Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92790 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Continuation of 1st topic [Solved]


  • This topic is locked This topic is locked
8 replies to this topic

#1 suefiza

suefiza

    New Member

  • Authentic Member
  • Pip
  • 19 posts

Posted 13 December 2014 - 12:41 PM

My first topic closed due to inactivity.  I am back to working on this now.  The addr of the 1st topic is:

http://forums.whatth...c=129035&page=2

 

I have followed the steps, output is below:

mbam output

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 12/13/2014
Scan Time: 8:12:31 AM
Logfile: mbam_20141213.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2014.12.13.04
Rootkit Database: v2014.12.08.03
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Owner

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 349474
Time Elapsed: 29 min, 17 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 1
PUM.Hijack.StartMenu, HKU\S-1-5-21-708974729-55146766-922195683-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED|Start_ShowSearch, 0, Good: (1), Bad: (0),Replaced,[bb0c78e86d0fd0660c6a1554a2638977]

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

 


    Advertisements

Register to Remove


#2 suefiza

suefiza

    New Member

  • Authentic Member
  • Pip
  • 19 posts

Posted 13 December 2014 - 12:42 PM

History output:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 12/13/2014
Scan Time: 8:12:31 AM
Logfile: history_20141213.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2014.12.13.04
Rootkit Database: v2014.12.08.03
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Owner

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 349474
Time Elapsed: 29 min, 17 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 1
PUM.Hijack.StartMenu, HKU\S-1-5-21-708974729-55146766-922195683-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED|Start_ShowSearch, 0, Good: (1), Bad: (0),Replaced,[bb0c78e86d0fd0660c6a1554a2638977]

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)



#3 suefiza

suefiza

    New Member

  • Authentic Member
  • Pip
  • 19 posts

Posted 13 December 2014 - 12:42 PM

ESET scan output:

C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application
C:\Users\Owner\Downloads\firefox_setup.exe a variant of Win32/InstallCore.RA potentially unwanted application
 



#4 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 13 December 2014 - 05:37 PM

Hi Sue,

Please delete this file:
C:\Users\Owner\Downloads\firefox_setup.exe

How is your computer performing?

50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!


#5 suefiza

suefiza

    New Member

  • Authentic Member
  • Pip
  • 19 posts

Posted 13 December 2014 - 07:10 PM

File has been deleted.  It has been running great for the last few days.  CPU usage is low.  Response time is back to normal, and I'm not getting popups from Norton or Powershell.  Thanks SO much for your help! 



#6 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 13 December 2014 - 08:47 PM

Hi Sue, 
 

It has been running great for the last few days.

I'm pleased to hear. :)
 
I suggest updating your vulnerable software to reduce the risk of reinfection.

Ensure the following software are no longer installed.

  • Adobe Reader XI (11.0.03) 
  • Java™ 6 Update 20 
     

Now for the good news!
 
All Clean!
Congratulations, your computer appears clean!  :)
I no longer see signs of malware on your computer, and feel satisfied that our work here is done. The steps below will remove the tools we have used, and reset any settings changed. I have also provided a list of resources and tools that you may find useful
 
My help will always be free. But if you are happy with the help provided, and would like to support my fight against malware and/or buy me a beer, please consider a donation. YSCcjW7.png
 
 
STEP 1
9SN2ePL.png ComboFix Uninstall

  • Press the Windows Key + r on your keyboard at the same time. Type the following text into the Run box:
    ComboFix /Uninstall
  • Click OK.
  • Note: It may appear as if Combofix is installing. This is not the case; the programme is uninstalling. Please do not interrupt the process.
     

STEP 2
AFZxnZc.jpg DelFix

  • Please download DelFix and save the file to your Desktop.
  • Double-click DelFix.exe to run the programme.
  • Place a checkmark next to the following items:
    • Activate UAC
    • Remove disinfection tools
    • Create registry backup
    • Purge system restore
    • Reset system settings
  • Click the Run button.

-- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).
 
--- Malwarebytes Anti-Malware will still be present on your computer. I recommend keeping this programme, updating and scanning with it once a week to maintain security on your computer. If you do not wish to keep this programme on your computer, you can uninstall it by pressing the Windows Key pdKOQKY.png + r on your keyboard at the same time, typing appwiz.cpl, clicking OK and searching for Malwarebytes.
 
======================================================
 
I have compiled below a list of resources you may find useful. The articles document information on computer security, common infection vectors and how you can stay safe on the Internet.

The following programmes come highly recommended in the security community.

  • xKsUqI5A.png.pagespeed.ic.vn1Hlvqi8h.jpg AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.
  • E8I37RF.pngCryptoPrevent places policy restrictions on loading points for ransomware (eg. CryptoWall), helping prevent the execution of malware. 
  • EG85Vjt.png Malwarebytes Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
  • x6YRrgUC.png.pagespeed.ic.HjgFxjvw2Z.jpg Malwarebytes Anti-Malware Premium (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
  • xjv4nhMJ.png.pagespeed.ic.A5YbWn1eDO.png NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology. 
  • 3O8r9Uq.png Sandboxie isolates programmes of your choice, preventing files from being written to your HDD unless approved by you. 
  • DgW1XL2.png.pagespeed.ce.v1OlJl_ZAS.png Secunia PSI will scan your computer for vulnerable software that is outdatedand automatically find the latest update for you.
  • xj1OLIec.png.pagespeed.ic.k6hhwopU0q.jpg SpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
  • xsHjS79L.png.pagespeed.ic.n4Sk8_GzZn.jpg Unchecky automatically removes checkmarks for bunlded software in programme installers; helping you avoid adware and PUPs. 
  • xJEP5iWI.png.pagespeed.ic.4tmM1lM7DQ.png Web of Trust (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website. 

-- Please feel free to ask if you have any questions or concerns on computer security or the programmes above.
 
======================================================
 
Please confirm you have no outstanding issues, and are happy with the state of your computer. Once I have confirmation things are in order, we can wrap things up and I will close this thread. 
 
Thank you for using WhatTheTech.
 
Safe Surfing.  :thumbup: 
Adam


50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!


#7 suefiza

suefiza

    New Member

  • Authentic Member
  • Pip
  • 19 posts

Posted 16 December 2014 - 07:32 PM

All is well.  Thanks for your help over the last couple of weeks. And have a Palm beer on me, cheers!



#8 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 16 December 2014 - 09:33 PM

You're welcome, Sue.
 

And have a Palm beer on me, cheers!

Thank you very much. :)
 
I will mark this topic as solved. 
 
All the best, 
Adam


50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!


#9 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 16 December 2014 - 09:34 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please follow the instructions here http://forums.whatth...ed_t106388.html
and start a New Topic.

50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users