Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91819 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

48 "Bad Image" Warnings on Boot Up [Solved]

errors bad image

  • This topic is locked This topic is locked
74 replies to this topic

#46 RandalSon

RandalSon

    Authentic Member

  • Authentic Member
  • PipPip
  • 44 posts

Posted 25 December 2013 - 12:07 PM

this board won't let me attach a word.doc either. 


    Advertisements

Register to Remove


#47 RandalSon

RandalSon

    Authentic Member

  • Authentic Member
  • PipPip
  • 44 posts

Posted 25 December 2013 - 12:09 PM

Here it is as a .txt. 

Attached Files

  • Attached File  eset.txt   993bytes   86 downloads


#48 Conspire

Conspire

    SuperHelper

  • Classroom Teacher
  • 5,805 posts

Posted 25 December 2013 - 09:37 PM

If you're still having the copy/paste problem in future, click the little toggle button right at the left corner of this editor box. When you right-click it, you will be able to see the copy/paste function menu.

Now time for some housekeeping.

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
- Kaspersky Lab report: Evaluating the threat level of software vulnerabilities
- Microsoft: Unprecedented Wave of Java Exploitation
- Ghosts of Java Haunt Users

Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform (32-bit or 64-bit). 64-bit OS users, should read: Which Java download should I choose for my 64-bit Windows operating system?
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to StartBtn.gif > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7/8 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u45-windows-i586.exe (or jre-7u45-windows-x64.exe for 64-bit) to install the newest version.
  • If using Windows 7/8 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered any unwanted software or toolbars during installation, just uncheck the box before continuing unless you want it. The McAfee Security Scan Plus may be installed unless you uncheck the McAfee installation box when updating Java.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.

Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary. To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.
===================================================

Follow these steps to uninstall Combofix

Combofix /Uninstall
Combofix_uninstall_image.jpg
  • Click START then RUN
  • Now copy/paste the code into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.
  • ===================================================

    Thank you for your patience, and performing all of the procedures requested. I would also like to take this opportunity to apologize for any delay that may have occurred.

    --------------------------------------------------------------------------------------------------------------

    MICROSOFT UPDATES
    It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.


    Passwords
    It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them and consider a password keeper, to keep all your passwords safe.


    SPYWARE PREVENTION
    This is a good time to set up protection against further attacks. In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read these well written articles:To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:
    • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
      • Green to go
      • Yellow for caution
      • Red to stop

    WOT has an add-on available for both Firefox and IE.

    • SpywareBlaster prevents the installation of ActiveX-based malware, blocks cookies, and restricts the actions of "bad" sites. See tutorial here
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting the attempted connections to 127.0.0.1, which is the IP of your local computer. See guide here and for Windows Vista here
    • Download Host.zip and Save it to your Desktop.
    • Right-click hosts.zip and select 'Extract all files' or 'Extract files...'.
    • Follow the prompts and click 'Finish'.
    • This will open the newly created hosts folder on your Desktop.
    • Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine.
    • Once updated you should see another prompt that the task was completed.
  • Follow this list and keep your antivirus program and antispyware programs updated and scan with them on a regular basis. By doing so, your potential for being infected again will reduce dramatically.

    Hopefully this should take care of your problems! Good luck.

    Do you have any questions or problems to ask? Please do not hesitate to do so.

    **Please respond this one more time to ensure it is resolved and close this topic.

Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may Posted Image
Posted Image

#49 RandalSon

RandalSon

    Authentic Member

  • Authentic Member
  • PipPip
  • 44 posts

Posted 25 December 2013 - 09:47 PM

All the delays were mine, plus that weird 16 hour difference thing.

 

Are we going to do something on those 7 things that Eset tagged?

 

I'll do the Java thing tomorrow.   Thanks.



#50 Conspire

Conspire

    SuperHelper

  • Classroom Teacher
  • 5,805 posts

Posted 25 December 2013 - 11:09 PM

C:\Qoobox\Quarantine\C\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\bprotector.js.vir Win32/bProtector.F application
C:\Qoobox\Quarantine\C\Users\user\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll.vir a variant of Win32/Toolbar.DefaultTab.B application
C:\Qoobox\Quarantine\C\Users\user\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart.exe.vir a variant of Win32/Toolbar.DefaultTab.B application
C:\Qoobox\Quarantine\C\Users\user\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap.dll.vir a variant of Win32/Toolbar.DefaultTab.B application
C:\Qoobox\Quarantine\C\Users\user\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe.vir Win32/Toolbar.DefaultTab.A application

 

These will be taken care of, with the use of ComboFix /uninstall switch.

 

C:\Users\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\72e25a1d-74bc7339    a variant of Java/Exploit.CVE-2013-1493.CX trojan

 

This will be cleared when you remove the existing version of Java.

 

 

C:\Users\user\AppData\Roaming\Mipony Download Accelerator Packages\uninstaller.exe    Win32/InstallCore.AZ application

 

Do you use them?


Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may Posted Image
Posted Image

#51 RandalSon

RandalSon

    Authentic Member

  • Authentic Member
  • PipPip
  • 44 posts

Posted 26 December 2013 - 08:02 AM

OK quarantine and Java.  mipony accelerator?  Do not use as far as I know.     R



#52 Conspire

Conspire

    SuperHelper

  • Classroom Teacher
  • 5,805 posts

Posted 26 December 2013 - 09:08 PM

Ok, we will remove them.

Please download OTM
  • Save it to your desktop.
  • Please double-click OTM to run it. (Note: If you are running on Vista/7, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Files
    C:\Users\user\AppData\Roaming\Mipony Download Accelerator Packages
    
    
    :Commands
    [emptytemp]
    ]emptyflash]
    [CREATERESTOREPOINT]
    [reboot]
    
  • Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM and reboot your PC.
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may Posted Image
Posted Image

#53 RandalSon

RandalSon

    Authentic Member

  • Authentic Member
  • PipPip
  • 44 posts

Posted 27 December 2013 - 06:09 AM

Still here - got distracted by holiday family stuff.   Will get to these remaining steps soon. thanks. R



#54 Conspire

Conspire

    SuperHelper

  • Classroom Teacher
  • 5,805 posts

Posted 27 December 2013 - 08:55 AM

No worries. Enjoy your holiday with your family. :)
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may Posted Image
Posted Image

#55 RandalSon

RandalSon

    Authentic Member

  • Authentic Member
  • PipPip
  • 44 posts

Posted 28 December 2013 - 09:56 AM

Java updated, combofix uninstalled.    OTM hung up, and I can locate the OTM folders but no .log file.   Mipony is still in the Start Menu.


Edited by RandalSon, 28 December 2013 - 10:08 AM.

    Advertisements

Register to Remove


#56 Conspire

Conspire

    SuperHelper

  • Classroom Teacher
  • 5,805 posts

Posted 28 December 2013 - 09:36 PM

Can you check if this directory still exist? C:\Users\user\AppData\Roaming\Mipony Download Accelerator Packages

 

Delete the shortcut in the start menu if the folder is not existed anymore.


Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may Posted Image
Posted Image

#57 RandalSon

RandalSon

    Authentic Member

  • Authentic Member
  • PipPip
  • 44 posts

Posted 28 December 2013 - 09:46 PM

Did not seem to be there, and shortcut deleted. 

 

There are the additional protections in your post #48.  anything else? 

 

I still have to replace the firstrowsports streaming app.  Otherwise, it seems clean and it is a lot quicker. 



#58 RandalSon

RandalSon

    Authentic Member

  • Authentic Member
  • PipPip
  • 44 posts

Posted 28 December 2013 - 10:19 PM

Three times today the connection through my router to the internet quit working.  that is new.   Twice a computer restart reconnected, the other one I had to reboot the modem and router.    I do have two teenagers with phones running through the Wi-Fi,  that is new.  



#59 Conspire

Conspire

    SuperHelper

  • Classroom Teacher
  • 5,805 posts

Posted 28 December 2013 - 10:27 PM

The Wi-Fi on the phones, do they quit working too?


Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may Posted Image
Posted Image

#60 RandalSon

RandalSon

    Authentic Member

  • Authentic Member
  • PipPip
  • 44 posts

Posted 29 December 2013 - 08:39 AM

No, they are fine. Kinda weird.  I got an "Invalid IP Address for router" when I ran troubleshooter.  Some sort of recognition issue?  R


Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users