Rawe

Volunteer Security Advisor
  • Content Count

    113
  • Joined

  • Last visited

Community Reputation

0 Neutral

1 Follower

About Rawe

  • Rank
    Advanced Member
  • Birthday 09/28/1990

Contact Methods

  • Website URL
    http://www.bfccomputers.com/
  • ICQ
    0

Profile Information

  • Location
    Pori, Finland
  • Interests
    Malware, computers, movies, books..
  1. Hello again... Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update: Download the latest version of Java Runtime Environment (JRE) 6 Update 6 and save it to your desktop. Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 6...allows end-users to run Java applications". Click the "Download" button to the right. On the pulldown-menu, choose Windows as your platform. Check "I agree to the Java SE Runtime Environment 6 License Agreement". Click Continue. Click on the link under Windows Offline Installation to download the file and save it to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java. Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name. They should have next icon next to it: Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-6u6-windows-i586-p.exe to install the newest version. Now to clean out the Java cache: Go into the Control Panel and double-click the Java Icon. Under Temporary Internet Files, click the Settings button. Then click Delete Files... There are two options in the window to clear the cache - Leave BOTH checked Applications and Applets Trace and Log Files Click OK on Delete Temporary Files window Note: This deletes ALL the Downloaded Applications and Applets from the CACHE. Click OK to leave the Java Control Panel. ---------- Looks fine. Click Start -> Run and type in: ComboFix /u Click on OK. When shown the disclaimer, select 2. Please download OTCleanIt and save it to desktop. Double-click OTCleanIt.exe. Click the CleanUp! button. Select Yes when the "Begin cleanup Process?" prompt appears. If you are prompted to reboot during the cleanup, select YES. The tool will delete itself once it finishes, if not delete it by yourself. Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so. Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference! The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware. Here's some tips for future to prevent spyware: Detect and Remove Programs: How to use SUPERAntiSpyware to remove malware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use SUPERAntiSpyware. How to use Malwarebytes' Anti-Malware to remove malware <= Much like SUPERAntiSpyware, Malwarebytes' Anti-Malware is an free of charge application for removal of malware. Detailed instructions on how to download, install and then use MBAM. Prevention Programs: Comodo BOClean <= Stop identity thieves from getting personal information. Instantly detects well over 1,000,000 unique, variant and repack malware in total. And it's free. SpywareBlaster <= SpywareBlaster will prevent spyware from being installed. Detailed installation guide provided. MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well known adsites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer. Other necessary Programs: Antivirus Program <= An antivirus program is a must! Whether it is a free version like Avast! or Anti-Vir, or a shareware version like NOD32 this is a must have. (Note to only use 1 at-the-time) Firewall <= A firewall is definitely a must have. Two good free versions are Comodo and Online Armor. (Note to only use 1 at-the-time) More Secure Browser <= Internet Explorer is not the most secure and best browser. There are safer and better alternatives available. I recommend Firefox. And also see TonyKlein's good advice: So how did I get infected in the first place? Setup guide for Comodo Firewall Setup guide for Avast! 4 Free Setup guide for AVG Free Antivirus
  2. Am happy to help. Please do post a fresh HijackThis log, just to triple check. You can also uninstall Malwarebytes' if you wish and empty it's quarantine.
  3. Scroll up a few posts back and run Malwarebytes' Anti-Malware with the instructions provided. Instead of running Quick Scan though, please run the Full Scan. Post back with the log and let me know how's the system running right now
  4. Please open notepad and copy/paste the text in the quotebox into it Save it as CFScript.txt on your desktop. Referring to the picture above, drag CFScript.txt into ComboFix.exe When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply. Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  5. No probs about the delay Please open notepad and copy/paste the text in the quotebox into it Save it as CFScript.txt on your desktop. Referring to the picture above, drag CFScript.txt into ComboFix.exe When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply. Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  6. Sounds like a plan. Also...a version update of Sun Java was released yesterday. Please follow these steps to remove older version Java components and update: Download the latest version of Java Runtime Environment (JRE) 6 Update 6 and save it to your desktop. Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 6...allows end-users to run Java applications". Click the "Download" button to the right. Read the License Agreement and then check the box that says: "Accept License Agreement". The page will refresh. Click on the link to download Windows Offline Installation and save the file to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java. Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name. They should have next icon next to it: Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-6u6-windows-i586-p.exe to install the newest version. Now to clean out the Java cache: Go into the Control Panel and double-click the Java Icon. Under Temporary Internet Files, click the Settings button. Then click Delete Files... There are two options in the window to clear the cache - Leave BOTH checked Applications and Applets Trace and Log Files Click OK on Delete Temporary Files window Note: This deletes ALL the Downloaded Applications and Applets from the CACHE. Click OK to leave the Java Control Panel. Post back with a fresh HijackThis log once you have installed Avira and updated Java.
  7. Open HijackThis Click on the tab "Misc Tools" Click on the Box that says "Uninstall Manager" Click on the button "Save list" Copy and paste the list from the notebook onto your post Also check for the following folder and see if there's an uninstaller there somewhere...... C:\Program Files\McAfee If not, we'll just stop & delete all the services and then nuke the folders, it should go with that Maybe nuke all of McAfee and then you can just install SiteAdvisor back if you want it. You should install that Avira though, right after we get rid of McAfee.
  8. Looks fine to me. Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update: Download the latest version of Java Runtime Environment (JRE) 6 Update 5 and save it to your desktop. Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 5...allows end-users to run Java applications". Click the "Download" button to the right. Read the License Agreement and then check the box that says: "Accept License Agreement". The page will refresh. Click on the link to download Windows Offline Installation and save the file to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java. Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name. They should have next icon next to it: Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-6u5-windows-i586-p.exe to install the newest version. Now to clean out the Java cache: Go into the Control Panel and double-click the Java Icon. Under Temporary Internet Files, click the Settings button. Then click Delete Files... There are two options in the window to clear the cache - Leave BOTH checked Applications and Applets Trace and Log Files Click OK on Delete Temporary Files window Note: This deletes ALL the Downloaded Applications and Applets from the CACHE. Click OK to leave the Java Control Panel. -------- Click Start -> Run and type in: ComboFix /u Click on OK. When shown the disclaimer, select 2. Please download OTCleanIt and save it to desktop. Double-click OTCleanIt.exe. Click the CleanUp! button. Select Yes when the "Begin cleanup Process?" prompt appears. If you are prompted to reboot during the cleanup, select YES. The tool will delete itself once it finishes, if not delete it by yourself. Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so. Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference! The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware. Here's some tips for future to prevent spyware: Prevention Programs: Comodo BOClean <= Stop identity thieves from getting personal information. Instantly detects well over 1,000,000 unique, variant and repack malware in total. And it's free. SpywareBlaster <= SpywareBlaster will prevent spyware from being installed. Detailed installation guide provided. MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well known adsites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer. Other necessary Programs: Antivirus Program <= An antivirus program is a must! Whether it is a free version like Avast! or Anti-Vir, or a shareware version like NOD32 this is a must have. (Note to only use 1 at-the-time) Firewall <= A firewall is definitely a must have. Two good free versions are Comodo and Online Armor. (Note to only use 1 at-the-time) More Secure Browser <= Internet Explorer is not the most secure and best browser. There are safer and better alternatives available. I recommend Firefox. And also see TonyKlein's good advice: So how did I get infected in the first place? Setup guide for Comodo Firewall Setup guide for Avast! 4 Free Setup guide for AVG Free Antivirus
  9. You forgot to post a fresh HijackThis log and you also forgot to let me know how's the system running at this point.. Having any troubles?
  10. How is the system running at this point? Let's run a scanner just incase.. (We'll clean up all of the apps used thus far from the system when finished) Please download Malwarebytes' Anti-Malware and save it to your desktop. alternate download link 1 alternate download link 2 Double-click mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. If you have trouble with the update process, please download the latest updates here. Double-click the mbam-rules.exe file on your desktop and let it update the application. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish, so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to restart. (see extra note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Please copy and paste the entire report in your next reply along with a fresh HijackThis log. Extra note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
  11. I can see you still have McAfee running there. So is Comodo though It is critical to have a firewall & an anti-virus running on the computer at-all times; but having more than one firewall at the same time WILL cause conflicts. It will cause more harm than good. I recommend getting rid of McAfee now (uninstalling it completely) - then posting another HijackThis log so we can remove the remnants manually, as it probably leaves entries behind it As for antivirus, if you have McAfee's antivirus (which is really quite bad antivirus, there are so much better ones), if not, I recommend installing the latest Avira Anti-Vir PREMIUM for free (6 months promotion licence) AND after that 6 months, install their free product for home use which is also awesome - just doesn't have all the features as the premium one has. I'm actually using this promotion licence myself aswell. I like it. Click here. The free version can be found here.
  12. Please open notepad and copy/paste the text in the quotebox into it Save it as CFScript.txt on your desktop. Referring to the picture above, drag CFScript.txt into ComboFix.exe When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply. Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  13. Right-clicking -> open in another application -> choose another text editor. Give it a shot. I'd like to see the latest ComboFix log just so I know I won't be giving up if we're close. Another question, are you still having as much issues as you had earlier? Everything slow, including the mouse, etc etc? Edit: but as you wish. The machine is/was quite badly infected, maybe reinstall is the best choice.
  14. Ok, can you try opening the C:\ComboFix.txt file in some other text app other than Notepad? M$ Word? Wordpad?
  15. Antivir might still be causing troubles after reboot if it's still there, so try not to click on anything when ComboFix boots and shows it's still running; let the warnings just flood in if they do. Then when ComboFix has done running and provided a log, you can take care of the warnings and post the log here.