also @ TechSpot: Qualcomm shows off Mirasol, 1.5-inch panel shipping in products soon

Appear to be infected eith expiro.x

Discussion in 'Virus and Malware Removal' started by luddite, Nov 13, 2011.

Post New Reply
Page 5 of 6

  1. luddite Newcomer, in training Posts: 82

    ok
    Java won't load. i get an error message that some file in documents and settings does not exist.

    Should i run Java ra to remove old fragments of Java before installing the newest version?
    luddite, Nov 21, 2011
    #81

  2. Broni Malware Annihilator Posts: 39,349   +175

    Please redo the fix.
    Broni, Nov 21, 2011
    #82

  3. Broni Malware Annihilator Posts: 39,349   +175

    Go ahead.
    Broni, Nov 21, 2011
    #83

  4. luddite Newcomer, in training Posts: 82

    Ok
    java update won't load. I get after the click install a pop up window saying abort install refresh web page to install, but it doesn't get past that point.
    What do i do now?
    luddite, Nov 21, 2011
    #84

  5. Broni Malware Annihilator Posts: 39,349   +175

    OK. One thing at a time.
    1. You need to redo OTL fix so it'll produce a log.
    2. Java...did you run JavaRa first? If you did and still a problem download standalone Java installer from here: http://www.java.com/en/download/manual.jsp (Windows 7, XP Offline)
    Broni, Nov 21, 2011
    #85

  6. luddite Newcomer, in training Posts: 82

    Sorry for getting spastic...
    I will try to run OTL again to get a log.
    luddite, Nov 21, 2011
    #86
     

  7. luddite Newcomer, in training Posts: 82

    hello
    Ok. ran OTL again. Still didn't get any log at conclusion of program running.
    I ran JavaRa. i think it removed Java, but am not sure.
    I ran the Java offline install. Am not sure that Java is loaded.
    At least when I ran Security check,it produced a log. Here it is

    Results of screen317's Security Check version 0.99.24
    Windows XP Service Pack 3 x86
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:
    Windows Firewall Enabled!
    AVG 2012
    ESET Online Scanner v3
    ```````````````````````````````
    Anti-malware/Other Utilities Check:
    Malwarebytes' Anti-Malware
    CCleaner
    Java(TM) 6 Update 20
    Java(TM) 6 Update 7
    Out of date Java installed!
    Adobe Reader X (10.1.1)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent
    Malwarebytes' Anti-Malware mbamservice.exe
    Malwarebytes' Anti-Malware mbamgui.exe
    AVG avgrsx.exe
    AVG avgemc.exe
    ``````````End of Log````````````
    luddite, Nov 21, 2011
    #87

  8. Broni Malware Annihilator Posts: 39,349   +175

    Did it run successfully?
    I'm asking because Security Check doesn't see it.

    Go ahead with Eset.
    Broni, Nov 21, 2011
    #88

  9. luddite Newcomer, in training Posts: 82

    Ok...well maybe not okay.
    Can't get OTL to produce a log file.
    Really not sure that either JavaRa removed the old Java remnants or that the latest java version got installed.
    The ESET scan keeps dosen't load- I get unexpected error 101
    Now what do I do now?
    luddite, Nov 21, 2011
    #89

  10. Broni Malware Annihilator Posts: 39,349   +175

    What happened when you started Java installer?

    Instead of Eset....

    Please, run F-Secure Online Scanner

    • Disable your Antivirus program.
    • Checkmark I have read and accepted the license terms.
    • Click on Run Check button.
    • Quick scan (recommended) option will come pre-checked. Don't change it.
    • Click on Start button.
    • When scan is done, in Step 3: Clean the files, leave all settings as they're.
    • Click Next button.
    • Click Full report... button.
    • Copy report's content and paste it into your next reply.
    Broni, Nov 21, 2011
    #90

  11. luddite Newcomer, in training Posts: 82

    When I try to install Java, the program runs for 10-15 seconds and then a popup titled "Abort- Java(TM) Installer". in the box below the title is the message "To restart the Java(TM) installer, please refresh the web page."

    i guess this keeps me from running F-secure at this time.
    luddite, Nov 21, 2011
    #91

  12. Broni Malware Annihilator Posts: 39,349   +175

    You shouldn't be getting "refresh the web page" message if you're running OFFLINE installer.
    Are you sure you downloaded "offline" installer?
    Broni, Nov 21, 2011
    #92

  13. luddite Newcomer, in training Posts: 82

    i will try again...
    luddite, Nov 21, 2011
    #93

  14. luddite Newcomer, in training Posts: 82

    Well...
    I tried to install Java offline from the manual download site.
    The window popsup asking do I want to install, click install, Then the window dissapears and nothing more happens, no hard drive activity light flashing,. nothing.

    You can send me my next instructions, but I'm singing off for tonight. Thank you for your attention in trying to exise this menace from my laptop.
    luddite, Nov 21, 2011
    #94

  15. Broni Malware Annihilator Posts: 39,349   +175

    Try to use different browser to run Eset or F-Secure scan.
    Broni, Nov 21, 2011
    #95

  16. luddite Newcomer, in training Posts: 82

    Hello
    After some rest i am hopelly better focused to the task at hand.

    Was able to run ESET from google chrome.

    Here is the found threats log from ESET

    C:\Qoobox\Quarantine\C\WINDOWS\system32\wscntfy.exe.vir Win32/Expiro.X virus
    luddite, Nov 22, 2011
    #96

  17. Broni Malware Annihilator Posts: 39,349   +175

    Your computer is clean [IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
    Broni, Nov 22, 2011
    #97

  18. luddite Newcomer, in training Posts: 82

    Hello
    Thank you
    Yeah, the programs and shortcuts that were not working are still lost.

    Now that expiro has left the building, if I run recovery from my hard drive backup thats located on an external hard drive, do I have a chance of recovering those lost shortcuts and programs?
    luddite, Nov 22, 2011
    #98

  19. Broni Malware Annihilator Posts: 39,349   +175

    I'm not sure.

    Previously I gave you instructions how to recreate those things manually.

    Make sure your backup is clean!

    Any other issues?
    Broni, Nov 22, 2011
    #99

  20. luddite Newcomer, in training Posts: 82

    Hello
    Here is an update.
    Couldn't get the Easy-gig backup to load onto the laptop. Apricorn Easy-gig had problems operating.

    I did a repair install of XP with the other XP disc from another computer.
    The two Microsoft updates that wouldn't download before still wouldn't download.
    Contacted Microsoft re: MS updates that wouldn't download. E-mail replies from MS resolved that issue.

    Secunia still kept seing old versions of Java after repeated JavaRa applications.
    I downdloded Revo Uninstaller. It found the other version of Java and removed it.

    Uninstalled other programs tha weren't operating properly (Audacity, Picture Project, Apricorn Easy-gig, Java)

    Result...everything appears to be as it was before the infection.

    Thanks again for the help in exorising the demon from the laptop.
    Live long and prosper.
    luddite, Nov 27, 2011
    #100
Page 5 of 6

Add New Comment

Social Login & Guest Posting

TechSpot Members
Login here or sign up for free,
it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.