19 replies to this topic

[Worldway]

Hi,

 

I downloaded a program and believe I ended up with Malware or a Virus.  When I started Internet Explorer it would automatically go to a screen telling me that my Java needed to be updated.  I could tell that it wasn't a legitimate request.  I ran Malwarebytes and found 10 instances of malware which included pup.optional.OptimizerPro plus other similar programs.  I had Malwarebytes remove these programs.  However, now whenever I go on the internet I'm getting a pile of pop-up adds and adds attached to webpages that I'm looking at.  Attached is my Hijack This log.  Please help.

 

 

Attached Files

•  hijackthis log Nov 9.txt   14.1KB   364 downloads

[Jo*]

Hello Worldway,

my name is Jo and I will help you with your computer problems.

Please be advised that I am currently in training, so my responses will need to be approved by one of our experts before I post them. This is only to ensure you are receiving accurate instructions. It may cause a delay in my replies.

Please follow these guidelines:

• Logs can take a while to research, so please be patient.
• Read and follow the instructions in the sequence they are posted.
• print or copy & save instructions.
• Do not install / uninstall any applications, unless otherwise instructed.
• Use only that tools you have been instructed to use.
• Copy and Paste the log files inside your post, unless otherwise instructed.
• Ask for clarification, if you have any questions.
• Stay with this topic til you get the all clean post.
• My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

I will return as soon as possible with more instructions.

***

[Jo*]

Hello Worldway,

1. Download Security Check by screen317 from here or here.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  Vista / Windows 7/8 users right-click and select Run As Administrator.

• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***

2. Please download Malwarebytes Anti-Rootkit and save it to your desktop.

• Be sure to print out and follow the instructions provided on that same page.
• Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
• Scan your system for malware
• If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
• If there is no malware found, please let me know as well.

***

3. Download OTL to your desktop.

• Double click on the icon to run it.
  Vista / Windows 7/8 users right-click and select Run As Administrator.

• Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Check the boxes beside LOP Check and Purity Check.
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
  Note: These logs can be located in the OTL folder on your C:\ drive if they fail to open automatically.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

***

[Worldway]

Here you go.   I should also mention that I am working out of town this week so my responses may be a bit slow.  I will definitely respond however, please be patient with me.

 

For some reason I don't seem to be able to copy and paste my results.  I have no idea why but it doesn't seem to be working.  I'll have to include them as attachments.

 

The Malwarebytes Anti-Rootkit found no malware.

 

Thanks so much for your help

Attached Files

•  OTL Nov 11.Txt   228.46KB   263 downloads
•  Security Check Nov 11.txt   728bytes   261 downloads

[Jo*]

Hello Worldway,

Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8 users right-click and select Run As Administrator.

• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
  The actual line should say "Pending. Please uncheck elements you do not want to remove" => scan is complete.
• After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
• The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
  If you see an entry you want to keep, let me know about it.
• Copy and paste the contents of that logfile in your next reply.
• A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

[Worldway]

I never got the => scan is complete.  I left it on for about 8 hours.

 

Attached is the results

[Worldway]

I don't think my previous post had the attachment.  I'll try again.

 

 

Attached Files

•  AdwCleaner Nov 13 R0.txt   1.68KB   251 downloads

[Jo*]

Hello Worldway,

Double click on AdwCleaner.exe to run the tool again.
Vista / Windows 7/8 users right-click and select Run As Administrator.

• Click on the Scan button.
• AdwCleaner will begin to scan your computer like it did before.
• When the scan has finished, the actual line should say "Pending. Please uncheck elements you do not want to remove". Look through the scan results and uncheck any entries that you do not wish to remove.
• This time, click on the Clean button.
• Press OK when asked to close all programs and follow the onscreen prompts.
• Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
• After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
• Copy and paste the contents of that logfile in your next reply.
• A copy of that logfile will also be saved in the C:\AdwCleaner folder.

***

Please download Junkware Removal Tool from HERE and save it to your desktop.
Shutdown your antivirus to avoid any potential conflicts.
Double click JRT.exe to run the tool.
Vista / Windows 7/8 users right-click and select Run As Administrator.

• JRT will begin to backup your registry and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, the log JRT.txt is saved on your desktop and will automatically open.

Enable your antivirus!
Post the contents of JRT.txt into your next reply.

***

Run OTL again.
Vista / Windows 7/8 users right-click and select Run As Administrator.

• Double click on the OTL icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• don't check the boxes beside LOP Check and Purity Check this time.
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open a notepad window OTL.Txt.
• Please copy (Edit->Select All, Edit->Copy) the content of the file and post it with your next reply.

***

[Worldway]

Again, I apologize but for some reason my computer won't allow me to copy and paste so I've attached the logs you've requested.

 

I do have one question. Since starting this session I've noticed three new icons on my desktop.  There are two titled desktop.ini and one called thumbs.db.  They aren't the same as the other icons, these look transparent, almost ghost like.  I'm wondering if this is normal?

Attached Files

•  AdwCleanerS0 Nov 13.txt   1.68KB   281 downloads
•  JRT Nov 13.txt   620bytes   260 downloads
•  OTL Nov 13.Txt   225.31KB   221 downloads

[Jo*]

Hello Worldway,
 

Again, I apologize but for some reason my computer won't allow me to copy and paste so I've attached the logs you've requested.

That's no problem for me.
 

I do have one question. Since starting this session I've noticed three new icons on my desktop. There are two titled desktop.ini and one called thumbs.db. They aren't the same as the other icons, these look transparent, almost ghost like. I'm wondering if this is normal?

Don't worry about that, these are normally hidden files, but the tools we have used have shown them temporarily.
 

***

Run OTL.exe

• Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
  
  

  :OTL
  FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{3ee1e5fc-104d-43d5-8964-bb978836e71a}: C:\Program Files (x86)\Show-Password\134.xpi
  [2013-11-13 17:34:32 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\Show-Password Update.job
  
  :Commands
  [purity]
  [emptytemp]
  [Reboot]
  

  NOTICE: This script was written specifically for this user, for use on that particular machine.
  Running this on another machine may cause damage to your operating system.
• Then click the Run Fix button at the top
• Let the program run unhindered, reboot when it is done
• Then post the Fix OTL log

***

Run OTL again.
Vista / Windows 7/8 users right-click and select Run As Administrator.

• Double click on the OTL icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• don't check the boxes beside LOP Check and Purity Check this time.
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open a notepad window OTL.Txt.
• Please copy (Edit->Select All, Edit->Copy) the content of the file and post it with your next reply.

***

[Worldway]

I had real issues with the fix OTL log.  It wouldn't allow me to copy and paste or to attach as a file (it said that I wasn't allowed to upload that type of file).  So I've converted it to a PDF.  I hope that will work for you.

Attached Files

•  OTL Nov 14.Txt   194.87KB   251 downloads
•  11142013_211024.pdf   21.91KB   334 downloads

[Jo*]

Hello Worldway,

now we need to do the following:

1. Java
1.1 Uninstall old Java versions:

• Please go to Start > Control Panel > Programs and Features .
• Locate all Java Updates
• Uninstall them all.

1.2 Install latest Java 7 update. Click this link and click on the Free JAVA Download.

1.3 Find here instructions how to clear the java cache.
Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)
Under Temporary Internet Files, click the Delete Files button.
There are three options in the window to clear the cache - Leave ALL 3 Checked

• Downloaded Applets
• Downloaded Applications
• Installed Applications and Applets

Click OK on Delete Temporary Files Window
Note: This deletes ALL the Downloaded Applications and Applets from the CACHE. Click OK to leave the Java Control Panel.

 

***

2. Malwarebytes' Anti-Malware
Download the free version of Malwarebytes' Anti-Malware and save it to your desktop.
Double-click mbam-setup****.exe and follow the prompts to install the program.
Note to Vista | Windows 7/8 users, please right-click and select Run as Administrator.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware.
• Then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform quick scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. Please copy and paste the log back into your next reply.

Note 1: The log can also be found via the Logs tab when Malwarebytes' Anti-Malware is started.
Note 2: If you receive a notice that some of the items couldn't be removed and they have been added to the delete on reboot list, please reboot.

***

3. ESET Online Scanner

Connect any existing external hard drives and / or other removable media.

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  ESET OnlineScan
• Click the button.

• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
• Click on to download the ESET Smart Installer. Save it to your desktop.
• Double click on the icon on your desktop.

• Check
• Click the button.
• Accept any security warnings from your browser.
• Check
• Make sure that the option "Remove found threats" is Unchecked
• Push the Start button.
• ESET will then download updates for itself, install itself, and begin
  scanning your computer. Please be patient as this can take some time.
• When the scan completes, push
• Push , and save the file to your desktop using a unique name, such as MyEsetScan. Alternatively, look for report in C:\Program Files\ESET\ESET Online Scanner\log.txt. Include the contents of this report in your next reply.
• Push the Back button.
• Select Uninstall application on close check box and push

***

How the computer is running now?

[Worldway]

The computer seems to be running fine.  I did your last set of instructions and nothing was found.  I think you managed to clean my computer.  Thanks so much for that.

Attached Files

•  mbam-log-2013-11-15 (17-49-53).txt   1.79KB   208 downloads

[Worldway]

I've been noticing tonight that videos on YouTube are taking a long time to load which is not the normal for me.  I also see that every time I maximize the video I get a pop up box from windows asking me if I want to make the video larger.  Never happened before.

[Jo*]

Hello Worldway,

Update Internet Explorer to v11
Vista | Windows 7/8 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems.
 

I do have one question. Since starting this session I've noticed three new icons on my desktop. There are two titled desktop.ini and one called thumbs.db. They aren't the same as the other icons, these look transparent, almost ghost like. I'm wondering if this is normal?

To disable the viewing of hidden and protected system files in Windows Vista, 7 / 8 please follow these steps:

Close all programs so that you are at your desktop.
Click on the Start button. This is the small round button with the Windows flag in the lower left corner.

Click on the Control Panel menu option.
When the control panel opens you can either be in Classic View or Control Panel Home view:

If you click on "restore defaults" button in Folder Options > View tab, it will hide all those views for you.

Did the file names read as desktop.ini (there are two of these) disappear?
 

I've been noticing tonight that videos on YouTube are taking a long time to load which is not the normal for me. I also see that every time I maximize the video I get a pop up box from windows asking me if I want to make the video larger. Never happened before.

This is not malware related.
When we have finished the cleaning of your pc and the problem still happens, you can start a new topic at our Browsers, Internet and email forum section.