also @ TechSpot: Google, Samsung unveil Chromebook, Chromebox with Chrome OS 19

TechSpot
Register now for a live online demo to see how the Office 365 suite of tools
- professional email, calendars, video conferencing, and file sharing -

[Solved] Another "Hard Drive Clusters are Partly Damaged" virus or malware attack

Discussion in 'Virus and Malware Removal' started by b52nuke, Dec 8, 2011.

Page 3 of 3

  1. Broni Malware Annihilator

    Are you talking about this area?

    [IMG]

    ================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ============================================================

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    =============================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
    Broni, Dec 10, 2011
    #41

  2. b52nuke Newcomer, in training

    Yes that's the area I was talking about =).

    My scenario at the moment is I have a pharmacy law final on Monday, would it be rude, inconsiderate or a bad idea to postpone doing anything further until then? If so please let me know and I will jump into finishing the rest of this =D Otherwise I was considering waiting until Monday as my computer appears stable and in the event something goes horribly wrong Monday I'll have months to fix it in stead of hours haha. I default to your expertise and opinion =)
    b52nuke, Dec 10, 2011
    #42

  3. Broni Malware Annihilator

    At this point your computer should be fairly clean so....study :)

    As for that "Start" menu those entries can be easily recreated.
    The top part (seen in my screenshot in bold) are programs pinned to start menu.
    You can pin any program by right clicking on it and clicking "Pin to start menu".

    The lower part are programs frequently used.
    It'll populate over time.
    Just make sure your settings are correct.
    Right click on "Start" button, click "Properties" and make sure both boxes in "Privacy" section are checked.
    Broni, Dec 10, 2011
    #43

  4. b52nuke Newcomer, in training

    I'm still with you, I'm running the OTL here as I leave for work and I should be back on tonight with the results =)

    I also passed my exams haha w00t Thank you so much for getting my computer operable.
    b52nuke, Dec 14, 2011
    #44

  5. Broni Malware Annihilator

    Cool :)..............................

    Congratulations on passed exams :)
    Broni, Dec 14, 2011
    #45

  6. Broni Malware Annihilator

    Still with me?
    Broni, Dec 20, 2011
    #46

  7. b52nuke Newcomer, in training

    Hi, Yes sorry, I'm re-running OTL right now
    b52nuke, Dec 20, 2011
    #47

  8. b52nuke Newcomer, in training

    I'm not sure if this is diagnostic to you but It took multiple multiple multiple attempts to get the custom fix OTL to work without freezing at some point ie opening the browser my computer would freeze sometimes, typing in techspot.com/.... would freeze , I re-downloaded OTL because I thought maybe it was corrupt because it would freeze to, couldn't access it downloading with google chrome so I used Mozilla. I finally just did safe mode with networking to run it =\ and my computer was ran through everything fine. ( I haven't used it since my last post to you here about finals). Here is the newest log:

    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Keith
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 113532348 bytes
    ->Java cache emptied: 470923 bytes
    ->FireFox cache emptied: 43703846 bytes
    ->Google Chrome cache emptied: 7951545 bytes
    ->Flash cache emptied: 41789 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 5283573 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 64693 bytes
    RecycleBin emptied: 22016 bytes

    Total Files Cleaned = 163.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Keith
    ->Flash cache emptied: 0 bytes

    User: Public

    User: UpdatusUser

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.31.0 log created on 12202011_015427

    Files\Folders moved on Reboot...
    File\Folder C:\Users\Keith\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

    Registry entries deleted on Reboot...
    b52nuke, Dec 20, 2011
    #48

  9. b52nuke Newcomer, in training

    For security check, this said my flash player isn't up to date? But I did just update it as you said ?

    Results of screen317's Security Check version 0.99.24
    Windows 7 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````````````````````
    Antivirus/Firewall Check:
    Windows Security Center service is not running! This report may not be accurate!
    Windows Firewall Enabled!
    Sophos Anti-Virus
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:
    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 30
    Adobe Flash Player ( 10.3.181.34) Flash Player Out of Date!
    Adobe Reader X (10.1.1)
    Mozilla Firefox (x86 en-US..)
    Mozilla Thunderbird (5.0.) Thunderbird Out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent
    Malwarebytes' Anti-Malware mbamgui.exe
    Sophos Sophos Anti-Virus SavService.exe
    Sophos Sophos Anti-Virus SAVAdminService.exe
    Sophos Sophos Anti-Virus Web Intelligence swi_service.exe
    Symantec Norton Online Backup NOBuAgent.exe
    ``````````End of Log````````````
    b52nuke, Dec 20, 2011
    #49

  10. Broni Malware Annihilator

    You're fine.
    I still need Eset scan log.
    Broni, Dec 20, 2011
    #50

  11. b52nuke Newcomer, in training

    Hi, I'm running the Eset scan again, I did it last night but a windows update restarted my computer and I'm not sure where the log went =\
    b52nuke, Dec 21, 2011
    #51

  12. b52nuke Newcomer, in training

    Oop, might have found it, but I have a 2nd scan in progress, not sure if that would interfere with the log in program files?

    ESETSmartInstaller@High as downloader log:
    all ok
    # version=7
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6583
    # api_version=3.0.2
    # EOSSerial=c6c242cdfd94154b80e89537925757ec
    # end=finished
    # remove_checked=true
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2011-12-20 12:09:35
    # local_time=2011-12-20 05:09:35 (-0700, US Mountain Standard Time)
    # country="United States"
    # lang=1033
    # osver=6.1.7601 NT Service Pack 1
    # compatibility_mode=5893 16776573 100 94 0 75919631 0 0
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # compatibility_mode=8449 16775165 50 99 0 2547973 0 0
    # scanned=145484
    # found=1
    # cleaned=1
    # scan_time=6794
    C:\Users\Keith\Downloads\cnet2_CueCard151Setup_exe.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    ESETSmartInstaller@High as downloader log:
    all ok
    b52nuke, Dec 21, 2011
    #52

  13. Broni Malware Annihilator

    Your computer is clean [IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
    Broni, Dec 21, 2011
    #53

  14. b52nuke Newcomer, in training

    Everything's been good so far! Thank you again so much for your help =D
    b52nuke, Dec 23, 2011
    #54

  15. Broni Malware Annihilator

    Way to go!! [IMG]
    Good luck and stay safe :)
    Broni, Dec 23, 2011
    #55
Page 3 of 3