Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92789 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Very slow computer with files that cannot be deleted by avast, and new


  • This topic is locked This topic is locked
21 replies to this topic

#16 Orchidtracy

Orchidtracy

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 07 September 2014 - 02:48 PM

Hello Adam,

 

I have not done anything with Java yet but I will update it now if it needs to be updated. Below are the logs:

 

Malwarebytes:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 07/09/2014
Scan Time: 19:16:36
Logfile: MBLog.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.09.07.05
Rootkit Database: v2014.08.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: tracy
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 324783
Time Elapsed: 17 min, 48 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 

ESET:
 
C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application
C:\Users\Public\Downloads\MyRidingStables2-dm.exe a variant of Win32/Adware.Trymedia.A potentially unwanted application
 
Thanks again,
 
Tracy

    Advertisements

Register to Remove


#17 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 07 September 2014 - 03:10 PM

Hi Tracy, 
 

I have not done anything with Java yet but I will update it now if it needs to be updated.

Here's some information on Java. If you do not need the programme, I suggest uninstalling. 
 
Using xzANS9oB.png.pagespeed.ic.nXxwTg2de3.png Java is an unnecessary security risk; especially using older versions which have vulnerabilities that malicious sites can use to exploit and infect your system.

Java is one of those technologies that you find installed on the majority of computer systems despite the fact that average users do not come across many Java-powered websites or desktop applications [...] According to W3Techs, only four percent of websites use Java on the server side [...] it is used by 0.2 percent of all websites on the client side. And two tenths of a percent includes sites that do not use it for their core functionality [...] there are sites and applications that require Java, and if you use any of them, you obviously need Java. But that makes you a minority. The majority of Internet users do not need Java. They do not need the Java plugin, nor do they need the Java Runtime Environment installed on their operating system.

If you choose to keep Java installed, it is paramount you keep the software updated with the latest version.
You can verify/test your Java software installation & version here.
 
 
STEP 1
F0hoanr.png.pagespeed.ce.pT25U8PuVr.png Using MSCONFIG as a Startup Manager
From your logs I can see you are using MSCONFIG as a startup manager. I would not advise this. MSCONFIG is a system configuration utility, designed to help troubleshoot and diagnose system configuration issues in Windows. From the Microsoft article relating to MSCONFIG, "The System Configuration utility helps you find problems with your Windows configuration. It does not manage the programs that run when Windows starts."
 
Whilst the programme works as a basic startup manager, MSCONFIG should not be used to routinely disable auto-start programmes. It is a temporary solution and not a good practice for the following reasons.

  • Uninstalling programmes left disabled in MSCONFIG will sometimes result in a failed uninstallation. 
  • MSCONFIG will often leave orphaned entries when software is uninstalled. When used to switch back to normal startup mode, these orphan entries can result in boot-up errors.
  • MSCONFIG allows malware-related items to hide in your registry which may not become apparent until switched back to normal startup mode - this could result in reinfection. 
  • MSCONFIG does not list all applications loaded in all possible startup locations, as some entry points are hidden and unknown to the user. 
     

For these reasons, I recommend reversing the changes made in MSCONFIG...

  • Press the Windows Key xpdKOQKY.png.pagespeed.ic.tmAgS1-k6q.png + r on your keyboard at the same time. Type msconfig and click OK.
  • If prompted for an administrator password or for confirmation, type the password, or provide confirmation.
  • In the Startup tab, click Enable All, followed by OK.
  • If prompted, click Restart.

...and installing the programme below. 
 
1Vc5ho7.png.pagespeed.ce.COxAFG6BVF.png WinPatrol is a versatile system monitoring programme (originally created by Bill Pytlovany/BillP Studios and now owned by Ruiware, LLC) that utilizes a small memory footprint and offers various features, such as:

  • Takes a snapshot of critical system resources and provides alerts if any changes occur.
  • Serves as a Startup Manager which works much better than MSCONFIG.
  • Tracks programmes that have been installed on your system and monitor the location Windows uses to store uninstall information.
  • Alerts to changes in programmes that run at startup.
  • Alerts if another programme has removed a startup programme.
  • Alerts if attempts are made to change (hijack) browser Home and Search pages in Internet Explorer.
  • Has the ability to delay the launch of a startup programmes.
  • Monitors toolbars, registry modifications, changes to file extensions and changes to the HOSTS file.

I recommend reading the documentation before installing the programme.
 
 
STEP 2
xMgeHyNE.png.pagespeed.ic.49_rDPUa_4.png Batch File

  • Press the Windows Key xpdKOQKY.png.pagespeed.ic.tmAgS1-k6q.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    @echo off
    echo Deleting files/folders...
    del /f /s /q "C:\Users\Public\Downloads\MyRidingStables2-dm.exe"
    if exist "C:\Users\Public\Downloads\MyRidingStables2-dm.exe" echo Operation failed.
    if not exist "C:\Users\Public\Downloads\MyRidingStables2-dm.exe" echo Successfully completed operation.
    pause
    del %0
  • Click Format. Ensure Wordwrap is unchecked
  • Click FileSave As and name the file batchfile.bat
  • Select All Files as the Save as type.
  • Save the file to your Desktop
  • Locate batchfile.bat xlmRDSkT.png.pagespeed.ic.UByFR5z3ld.jpg (W8/7/Vista) on your DesktopRight-click the icon and click xAVOiBNU.jpg.pagespeed.ic.H5HC6LkiJX.jpg Run as administrator.
     

STEP 3
xzANS9oB.png.pagespeed.ic.nXxwTg2de3.png Disable Java in Your Browser (if Java is still installed)
Due to frequent exploits we recommend you disable Java in your browser. For information on Java vulnerabilities, please read the following article (point #7).

  • Click the Windows Start Button x29Fou9c.jpg.pagespeed.ic.BYzVp8c_Mk.jpg and type Java Control Panel (or javacpl) in the search bar. 
  • Click on the Java Control Panel. Once opened, click the Security tab.
  • Deselect the check box for Enable Java content in the browser. This will disable the Java plug-in in the browser. 
  • Click Apply. When the Windows User Account Control (UAC) xAVOiBNU.jpg.pagespeed.ic.H5HC6LkiJX.jpg appears, allow permissions to make the changes. 
  • Click OK in the Java Plug-in confirmation window.
  • Restart your browser(s) for changes to take effect.
  • More information can be found here and here.
     

STEP 4
oxliOQk.png.pagespeed.ce.C25V2YBM3k.png Security Check

  • Please download SecurityCheck and save the file to your Desktop.
  • Double-click SecurityCheck.exe and follow the onscreen instructions inside the black box.
  • A log (checkup.txt) will automatically open on your Desktop.
  • Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 5
xpfNZP4A.png.pagespeed.ic.bp5cRl1pJg.jpg Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Did you uninstall or update Java?
  • Did the batch file run successfully?
  • checkup.txt
  • How is your computer performing? Any outstanding issues?

50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!


#18 Orchidtracy

Orchidtracy

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 09 September 2014 - 09:41 AM

Hi Adam,

 

I haven't been able to uninstall or disable Java.  I tried to delete it in the control panel but it's not listed on the uninstall list, so I tried to disable it from my browser but there was no check box in the security area of the Java control panel so for now I will update it.

 

I've downloaded WinPatrol and had a quick look at the start up list but I've not done anything with it yet.

 

All of the steps you asked me to perform appear to have run successfully.

 

Below is the report from Security Check.

 

Over all everything seems to be running faster although I've not done anything much apart from follow your instructions.

 Results of screen317's Security Check version 0.99.87  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Google Chrome 36.0.1985.143  
 Google Chrome 37.0.2062.103  
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast avastui.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 1% 
````````````````````End of Log`````````````````````` 
 
Many thanks,
 
Tracy


#19 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 09 September 2014 - 11:10 AM

Hi Tracy, 
 

I haven't been able to uninstall or disable Java.  I tried to delete it in the control panel but it's not listed on the uninstall list, so I tried to disable it from my browser but there was no check box in the security area of the Java control panel so for now I will update it.

Run JavaRa to completely remove the programme, and download/install the latest version of Java from here
 
6tJPTVb.png JavaRa

  • Please download JavaRa and save the file to your Desktop.
  • Right-click the folder and click Extract All. Follow the prompts. 
  • Close any open windows. 
  • Right-Click JavaRa.exe and select Run as administrator to run the programme.
  • Select your language and click Select.
  • Once opened, click Remove Older Versions.
  • Click Yes when prompted. Upon completion, click OK.
  • Please reboot your computer. 
     

I've downloaded WinPatrol and had a quick look at the start up list but I've not done anything with it yet.

Have a read of the documentation so you understand how to use the programme.
 

All of the steps you asked me to perform appear to have run successfully.

Very good.
 

All Clean!
Congratulations, your computer appears clean!  xsmile.png.pagespeed.ic.CwSpBGGvqN.png
I no longer see signs of malware on your computer, and feel satisfied that our work here is done. The steps below will remove the tools we have used, and reset any settings changed. I have also provided a list of resources and tools that you may find useful
 
My help will always be free. But if you are happy with the help provided, and would like to support my fight against malware and/or buy me a beer, please consider a donation. YSCcjW7.png.pagespeed.ce.vPjGp_AkW3.png
 

 

STEP 1
xAFZxnZc.jpg.pagespeed.ic.8db6OVtjOI.png DelFix

  • Please download DelFix and save the file to your Desktop.
  • Double-click DelFix.exe to run the programme.
  • Place a checkmark next to the following items:
    • Activate UAC
    • Remove disinfection tools
    • Create registry backup
    • Purge system restore
    • Reset system settings
  • Click the Run button.

-- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).
 
--- Malwarebytes Anti-Malware will still be present on your computer. I recommend keeping this programme, updating and scanning with it once a week to maintain security on your computer. If you do not wish to keep this programme on your computer, you can uninstall it by pressing the Windows Key xpdKOQKY.png.pagespeed.ic.tmAgS1-k6q.png + r on your keyboard at the same time, typing appwiz.cpl, clicking OK and searching for Malwarebytes.
 
======================================================
 
Below I have compiled a list of resources you may find useful. The articles document information on computer security, common infection vectors and how you can stay safe on the Internet.

The following programmes come highly recommended in the security community.

  • xKsUqI5A.png.pagespeed.ic.vn1Hlvqi8h.jpg AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.
  • x7D2ig3K.png.pagespeed.ic.x4TC1AK8OX.jpg Emsisoft Antimalware (free) acts as an additional on-demand scanner, and can be used in conjunction with your Anti-Virus. 
  • xEG85Vjt.png.pagespeed.ic.3itacBrobj.jpg Malwarebytes Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
  • x6YRrgUC.png.pagespeed.ic.HjgFxjvw2Z.jpg Malwarebytes Anti-Malware Premium (MBAM) incorporates real-time protection and is designed to run alongside your Anti-Virus. 
  • xjv4nhMJ.png.pagespeed.ic.A5YbWn1eDO.png NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology. 
  • 3O8r9Uq.png.pagespeed.ce.0ubSznu3ZV.png Sandboxie isolates programmes of your choice, preventing files from writing to your HDD unless you approve the file. 
  • DgW1XL2.png.pagespeed.ce.v1OlJl_ZAS.png Secuina PSI will scan your computer for vulnerable software that is outdatedand automatically find the latest update for you.
  • xj1OLIec.png.pagespeed.ic.k6hhwopU0q.jpg SpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
  • xsHjS79L.png.pagespeed.ic.n4Sk8_GzZn.jpg Unchecky automatically removes checkmarks for additional software in programme installers, helping you avoid adware and PUPs. 
  • xJEP5iWI.png.pagespeed.ic.4tmM1lM7DQ.png Web of Trust (WOT) is a browser add-on designed to alert the user before interacting with a potentially malicious website. 
     

Need a second opinion on a file or website? Scan the file/URL before clicking by using one of the following free online scanner services.

-- Please feel free to ask if you have any questions or concerns on computer security or the programmes above.
 
======================================================
 
Please confirm you have no outstanding issues, and are happy with the state of your computer. Once I have confirmation things are in order, we can wrap things up and I will close this thread. 
 
Thank you for using WhatTheTech.
 
Safe Surfing.  xthumbup.gif.pagespeed.ic.7aXFW0A4z_.png
Adam (LiquidTension).


50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!


#20 Orchidtracy

Orchidtracy

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 09 September 2014 - 12:59 PM

Hi Adam,

 

Thank you for your quick reply.  I've followed the instructions regarding Java so that is solved.  I've deleted the tools and I did read the information regarding WinPatrol before downloading and have since stopped 10 things from starting up ie iTunes help, iCloud etc.

 

Thank you so much again.  I have no further issues.

 

All the best Tracy



#21 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 09 September 2014 - 01:06 PM

Brilliant, I'm pleased to hear that. :)

All the best to you too.
Adam

50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!


#22 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 09 September 2014 - 01:06 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. <br /><br />If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.<br /><br />Everyone else please follow the instructions here http://forums.whatth...ed_t106388.html<br />and start a New Topic.<br /><br />

50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users