27 replies to this topic

[----------------]

Looks good!

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

• Turn off the real time scanner of any existing antivirus program while performing the online scan
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to install
• Click Start
• Make sure that the option Remove found threats is unticked
  
• Click on Advanced Settings and ensure these options are ticked:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
• Click Scan
• Wait for the scan to finish
• If any threats were found, click the 'List of found threats' , then click Export to text file....
• Save it to your desktop, then please copy and paste that log as a reply to this topic.

[say-no-2-trojans]

C:\Documents and Settings\dave\Desktop\siw-setup.exe a variant of Win32/RemoteAdmin.RemoteExec.AA potentially unsafe application
C:\Program Files\SIW\siw.exe a variant of Win32/RemoteAdmin.RemoteExec.AA potentially unsafe application
D:\Documents and Settings\All Users\Documents\Server\hlp.dat Win32/Bamital.EK trojan
D:\Program Files\Uniblue\RegistryBooster\registrybooster.exe Win32/RegistryBooster potentially unwanted application
 

[say-no-2-trojans]

Hi

What's still to do, as I am going to be away now until Tuesday - will the post stay open until then, or do I need to post a message via my mobile just to keep it open?

Thanks

[----------------]

 

D:\Documents and Settings\All Users\Documents\Server\hlp.dat

Delete this file!

 

 

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.

• Run adwcleaner.exe
• Hit Scan and wait for the scan to finish.
• Confirm the message but don´t uncheck anything.
• Hit Clean
• When the run is finished, it will open up a text file
• Please post its contents within your next reply
• You´ll find the log file at C:\AdwCleaner[S1].txt also

Delete junk with JRT

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

SecurityCheck

Reboot your system before starting!

Please download SecurityCheck: LINK1 LINK2

• Save it to your desktop, start it and follow the instructions in the window.
• After the scan finished the (checkup.txt) will open. Copy its content to your thread.

[say-no-2-trojans]

# AdwCleaner v3.214 - Report created 30/06/2014 at 22:05:35
# Updated 29/06/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Dave - 43C23ECBA36044F
# Running from : D:\Documents and Settings\Dave.43C23ECBA36044F\Desktop\adwcleaner_3.214.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : D:\Program Files\Uniblue

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{30CEEEA2-3742-40e4-85DD-812BF1CBB83D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30CEEEA2-3742-40e4-85DD-812BF1CBB83D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30CEEEA2-3742-40e4-85DD-812BF1CBB83D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30CEEEA2-3742-40e4-85DD-812BF1CBB83D}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30CEEEA2-3742-40e4-85DD-812BF1CBB83D}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : HKCU\Software\performersoft llc
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Updater Service

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

*************************

AdwCleaner[R0].txt - [3227 octets] - [30/06/2014 22:04:35]
AdwCleaner[S0].txt - [3198 octets] - [30/06/2014 22:05:35]

########## EOF - D:\AdwCleaner\AdwCleaner[S0].txt - [3258 octets] ##########

[say-no-2-trojans]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Microsoft Windows XP x86
Ran by Dave on 30/06/2014 at 22:15:34.14
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30/06/2014 at 22:22:07.37
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[say-no-2-trojans]

I'm having trouble downloading SecurityCheck: PC reporting that it is unable to copy file to folder (Desktop) and each time I try, my Internet Security reports it has quarantined a Trojan. Shall I run instead of saving or turn off Internet Security?

[----------------]

Please disable IS, download and run SecurityCheck and reenable IS.

[say-no-2-trojans]

 Results of screen317's Security Check version 0.99.85 
 Windows XP Service Pack 3 x86  
 Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Disabled! 
McAfee Anti-Virus and Anti-Spyware  
 Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300 
 Java™ 6 Update 31 
 Java version out of Date!
 Adobe Flash Player 10 Flash Player out of Date!
 Adobe Reader 10.1.10 Adobe Reader out of Date! 
````````Process Check: objlist.exe by Laurent```````` 
 Norton ccSvcHst.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive D:: 2%
````````````````````End of Log``````````````````````
 

[----------------]

Your system is clean now!

 

 

 

Java runtime Environment out of date

Your Java runtime environment is outdated. We will fix this.

• Get the actual JRE from here
• Save jxpiinstall.exe to your desktop
• Close all running programs, especially your browser(s)
• Run jxpiinstall.exe. This will download the newest JRE installer and install the software
• when finished, go to
  Start-->control panel-->add/remove programs and remove all older Java versions. (if existing)
• When finished, reboot your computer.

After the reboot

• Open control panel again and click the java symbol.
• Click Settings under Temporary Internet Files.
  The Temporary Files Settings dialog box appears.
• Click Delete Files.
  The Delete Temporary Files dialog box appears
• Click OK on Delete Temporary Files window.
• Click OK again.

 

 

 

 

Adobe Flash Player out of date

Your Adobe flash player is outdated. We will fix this.

• Get the actual player from here. Important: Uncheck any optional software (for example Google Chrome, etc.) offered.
• Click upon Start-->control panel-->add/remove programs.
• Search for and remove any older reader versions.

 

 

 

 

Adobe Reader out of date

Your Adobe Reader is outdated. We will fix this.

• Get the actual software from here. Important: Uncheck any optional software (for example Google Chrome, etc.) offered.
• Run setup and follow the instructions.
• Click upon Start-->control panel-->add/remove programs.
• Search for and remove any older reader versions.

 

 

 

 

Uninstall our tools using delfix

Please follow these steps in order:

• In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
• In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
• In any case please download delfix to your desktop.
  
  • Close all other programms and start delfix.
  • Please check all the boxes and run the tool.
  • delfix will now delete all found traces of our removal process
• If there is still something left please delete it manualy.

Delete System Restore Points

To ensure your System Restore Points are free of malware, we will delete all of them but the most recent or create a new one.

On Windows Vista: Please follow these instructions to delete all but the most common System Protection Restore Points.
On Windows 7/8: Please follow these instructions to delete all but the most common System Protection Restore Points.
On Windows XP: Please follow these instructions to delete all but the most common System Protection Restore Points.

 

 

 

 

Recommendations: How to protect yourself

• System Updates
  Please ensure to have automatic updates activated in your control panel.
  For further information and a tutorial, see this Microsoft Support article.
• Protection
  What you need is one (not more) virus scanner with background protection. Additionally I recommend a special malware scanner to run on demand weekly.
  Personally I am using avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer good protection for free.
  
  • To keep your browser free of advertising, you may install the Adblock Plus browser extension.
    It will filter unwanted advertising out of the website´s content.
  • To protect yourself from accidentally visiting malicious web sites, install the Web of Trust (WOT) browser extension.
    It will display a green (safe), yellow (unknown) or red (potentially dangerous) icon for a visited website within your browser.
    In addition, before accessing a dangerous classified web site, a warning screen is displayed.
  
  
• Up to date Software
  Keep your Windows and your third party software up to date. The easiest way to get infected is an outdated windows, followed by: browser(s) (including add-ons and plug-ins), Adobe Flash Player and Adobe Reader, Java Runtime Environment, your antivirus program and so on. These links may help you to check:
  
  • Secunia Personal Software Inspector - checks if your software has updates available.
  • SecurityCheck (by screen317) - scans your computer for most vulnerable outdated software.
  • Mozilla: Check your plugins - The webpage will tell you if you have outdated plugins running in your Firefox browser.
  
  
• Backup
  Hardware issues, malware, fire, lightning strike: There is a long list of different ways to loose all your data. Back up your files regularly. Use the windows internal backup function or a third party tool and save your data onto an external hard drive, cloud storage, optical media like CDs or DVDs or (if available) a professional network backup system.
• Behaviour
  The commonest error when using a computer is "error 80" - what means that the error is located about 80cm in front of the monitor. This is a common joke between IT support technicians but it shows that all the safety mechanisms won´t help if you aren´t careful enough.
  
  • While surfing the internet, don´t click on anything you don´t know. In the worst case, it infects your system with malware.
  • Watch your step in social networks! Many cyber criminals use them to spread malware, mine personal pata (to be sold to advertising companies, for example) or simply do damage to other users. Even if a received hyperlink within a message seems to be coming from one of your friends, have a closer look. In addition, don´t click everything.
  • When installing software, have a look to each of the setup windows and uncheck any additional toolbars or free programs that may be offered additionally. Most of today´s setup procedures contain potentially unwanted programs so keep them off your system.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
    They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.

[say-no-2-trojans]

Thank you for all your help and advice - once again you have come to my rescue

[----------------]

You´re welcome!

[----------------]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please follow the instructions here http://forums.whatth...ed_t106388.html
and start a New Topic.