[Resolved] Need help removing Green Av
#1
Posted 18 October 2009 - 09:12 AM
Register to Remove
#2
Posted 18 October 2009 - 08:12 PM
Please be advised, as I am still in training, all my replies to you will be checked for accuracy by one of our experts to ensure that I am giving you the best possible advise.
This may cause a delay, but I will do my best to keep it as short as possible.
Please download ERUNT from here. A free program that allows you to keep a complete backup of your registry and restore it when needed.
- Double click erunt-setup.
- Choose a language then press Enter or click OK to continue.
- Click Next on the Welcome window.
- Install it using the default settings and choose yes when asked to add ERUNT to the start up folder.
- Upon installation, click Yes when asked if you want to create and ERUNT entry in the start up folder.
- Make sure a check mark is placed beside Show documentation and Launch ERUNT.
- Click Finish.
- Once installed, open ERUNT.exe if it hasn't opened yet then create a registry back up.
- Open ERUNT.exe
- Click OK on the welcome screen.
- Choose a directory where to save the back up by clicking on "..." or just choosing the default settings.
- Make sure a check mark is placed beside System registry and Current user registry.
- Click OK.
- If the destination folder does not exist, ERUNT will prompt you and just click on Yes.
- Click OK.
Please download DDS by sUBs from one of the following links and save it to your desktop.
- Disable any script blocking protection (How to Disable your Security Programs)
- Double click DDS icon to run the tool (may take up to 3 minutes to run)
- When done, DDS.txt will open.
- After a few moments, attach.txt will open in a second window.
- Save both reports to your desktop.
- Post the contents of the DDS.txt report in your next reply
- Attach the Attach.txt report to your post by scroling down to the Attachments area and then clicking Browse. Browse to where you saved the file, and click Open and then click UPLOAD.
---------------------------------------------------
Please include the contents of the following in your next reply:
DDS.txt
Please attach the second file; Attach.txt. To attach a file, do the following:
- Under the reply panel is the Attachments Panel.
- Browse for the attachment file you want to upload, then click the green Upload button.
- Once it has uploaded, click the Manage Current Attachments drop down box.
- Click on to insert the attachment into your post
Please post both DDS logs in your next reply.
--Next--
We Need to check for Rootkits with RootRepeal
Please download RootRepeal one of these locations and save it to your desktop
Here
Here
Here
- Open on your desktop.
- Click the tab.
- Click the button.
- Check just these boxes:
- Push Ok
- Check the box for your main system drive (Usually C:, and press Ok.
- Allow RootRepeal to run a scan of your system. This may take some time.
- Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your post.
Logs to post in your next reply:
1. DDS log.
2. RootRepeal log.
Proud graduate of WTT Classroom
The help we provide here is free, however, if you wish to donate, you can do so here: http://www.whatthetech.com/donate/
ASAP and UNITE member
________________________________________________
!
#3
Posted 19 October 2009 - 04:20 PM
#4
Posted 19 October 2009 - 04:29 PM
#5
Posted 19 October 2009 - 04:33 PM
Attached Files
#6
Posted 19 October 2009 - 04:36 PM
Edited by rob12jr, 19 October 2009 - 04:38 PM.
#7
Posted 19 October 2009 - 07:09 PM
I will be helping you on removing malwares on your computer. Log research takes time, so please be patient and I'd be grateful if you would note the following:
- The fixes are specific to your problem and should only be used for the issues on this machine.
- Do not install/uninstall anything on your computer unless advised.
- Do not run any other scanning tools other than those instructed for you to use.
- Follow the instructions on the order they are given.
- Stay with this thread until advised when your computer is clean. Absence of symptoms does not necessarily mean a clean computer.
- If you are being helped regarding this problem on another forum please advice us so that we can close this thread.
- And lastly, if you have any questions, please ask before proceeding with any of the advised fixes.
As a Vista user, you will need to right click and choose "Run as Administrator" to run the tools we will use.
Click to download the Norton Removal Tool from HERE and save it to your desktop. You will use it later.
You may want to copy these instructions into Notepad and save it to your desktop.
Disconnect from the internet.
Go to add/remove programs and uninstall anthing Norton related.
--Next--
Right click Norton_Removal_Tool.exe and choose Run as Administrator to run the tool.
- Follow the on-screen instructions.
- Your computer may be restarted more than once, and you may be asked to repeat some steps after the computer restarts.
When the tool has finished, reboot, if not prompted.
--Next--
Download TFC to your desktop
- Close any open windows.
- Right click the TFC icon and choose Run as Administrator to run the program
- TFC will close all open programs itself in order to run,
- Click the Start button to begin the process.
- Allow TFC to run uninterrupted.
- The program should not take long to finish it's job
- Once its finished it should automatically reboot your machine,
- if it doesn't, manually reboot to ensure a complete clean
Please download Malwarebytes' Anti-Malware to your desktop.
- Right click mbam-setup.exe then choose Run as Administrator and follow the prompts to install the program.
- At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select Perform quick scan, then click Scan.
- When the scan is complete, click OK, then Show Results to view the results.
- Be sure that everything is checked, and click Remove Selected.
- When completed, a log will open in Notepad. Please save it to a convenient location and post back the log.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer, please do so immediately.
--Next--
Download Rooter.exe to your desktop
- Right click Rooter.exe then choose Run as Administrator to start the tool.
- A Notepad file containing the report will open, also found at %systemdrive%\Rooter.txt (ex. C:\Rooter.exe). Post that here.
1. Malwarebytes log.
2. Rooter log.
Proud graduate of WTT Classroom
The help we provide here is free, however, if you wish to donate, you can do so here: http://www.whatthetech.com/donate/
ASAP and UNITE member
________________________________________________
!
#8
Posted 19 October 2009 - 08:58 PM
Attached Files
#9
Posted 19 October 2009 - 09:12 PM
#10
Posted 19 October 2009 - 09:17 PM
Attached Files
Register to Remove
#11
Posted 20 October 2009 - 05:55 PM
Please do the following:
- Click on Start > Control Panel and double click on Programs and Features.
- Locate ERUNT and click on the Uninstall button to uninstall it.
- Close Control Panel when done.
--Next--
Try to install your antivirus (Kaspersky). After installation, have it updated then run a scan. Please post back the log it creates. Thank you.
Proud graduate of WTT Classroom
The help we provide here is free, however, if you wish to donate, you can do so here: http://www.whatthetech.com/donate/
ASAP and UNITE member
________________________________________________
!
#12
Posted 20 October 2009 - 08:29 PM
10/20/2009 9:12:02 PM Task completed
10/20/2009 9:09:47 PM Task started
Quick Scan: completed 10/20/2009 9:12:02 PM (events: 10, objects: , time: 00:00:00)
10/20/2009 9:22:25 PM Task started
10/20/2009 9:22:57 PM Detected: http://www.viruslist...dvisories/36983 c:\program files (x86)\adobe\reader 9.0\reader\acrord32.exe
10/20/2009 9:33:31 PM Detected: http://www.viruslist...dvisories/36983 c:\program files (x86)\adobe\reader 9.0\reader\acrord32.exe
10/20/2009 9:33:42 PM Detected: http://www.viruslist...dvisories/35948 c:\program files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\NPSWF32.dll
10/20/2009 9:33:43 PM Detected: http://www.viruslist...dvisories/35948 c:\program files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll
10/20/2009 9:36:17 PM Detected: http://www.viruslist...dvisories/34451 c:\program files (x86)\Java\jre6\bin\java.exe
10/20/2009 9:59:18 PM Detected: http://www.viruslist...dvisories/34451 c:\Windows\SysWOW64\java.exe
10/20/2009 10:07:20 PM Task completed
#13
Posted 20 October 2009 - 08:34 PM
#14
Posted 20 October 2009 - 11:12 PM
Those detected by Kaspersky are security vulnerabilities, we'll deal with that later. So far your computer looks clean.
Please delete DDS, RootRepeal and all the logs we've created.
--Next--
Enable your firewall:
- Click Start Orb
- Select Control Panel
- Click Security
- Select the Firewall option
- Click Turn Windows Firewall on or off. Turn it on.
- Click OK to finish.
You can keep TFC and use it to clean your computer of some junk atleast once a week. You can also keep Malwarebytes, it is an excellent malware removal tool. Update atleast once a week then run a complete scan.
--Next--
To manually create a new Restore Point
- Go to Control Panel and select System and Maintenance.
- Select System.
- On the left select Advance System Settings and accept the warning if you get one.
- Select System Protection Tab.
- Select Create at the bottom.
- Type in a name i.e. Clean.
- Select Create.
Now we can purge the infected ones
- Go back to the System and Maintenance page.
- Select Performance Information and Tools.
- On the left select Open Disk Cleanup.
- Select Files from all users and accept the warning if you get one.
- In the drop down box select your main drive i.e. C
- For a few moments the system will make some calculations
- Select the More Options tab.
- In the System Restore and Shadow Backups select Clean up.
- Select Delete on the pop up.
- Select OK.
- Select Delete.
Adobe
You can get the latest version here.
Or you can download and install Foxit Reader.
Java
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
Please download JavaRa to your desktop and unzip it to its own folder
- Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
- Accept any prompts.
- Open JavaRa.exe again and select Search For Updates.
- Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.
The latest update is Java 6 update 16.
Now to Clean out the Java cache:
Go into the Control Panel and double-click the Java Icon.
- Under Temporary Internet Files, click the Settings... button
- click the Delete Files button.
- There are two options in the window to clear the cache - Leave both Checked
Applications and Applets
Trace and Log Files
- Click OK on Delete Temporary Files Window
Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
- Click OK to leave the Temporary Files Settings
- Click OK to leave the Java Control Panel.
To keep your operating system up to date visit
- Secunia Software inspector to check your program update status.
- Microsoft Windows Update .
Here are some tips to reduce the potential for spyware infection in the future:
1. Make your Internet Explorer More Secure
- From within Internet Explorer click on the Tools menu and then click on Options.
- Click once on the Security tab.
- Click once on the Internet icon so it becomes highlighted.
- Click once on the Custom Level button.
- Change the Download signed ActiveX controls to Prompt.
- Change the Download unsigned ActiveX controls to Disable.
- Change the Initialise and script ActiveX controls not marked as safe to Disable.
- Change the Installation of desktop items to Prompt.
- Change the Launching programs and files in an IFRAME to Prompt.
- Change the Navigate sub-frames across different domains to Prompt.
- When all these settings have been made, click on the OK button.
- If it prompts you as to whether or not you want to save the settings, press the Yes button.
- Next press the Apply button and then the OK to exit the Internet Properties page.
3. Make sure you keep your Windows OS current by visiting Windows update regularly to download and install any critical updates and service packs. Without these you are leaving the back door open.
4. Consider a custom hosts file such as MVPS HOSTS. This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
For information on how to download and install, please read this tutorial by WinHelp2002
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.
5. Download and install the free version of WinPatrol. This program protects your computer in a variety of ways and will work well with your existing security software. Have a look at this tutorial to help you get started with the program.
6. SpywareBlaster - Download and install SpywareBlaster. This program prevents the installation of ActiveX-based spyware and other potentially unwanted programs.
7. SpywareGuard - Download and install SpywareGuard. This provides a real-time protection solution against spyware that is a great addition to SpywareBlaster's protection method.
8. Protect your computer from internet threats with SandboxIE. This program isolates Internet Explorer from the rest of your operating system, 'sandboxing' it away - so malicious websites can't do damage to the rest of your system. There is a Getting Started guide on their website.
9. And finally, please read these excellent articles:
Malware: Help prevent the Infection by Sandi Hardmeier,
Preventing Malware - Tools and Practices for Safe Computing
For more safe computing tips please read the guide by Rorschach112 on how to prevent malware and about safe computing here.
Goodluck, happy computing and stay clean!
Proud graduate of WTT Classroom
The help we provide here is free, however, if you wish to donate, you can do so here: http://www.whatthetech.com/donate/
ASAP and UNITE member
________________________________________________
!
#15
Posted 21 October 2009 - 06:53 AM
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users