6 replies to this topic

[paks]

Hi!

 

In December my Virus software (Avast free version)  told me I had a Win32: conduit-D and a Win64: conduit-A Pup. I think it took care of the problem because at the next boot scan it did not say I had it. Then a couple of days later another scan told me I had some decompression bombs in an archived directory so I just deleted them. The daily scan have been good for at lest 3 weeks. Then on a web site, the site told me that I needed to update my Flashplayer. I did not click on the link I just left the site, but It was to late Avast told me I had the Vosteran virus trying to install itself. I thought that it had stopped it but I was wrong. It had hijacked my web-browser (Explorer). I uninstalled the program with Uninstall from the control panel. By then I had two versions of  Flash player (same version number), I uninstalled both of them and went to Abobe.com to get a new version of it. Every thing seems normal now, except Avast tells me that it could not scan some 52 files because they were password protected. It names the 52 files but I can’t see them in Window Explorer.  Here is one of the names :

 

C:\ Users\Charles\Downloads\flash_set-up.exe|>images\bg-close-program.png

 

The files have the same name up to the |> symbols and then they are different.

 

The dialog box from Avast tells me to “select the required action for each result and click “apply”. There is no “apply” button to click and no choice of action to select. Usually it will give me the option to move to Chest or, delete or do nothing etc.

 

So, is my PC infected?

 

I’m running Window 7 Home premium, service pack 1.

 

The laptop is a Gateway Model M-7332h

With an Intel Pentium Dual core CPU T4200 @ 2.00GHz

4 gig memory

And a 64bit O.S.

 

Thanks

 

Paks

 

 Addition.txt   45.86KB   311 downloads

 

 aswMBR.txt   1.98KB   179 downloads

 

 FRST.txt   48.6KB   315 downloads

[Juliet]

Hi and welcome

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


Instructions on how to backup your Favourites/Bookmarks and other data can be found below.

• Backup Internet Explorer Favourites
• Backup Firefox Bookmarks
• Backup Chrome Bookmarks
  
  

Proceed with the reset once done.

• Internet Explorer: How to reset Internet Explorer settings
• Firefox: Reset Firefox
• Chrome: Chrome - Reset browser settings
  
  

~~~~~~~~~~~
Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)
 

start
CloseProcesses:
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.c...ferrer:source?}
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
URLSearchHook: HKU\S-1-5-21-510212549-54136036-888789963-1000 - (No Name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - No File
URLSearchHook: HKU\S-1-5-21-510212549-54136036-888789963-1000 - (No Name) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - No File
URLSearchHook: HKU\S-1-5-21-510212549-54136036-888789963-1000 - (No Name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
SearchScopes: HKU\S-1-5-21-510212549-54136036-888789963-1000 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-510212549-54136036-888789963-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKU\S-1-5-21-510212549-54136036-888789963-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...ferrer:source?}
SearchScopes: HKU\S-1-5-21-510212549-54136036-888789963-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-510212549-54136036-888789963-1000 -> {6F2F1A59-B6A5-4F14-96E8-50212FF238E5} URL = http://websearch.ask...48-81C0FB016EA7
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKU\S-1-5-21-510212549-54136036-888789963-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
FF Plugin HKU\S-1-5-21-510212549-54136036-888789963-1000: @yahoo.com/BrowserPlus,version=2.8.1 -> C:\Users\Charles\AppData\Local\Yahoo!\BrowserPlus\2.8.1\Plugins\npybrowserplus_2.8.1.dll No File
FF user.js: detected! => C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\02gk2kkb.default-1403025182108\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF SearchPlugin: C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\02gk2kkb.default-1403025182108\searchplugins\Vosteran.xml
CHR HKLM\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - No Path
CHR HKU\S-1-5-21-510212549-54136036-888789963-1000\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - No Path
CHR HKLM-x32\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - No Path
U3 Appierv; No ImagePath
C:\Users\Charles\AppData\Local\Temp\APNStub.exe
C:\Users\Charles\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp343apb.dll
C:\Users\Charles\AppData\Local\Temp\firefoxjre_exe.exe
C:\Users\Charles\AppData\Local\Temp\FP_AX_MSI_INSTALLER.exe
C:\Users\Charles\AppData\Local\Temp\FP_PL_PFS_INSTALLER.exe
C:\Users\Charles\AppData\Local\Temp\GoogleChromeInstaller.exe
C:\Users\Charles\AppData\Local\Temp\jre-1.6.0_20-windows-i586-iftw.exe_90744722.exe
C:\Users\Charles\AppData\Local\Temp\jre-6u20-windows-i586-jinstall_uac.exe
C:\Users\Charles\AppData\Local\Temp\jre-6u21-windows-i586-iftw-rv.exe
C:\Users\Charles\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe
C:\Users\Charles\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe
C:\Users\Charles\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\Charles\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Charles\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Charles\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Charles\AppData\Local\Temp\jre-7u5-windows-i586-iftw.exe
C:\Users\Charles\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Charles\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe
C:\Users\Charles\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Charles\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\Charles\AppData\Local\Temp\mp3el.exe
C:\Users\Charles\AppData\Local\Temp\nsuED3A.exe
C:\Users\Charles\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\Charles\AppData\Local\Temp\Shockwave_Installer_Slim.exe
C:\Users\Charles\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Charles\AppData\Local\Temp\swt-win32-3448.dll
C:\Users\Charles\AppData\Local\Temp\uninst.exe
C:\Users\Charles\AppData\Local\Temp\wmpfirefoxplugin.exe
C:\Users\Charles\AppData\Local\Temp\wpsetup.exe
C:\Users\Charles\AppData\Local\Temp\_is86DB.exe
CustomCLSID: HKU\S-1-5-21-510212549-54136036-888789963-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Charles\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-510212549-54136036-888789963-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Charles\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-510212549-54136036-888789963-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Charles\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-510212549-54136036-888789963-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Charles\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
EmptyTemp:
Hosts:
End

Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

~~~~~~~~~~~~~~~~~~~~~~~

AdwCleaner

• Please download AdwCleaner and save the file to your Desktop.
• Right-Click AdwCleaner.exe and select Run as administrator to run the programme.
• Follow the prompts.
• Click Scan.
• Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate.
• Ensure anything you know to be legitimate does not have a checkmark, and click Clean.
• Follow the prompts and allow your computer to reboot.
• After rebooting, a log (AdwCleaner[S0].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

~~~~~~~~~~~
please post
Fixlog.txt
C:\AdwCleaner.txt
JRT.txt

[paks]

Thanks Juliet.

 

Everything ran like it was supposed to here are the 3 files.

 

paks

 

 Fixlog.txt   12.98KB   188 downloads  JRT.txt   112.23KB   189 downloads  AdwCleanerS0.txt   3.82KB   209 downloads

[Juliet]

Goodness gracious that took out a chunk.

Download Malwarebytes' Anti-Malware to your desktop.

• Windows XP : Double click on the icon to run it.
• Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • On the Dashboard click on Update Now
  • Go to the Setting Tab
  • Under Setting go to Detection and Protection
  • Under PUP and PUM make sure both are set to show Treat Dections as Malware
  • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
  • Then on the Dashboard click on Scan
  • Make sure to select THREAT SCAN
• Then click on Scan
• When the scan is finished and the log pops up...select Copy to Clipboard
• Please paste the log back into this thread for review
• Exit Malwarebytes
• ~~~
  
  ^^^^^^^^
  
  What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.
  Most reliable and thorough.
  The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
  This scanner can take quite a bit of time to run, depending of course how full your computer is.
  
  
  Go here to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator
  • Note:
    For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how.
  • Click the blue Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
  • Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
  • Click on Advanced Settings
  • Make sure that the option Remove found threats is unticked.
  • Ensure these options are ticked
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
  • Close the ESET online scan.
  *************************************

Please post
Malwarebytes' Anti-Malware log
Eset log

Please tell me how the computer is now.

[paks]

Hi again Juliet.

 

Yesterday I ran the MalwareBytes scan and then the online Eset scan, but after more than 3 hours my computer just turned itself off by itself. It was way past 1:AM so I went to bed. This morning I ran the online scan and 5 minute later the computer turned itself of again. I turned it on and re-ran the on line scan, it took more than 4 hours but it worked to the end of the scan. Last night scan ESET said on the Dashboard that it had found 3 threats : win32: conduit-a, and again win32: conduit-a and finally Win32: search protect something. But at the second scan this morning it did not find those 3 threats but it found  a variant of win32: Bundled toolbar. Ask.  Maybe I forgot to uncheck the remove threats box. I don't really remember doing it, but then again I'm a old fart that has a bad memory.  

 

My computer seems to be faster, but this morning when I got on your forum some words where green with a small arrow beside it, and when the cursor went over it I had a pop up with a HP add on it. Now I don't see it anymore?????? I looked in the browser's history but without seeing anything site suspicious just the one I visited for the purpose of the cleaning.  Since the  delete treats  was not checked, when will the file in quarantine be deleted?

 

Is there a good antivirus-antimalware suite that is for sale anywhere? I've always bought my virus protection before but since I retired, and that money is scarcer I've depended on Avast free download. And my problem started with their automatic update of my computers program, once it told me that my Java needed to be updated and that's where I got the win32: conduit-D and since then it's been a nightmare. 

 

Well, I thank you for you time and help. I hope things will get better on the WEB.

 

 

 

paks

 

 Eset.txt   144bytes   165 downloads

 

 malware.txt   1.43KB   187 downloads

[Juliet]

What Eset found I can fix, as well the MBAM quarantined items too and,  they are safely held in a folder that cannot harm the machine.

 

 

I'm a old fart that has a bad memory

Oh now you hush!,  I think you did very well and followed all instructions.

 

LOL!

 

 

Java needed to be updated

 

I can help with this too.

 

Go to your control panel,  add/remove programs.

Locate the Java

 

Open the program, (double click) at the top is an update button,  click on that

Down at the bottom of the page that opens is an Update now button,  click on that and follow the instructions.

 

~~~~~~~~~~~~~~~~

Let's remove FRST quarantine and the other tools folders.

 

DelFix

• Please download DelFix and save the file to your Desktop.
• Double-click DelFix.exe to run the programme.
• Place a checkmark next to the following items:
  • Activate UAC
  • Remove disinfection tools
  • Create registry backup
  • Purge system restore
  • Reset system settings
• Click the Run button.

-- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Downloading and installing a different antivirus is OK,  some,  request you remove your old antivirus before a download/install can complete.

 

• avast! Free Anti-Virus (free)
• Avira AntiVir Personal - Free Antivirus
• Microsoft Security Essentials (free)
• ESET NOD32 Anti-Virus (paid)
• Kaspersky Anti-Virus (paid)
• Emsisoft Internet Security (paid)

As for which free versus paid for Antivirus I have to leave this up to you but, I've always stayed with a free version, that use less resources and consumes less time in updating. This is my personal opinion and also with free versions of Antivirus, firewall is not included.

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~

 

Also,  I would like to post a few preventive tips

Please take the time to read over a few of my preventive tips.

Computer Security
http://malwareremova...=557960#p557960
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Be prepared for CryptoLocker:

Cryptolocker Ransomware: What You Need To Know

CryptoLocker Ransomware Information Guide and FAQ

to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Please navigate to Microsoft Windows Updates and download all the "Critical Updates" for Windows.


Firefox 3
The award-winning Web browser is now faster, more secure, and fully customizable to your online life. With Firefox 3, added powerful new features that make your online experience even better. It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.
*NoScript - Addon for Firefox that stops all scripts from running on websites. Stops malicious software from invading via flash, java, javascript, and many other entry points.

AdblockPlus

• AdblockPlus, Surf the web without annoying ads!
• Blocks banners, pop-ups and video ads - even on Facebook and YouTube
• Protects your online privacy
• Two-click installation, It's free!
• click the icon that corresponds to your browser and download.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
WOT Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE.

• Green should be good to go
• Yellow for caution
• Red to stop
• ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  
  
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  How to prevent Malware: Created by Miekiemoes
  
  
  WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
  See this article (http://www.forbes.co...o-disable-java/
  and this article (http://www.nbcnews.c...alate-1B7938755
  
  I would recommend that you completely uninstall Java unless you need it to run an important software.
  In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser (http://www.geekstogo...ur-web-browser/) and How to unplug Java from the browser (http://krebsonsecuri...om-the-browser/))
  
  
  Avoid P2P
  
  P2P may be a great way to get lots of stuffs, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well.
  
  Please read these short reports on the dangers of peer-2-peer programs and file sharing.
   
• FBI Cyber Education Letter
  USAToday
  infoworld

*********************************************
Please read the following safe computing articles..

Secure My Computer: A Layered Approach


Free Antivirus-AntiSpyware-Firewall Software

Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

 

• It is possible for other programs on your computer to have security vulnerability that can allow malware to infect you.
• Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities.
• You can check these by visiting Secunia Software Inspector or you can use the following application for this purpose PatchMyPC

 

 

 

[Juliet]

Glad we could help.

Since this issue appears resolved ... this Topic is closed.