, a lot of the site checkers use user feedback in determining if some sites are safe. I'm not sure if the Norton one does. In any case you still need to your own judgement in analazing the information the tool gives you. I used WhattheTech as search to try it. It does give a nice report.

MYFreeze

Try running the remove file from the folder by right clicking and "Run as Administrator"

Softonic_English Toolbar

Try running the unwise file from the folder by right clicking and "Run as Administrator"

[Ultilee Stupid]

On Myfreeze i clicked it but nothing happened.

On Softonic the admins window appeared and had filename "INSTALL" i clicked open and this then appeared

INSTALL.LOG
file not found
Check the file name and try again

Is the Vista Security 2011 Virus Problem likely to happen again soon?

also, i tried the sites i thought gave me the infection, the one from a couple of days ago and the site from a month or so ago and http://safeweb.norton.com/ says there clean. Is it likely that it wasn't cause by a site?

Edited by Ultilee Stupid, 08 May 2011 - 06:18 PM.

[oldman960]

Hi Ultilee Stupid, Try the Revo Uninstaller for both MYFreeze and Softonic_English Toolbar. The infection could have been a drive by, just something floating around on the internet looking for a place to land.

[Ultilee Stupid]

MYFreeze
I right clicked, clicked uninstall. a window from Revo Uninstaller popped up

Performing the initial analysis and uninstall.

There are 3 scanning modes "safe" "moderate" "advanced" and a yellow button with scan.

After a few seconds a prompt from MyFreeze pops up (same one as before) i clicked to uninstall then this popped up again

Wise Uninstall

Could not open INSTALL.LOG file

Softonic

After a few second of clicking to uninstall this pops up

Wise Uninstall

Could not open INSTALL.LOG file

The infection could have been a drive by, just something floating around on the internet looking for a place to land.

Shouldn't the COMODO firewall block something like that? or is there soomething i can download that will stop it happening again?

Am i clear of the infection yet or MyFreeze & Softtonic something to do with it?

Apologies for more questions. I owe money on ebay and need to pay through paypal so i'm anxious to sort this out asap.

Edited by Ultilee Stupid, 09 May 2011 - 01:46 PM.

[oldman960]

Hi Ultilee Stupid, Don't worry about the toolbars for now. Did you get Antivir uninstalled?

[Ultilee Stupid]

Should i use Revo Uninstaller for that?

[oldman960]

Hi Ultilee Stupid, Yes please. I posted the steps in Reply #15.

[Ultilee Stupid]

Revo scans then this popped up

Setup could not determine the feature control file or was not able to read it correctly
[Errorcode: 7]

The infection could have been a drive by, just something floating around on the internet looking for a place to land.

Shouldn't the COMODO firewall block something like that? or is there something i can download that will stop it happening again?

Am i clear of the infection yet? i was wondering if i should scan with Malewarebytes.

Would it be safe to go on the site i was on when this happened before the second restore? I've asked someone i know who goes on there and he says theres no problems, http://safeweb.norton.com/ says theres no problems with the site as well. My friend also recommened trying this http://www.microsoft...ls/default.aspx

Apologies for more questions. I owe money on ebay and need to pay through paypal so i'm anxious to sort this out asap.

[oldman960]

Hi

We're not having much luck with this. Comodo should be able to help block these things but that would depend on your settings, what you have allowed and disallowed.

Let's see if we can get this tool to run despite Antivur being present.

You should still have an icon on your desktop named combofix.exe. Right click it and click delete.

Download a new copy of ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs
  
• Right click on ComboFix.exe, click Run as Administrator & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Please post back with the combofix log.

Thanks