VIRUS WHICH STOPS UPDATES [Solved]
#1
Posted 30 July 2013 - 02:40 PM
Register to Remove
#2
Posted 30 July 2013 - 06:22 PM
My name is fbfbfb.
I will gladly assist you with your malware concerns. Malware logs may require some time to analyze, and because there is no quick-fix solution, we may need to use various approaches to clean your system. Please be patient.
While working to resolve the issues with your machine, please note the following guidelines:
- Read and follow my directions carefully, in the sequence they are posted.
- If you are unsure about anything, please ask for clarification before continuing.
- To avoid potential problems and setbacks, do not:
- install or uninstall any applications while your system is being cleaned.
- use any tools other than those recommended.
- run any other scans without being directed to do so.
- Copy and Paste the log files inside your posts. Do not send them as attachments unless otherwise instructed.
- Stay with this thread until your machine has been deemed all clear. Absence of symptoms does not mean your system is clear.
- Please reply within 3 days of each posting to avoid closing this topic. If you need more time to complete tasks, or if you will be away, please let me know in advance.
1. DDS
Please download DDS from HERE. Click Save File. The file will save to your default location.
- Disable any script blocking protection. (How to Temporarily Disable Security Programs: Anti-virus/Anti-spyware/Firewall)
- Double click dds.com > Click Run.
- At the next prompt, ensure check marks appear next to dds.com and attach.txt > Click Start to begin the scan. When done, click OK to close the DDS window.
- Two reports will automatically open: dds.txt and Attach.txt. These reports are also saved to your desktop.
Please attach the second file: Attach.txt.
To attach a file, do the following:
- Under the reply panel is the Attachments Panel.
- Browse for the attachment file you want to upload, then click the green Upload button.
- Once it has uploaded, click the Manage Current Attachments drop down box.
- Click on to insert the attachment into your post.
Please download aswMBR from HERE.
- Double click aswMBR.exe to run it.
- When asked if you want to download Avast's virus definitions, please select Yes.
- Click the Scan button to start the scan.
- On completion of the scan, click save log, save it to your desktop, and post in your next reply.
3. Security Check
Please download Security Check from HERE or HERE.
- Save it to your Desktop.
- Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
- A Notepad document should open automatically called checkup.txt. This may take a few minutes.
CHECKLIST: In your next reply, please post the following:
- dds.txt
- attach.txt
- checkup.txt
#3
Posted 01 August 2013 - 05:48 PM
Attached Files
#4
Posted 01 August 2013 - 08:27 PM
Thank you for your logs. There is quite a bit of garbage we need to delete from your system.
Please run the following scans
1. AdwCleaner
Please download AdwCleaner from HERE.
- Close all open programs and internet browsers.
- Double click on adwcleaner.exe to run the tool.
- Click on the Delete button.
- A logfile will automatically open after the scan has finished.
- You can also find the logfile at C:\AdwCleaner[S1].txt.
2. Junkware Removal Tool
Please download Junkware Removal Tool from HERE and save it to your desktop.
- Shutdown your antivirus to avoid any potential conflicts.
- Right-mouse click JRT.exe and select Run as Administrator.
- JRTwill begin to backup your registry and start scanning your system.
- Please be patient as this can take a while to complete depending on your system's specifications.
- On completion, the log JRT.txt is saved on your desktop and will automatically open.
3. OTL
- Please download OTL to your desktop from HERE or HERE
- Close all other applications and windows so that you have nothing open.
- Double click on the icon on your desktop.
Note: Vista and Windows 7 users right-click and select Run As Administrator. If you receive a UAC prompt asking if you would like to continue running the program, you should press the Continue button.
- Under Output, click Minimal Output to select it.
- Click the Scan All Users checkbox. Leave the remaining selections to the default settings.
- Do not use the computer while the scan is in progress.
- When the scan is complete, two log files will open in Notepad: OTListIt.txt (will be maximized) and Extras.txt <- (will be minimized in the Task Bar).
- Both logs are automatically saved to the Desktop.
- Please copy and paste the contents of OTListIt.txt and Extras.txt in your next reply. If the Extras.txt log is too long, you may need to add a second reply to your thread.
- Click the red X in the upper right corner to exit OTL.
- adwcleaner.txt
- JRT.txt
- OTListIt.txt
- Extras.txt
#5
Posted 02 August 2013 - 04:09 PM
Attached Files
#6
Posted 02 August 2013 - 04:30 PM
#7
Posted 03 August 2013 - 09:32 PM
Thank you for the logs. Given the amount of infection on your system, I cannot guarantee that we can completely resolve all the issues completely by this weekend. Let's do what we can before you leave. If you will be away for 2 weeks, I will leave this topic open until you return.
Regarding UniblueDriverscanner.exe. This was not attached to any of my requests. It appears that this application installs on a system without a user's approval when downloading other software. It is an application designed to check the PC's currently installed drivers against a database and downloads an updated driver if available. However, before downloading the actual driver, the user has to purchase a standing order. We will go ahead and remove this software.
Please back up your system
The following fix requires altering your Windows Registry. Therefore, we need to back it up in case we run into problems.
- Please download ERUNT to your desktop from HERE.
- Right click erunt.zip, choose Extract All…, and follow the prompts to unzip the program.
- Open the ERUNT folder on your Desktop and double click ERUNT.exe to start the program.
- Click OK for all the prompts to back up your registry to the default location.
Note: if it becomes necessary to restore the registry, open the backup folder and start ERDNT.exe.
Please run the following scanRun OTL.exe
- Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.
- Then click the Run Fix button at the top.
:processes killallprocesses :OTL IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www1.delta-search.com/?babsrc=HP_ss&mntrId=007E00255631B513&affID=121240&tsp=4961 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www1.deltasearch.com/?q={searchTerms}&babsrc=SP_ss&mntrId=007E00255631B513&affID=121240&tsp=4961 FF - user.js - File not found FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}: C:\Program Files\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi [2013/08/01 23:28:59 | 000,000,000 | ---D | M] (Wajam) -- C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\vixxn2lu.default\extensions\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2} [2013/08/01 23:33:19 | 000,000,000 | ---D | M] ("QuickShare Widget") -- C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\vixxn2lu.default\extensions\{e5dce098-209c-4f1d-a3ee-52aa625feec2} [2013/08/01 23:30:11 | 000,000,000 | ---D | M] ("Solid Savings") -- C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\vixxn2lu.default\extensions\9518042e-7ad6-4dac-b377-056e28d00c8f@f1cc0a13-4df1-4d66-938f-088db8838882.com [2013/08/01 23:27:44 | 000,006,507 | ---- | M] () -- C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\vixxn2lu.default\searchplugins\babylon.xml O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4 - HKCU..\Run: [NTRedirect] C:\Windows\system32\rundll32.exe "C:\Users\Amanda\AppData\Roaming\BabSolution\Shared\NTRedirect.dll",Run File not found O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.) O16 - DPF: {FD0EBBED-0C42-4D0F-82DA-44399B5C420A} http://downloads.virginmedia.com/CST/ver1/vistainstaller.cab (Reg Error: Value error.) O20 - AppInit_DLLs: (c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll () O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - No CLSID value found. [2013/08/02 12:35:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Uniblue [2013/08/01 23:31:41 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Roaming\Uniblue [2013/08/01 23:31:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue [2013/08/01 23:31:04 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue [2013/08/01 23:30:02 | 000,000,000 | ---D | C] -- C:\Program Files\Solid Savings [2013/08/01 23:28:14 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender [2013/08/01 23:28:06 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserDefender :Files ipconfig /flushdns /c :Commands [emptytemp] [resethosts] [CREATERESTOREPOINT]
- Let the program run unhindered; it will reboot when it is done. If it does not, please reboot your system.
- Post the new log in your next reply.
#8
Posted 04 August 2013 - 04:03 PM
Attached Files
#9
Posted 05 August 2013 - 05:16 PM
I will keep your thread open until you return. Please let me know when you are back and we will continue cleaning your system.
If you are still available, and are able to complete the next task, please do so; otherwise, you can complete it when you return.
Please run DDS again and send me a fresh log. Let me know how your computer is running at this stage, as well as any other issues you are experiencing.
#10
Posted 24 August 2013 - 04:40 PM
Attached Files
Register to Remove
#11
Posted 25 August 2013 - 03:55 PM
Your system is looking better. We still need to remove some unwanted applications.
1. Remove Toolbars and Programs
Please remove the following applications via your Control Panel: BrowserDefender, Delta Chrome Toolbar, QuickShare, Solid Savings, Virgin Media Toolbar, and Wajam.
To uninstall:
- Click Start and select Control Panel.
- When the Control Panel window opens, click on Uninstall a program found under the Programs category.
- If you are using the Classic View of the Control Panel, then you would double-click on the Programs and Features icon instead.
- Begin with the first program (BrowserDefender) > left-click on it once to highlight it.
- Click on the Uninstall button.
- When asked if you are sure you want to uninstall, click Yes.
- The program will uninstall, and when completed you will be back at the list of programs installed on your computer.
- Continue to delete the remaining programs the same way.
- When finished, close the Programs and Features screen.
If any of these toolbars or applications (BrowserDefender, Delta Chrome Toolbar, QuickShare, Solid Savings, Virgin Media Toolbar, and Wajam) appear in your browsers, continue as follows:
For Internet Explorer:
- Open Internet Explorer.
- Click Tools > Manage Add-ons.
- In the Manage Add-ons window, under Add-on Types (found on left side) highlight Toolbars and Extensions.
- Under the Show: drop-down menu (found on left side) make sure All add-ons is selected.
- Highlight the extension (ex. browserdefender ) you wish to remove, and select Disable.
- The Disable add-on window may pop up to warn you that related services and add-ons will also be disabled. Click Disable.
- Click Close to exit the Manage Add-ons window.
- Open Firefox.
- Click Tools > Add-ons.
- In the Add-ons window, under Add-on Types select Extensions.
- Click to highlight the extension (ex. browserdefender) you wish to remove and select Disable. If you want to delete an extension entirely, click Remove.
- The Disable add-on window may pop up to warn you that related services and add-ons will also be disabled. Click Disable.
- Exit the Add-ons Manager window, and restart Firefox to complete the process.
- Open Google Chrome.
- Click the wrench icon at the top right of the browser window.
- Click Tools > Select Extensions to open the Options tab.
- Uncheck Enabled to disable the extension (ex. browserdefender), or click Remove to delete it completely.
Removing the toolbars may have changed your browser settings (homepage, default search engines). If so, please follow the instructions found HERE.
Please let me know how your computer is running now and if you are experiencing any other issues.
#12
Posted 25 August 2013 - 05:45 PM
#13
Posted 26 August 2013 - 07:47 AM
Glad to hear itunes is updating for you. We still need to do a little bit of work to ensure your system is completely clean. Please stay with this topic until we have done that.
Comodo/Malwarebytes/Iobit
In answer to your question, you can keep Comodo Antivirus and Comodo Firewall as your main security protection. Malwarebytes is an excellent program to keep. If you have the free version of MBAM, it can be used on demand as needed; however, if you have paid for the pro version, it has real-time monitoring which should be disabled as explained below:
You are currently running multiple anti-spyware programs:
- Windows Defender
- IOBit Malware Fighter
- Comodo Defense.
Since Windows Defender is completely built into Windows, it cannot be uninstalled, so you must keep it.
Comodo Defense+ is part of your Comodo Firewall and cannot be deleted, but it can be deactivated. To disable, follow these instructions.
If you did not pay for IOBit Malware Fighter, you should uninstall it via your Control Panel > Programs and Features > Uninstall a program.
Bottom line: If you keep 2 anti-spyware programs installed on your system, you must disable one to avoid potential problems. You can use it as a second scan when you need it.
UniblueDriverscanner.exe
You mentioned earlier this was not installed by you. Please remove this program via your Control Panel > Programs and Features > Uninstall a program.
Please run the following scans
1. Malwarebytes
You already have Malwarebytes installed on your system. Please run a scan after updating the program and send me the log.
2. ESET Online Scanner
Note:
- Disable any antivirus program and antispyware programs to avoid conflicts.
- Run Eset with Internet Explorer, but if using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted, then double click on it to install.
- Please do not surf the internet while your security programs are disabled.
- Let the scan run uninterrupted to avoid a stall.
- Remember to enable your security programs when the scan has finished.
- Click the green ESET Online Scanner button.
- Read the End User License Agreement and check the box YES, I accept the Terms of Use.
- Click on the Start button next to it.
- If prompted, allow the Add-On/Active X to install.
- Do not check Remove found threats
- Check Scan Archives.
- Click Advanced settings and select the following:
- Scan potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth technology
- Click Start. ESET will download updates, install itself, and begin scanning your computer. Please be patient as this scan could take up to a few hours to complete.
- Wait for the scan to finish. When the scan completes, click List of found threats.
- Click Export and save the file to your desktop using a unique name, such as ESETScan.
- Copy and paste the contents of this report in your next reply.
- Click the Back button.
- Click the Finish button.
#14
Posted 27 August 2013 - 03:39 PM
Attached Files
#15
Posted 29 August 2013 - 10:41 AM
Thank you for the MBAM and ESET logs. Let's remove the threats found by ESET.
Please run the following OTL scan
Run OTL.exe
- Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.
- Then click the Run Fix button at the top.
:OTL C:\ProgramData\Spybot - Search & Destroy\Recovery\myPCBackup.zip C:\ProgramData\Spybot - Search & Destroy\Recovery\Wajam34.zip C:\ProgramData\Spybot - Search & Destroy\Recovery\Wajam68.zip C:\ProgramData\Spybot - Search & Destroy\Recovery\Wajam69.zip C:\Users\All Users\Spybot - Search & Destroy\Recovery\myPCBackup.zip C:\Users\All Users\Spybot - Search & Destroy\Recovery\Wajam34.zip C:\Users\All Users\Spybot - Search & Destroy\Recovery\Wajam68.zip C:\Users\All Users\Spybot - Search & Destroy\Recovery\Wajam69.zip C:\Users\Amanda\Downloads\cbsidlm-cbsi109-IObit_Malware_Fighter-BP-10967594.exe C:\Users\Amanda\Downloads\cbsidlm-cbsi5_3_0_96-Wondershare_Photo_Collage_Studio-ORG-10493378.exe C:\Users\Amanda\Downloads\cbsidlm-tr1_11-Publishit-ORG-10046724.exe C:\Users\Amanda\Downloads\cnet2_iwm-transfer-contacts_zip.exe C:\Users\Amanda\Downloads\cnet2_veryandroid-contacts-backup_zip.exe C:\Users\Amanda\Downloads\gusetup.exe C:\Users\Amanda\Downloads\SoftonicDownloader_for_clonecd.exe :Commands [emptytemp] [resethosts]
- Let the program run unhindered; it will reboot when it is done. If it does not, please reboot your system.
- Post the new log in your next reply.
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users