Solved After removing FBI Moneypak Ransomware, svchost.exe Trojan on Windows 7 keeps returning

[TruelightE525]

Hi Broni,

I keep forgetting to mention in the process of cleaning the PC that Internet Explorer is still not working correctly and Firefox is still missing from the Task Bar (so I haven't tested it out yet). Previously (when the PC was totally infected and crashing all the time), both IE and Firefox were taking me to sites that were different from the web addresses that I entered, and at some point, one of the viruses removed the Firefox icon from the Task Bar. How it did it, I don't know. Now, when I go to Internet Explorer, it cannot connect with any websites. So, I've been using Safari for the last two days on this PC. Any help you can give me regarding repairing these web browsers would be helpful and appreciated.

 

[Broni]

The only program installed by us is ESET Online Scanner.
You can keep it for future use.

As for IE.
Open it, go Tools>Internet options>Advanced tab and click on "Reset" button.
Restart IE and see how it goes.

As for Firefox...
Go Start>All programs, find Firefox, right click on it, then Send to>Quick Launch

 

[TruelightE525]

Hi Broni,

OK...I will keep ESET Online Scanner.

I was going to Reset IE per your instructions, but I decided not to Reset IE after all. Here's what happened:

After opening IE, it took a long time before I could even go to Tools>Internet options. When I finally was able to go to the Advanced tab, I read about all the things that were going to be reset to default and/or deleted upon Resetting. I had a bad feeling about Resetting everything, so I Canceled instead. After the Cancel, I was able to use IE again to surf the web. It's slower than I think it should be, but not unresponsive.

As for Firefox, there was no Quick Launch option. So, what I did to make it show up on the Taskbar again was...
Go Start>All programs, find Firefox, right click on it, then Pin to Taskbar.

I'm going to continue now with the long list of previous instructions from 1:04 pm today, starting with:

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

I'll let you know if I have any problems or send you my next post of log contents, whichever comes first.

Thanks again for all your help. Hope you're having a Happy Saturday.

 

[Broni]

 

[TruelightE525]

Hi Broni,

Sorry for all the questions/problems today, but I was in the process of deleting tools and logs leftover on the PC, and I noticed a folder on the C: drive called, TDSSKiller_Quarantine. Should that folder and its contents be deleted? While I await your reply, I will continue working on the rest of your instructions.

 

[Broni]

You can delete that folder.
I don't mind you asking questions at all

 

[TruelightE525]

Hi Broni,

For Firefox, I could not update:
Silverlight Plug-In, Google Earth Plugin, and Citrix ICA Client.

There were other plug-ins that simply said "? Research" next to the plug-in name:
Facebook Plugin, iTunes Application Detector, Windows Live™ Photo Gallery, iLinc Communications Netscape/Mozilla Install Plugin v 11.2, and Google Update.

What do I do about them?

I'm going to continue working on update the other browsers' plug-ins while I await your reply. Thanks again for all your help!

 

[Broni]

Don't worry about those.

 

[TruelightE525]

Hi Broni,

For Safari, I could not update:

Apple Safari (Installed Version: 5.1.5, Latest Version: 5.1.7) or Adobe Shockwave Player (Installed File Version: 10.4.1, Latest File Version: 11.6.8.638).

But I don't think the Qualys BrowserCheck is not giving me accurate info about Adobe Shockwave Player. I looked at the programs that were installed under Start>Control Panel>Programs and Features, and it showed that I had installed the latest version of Adobe Shockwave Player (11.6.8.638). As a matter of fact, I think I installed it when I updated the plug-ins for Firefox, before I started updating the plug-ins for Safari. And I did restart Firefox after installing all of the plug-ins so that they would be accessible to Firefox, so I'm not sure what's the problem So, please let me know if this is a real issue that I need to resolve or if I can ignore it and keep going.

I'm going to start updating the plug-ins for Internet Explorer now. Thanks!

[FONT=Trebuchet MS][/FONT]

 

[TruelightE525]

Hi Broni,

I may have to Reset Internet Explorer after all. It's too slow to do anything useful. However, I was able to run the Qualys BrowserCheck using IE. But it gave me some more (I think) inaccurate info about the version of one of the programs (Adobe Flash Player) that it says is a Security Risk. It says the PC has Adobe Flash Player 11.4.402.287 installed, rather than 11.5.502.110. But there are two Adobe Flash Player's that were installed yesterday. One was Adobe Flash Player 11 Plugin (11.5.502.110), while the other was Adobe Flash Player 11 ActiveX (11.4.402.287). Should I ignore this or is this an issue I need to resolve?

Thanks!

 

[TruelightE525]

Hi Broni,

I did the Reset on IE, but it's not any faster. Any other suggestions on how to speed it up?

 

[TruelightE525]

Here are my latest MalwareBytes log contents:

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.17.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
kc :: KC-PC [administrator]

11/18/2012 2:01:58 AM
mbam-log-2012-11-18 (02-01-58).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 212741
Time elapsed: 4 minute(s), 14 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

This is the first time I've seen MalwareBytes show all 0's. Does this mean the PC is really clean or do I need to Perform the Full Scan just to make sure? I've been seeing the infection for so long, it's hard to really believe that the PC is clean!

 

[Broni]

You're good to go