21 replies to this topic

[Orchidtracy]

Hello Adam,

 

I have not done anything with Java yet but I will update it now if it needs to be updated. Below are the logs:

 

Malwarebytes:

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 07/09/2014

Scan Time: 19:16:36

Logfile: MBLog.txt

Administrator: Yes

 

Version: 2.00.2.1012

Malware Database: v2014.09.07.05

Rootkit Database: v2014.08.21.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: tracy

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 324783

Time Elapsed: 17 min, 48 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Warn

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

ESET:

 

C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application

C:\Users\Public\Downloads\MyRidingStables2-dm.exe a variant of Win32/Adware.Trymedia.A potentially unwanted application

 

Thanks again,

 

Tracy

[LiquidTension]

Hi Tracy, 
 

I have not done anything with Java yet but I will update it now if it needs to be updated.

Here's some information on Java. If you do not need the programme, I suggest uninstalling. 
 
Using  Java is an unnecessary security risk; especially using older versions which have vulnerabilities that malicious sites can use to exploit and infect your system.

• Kaspersky Lab report: Evaluating the threat level of software vulnerabilities
• Microsoft: Unprecedented Wave of Java Exploitation
• Ghosts of Java Haunt Users
• Microsoft: Unprecedented Wave of Java Exploitation
• Drive-by Trojan preying on out-of-date Java installations
• Ghosts of Java Haunt Users
• Hole in Patch Process

Java is one of those technologies that you find installed on the majority of computer systems despite the fact that average users do not come across many Java-powered websites or desktop applications [...] According to W3Techs, only four percent of websites use Java on the server side [...] it is used by 0.2 percent of all websites on the client side. And two tenths of a percent includes sites that do not use it for their core functionality [...] there are sites and applications that require Java, and if you use any of them, you obviously need Java. But that makes you a minority. The majority of Internet users do not need Java. They do not need the Java plugin, nor do they need the Java Runtime Environment installed on their operating system.

• You don't need Java
• W3Techs usage statistics and market share data of Java on the web
• Java: Should you remove it?
   

If you choose to keep Java installed, it is paramount you keep the software updated with the latest version.
You can verify/test your Java software installation & version here.
 
 
STEP 1
 Using MSCONFIG as a Startup Manager
From your logs I can see you are using MSCONFIG as a startup manager. I would not advise this. MSCONFIG is a system configuration utility, designed to help troubleshoot and diagnose system configuration issues in Windows. From the Microsoft article relating to MSCONFIG, "The System Configuration utility helps you find problems with your Windows configuration. It does not manage the programs that run when Windows starts."
 
Whilst the programme works as a basic startup manager, MSCONFIG should not be used to routinely disable auto-start programmes. It is a temporary solution and not a good practice for the following reasons.

• Uninstalling programmes left disabled in MSCONFIG will sometimes result in a failed uninstallation. 
• MSCONFIG will often leave orphaned entries when software is uninstalled. When used to switch back to normal startup mode, these orphan entries can result in boot-up errors.
• MSCONFIG allows malware-related items to hide in your registry which may not become apparent until switched back to normal startup mode - this could result in reinfection. 
• MSCONFIG does not list all applications loaded in all possible startup locations, as some entry points are hidden and unknown to the user. 
   

For these reasons, I recommend reversing the changes made in MSCONFIG...

• Press the Windows Key  + r on your keyboard at the same time. Type msconfig and click OK.
• If prompted for an administrator password or for confirmation, type the password, or provide confirmation.
• In the Startup tab, click Enable All, followed by OK.
• If prompted, click Restart.

...and installing the programme below. 
 
 WinPatrol is a versatile system monitoring programme (originally created by Bill Pytlovany/BillP Studios and now owned by Ruiware, LLC) that utilizes a small memory footprint and offers various features, such as:

• Takes a snapshot of critical system resources and provides alerts if any changes occur.
• Serves as a Startup Manager which works much better than MSCONFIG.
• Tracks programmes that have been installed on your system and monitor the location Windows uses to store uninstall information.
• Alerts to changes in programmes that run at startup.
• Alerts if another programme has removed a startup programme.
• Alerts if attempts are made to change (hijack) browser Home and Search pages in Internet Explorer.
• Has the ability to delay the launch of a startup programmes.
• Monitors toolbars, registry modifications, changes to file extensions and changes to the HOSTS file.

I recommend reading the documentation before installing the programme.
 
 
STEP 2
 Batch File

• Press the Windows Key  + r on your keyboard at the same time. Type Notepad and click OK.
• Copy the entire contents of the codebox below and paste into the Notepad document.
  

  @echo off
  echo Deleting files/folders...
  del /f /s /q "C:\Users\Public\Downloads\MyRidingStables2-dm.exe"
  if exist "C:\Users\Public\Downloads\MyRidingStables2-dm.exe" echo Operation failed.
  if not exist "C:\Users\Public\Downloads\MyRidingStables2-dm.exe" echo Successfully completed operation.
  pause
  del %0

• Click Format. Ensure Wordwrap is unchecked. 
• Click File, Save As and name the file batchfile.bat. 
• Select All Files as the Save as type.
• Save the file to your Desktop. 
• Locate batchfile.bat  (W8/7/Vista) on your Desktop. Right-click the icon and click  Run as administrator.
   

STEP 3
 Disable Java in Your Browser (if Java is still installed)
Due to frequent exploits we recommend you disable Java in your browser. For information on Java vulnerabilities, please read the following article (point #7).

• Click the Windows Start Button  and type Java Control Panel (or javacpl) in the search bar. 
• Click on the Java Control Panel. Once opened, click the Security tab.
• Deselect the check box for Enable Java content in the browser. This will disable the Java plug-in in the browser. 
• Click Apply. When the Windows User Account Control (UAC)  appears, allow permissions to make the changes. 
• Click OK in the Java Plug-in confirmation window.
• Restart your browser(s) for changes to take effect.
• More information can be found here and here.
   

STEP 4
 Security Check

• Please download SecurityCheck and save the file to your Desktop.
• Double-click SecurityCheck.exe and follow the onscreen instructions inside the black box.
• A log (checkup.txt) will automatically open on your Desktop.
• Copy the contents of the log and paste in your next reply.
   

======================================================
 
STEP 5
 Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

• Did you uninstall or update Java?
• Did the batch file run successfully?
• checkup.txt
• How is your computer performing? Any outstanding issues?

[Orchidtracy]

Hi Adam,

 

I haven't been able to uninstall or disable Java.  I tried to delete it in the control panel but it's not listed on the uninstall list, so I tried to disable it from my browser but there was no check box in the security area of the Java control panel so for now I will update it.

 

I've downloaded WinPatrol and had a quick look at the start up list but I've not done anything with it yet.

 

All of the steps you asked me to perform appear to have run successfully.

 

Below is the report from Security Check.

 

Over all everything seems to be running faster although I've not done anything much apart from follow your instructions.

 Results of screen317's Security Check version 0.99.87  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  

 Internet Explorer 11  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

avast! Antivirus   

 Antivirus up to date!   

`````````Anti-malware/Other Utilities Check:````````` 

 Google Chrome 36.0.1985.143  

 Google Chrome 37.0.2062.103  

````````Process Check: objlist.exe by Laurent````````  

 AVAST Software Avast AvastSvc.exe  

 AVAST Software Avast avastui.exe  

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C: 1% 

````````````````````End of Log`````````````````````` 

 

Many thanks,

 

Tracy

[LiquidTension]

Hi Tracy, 
 

I haven't been able to uninstall or disable Java.  I tried to delete it in the control panel but it's not listed on the uninstall list, so I tried to disable it from my browser but there was no check box in the security area of the Java control panel so for now I will update it.

Run JavaRa to completely remove the programme, and download/install the latest version of Java from here. 
 
 JavaRa

• Please download JavaRa and save the file to your Desktop.
• Right-click the folder and click Extract All. Follow the prompts. 
• Close any open windows. 
• Right-Click JavaRa.exe and select Run as administrator to run the programme.
• Select your language and click Select.
• Once opened, click Remove Older Versions.
• Click Yes when prompted. Upon completion, click OK.
• Please reboot your computer. 
   

I've downloaded WinPatrol and had a quick look at the start up list but I've not done anything with it yet.

Have a read of the documentation so you understand how to use the programme.
 

All of the steps you asked me to perform appear to have run successfully.

Very good.
 

All Clean!
Congratulations, your computer appears clean!  
I no longer see signs of malware on your computer, and feel satisfied that our work here is done. The steps below will remove the tools we have used, and reset any settings changed. I have also provided a list of resources and tools that you may find useful. 
 
My help will always be free. But if you are happy with the help provided, and would like to support my fight against malware and/or buy me a beer, please consider a donation. 
 

 

STEP 1
 DelFix

• Please download DelFix and save the file to your Desktop.
• Double-click DelFix.exe to run the programme.
• Place a checkmark next to the following items:
  • Activate UAC
  • Remove disinfection tools
  • Create registry backup
  • Purge system restore
  • Reset system settings
• Click the Run button.

-- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).
 
--- Malwarebytes Anti-Malware will still be present on your computer. I recommend keeping this programme, updating and scanning with it once a week to maintain security on your computer. If you do not wish to keep this programme on your computer, you can uninstall it by pressing the Windows Key  + r on your keyboard at the same time, typing appwiz.cpl, clicking OK and searching for Malwarebytes.
 
======================================================
 
Below I have compiled a list of resources you may find useful. The articles document information on computer security, common infection vectors and how you can stay safe on the Internet.

• Answers to common security questions - Best Practices by quietman7, MVP
• How Malware Spreads - How did I get infected? by quietman7, MVP
• Simple and easy ways to keep your computer safe and secure on the Internet by Lawrence Abrams, MVP
• How to Prevent Malware by miekiemoes, MVP
• How to backup and restore your data using Cobian Backup by YourHighness
• Slow Computer/browser? It May Not Be Malware by quietman7, MVP
   

The following programmes come highly recommended in the security community.

•  AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.
•  Emsisoft Antimalware (free) acts as an additional on-demand scanner, and can be used in conjunction with your Anti-Virus. 
•  Malwarebytes Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
•  Malwarebytes Anti-Malware Premium (MBAM) incorporates real-time protection and is designed to run alongside your Anti-Virus. 
•  NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology. 
•  Sandboxie isolates programmes of your choice, preventing files from writing to your HDD unless you approve the file. 
•  Secuina PSI will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you.
•  SpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
•  Unchecky automatically removes checkmarks for additional software in programme installers, helping you avoid adware and PUPs. 
•  Web of Trust (WOT) is a browser add-on designed to alert the user before interacting with a potentially malicious website. 
   

Need a second opinion on a file or website? Scan the file/URL before clicking by using one of the following free online scanner services.

•  VirusTotal (File & URL)
•  Jotti's Malware Scan (File)
•  Dr.Web Online Check (URL)
•  Norton Safe Web (URL)

-- Please feel free to ask if you have any questions or concerns on computer security or the programmes above.
 
======================================================
 
Please confirm you have no outstanding issues, and are happy with the state of your computer. Once I have confirmation things are in order, we can wrap things up and I will close this thread. 
 
Thank you for using WhatTheTech.
 
Safe Surfing.  
Adam (LiquidTension).

[Orchidtracy]

Hi Adam,

 

Thank you for your quick reply.  I've followed the instructions regarding Java so that is solved.  I've deleted the tools and I did read the information regarding WinPatrol before downloading and have since stopped 10 things from starting up ie iTunes help, iCloud etc.

 

Thank you so much again.  I have no further issues.

 

All the best Tracy

[LiquidTension]

Brilliant, I'm pleased to hear that.

All the best to you too.
Adam

[LiquidTension]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. <br /><br />If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.<br /><br />Everyone else please follow the instructions here http://forums.whatth...ed_t106388.html<br />and start a New Topic.<br /><br />