Rawe

Volunteer Security Advisor
  • Content Count

    113
  • Joined

  • Last visited

Everything posted by Rawe

  1. Hello again... Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update: Download the latest version of Java Runtime Environment (JRE) 6 Update 6 and save it to your desktop. Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 6...allows end-users to run Java applications". Click the "Download" button to the right. On the pulldown-menu, choose Windows as your platform. Check "I agree to the Java SE Runtime Environment 6 License Agreement". Click Continue. Click on the link under Windows Offline Installation to download the file and save it to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java. Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name. They should have next icon next to it: Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-6u6-windows-i586-p.exe to install the newest version. Now to clean out the Java cache: Go into the Control Panel and double-click the Java Icon. Under Temporary Internet Files, click the Settings button. Then click Delete Files... There are two options in the window to clear the cache - Leave BOTH checked Applications and Applets Trace and Log Files Click OK on Delete Temporary Files window Note: This deletes ALL the Downloaded Applications and Applets from the CACHE. Click OK to leave the Java Control Panel. ---------- Looks fine. Click Start -> Run and type in: ComboFix /u Click on OK. When shown the disclaimer, select 2. Please download OTCleanIt and save it to desktop. Double-click OTCleanIt.exe. Click the CleanUp! button. Select Yes when the "Begin cleanup Process?" prompt appears. If you are prompted to reboot during the cleanup, select YES. The tool will delete itself once it finishes, if not delete it by yourself. Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so. Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference! The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware. Here's some tips for future to prevent spyware: Detect and Remove Programs: How to use SUPERAntiSpyware to remove malware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use SUPERAntiSpyware. How to use Malwarebytes' Anti-Malware to remove malware <= Much like SUPERAntiSpyware, Malwarebytes' Anti-Malware is an free of charge application for removal of malware. Detailed instructions on how to download, install and then use MBAM. Prevention Programs: Comodo BOClean <= Stop identity thieves from getting personal information. Instantly detects well over 1,000,000 unique, variant and repack malware in total. And it's free. SpywareBlaster <= SpywareBlaster will prevent spyware from being installed. Detailed installation guide provided. MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well known adsites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer. Other necessary Programs: Antivirus Program <= An antivirus program is a must! Whether it is a free version like Avast! or Anti-Vir, or a shareware version like NOD32 this is a must have. (Note to only use 1 at-the-time) Firewall <= A firewall is definitely a must have. Two good free versions are Comodo and Online Armor. (Note to only use 1 at-the-time) More Secure Browser <= Internet Explorer is not the most secure and best browser. There are safer and better alternatives available. I recommend Firefox. And also see TonyKlein's good advice: So how did I get infected in the first place? Setup guide for Comodo Firewall Setup guide for Avast! 4 Free Setup guide for AVG Free Antivirus
  2. Am happy to help. Please do post a fresh HijackThis log, just to triple check. You can also uninstall Malwarebytes' if you wish and empty it's quarantine.
  3. Scroll up a few posts back and run Malwarebytes' Anti-Malware with the instructions provided. Instead of running Quick Scan though, please run the Full Scan. Post back with the log and let me know how's the system running right now
  4. Please open notepad and copy/paste the text in the quotebox into it Save it as CFScript.txt on your desktop. Referring to the picture above, drag CFScript.txt into ComboFix.exe When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply. Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  5. No probs about the delay Please open notepad and copy/paste the text in the quotebox into it Save it as CFScript.txt on your desktop. Referring to the picture above, drag CFScript.txt into ComboFix.exe When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply. Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  6. Sounds like a plan. Also...a version update of Sun Java was released yesterday. Please follow these steps to remove older version Java components and update: Download the latest version of Java Runtime Environment (JRE) 6 Update 6 and save it to your desktop. Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 6...allows end-users to run Java applications". Click the "Download" button to the right. Read the License Agreement and then check the box that says: "Accept License Agreement". The page will refresh. Click on the link to download Windows Offline Installation and save the file to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java. Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name. They should have next icon next to it: Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-6u6-windows-i586-p.exe to install the newest version. Now to clean out the Java cache: Go into the Control Panel and double-click the Java Icon. Under Temporary Internet Files, click the Settings button. Then click Delete Files... There are two options in the window to clear the cache - Leave BOTH checked Applications and Applets Trace and Log Files Click OK on Delete Temporary Files window Note: This deletes ALL the Downloaded Applications and Applets from the CACHE. Click OK to leave the Java Control Panel. Post back with a fresh HijackThis log once you have installed Avira and updated Java.
  7. Open HijackThis Click on the tab "Misc Tools" Click on the Box that says "Uninstall Manager" Click on the button "Save list" Copy and paste the list from the notebook onto your post Also check for the following folder and see if there's an uninstaller there somewhere...... C:\Program Files\McAfee If not, we'll just stop & delete all the services and then nuke the folders, it should go with that Maybe nuke all of McAfee and then you can just install SiteAdvisor back if you want it. You should install that Avira though, right after we get rid of McAfee.
  8. Looks fine to me. Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update: Download the latest version of Java Runtime Environment (JRE) 6 Update 5 and save it to your desktop. Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 5...allows end-users to run Java applications". Click the "Download" button to the right. Read the License Agreement and then check the box that says: "Accept License Agreement". The page will refresh. Click on the link to download Windows Offline Installation and save the file to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java. Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name. They should have next icon next to it: Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-6u5-windows-i586-p.exe to install the newest version. Now to clean out the Java cache: Go into the Control Panel and double-click the Java Icon. Under Temporary Internet Files, click the Settings button. Then click Delete Files... There are two options in the window to clear the cache - Leave BOTH checked Applications and Applets Trace and Log Files Click OK on Delete Temporary Files window Note: This deletes ALL the Downloaded Applications and Applets from the CACHE. Click OK to leave the Java Control Panel. -------- Click Start -> Run and type in: ComboFix /u Click on OK. When shown the disclaimer, select 2. Please download OTCleanIt and save it to desktop. Double-click OTCleanIt.exe. Click the CleanUp! button. Select Yes when the "Begin cleanup Process?" prompt appears. If you are prompted to reboot during the cleanup, select YES. The tool will delete itself once it finishes, if not delete it by yourself. Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so. Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference! The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware. Here's some tips for future to prevent spyware: Prevention Programs: Comodo BOClean <= Stop identity thieves from getting personal information. Instantly detects well over 1,000,000 unique, variant and repack malware in total. And it's free. SpywareBlaster <= SpywareBlaster will prevent spyware from being installed. Detailed installation guide provided. MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well known adsites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer. Other necessary Programs: Antivirus Program <= An antivirus program is a must! Whether it is a free version like Avast! or Anti-Vir, or a shareware version like NOD32 this is a must have. (Note to only use 1 at-the-time) Firewall <= A firewall is definitely a must have. Two good free versions are Comodo and Online Armor. (Note to only use 1 at-the-time) More Secure Browser <= Internet Explorer is not the most secure and best browser. There are safer and better alternatives available. I recommend Firefox. And also see TonyKlein's good advice: So how did I get infected in the first place? Setup guide for Comodo Firewall Setup guide for Avast! 4 Free Setup guide for AVG Free Antivirus
  9. You forgot to post a fresh HijackThis log and you also forgot to let me know how's the system running at this point.. Having any troubles?
  10. How is the system running at this point? Let's run a scanner just incase.. (We'll clean up all of the apps used thus far from the system when finished) Please download Malwarebytes' Anti-Malware and save it to your desktop. alternate download link 1 alternate download link 2 Double-click mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. If you have trouble with the update process, please download the latest updates here. Double-click the mbam-rules.exe file on your desktop and let it update the application. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish, so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to restart. (see extra note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Please copy and paste the entire report in your next reply along with a fresh HijackThis log. Extra note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
  11. I can see you still have McAfee running there. So is Comodo though It is critical to have a firewall & an anti-virus running on the computer at-all times; but having more than one firewall at the same time WILL cause conflicts. It will cause more harm than good. I recommend getting rid of McAfee now (uninstalling it completely) - then posting another HijackThis log so we can remove the remnants manually, as it probably leaves entries behind it As for antivirus, if you have McAfee's antivirus (which is really quite bad antivirus, there are so much better ones), if not, I recommend installing the latest Avira Anti-Vir PREMIUM for free (6 months promotion licence) AND after that 6 months, install their free product for home use which is also awesome - just doesn't have all the features as the premium one has. I'm actually using this promotion licence myself aswell. I like it. Click here. The free version can be found here.
  12. Please open notepad and copy/paste the text in the quotebox into it Save it as CFScript.txt on your desktop. Referring to the picture above, drag CFScript.txt into ComboFix.exe When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply. Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  13. Right-clicking -> open in another application -> choose another text editor. Give it a shot. I'd like to see the latest ComboFix log just so I know I won't be giving up if we're close. Another question, are you still having as much issues as you had earlier? Everything slow, including the mouse, etc etc? Edit: but as you wish. The machine is/was quite badly infected, maybe reinstall is the best choice.
  14. Ok, can you try opening the C:\ComboFix.txt file in some other text app other than Notepad? M$ Word? Wordpad?
  15. Antivir might still be causing troubles after reboot if it's still there, so try not to click on anything when ComboFix boots and shows it's still running; let the warnings just flood in if they do. Then when ComboFix has done running and provided a log, you can take care of the warnings and post the log here.
  16. Well, I would tend to agree, while we could clean this up to the point it would run as regular, it's quite severely infected now and one couldn't guarantee it would be the same as it was before getting infected. If you do want to give a shot at cleaning this mess up, you know where to continue. It was quite an ugly infection + if there's no way you can't shut the internet connection off completely while doing the fixes, it does make things a bit more difficult.
  17. That's weird to say the least You SURE you wrote the command completely? ComboFix "C:\Documents and Settings\Ann\Desktop\CFScript.txt" Alright .......... Please retry running SDFix while in Safe Mode. Does it still give you problems when pressing Y to start the fix? As for the internet connection, do you have one ADSL box/modem/router whatever which connects your both machines to the Internet? If so, simply pull the plug out of the infected one and leave the other one intact. Not sure how you've set it up. Let's also rerun Malwarebytes' Anti-Malware, update it by downloading the latest mbam-rules.exe from the link I provided earlier on the other machine and then transfer that .exe on to your infected one and double-click on it to update (on Normal mode) -- do you still get no desktop when you boot regularly?
  18. You can try this in Safe Mode. Click Start -> Run and type in (or save the command to notepad file to be able to paste it in Safe Mode): ComboFix "C:\Documents and Settings\Ann\Desktop\CFscript.txt" Then click on OK. This should do the same thing as dragging the file.
  19. Two options. You can either make the CFScript.txt on your other PC, then transfer the file on the other PC or create it before booting to Safe Mode and then boot into Safe Mode.
  20. Ok, let's try if you can manage this. That last log is OK, just shows that ComboFix didn't finish. Please print these instructions out, or write them down, as you can't read them during the fix. Next, please reboot your computer in Safe Mode by doing the following: 1) Restart your computer 2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8. 3) Instead of Windows loading as normal, a menu should appear 4) Select the first option, to run Windows in Safe Mode. 5) Choose your usual account. When in Safe Mode.... Please open notepad and copy/paste the text in the quotebox into it Save it as CFScript.txt on your desktop. Referring to the picture above, drag CFScript.txt into ComboFix.exe When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply when rebooted back to normal Windows. Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  21. Hmm...... Pull the internet plug out, and uninstall Avira. Btw.... That log is the incorrect one You send me the script I wrote for you. Look for C:\ComboFix.txt and post that. I'm not sure whether the latest script went through the process completely. We'll retry running SDFix IF the latest CFScript did what it was supposed to. This thing sure has gone a bit complex, but we'll get it sorted, I'm sure.
  22. Reboot again. It should give your desktop back. If it doesn't, we can use Recovery Console though, you can burn it to disk on your other PC.
  23. It shouldn't take that long. Wait for a moment to see if it comes up with the log, if not .... Boot the machine and search for the ComboFix log if it has provided one. I do think ComboFix is going to finish anyway, as long as you don't click anything for a while.. See how it goes about. As for AntiVir... I couldn't find an option to disable the Guard either. Since you have pulled the internet plug, the best bet is to just uninstall Avira for now. I've never encountered this much problems with the logs before when it comes to antivirus and combofix though. Uninstall Avira, let's get rid of the crappies and then install Avira back (before connecting to the net again).
  24. If you have pulled the internet plug out & are able to follow through the instructions and transfer the tools then I'd say you can disable Avira permanently; so it stays disabled even after boot. Did ComboFix stall because of the warnings, or did you click on them? If your AV keeps popping up, just let it warn whatever it warns about and don't click on them IF ComboFix is still running (unless it asks you to permit ComboFix of course).
  25. Hello again. lmao I guess that's the way they market rap ... No other way to get people listen to it There's still a lot of stuff to get rid of. Please follow the instructions for running ComboFix here and post back with the log.