ISP is Mediacom Cable.
New (used computer), infected [Closed]
#16
Posted 13 December 2014 - 10:21 PM
Register to Remove
#17
Posted 13 December 2014 - 10:33 PM
Okay, thank you.
Please do the following.
Let me know how the computer is performing afterwards.
STEP 1
RogueKiller Fix
- Close any running programmes.
- Right-Click RogueKiller.exe and select Run as administrator to run the programme.
- Allow the Prescan to complete.
- A browser window may open. Close the browser window.
- Click .
- Upon completion, do the following:
- Click and place a checkmark next to the following items. Ensure any other items are unchecked.
- [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 97.64.183.164 97.64.209.37 [(Unknown Country?) (XX)][(Unknown Country?) (XX)] -> Found
- [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 97.64.183.164 97.64.209.37 [(Unknown Country?) (XX)][(Unknown Country?) (XX)] -> Found
- [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 97.64.183.164 97.64.209.37 [(Unknown Country?) (XX)][(Unknown Country?) (XX)] -> Found
- [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C3899F35-22AA-4ECC-A690-A634B3D89B8E} | DhcpNameServer : 97.64.183.164 97.64.209.37 [(Unknown Country?) (XX)][(Unknown Country?) (XX)] -> Found
- [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{C3899F35-22AA-4ECC-A690-A634B3D89B8E} | DhcpNameServer : 97.64.183.164 97.64.209.37 [(Unknown Country?) (XX)][(Unknown Country?) (XX)] -> Found
- [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{C3899F35-22AA-4ECC-A690-A634B3D89B8E} | DhcpNameServer : 97.64.183.164 97.64.209.37 [(Unknown Country?) (XX)][(Unknown Country?) (XX)] -> Found
- Click .
- Click .
- Copy the contents of the log and paste in your next reply.
STEP 2
Emsisoft Emergency Kit (Portable)
- Please download Emsisoft Emergency Kit and save the file to a your Desktop.
- Double-click EmsisoftEmergencyKit.exe.
- Click Extract.
- Upon completion, double-click the Emsisoft Emergency Kit shortcut on your Desktop to start the programme.
- Click Yes to update the programme definitions.
- Click Yes to detect Potentially Unwanted Programs (PUP's).
- Click Scan now.
- Select Full Scan and click Scan.
- Close any High Risk notification screen that may appear.
- When the scan is finished click Quarantine selected objects if malicious objects were found.
- Click View Report, and open the most recent log.
- Copy the contents of the log and paste in your next reply.
STEP 3
ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.
- Please download ESET Online Scan and save the file to your Desktop.
- Temporarily disable your anti-virus software. For instructions, please refer to the following link.
- Double-click esetsmartinstaller_enu.exe to run the programme.
- Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
- Agree to the Terms of Use once more and click Start. Allow components to download.
- Place a checkmark next to Enable detection of potentially unwanted applications.
- Click Hide advanced settings. Place a checkmark next to:
- Scan archives
- Scan for potentially unsafe applications
- Enable Anti-Stealth technology
- Ensure Remove found threats is unchecked.
- Click Start.
- Wait for the scan to finish. Please be patient as this can take some time.
- Upon completion, click . If no threats were found, skip the next two bullet points.
- Click and save the file to your Desktop, naming it something such as "MyEsetScan".
- Push the Back button.
- Place a checkmark next to and click .
- Re-enable your anti-virus software.
- Copy the contents of the log and paste in your next reply.
======================================================
STEP 4
Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.
- RKreport.txt
- Emsisoft log
- ESET Online Scan log
#18
Posted 13 December 2014 - 11:14 PM
There is more to these registry entries than RogueKiller is showing in the program where i can click the ticker boxes. Nowhere does it say [(Unknown Country?) (XX)][(Unknown Country?) (XX)] -> Found. Should I continue and click those, anyway? This is very confusing because the registry keys are so long, I am having to scroll back and forth and back and forth, trying to discern which is which. i sure don't want to delete the wrong ones!
#19
Posted 13 December 2014 - 11:18 PM
Hi Kittie,
Look for the lines that have the following numbers: 97.64.183.164 97.64.209.37
Ensure these lines have a checkmark next to them.
The other lines should not have a checkmark.
#20
Posted 13 December 2014 - 11:20 PM
OK!
#21
Posted 14 December 2014 - 01:15 AM
#22
Posted 14 December 2014 - 01:16 AM
#23
Posted 14 December 2014 - 02:59 AM
#25
Posted 14 December 2014 - 05:33 PM
Hi Adam,
I just got online so I am not sure. The computer seems to be dragging a little but I had dumped the cache and am loading about 5 pages or tabs at the same time. It may take a minute for everything to get up to speed.
The stuff ESET found, I did not delete, I just created a log of it to post on here. Should I delete that stuff?
Register to Remove
#26
Posted 14 December 2014 - 09:31 PM
Hi Kittie,
The stuff ESET found, I did not delete, I just created a log of it to post on here. Should I delete that stuff?
The items flagged by ESET are either files we've already removed, or files associated with software installed on your computer.
There are several NCH Software programmes installed; I would suggest uninstalling the programmes if you do not use them.
Lets update your vulnerable software to reduce the risk of infection.
STEP 1
Update Outdated Software
Outdated software contain security risks that must be patched. Please download and install the latest version of the programmes below.
- Adobe Air
- Adobe Flash Player (uncheck the "Optional Offer")
- Adobe Reader (uncheck the "Optional Offer")
- Follow these instructions to check for and download the latest Windows Updates.
STEP 2
Remove Outdated Software
- Press the Windows Key + r on your keyboard at the same time. Type appwiz.cpl and click OK.
- Search for the following programmes, right-click and click Uninstall one at a time.
- Note: The programmes below may not be present. If this is the case, please skip to the next step.
- Adobe Reader X (10.1.13)
- Follow the prompts, and reboot if necessary.
STEP 3
Security Check
- Please download SecurityCheck and save the file to your Desktop.
- Double-click SecurityCheck.exe and follow the onscreen instructions inside the black box.
- A log (checkup.txt) will automatically open on your Desktop.
- Copy the contents of the log and paste in your next reply.
======================================================
STEP 4
Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.
- checkup.txt
- How is your computer performing? Are there any outstanding issues?
#27
Posted 15 December 2014 - 02:45 AM
What is the NCH Software installed on here and what does it do? do you know?
#28
Posted 15 December 2014 - 01:59 PM
Hi Kittie,
NCH Software is a company who develops audio, video, business, dictation and transcription, graphics, telephony and other utilities. You have the following NCH software installed:
- Doxillion Document Converter
- Switch Sound File Converter
- VideoPad Video Editor
- WavePad Sound Editor
------------
Lets update your vulnerable software to reduce the risk of reinfection.
STEP 1
Update Outdated Software
Outdated software contain security risks that must be patched. Please download and install the latest version of the programmes below.
- Adobe Air
- Adobe Flash Player (uncheck the "Optional Offer")
- Adobe Reader (uncheck the "Optional Offer")
- Follow these instructions to check for and download the latest Windows Updates.
STEP 2
Remove Outdated Software
- Press the Windows Key + r on your keyboard at the same time. Type appwiz.cpl and click OK.
- Search for the following programmes, right-click and click Uninstall one at a time.
- Note: The programmes below may not be present. If this is the case, please skip to the next step.
- Adobe Reader X (10.1.13)
- Follow the prompts, and reboot if necessary.
STEP 3
Disable Java in Your Browser
Due to frequent exploits we recommend you disable Java in your browser.
For information on Java vulnerabilities, please read the following article (point #7).
- Click the Windows Start Button and type Java Control Panel (or javacpl) in the search bar.
- Click on the Java Control Panel. Once opened, click the Security tab.
- Deselect the check box for Enable Java content in the browser. This will disable the Java plug-in in the browser.
- Click Apply. When the Windows User Account Control (UAC) appears, allow permissions to make the changes.
- Click OK in the Java Plug-in confirmation window.
- Restart your browser(s) for changes to take effect.
- More information can be found here and here.
STEP 4
Security Check
- Please download SecurityCheck and save the file to your Desktop.
- Double-click SecurityCheck.exe and follow the onscreen instructions inside the black box.
- A log (checkup.txt) will automatically open on your Desktop.
- Copy the contents of the log and paste in your next reply.
======================================================
STEP 5
Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.
- checkup.txt
- How is your computer performing? Are there any outstanding issues?
#29
Posted 15 December 2014 - 09:42 PM
OK, proceeding but so far, I haven't done anything about Flash Player as it appears to be the current version. I do have the computer set to update Windows on a daily basis if there is anything new. i get this message on Flash Player. Do I need to download the plug-in as well?
Your Google Chrome browser already includes Adobe® Flash® Player built-in. Google Chrome will automatically update when new versions of Flash Player are available.
Download the Adobe® Flash® Player system plug-in or view the instructions to enable it.
To learn more about the enhanced support for Flash Player in Chrome, including information for developers, see this TechNote.
#30
Posted 15 December 2014 - 09:56 PM
Hi Kittie,
No, you don't. As you're using Chrome which comes with a built-in Adobe Flash Player, you don't need the programme installed.
You can uninstall Flash Player using your Control Panel if you wish.
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users