Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91699 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Level Quality Watcher Infection [Solved]

Level Quality Watcher

  • This topic is locked This topic is locked
33 replies to this topic

#16 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 28 December 2013 - 09:24 AM

Hi,
 
Per our Terms of Use

We offer free computer help and tech support for home and personal use. We are not here to support others that work for profit, or to support/replace your company's IT department.

 
I would recommend that since this is a business computer, it might probably be in your best interest (and that of your clients) to just back up everything and reformat your system.


Posted Image
 
 

    Advertisements

Register to Remove


#17 vdicaprio

vdicaprio

    Authentic Member

  • Authentic Member
  • PipPip
  • 89 posts

Posted 28 December 2013 - 09:45 AM

jeff

 

Sorry - I wasnt aware of that.  We are a small company and dont have an IT dept.  

 

Any chance we can finish this thread and then I will find other ways to deal with untimely viruses? 

 

If not I understand.

 

Vdicaprio



#18 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 28 December 2013 - 09:52 AM

Hi,

 

Sorry - I wasnt aware of that.  We are a small company and dont have an IT dept.

No worries.....are you the owner or can you get permission from the owner to continue? 


Posted Image
 
 

#19 vdicaprio

vdicaprio

    Authentic Member

  • Authentic Member
  • PipPip
  • 89 posts

Posted 28 December 2013 - 09:53 AM

Jeff

 

I am the owner.

 

thanks



#20 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 28 December 2013 - 09:57 AM

LOL!!  Ok I guess we can continue.  :)
 
Are you only seeing the Level Quality Watcher in Add/Remove Programs or anyplace else??
 
81mYIKe.jpg  AdwCleaner

Double click on AdwCleaner.exe to run the tool again.

  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

------------
 
thisisujrt.gif  Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Posted Image
 
 

#21 vdicaprio

vdicaprio

    Authentic Member

  • Authentic Member
  • PipPip
  • 89 posts

Posted 28 December 2013 - 10:49 AM

Jeff

 

Below are the logs - and I am only seeing it in the Add/Remove Programs list, nowhere else.

 

# AdwCleaner v3.016 - Report created 28/12/2013 at 11:33:05
# Updated 23/12/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Jeff - JEFF
# Running from : C:\Documents and Settings\Jeff\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2A498D792D0AD2F4DADF03B3C066122B
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C697F962E048A434B8AE269E702964C8
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
-\\ Google Chrome v31.0.1650.63
 
[ File : C:\Documents and Settings\Jeff\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [842 octets] - [28/09/2013 11:10:55]
AdwCleaner[R1].txt - [1048 octets] - [31/10/2013 11:14:29]
AdwCleaner[R2].txt - [1109 octets] - [01/11/2013 06:32:19]
AdwCleaner[R3].txt - [10945 octets] - [02/11/2013 08:35:42]
AdwCleaner[R4].txt - [1488 octets] - [21/12/2013 10:20:46]
AdwCleaner[R5].txt - [1343 octets] - [21/12/2013 10:28:29]
AdwCleaner[R6].txt - [1668 octets] - [23/12/2013 09:01:22]
AdwCleaner[R7].txt - [1728 octets] - [28/12/2013 11:32:13]
AdwCleaner[S0].txt - [908 octets] - [28/09/2013 11:11:48]
AdwCleaner[S1].txt - [1179 octets] - [01/11/2013 06:33:09]
AdwCleaner[S2].txt - [11107 octets] - [02/11/2013 08:36:28]
AdwCleaner[S3].txt - [1553 octets] - [21/12/2013 10:24:47]
AdwCleaner[S4].txt - [1653 octets] - [28/12/2013 11:33:05]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [1713 octets] ##########
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Microsoft Windows XP x86
Ran by Jeff on Sat 12/28/2013 at 11:40:35.31
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 12/28/2013 at 11:44:08.06
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Thanks
 


#22 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 28 December 2013 - 02:48 PM

Silly question but have you just tried to uninstall it from the Add/Remove Programs??


Posted Image
 
 

#23 vdicaprio

vdicaprio

    Authentic Member

  • Authentic Member
  • PipPip
  • 89 posts

Posted 30 December 2013 - 06:42 AM

Jeff

 

When I select Level Quality Watcher in the add/remove programs there is not "remove" button to uninstall it and if I selected and hit the remove/change button in the upper left hand corner nothing happens.

 

Vdicaprio



#24 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 30 December 2013 - 06:44 AM

Ok good.....it is just a "dead" icon then.....I will be right back.  :)


Posted Image
 
 

#25 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 30 December 2013 - 06:48 AM

Go to the page here >> http://support.micro...l_and_uninstall

 

On the MS FixIt icon press the Run Now button and follow all directions.  Once complete, check and see if it is still in the Add/Remove Programs list.  :)

 

Let me know what happens. 


Posted Image
 
 

    Advertisements

Register to Remove


#26 vdicaprio

vdicaprio

    Authentic Member

  • Authentic Member
  • PipPip
  • 89 posts

Posted 30 December 2013 - 07:00 AM

Jeff

 

It is removed. 

 

thakns



#27 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 30 December 2013 - 07:09 AM

Good!  :)
 
Let's check for anything else hiding in there. 
 
GUZVCQN.jpgMalwarebytes

Please open Malwarebytes, update it and then run a Quick Scan.  Save the log that is created for your next reply.
----------
 
ESET Online Scanner

Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
  • Close the ESET online scan, and let me know how things are now.

----------


Posted Image
 
 

#28 vdicaprio

vdicaprio

    Authentic Member

  • Authentic Member
  • PipPip
  • 89 posts

Posted 30 December 2013 - 02:41 PM

Jeff

 

Below are the log files.  Malwarebytes didnt find anything and the Eset scan listed 26 potential threats but most of them were in adwcleaner/quarantine.

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.12.30.06
 
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Jeff :: JEFF [administrator]
 
12/30/2013 1:52:27 PM
mbam-log-2013-12-30 (13-52-27).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 233103
Time elapsed: 5 minute(s), 47 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 
 
C:\AdwCleaner\Quarantine\C\Documents and Settings\Jeff\Application Data\Searchprotect\bin\ChromeModule.dll.vir probably a variant of Win32/Conduit.SearchProtect.C application
C:\AdwCleaner\Quarantine\C\Documents and Settings\Jeff\Application Data\Searchprotect\bin\cltmng.exe.vir a variant of Win32/Conduit.SearchProtect.B application
C:\AdwCleaner\Quarantine\C\Documents and Settings\Jeff\Application Data\Searchprotect\bin\FirefoxModule.dll.vir probably a variant of Win32/Conduit.SearchProtect.C application
C:\AdwCleaner\Quarantine\C\Documents and Settings\Jeff\Application Data\Searchprotect\bin\InternetExplorerModule.dll.vir probably a variant of Win32/Conduit.SearchProtect.C application
C:\AdwCleaner\Quarantine\C\Documents and Settings\Jeff\Application Data\Searchprotect\bin\SPRunner.exe.vir a variant of Win32/Conduit.SearchProtect.D application
C:\AdwCleaner\Quarantine\C\Documents and Settings\Jeff\Application Data\Searchprotect\ffprotect\application.js.vir Win32/Conduit.SearchProtect.A application
C:\AdwCleaner\Quarantine\C\Documents and Settings\Jeff\Application Data\Searchprotect\ffprotect\nsprotector.js.vir Win32/Conduit.SearchProtect.A application
C:\AdwCleaner\Quarantine\C\Documents and Settings\Jeff\Local Settings\Application Data\SweetPacks\ldrtbSwee.dll.vir a variant of Win32/Toolbar.Conduit.P application
C:\AdwCleaner\Quarantine\C\Documents and Settings\Jeff\Local Settings\Application Data\SweetPacks\tbSwee.dll.vir a variant of Win32/Toolbar.Conduit.B application
C:\AdwCleaner\Quarantine\C\Program Files\Searchprotect\bin\ChromeModule.dll.vir probably a variant of Win32/Conduit.SearchProtect.C application
C:\AdwCleaner\Quarantine\C\Program Files\Searchprotect\bin\cltmng.exe.vir a variant of Win32/Conduit.SearchProtect.B application
C:\AdwCleaner\Quarantine\C\Program Files\Searchprotect\bin\FirefoxModule.dll.vir probably a variant of Win32/Conduit.SearchProtect.C application
C:\AdwCleaner\Quarantine\C\Program Files\Searchprotect\bin\InternetExplorerModule.dll.vir probably a variant of Win32/Conduit.SearchProtect.C application
C:\AdwCleaner\Quarantine\C\Program Files\Searchprotect\bin\SPRunner.exe.vir a variant of Win32/Conduit.SearchProtect.D application
C:\AdwCleaner\Quarantine\C\Program Files\Searchprotect\ffprotect\application.js.vir Win32/Conduit.SearchProtect.A application
C:\AdwCleaner\Quarantine\C\Program Files\Searchprotect\ffprotect\nsprotector.js.vir Win32/Conduit.SearchProtect.A application
C:\AdwCleaner\Quarantine\C\Program Files\SweetPacks\ldrtbSwee.dll.vir a variant of Win32/Toolbar.Conduit.P application
C:\AdwCleaner\Quarantine\C\Program Files\SweetPacks\tbSwee.dll.vir a variant of Win32/Toolbar.Conduit.B application
C:\AdwCleaner\Quarantine\C\Program Files\Wajam\Updater\update.exe.vir a variant of Win32/Wajam.D application
C:\AdwCleaner\Quarantine\C\Program Files\Wajam\Updater\WajamUpdaterV3.exe.vir Win32/Wajam.D application
C:\AdwCleaner\Quarantine\C\WINDOWS\system32\dmwu.exe.vir a variant of Win32/Toolbar.Perion.G application
C:\AdwCleaner\Quarantine\C\WINDOWS\system32\ARFC\wrtc.exe.vir a variant of Win32/Toolbar.Perion.G application
C:\Documents and Settings\Jeff\Desktop\javara-setup.exe Win32/DownloadAdmin.G application
C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP493\A0043689.msi multiple threats
C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP507\A0044334.old Win32/AdWare.Adpeak.B application
C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP514\A0044648.msi a variant of Win32/AdWare.Adpeak.B application
 

things seem to be better.

 

thanks



#29 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 30 December 2013 - 03:00 PM

Good.  You are correct....those entries found by ESET were either quarantined or in a restore point that will be fixed when we remove our tools.
 
Please open an elevated command prompt > Click Start and type cmd in Start Search.
When cmd.exe populates above, right click it and select Run as Administrator to open an elevated command prompt.

Copy the contents of the code box > right click in the command window and select paste

del "C:\Documents and Settings\Jeff\Desktop\javara-setup.exe"

Press Enter (you won't actually see anything happen)
Close the Command Prompt window.
 
What are your remaining malware related problems?


Posted Image
 
 

#30 vdicaprio

vdicaprio

    Authentic Member

  • Authentic Member
  • PipPip
  • 89 posts

Posted 30 December 2013 - 03:13 PM

jeff

 

I deleted the javara-setup.exe file as you recommended.

 

Everything seems to be back to "normal".  I don't  believe that there are any other malware issues.

 

Thanks


Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users