Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91819 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Notebook Problems [Solved]


  • This topic is locked This topic is locked
22 replies to this topic

#16 EricWoods

EricWoods

    Authentic Member

  • Authentic Member
  • PipPip
  • 147 posts

Posted 30 October 2013 - 03:36 PM

C:\ProgramData\YouTube Downloader\ytd_installer.exe probably a variant of Win32/Toolbar.Widgi application C:\Users\All Users\YouTube Downloader\ytd_installer.exe probably a variant of Win32/Toolbar.Widgi application C:\Users\SRE Lab\Desktop\Downloads\RS232SendWaitfor.exe a variant of Win32/Packed.MultiPacked.AC trojan C:\Users\SRE Lab\Desktop\MTI\Recovery\Process.exe Win32/PrcView application C:\Users\SRE Lab\Desktop\sttc\Recovery\Process.exe Win32/PrcView application C:\Users\SRE Lab\Desktop\Utilities\Process.exe Win32/PrcView application C:\Users\SRE Lab\Desktop\ValleyTire\Recovery\Process.exe Win32/PrcView application

    Advertisements

Register to Remove


#17 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 31 October 2013 - 02:21 AM

 

C:UsersSRE LabDesktopDownloadsRS232SendWaitfor.exe a variant of Win32/Packed.MultiPacked.AC trojan

Delete this file.

 

 

 

C:ProgramDataYouTube Downloaderytd_installer.exe probably a variant of Win32/Toolbar.Widgi application
C:UsersAll UsersYouTube Downloaderytd_installer.exe probably a variant of Win32/Toolbar.Widgi application
C:UsersSRE LabDesktopMTIRecoveryProcess.exe Win32/PrcView application
C:UsersSRE LabDesktopsttcRecoveryProcess.exe Win32/PrcView application
C:UsersSRE LabDesktopUtilitiesProcess.exe Win32/PrcView application
C:UsersSRE LabDesktopValleyTireRecoveryProcess.exe Win32/PrcView application

These files aren´t malware but contain security risks. I would delete them immediately - your choice!

 

 

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:AdwCleaner[S1].txt also

SecurityCheck

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.


Proud Member of UNITE & TB
 

#18 EricWoods

EricWoods

    Authentic Member

  • Authentic Member
  • PipPip
  • 147 posts

Posted 31 October 2013 - 11:20 AM

# AdwCleaner v3.010 - Report created 31/10/2013 at 09:04:13
# Updated 20/10/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : SRE Lab - SRELAB-HP
# Running from : C:\Users\SRE Lab\Desktop\adwcleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\apn
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\Software\InstallIQ
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16686
 
 
-\\ Google Chrome v30.0.1599.101
 
[ File : C:\Users\SRE Lab\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [3608 octets] - [31/10/2013 08:58:31]
AdwCleaner[S0].txt - [3337 octets] - [31/10/2013 09:04:13]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3397 octets] ##########
 

 Results of screen317's Security Check version 0.99.76  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
McAfee Anti-Virus and Anti-Spyware   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 25  
 Java version out of Date! 
 Adobe Reader 10.1.8 Adobe Reader out of Date!  
 Google Chrome 30.0.1599.101  
 Google Chrome 30.0.1599.69  
 Google Chrome plugins...  
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 3% 
````````````````````End of Log`````````````````````` 
 


#19 EricWoods

EricWoods

    Authentic Member

  • Authentic Member
  • PipPip
  • 147 posts

Posted 01 November 2013 - 07:22 PM

Something else I should do?



#20 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 04 November 2013 - 06:52 AM

Your system is clean now! :)

 

 

Java runtime Environment out of date

Your Java runtime environment is outdated. We will fix this.

  • Get the actual JRE from here
  • Save jxpiinstall.exe to your desktop
  • Close all running programs, especially your browser(s)
  • Run jxpiinstall.exe. This will download the newest JRE installer and install the software
  • when finished, go to
    Start-->control panel-->add/remove programs and remove all older Java versions. (if existing)
  • When finished, reboot your computer.

After the reboot
  • Open control panel again and click the java symbol.
  • Click Settings under Temporary Internet Files.
    The Temporary Files Settings dialog box appears.
  • Click Delete Files.
    The Delete Temporary Files dialog box appears
  • Click OK on Delete Temporary Files window.
  • Click OK again.

 

 

 

 

Adobe Reader out of date

Your Adobe Reader is outdated. We will fix this.


  • Get the actual software from here. Important: Uncheck any optional software (for example Google Chrome, etc.) offered.
  • Run setup and follow the instructions.
  • Click upon Start-->control panel-->add/remove programs.
  • Search for and remove any older reader versions.

 

 

 

 

Uninstall our tools using delfix

Please follow these steps in order:

  • In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
  • In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
  • In any case please download delfix to your desktop.
    • Close all other programms and start delfix.
    • Please check all the boxes and run the tool.
    • delfix will now delete all found traces of our removal process
  • If there is still something left please delete it manualy.

 

 

 

 

How to protect yourself

  • System Updates
    Beeing up to date is very important. Please be sure to activate automatic updates in your control panel.
    Windows XP | Windows Vista |
    Windows 7 | windows 8
  • Protection
    What you need is one (not more) good virus scanner with backgroud protection. Additionally I recommend a special malwarescanner that you run from time to time.
    Personally I am using the avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer you good protection for free use. But please remember: You get only the full protection if you use the payed versions of your security software.
  • Up to date Software
    Stay up to date with all the programs you use. Some of those really have to have an eye on are: your browser(s) including add-ons and plug-ins, Java, Flash Player, your virus scanner, and basically every software you use often. These link may help you to check:
  • Backups
    There are chances for an emergency every day. So be prepared. Back up your data on a regular basis. If you burn it to DVDs from time to time, use a cloud-drive or a professional network backup system is your choice.
  • Brains
    It's no joke! You really need one of those things. :) It is very important not just to click anywhere it is colored or flashing while you surfing on the web. Do not click an OK button on any popping window without reading what it says. While installing software always choose the custom mode, read what those windows says and uncheck adware that will be installed along the software you want.


Proud Member of UNITE & TB
 

#21 EricWoods

EricWoods

    Authentic Member

  • Authentic Member
  • PipPip
  • 147 posts

Posted 04 November 2013 - 01:32 PM

Thanks for your help, TB. We never really found a smoking gun, right?



#22 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 12 November 2013 - 08:05 AM

Sure we found one, but removed it in #17.

You´re welcome! :)


Proud Member of UNITE & TB
 

#23 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 12 November 2013 - 08:05 AM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please follow the instructions here http://forums.whatth...ed_t106388.html
and start a New Topic.
Proud Member of UNITE & TB
 

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users