35 replies to this topic

[LiquidTension]

Very good. 

Lets update your vulnerable software to reduce the risk of reinfection. 

 

STEP 1
 Update Outdated Software
Outdated software contain security risks that must be patched. Please download and install the latest version of the programmes below.

•  Adobe Flash Player (Uncheck the "Optional Offer")
•  Adobe Reader (Uncheck the "Optional Offer")
•  Google Chrome
•  Mozilla Firefox
•  Follow these instructions to check for and download the latest Windows Updates.
   

STEP 2
 Remove Outdated Software

• Press the Windows Key  + r on your keyboard at the same time. Type appwiz.cpl and click OK.
• Search for the following programmes, right-click and click Uninstall one at a time.
• Note: The programmes below may not be present. If this is the case, please skip to the next step.
  • Adobe Flash Player 10 ActiveX
  • Adobe Flash Player 10 Plugin
  • Adobe Reader 7.0 
  • Java™ SE Runtime Environment 6
• Follow the prompts, and reboot if necessary.
   

STEP 3
 Disable Java in Your Browser
Due to frequent exploits we recommend you disable Java in your browser.
For information on Java vulnerabilities, please read the following article (point #7).

• Click the Windows Start Button  and type Java Control Panel (or javacpl) in the search bar. 
• Click on the Java Control Panel. Once opened, click the Security tab.
• Deselect the check box for Enable Java content in the browser. This will disable the Java plug-in in the browser. 
• Click Apply. When the  Windows User Account Control (UAC) appears, allow permissions to make the changes. 
• Click OK in the Java Plug-in confirmation window.
• Restart your browser(s) for changes to take effect.
• More information can be found here and here.
   

STEP 4
 Security Check

• Please download SecurityCheck and save the file to your Desktop.
• Double-click SecurityCheck.exe and follow the onscreen instructions inside the black box.
• A log (checkup.txt) will automatically open on your Desktop.
• Copy the contents of the log and paste in your next reply.
   

======================================================
 
STEP 5
 Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

• checkup.txt

[elmkd]

Hello:

Thank you again for your patient assistance with this problem. Now that the desktop has been restored and the virus/ rootkit removed, the laptop is no longer available to me. Please go ahead and close this thread. I will perform the updates as soon as the laptop is returned to me. I know that this is not an ideal resolution, as you are not able to verify that the laptop is protected to the best standard, but this aspect is out of my control. If you have further instructions, please post them before closing the thread, and I will complete them. I am also mindful that a full re-install of windows is the best way to ensure that the OS can be trusted.

 

Thank you again for your help with this. All the best.

Regards,

Elmkd.

[LiquidTension]

Hello Elmkd, 

 

You're more than welcome. 

The following is what I post once I have confirmation all is in order. 

 

Please post once more confirming you are happy for me to close the topic. 

 

All Clean!
Congratulations, your computer appears clean!  
I no longer see signs of malware on your computer, and feel satisfied that our work here is done. The steps below will remove the tools we have used, and reset any settings changed. I have also provided a list of resources and tools that you may find useful. 
 
My help will always be free. But if you are happy with the help provided, and would like to support my fight against malware and/or buy me a beer, please consider a donation. 
 

 

STEP 1
 DelFix

• Please download DelFix and save the file to your Desktop.
• Double-click DelFix.exe to run the programme.
• Place a checkmark next to the following items:
  • Activate UAC
  • Remove disinfection tools
  • Create registry backup
  • Purge system restore
  • Reset system settings
• Click the Run button.

-- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).
 
--- Malwarebytes Anti-Malware will still be present on your computer. I recommend keeping this programme, updating and scanning with it once a week to maintain security on your computer. If you do not wish to keep this programme on your computer, you can uninstall it by pressing the Windows Key  + r on your keyboard at the same time, typing appwiz.cpl, clicking OK and searching for Malwarebytes.
 
======================================================
 
Below I have compiled a list of resources you may find useful. The articles document information on computer security, common infection vectors and how you can stay safe on the Internet.

• Answers to common security questions - Best Practices by quietman7, MVP
• How Malware Spreads - How did I get infected? by quietman7, MVP
• Simple and easy ways to keep your computer safe and secure on the Internet by Lawrence Abrams, MVP
• How to Prevent Malware by miekiemoes, MVP
• How to backup and restore your data using Cobian Backup by YourHighness
• Slow Computer/browser? It May Not Be Malware by quietman7, MVP
   

The following programmes come highly recommended in the security community.

•  AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.
•  Emsisoft Antimalware (free) acts as an additional on-demand scanner, and can be used in conjunction with your Anti-Virus. 
•  Malwarebytes Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
•  Malwarebytes Anti-Malware Premium (MBAM) incorporates real-time protection and is designed to run alongside your Anti-Virus. 
•  NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology. 
•  Sandboxie isolates programmes of your choice, preventing files from writing to your HDD unless you approve the file. 
•  Secuina PSI will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you.
•  SpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
•  Unchecky automatically removes checkmarks for additional software in programme installers, helping you avoid adware and PUPs. 
•  Web of Trust (WOT) is a browser add-on designed to alert the user before interacting with a potentially malicious website. 
   

Need a second opinion on a file or website? Scan the file/URL before clicking by using one of the following free online scanner services.

•  VirusTotal (File & URL)
•  Jotti's Malware Scan (File)
•  Dr.Web Online Check (URL)
•  Trend Micro Site Safety Center (URL)
•  Norton Safe Web (URL)

-- Please feel free to ask if you have any questions or concerns on computer security or the programmes above.
 
======================================================
 
Please confirm you have no outstanding issues, and are happy with the state of your computer. Once I have confirmation things are in order, we can wrap things up and I will close this thread. 
 
Thank you for using What The Tech.
 
Safe Surfing.  
Adam (LiquidTension).

[elmkd]

All the best to you. I am happy for you to close this thread.

Once again, thank you for your patience and diligence in assisting me with this problem.

Best regards,

Elmkd.

[LiquidTension]

You are more than welcome.

Adam

[LiquidTension]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. <br /><br />If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.<br /><br />Everyone else please follow the instructions here http://forums.whatth...ed_t106388.html<br />and start a New Topic.<br /><br />