also @ TechSpot: Windows 8 Release Preview leaked, Microsoft may raise OEM prices

TechSpot
Register now for a live online demo to see how the Office 365 suite of tools
- professional email, calendars, video conferencing, and file sharing -

[Inactive] 8-step Viruses/Spyware/Malware Preliminary Removal Instructions Help!

Discussion in 'Virus and Malware Removal' started by Megcx, Nov 21, 2010.

Thread Status:
Not open for further replies.
Page 2 of 2

  1. Megcx Newcomer, in training

    Yes! So far I'm not being rediriected and pages from google are loading a lot faster. Thanks so much for your help!<3
    Megcx, Nov 22, 2010
    #21

  2. Broni Malware Annihilator

    Very good :)

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
    Broni, Nov 22, 2010
    #22

  3. Megcx Newcomer, in training

    Results of screen317's Security Check version 0.99.5
    Windows 7 (UAC is enabled)
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:
    Windows Firewall Enabled!
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:
    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 22
    Out of date Java installed!
    Adobe Flash Player
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent
    Windows Defender MSMpEng.exe
    Microsoft Security Essentials msseces.exe
    ````````````````````````````````
    DNS Vulnerability Check:
    GREAT! (Not vulnerable to DNS cache poisoning)

    ``````````End of Log````````````
    Megcx, Nov 23, 2010
    #23

  4. Megcx Newcomer, in training

    The ESET online scaner found no threats. Also, last night I was working on a research project and I looked at about 10-20 sites from google, and only once was I redirected. I've checked a few other sites just now, but it so far I've only been redirected the one time.
    Megcx, Nov 23, 2010
    #24

  5. Broni Malware Annihilator

    Your computer is clean [IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how your computer is doing.
    Broni, Nov 23, 2010
    #25

  6. Megcx Newcomer, in training

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Meghan
    ->Temp folder emptied: 8089 bytes
    ->Temporary Internet Files folder emptied: 45764788 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 765 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 12978 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 44.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Meghan
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb

    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.17.3 log created on 11242010_132713

    Files\Folders moved on Reboot...
    C:\Users\Meghan\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    Registry entries deleted on Reboot...
    Megcx, Nov 24, 2010
    #26

  7. Megcx Newcomer, in training

    I'm still getting redirected ): It was really good the other day, but for some reason today it's a lot worse
    Megcx, Nov 24, 2010
    #27

  8. Broni Malware Annihilator

    Go Start>Run ("Start search" in Vista), type in:
    cmd
    Click OK (hit Enter in Vista).

    At Command Prompt, paste this:
    ipconfig /all>c:\ipconfig_all.txt&notepad c:\ipconfig_all.txt&exit
    Hit Enter.

    Copy and paste what you see in Notepad into a Reply here.
    Broni, Nov 24, 2010
    #28

  9. Megcx Newcomer, in training

    A blanks Notepad opens. It says it cannot find the file and asks if I want to create a new file
    Megcx, Nov 24, 2010
    #29

  10. Broni Malware Annihilator

    Go Start>Run ("Start search" in Vista).
    Type in:
    cmd
    Click OK (press Enter in Vista)

    At command prompt, type in:
    ipconfig /all (<-----watch for "space" after "ipconfig")
    Press Enter.

    Click the icon on the menubar on the left and then Edit>Select all
    Click the icon in the menubar again then Edit>Copy

    [IMG]

    This copies all the text to the clipboard.

    Paste the output into your next reply.
    Broni, Nov 24, 2010
    #30

  11. Megcx Newcomer, in training

    Microsoft Windows [Version 6.1.7600]
    Copyright (c) 2009 Microsoft Corporation. All rights reserved.

    C:\Users\Meghan>ipconfig /all

    Windows IP Configuration

    Host Name . . . . . . . . . . . . : Meghan-PC
    Primary Dns Suffix . . . . . . . :
    Node Type . . . . . . . . . . . . : Broadcast
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No
    DNS Suffix Search List. . . . . . : lan

    Wireless LAN adapter Wireless Network Connection 2:

    Connection-specific DNS Suffix . : lan
    Description . . . . . . . . . . . : Atheros AR5B95 Wireless Network Adapter
    Physical Address. . . . . . . . . : 90-4C-E5-5D-6A-C9
    DHCP Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes
    Link-local IPv6 Address . . . . . : fe80::3075:3789:c2c7:2a97%12(Preferred)
    IPv4 Address. . . . . . . . . . . : 192.168.1.66(Preferred)
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Lease Obtained. . . . . . . . . . : November-24-10 10:04:50 PM
    Lease Expires . . . . . . . . . . : November-26-10 8:40:37 AM
    Default Gateway . . . . . . . . . : 192.168.1.254
    DHCP Server . . . . . . . . . . . : 192.168.1.254
    DHCPv6 IAID . . . . . . . . . . . : 328223973
    DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-9D-C7-58-00-26-22-8D-14-6F

    DNS Servers . . . . . . . . . . . : 192.168.1.254
    NetBIOS over Tcpip. . . . . . . . : Enabled

    Ethernet adapter Local Area Connection:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Atheros AR8132 PCI-E Fast Ethernet Contro
    ller (NDIS 6.20)
    Physical Address. . . . . . . . . : 00-26-22-8D-14-6F
    DHCP Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter isatap.lan:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . : lan
    Description . . . . . . . . . . . : Microsoft ISATAP Adapter
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter isatap.{2BE7B38B-9ACF-414D-B060-E9CD1C76DF17}:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter Teredo Tunneling Pseudo-Interface:

    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes
    IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:186b:20c8:5231:feb0(Pref
    erred)
    Link-local IPv6 Address . . . . . : fe80::186b:20c8:5231:feb0%13(Preferred)
    Default Gateway . . . . . . . . . : ::
    NetBIOS over Tcpip. . . . . . . . : Disabled

    C:\Users\Meghan>
    Megcx, Nov 25, 2010
    #31

  12. Broni Malware Annihilator

    Go Start>Run (Start search in Vista), type in:
    cmd
    Click OK (in Vista and Windows 7, while holding CTRL, and SHIFT, press Enter).

    In Command Prompt window, type in following commands, and hit Enter after each one:
    ipconfig /flushdns
    ipconfig /registerdns
    ipconfig /release
    ipconfig /renew
    net stop "dns client"
    net start "dns client"


    Turn the computer off.

    On your router, you'll find a pinhole marked "Reset".
    Keep pushing the hole, using a pencil, or a paperclip until all lights briefly come off and on.
    NOTE. Simple router disconnecting from a power source will NOT do.
    Restart computer and check for redirections.

    NOTE. You may need to re-check your router security settings, as described HERE
    Broni, Nov 25, 2010
    #32

  13. Megcx Newcomer, in training

    Before I do any of this, is it possible to not reset the router... or is that neccessary? The last time I reset it my internet connection got lost, so I had to call my service's tech people and they fixed it after a few hours, but they told me to not do that again and to only turn it off by pulling the cord...so yeah...):
    Megcx, Nov 26, 2010
    #33

  14. Broni Malware Annihilator

    Unfortunately, I see no other way to make sure, your router is not hijacked.
    Broni, Nov 26, 2010
    #34
Page 2 of 2
Thread Status:
Not open for further replies.