Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92789 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Japanese popup mshta.exe problem [Solved]


  • This topic is locked This topic is locked
45 replies to this topic

#31 windinmyhair

windinmyhair

    Authentic Member

  • Authentic Member
  • PipPip
  • 30 posts

Posted 14 November 2014 - 09:09 PM

screen shot attached

 

maps.jpg


    Advertisements

Register to Remove


#32 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,745 posts
  • Interests:LFC, music, more LFC, more music

Posted 15 November 2014 - 02:44 AM

I think the Google maps problem maybe a Google thing; it is not malware-related.

That’s looking fine apart from the Google Chrome home page issue. Did you reset the home page as I instructed? We may need to uninstall/re-install Chrome.


Multiple antiviruses

You have Avast and Microsoft Security Essential (MSE) antivirus programs installed.

You can not run two real-time antiviruses at the same time. Although many have different methods of searching for and recognising threats, they will all be 'fighting' in memory to kick each other out, rendering them all ineffective.

I would suggest you uninstall MSE as it is already disabled but it is your choice.

  • click Start, Control Panel, Programs and Features
  • scroll down the list click on either Avast or MSE and then on Remove
  • do the same for Eset

==================================================

Run Security Check

Download Security Check by screen317 from here or here.

  • save it to your Desktop.
  • double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • a Notepad document should open automatically called checkup.txt; please post the contents of that document.

Logs to include with the next post:

checkup.txt

Can you also remember to tell me if you reset your Chrome home page.

Satchfan

 


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#33 windinmyhair

windinmyhair

    Authentic Member

  • Authentic Member
  • PipPip
  • 30 posts

Posted 15 November 2014 - 08:18 PM

I removed MSE

I did reset chrome

 

 Results of screen317's Security Check version 0.99.89  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Spybot - Search & Destroy 
 Java 7 Update 71  
 Java version out of Date! 
 Adobe Flash Player 15.0.0.223  
 Adobe Reader XI  
 Mozilla Firefox 31.0 Firefox out of Date!  
 Google Chrome 38.0.2125.122  
````````Process Check: objlist.exe by Laurent````````  
 Spybot Teatimer.exe is disabled! 
 system avast AvastSvc.exe  
 system avast avastui.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log`````````````````````` 


#34 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,745 posts
  • Interests:LFC, music, more LFC, more music

Posted 16 November 2014 - 02:54 AM

All seems pretty good but I'd like you to run an online scan to make sure everything has gone before we tidy up.

 

===================================================

Run ESET Online Scan

IMPORTANT Please make sure you uncheck the box next to Remove found threats. Eset will detect anything that looks even slightly suspicious, which could include legitimate program files. If you do not uncheck the box, Eset will automatically remove all suspicious files which could leave some of your software inoperable.

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your currently installed Anti-Virus, how to do so can be read here.

Hold down Control and click on the following link to open ESET OnlineScan in a new window.

ESET OnlineScan

  • click the Eset online Scanner button
  • for alternate browsers only: (Microsoft Internet Explorer users can skip these steps)


    o    click on esetinstaller.exe to download the ESET Smart Installer. Save it to your desktop.
    o    double click on the Eset installer icon on your desktop.
     

  • check Yes, I accept the Terms of Use
  • click the Start button
  • accept any security warnings from your browser
  • check Scan archives and Remove found threats
  • click Advanced settings and select the following:


    o    Scan potentially unwanted applications
    o    Scan for potentially unsafe applications
    o    Enable Anti-Stealth technology
     

  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • when the scan completes, push List of found threats
  • push Export to Text file and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.



    Note - if ESET doesn't find any threats, no report will be created.
     

  • push the back button.
  • push Finish

When the scan is complete:

If no threats were found:


o    put a checkmark in "Uninstall application on close"
o    close program
o    report to me that nothing was found

If threats were found:



o    click on "list of threats found"
o    click on "export to text file" and save it as ESET results and save to the desktop
o    Click on back
o    put a checkmark in "Uninstall application on close"
o    click on finish
o    close program
o    copy and paste the report here

Thanks

Satchfan

 

 


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#35 windinmyhair

windinmyhair

    Authentic Member

  • Authentic Member
  • PipPip
  • 30 posts

Posted 17 November 2014 - 02:06 AM

C:\Users\All Users\Microsoft\Crypto\RSA64\rsa64.dll a variant of Win64/Sathurbot.A trojan
C:\AdwCleaner\Quarantine\C\ProgramData\apn\APN-Stub\W3IV6-G\APNIC.7z.vir Win32/Bundled.Toolbar.Ask.B potentially unsafe application deleted - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\apn\APN-Stub\W3IV6-G\APNIC.dll.vir Win32/Bundled.Toolbar.Ask.B potentially unsafe application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Atsuko\AppData\Local\Google\Chrome\User Data\Default\Extensions\fchgjmkghncifafchhpflplcadbmlcgg\10.31.4.510_0\APISupport\APISupport.dll.vir a variant of Win32/Conduit.SearchProtect.P potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Atsuko\AppData\Local\Google\Chrome\User Data\Default\Extensions\fchgjmkghncifafchhpflplcadbmlcgg\10.31.4.510_0\nativeMessaging\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Atsuko\AppData\Local\Google\Chrome\User Data\Default\Extensions\fchgjmkghncifafchhpflplcadbmlcgg\10.31.4.510_0\plugins\ChromeApiPlugin.dll.vir a variant of Win32/Conduit.SearchProtect.N potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Atsuko\AppData\Roaming\0F1F1C2Y1H1P1C0I0T\Pdfcreator Packages\uninstaller.exe.vir Win32/InstallCore.AZ potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Atsuko\AppData\Roaming\1H1Q\Aff Packages\uninstaller.exe.vir Win32/InstallCore.AZ potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Atsuko\AppData\Roaming\SpeedAnalysis3\install_helper.exe.vir Win32/bProtector.H potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Atsuko\AppData\Roaming\zulagames\install_helper.exe.vir Win32/bProtector.H potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir a variant of Win64/Systweak.A potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Users\Atsuko\AppData\Local\CRE\fchgjmkghncifafchhpflplcadbmlcgg.crx.xBAD a variant of Win32/Toolbar.Conduit.AH potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Windows\System32\drivers\{5906ab0f-5417-45a6-a4f5-8bc38ae936d5}Gw64.sys.xBAD a variant of Win64/BrowseFox.AM potentially unwanted application deleted - quarantined
C:\Program Files (x86)\MULTIMEDIA\FormatFactory\FFModules\Package\Ask\AskPIP_FF_.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application deleted - quarantined
C:\Program Files (x86)\PDF Creator\message.exe a variant of Win32/InstallCore.A potentially unwanted application deleted - quarantined
C:\ProgramData\Microsoft\Crypto\RSA64\rsa64.dll a variant of Win64/Sathurbot.A trojan cleaned by deleting - quarantined
C:\Users\Atsuko\Documents\Atsuko's stuff\Personal\Babylon9_setup.exe a variant of Win32/Toolbar.Babylon.A potentially unwanted application deleted - quarantined
C:\Users\Atsuko\Downloads\CCleaner setup404.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\Atsuko\Downloads\ImageEditorSetup.exe a variant of Win32/InstallCore.PO potentially unwanted application deleted - quarantined
C:\Users\Atsuko\Downloads\pdfcreator [1].exe Win32/InstallMonetizer.AQ potentially unwanted application deleted - quarantined
C:\Users\Atsuko\Downloads\PdfReaderSetup.exe a variant of Win32/InstallCore.RA potentially unwanted application deleted - quarantined
C:\Users\Atsuko\Downloads\WinZip175.exe a variant of Win32/OpenInstall potentially unwanted application deleted - quarantined


#36 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,745 posts
  • Interests:LFC, music, more LFC, more music

Posted 17 November 2014 - 04:07 AM

Please copy all text in the code box below and paste it into Notepad:
 

@echo off
del /f /s /q "C:\Users\All Users\Microsoft\Crypto\RSA64\rsa64.dll”
del %0
  • save the Notepad file to your desktop and name it delfiles.bat
  • save type as "All Files"
  • on your desktop, double-click on delfiles.bat to run it, (a black CMD window will flash, then disappear - this is normal).

 

Are there any remaining problems?

 

Satchfan


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#37 windinmyhair

windinmyhair

    Authentic Member

  • Authentic Member
  • PipPip
  • 30 posts

Posted 17 November 2014 - 07:18 AM

All done! Satchfan

 

No problems that im aware of except the google map printing.....still trying to sus that out

 

Thanks a lot for your help



#38 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,745 posts
  • Interests:LFC, music, more LFC, more music

Posted 17 November 2014 - 09:26 AM

Try reading this article about printing Google maps.

 

I'll send instructions to tidy up shortly.


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#39 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,745 posts
  • Interests:LFC, music, more LFC, more music

Posted 17 November 2014 - 09:51 AM

Your computer appears to be clean.

Now that you’re free from malware, as long as your computer seems to be running well, please follow these simple steps to tidy up you computer and decrease the likelihood of getting infected again:


Uninstall AdwCleaner

  • double click on adwcleaner.exe to run the tool
  • click on Uninstall
  • confirm with Yes.

You can delete all other logs and programs we’ve used that are on your desktop. Just click on them and press Delete.

===================================================

Download & run Delfix

  • download Delfix from here to remove many of the tools we've used during the cleaning process.
  • ensure “Remove disinfection tools” is checked.

Also place a checkmark next to:


o    Create registry backup
o    Purge system restore


  • click the Run button.

You can delete all other logs and programs we’ve used that are on your desktop. Just click on them and press Delete.

===================================================

Update Java

Your version of Java is out-of-date and need to be removed and updated.

  • click Start, Control Panel, Programs and Features
  • click on Java 7 Update 71, and then Uninstall
  • do the same for Eset Online Scanner.

If you are prompted for an administrator password or confirmation, type the password or provide confirmation.

Install the latest version of Java:

Java

NOTE – when you install Java, before clicking on Install, be sure to Uncheck “Install the Ask Toolbar and make Ask my default search provider”

Java.gif

Even though I just had you get the latest version of Java, there is a vulnerability with regards to Java and web browsers. Therefore, we recommend to disable java in web browsers.

More information can be found here.

===================================================

Re-enable Spybot - Search and Destroy’s TeaTimer

  • open Spybot Search & Destroy
  • go to the Mode menu and make sure Advanced Mode is selected
  • choose Yes at the Warning prompt
  • expand the “Tools” menu
  • click Resident
  • check the Resident TeaTimer (Protection of overall system settings) active. box
  • in the File menu click Exit to exit Spybot Search & Destroy
  • if Teatimer gives you a warning that changes were made, click Allow Change when prompted.
    exit Spybot S&D.

Remember to scan your computer with the program on a regular basis as you would with your anti-virus software.

===================================================

Update and run Malwarebytes. This really is an excellent program that you should also update and run on a regular basis, probably weekly.

===================================================

It’s important to keep programs up to date so that malware doesn't exploit any old security flaws.

FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated.

===================================================

MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

A couple of links with information here and here which can answer any questions you might have about installing/using it.

===================================================

Unchecky

Be careful when downloading free software. Many free programs come bundled with adware, many of which cause redirects/popups and verge on being malware. There is a program that automatically “unckecks” the boxes you may not notice when downloading programs.

Download and install Unchecky .


I also recommend that you read the following:

How to prevent malware by miekiemoes

Help! My computer is slow! by miekiemoes

Simple and easy ways to keep your computer safe and secure on the Internet  by Lawrence Abrams

I will keep this open for 24 hours in case you have any problems, after which I’ll close the topic.

Safe computing

Satchfan

 


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#40 windinmyhair

windinmyhair

    Authentic Member

  • Authentic Member
  • PipPip
  • 30 posts

Posted 18 November 2014 - 12:22 AM

Gday Satchfan

thanks for all your help!

After all that do you think my computer was affected by the infection?

 

Anyway ive done all the last steps except i JAVA only runs in IE and chrome it comes up with message"Java™ is required to display some elements on this page and

shows install button but its already installed and enabled in settings.....

 

any ideas?


    Advertisements

Register to Remove


#41 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,745 posts
  • Interests:LFC, music, more LFC, more music

Posted 18 November 2014 - 02:15 AM

Java also works with Firefox. It could be your version of Java. You can test it by going here.

Also, see this article on How do I use Java with the Google Chrome browser?

Just out of curiosity, how did the map-printing go?


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#42 windinmyhair

windinmyhair

    Authentic Member

  • Authentic Member
  • PipPip
  • 30 posts

Posted 18 November 2014 - 03:10 AM

map printing is still not working.....

Ill try and look into the java now! Has the java got anthing to do with map printing?

 

I appreciate all the help

regards lee



#43 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,745 posts
  • Interests:LFC, music, more LFC, more music

Posted 18 November 2014 - 09:50 AM

Has the java got anthing to do with map printing?

No.

 

Your operating system is Windows 7 Ultimate edition which means that you have "Snipping Tool" available to you. Your best option, (as Google maps don't print well even when not black ;) ), is to use the Snipping Tool to take a screen capture of the map and then you can paste it into your Corel Graphics program, (or Paint/MS Word), then print it out.

 

There is a video showing you how to use it if you don't know how. You can find it here.

 

Good luck.


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#44 windinmyhair

windinmyhair

    Authentic Member

  • Authentic Member
  • PipPip
  • 30 posts

Posted 18 November 2014 - 10:08 AM

thanks Satchfan

 

i guess youll be on your way now.....

 

thank you very much



#45 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,745 posts
  • Interests:LFC, music, more LFC, more music

Posted 18 November 2014 - 02:37 PM

You're welcome windinmyhair

 

I'll close this now.

 

If you continue to have a problem with Google maps, please start a topic at our Browsers, Internet and email forum and I'm sure they'll be able to help.

 

Take care

 

Satchfan


  • windinmyhair likes this

NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users