TechSpot

Easylifeapp virus

Solved
By BobDylan
Mar 3, 2013
  1. BobDylan

    BobDylan TechSpot Enthusiast Topic Starter Posts: 114

    Hi,

    JavaRa now run and removed older version.

    Same issue is occurring, still can't download newest Java (as explained above).

    Don't seem to be having any problems with regards to the easylifeapp virus, seems to have dissapeared.
  2. Broni

    Broni Malware Annihilator Posts: 46,479   +252

  3. BobDylan

    BobDylan TechSpot Enthusiast Topic Starter Posts: 114

    Thanks for that. OK have sucessfully downloaded Java. I downloaded the 64bit version, as far as I'm aware that is what my system is. Although when using chrome it says: "
    We have detected you may be viewing this page in a 32-bit browser." -
    but my attempt to download the 32 bit version failed once again.
  4. Broni

    Broni Malware Annihilator Posts: 46,479   +252

    You have 64-bit system so you have to install both Java versions.

    If not other issues...

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

    6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    8. Run Temporary File Cleaner (TFC) weekly.

    9. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    11. (Windows XP only) Run defrag at your convenience.

    12. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    13. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

    14. Please, let me know, how your computer is doing.
  5. BobDylan

    BobDylan TechSpot Enthusiast Topic Starter Posts: 114

    Ok, Well I have downloaded Java 64bit version, but the above issues keep happening with regards to the 32 bit version (wizard was interrupted, then 'browserlauncherror:87'.

    Shall I now do the above steps you have advised, or can I not do them until I have 32 bit version?

    Sorry for being a bit stupid here.

    EDIT: Oh, and did I have any trojans, rootkits or bootkits ?
  6. Broni

    Broni Malware Annihilator Posts: 46,479   +252

    Use different browser to download 32-bit Java.
  7. Broni

    Broni Malware Annihilator Posts: 46,479   +252

    No.
  8. BobDylan

    BobDylan TechSpot Enthusiast Topic Starter Posts: 114

    Sorry, can't download 32-bit Java on either firefox or chrome.

    I can't use IE on this laptop, it is there but doesn't work and hasn't worked for a long time. It wasn't working once so I tried to uninstall it and then it was bust for ever. But that's a whole new problem we don't need to go down!

    Sorry about all of this.
  9. Broni

    Broni Malware Annihilator Posts: 46,479   +252

  10. BobDylan

    BobDylan TechSpot Enthusiast Topic Starter Posts: 114

    Thanks, but the same thing happens - Java Setup Welcome pops up, so I click on INSTALL. Then Java Setup Process pops up, then Java Setup pops up saying: "Installation failed. The Wizard was interrupted before Java7 Update 17 could be completely installed. To complete installation another time, please run setup again.... Click OK to exit the Wizard." Then there is a box underneath that is checked which says 'Open Java Help'. I click on OK, then something else pops up with a cross saying 'BrowserLauchError:87'.

    That happens when I try to do it in both firefox and chrome.

    As for IE, I've had the problem so long I can't overly remember how it came about. Although a couple of years ago on this forum I posted:

    I have been having some issues with Internet Explorer 9. Whenever I try and open it, it pops up on the screen for a milisecond then dissapears. It never opens.

    I wanted to uninstall it, so went about it what I think is the proper way ( Start, type Programs and Features in the search box, Under Uninstall an update, scroll down to the Microsoft Windows section, then choose it). But when I do this it says: An error has occurred Not all of the updates were successfully uninstalled. If I try to turn it off, it says something similar.

    I have tried to download a different type of IE, but it just tells me I have the most up to date version.

    Weird.
  11. Broni

    Broni Malware Annihilator Posts: 46,479   +252

     
  12. BobDylan

    BobDylan TechSpot Enthusiast Topic Starter Posts: 114

    Thanks. Am going to try and do all of the above today. First...

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: AppData
    ->Temp folder emptied: 0 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: owner
    ->Temp folder emptied: 30873 bytes
    ->Temporary Internet Files folder emptied: 66340 bytes
    ->Java cache emptied: 463 bytes
    ->FireFox cache emptied: 8529873 bytes
    ->Google Chrome cache emptied: 12740277 bytes
    ->Flash cache emptied: 3919 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 20.00 mb


    [EMPTYFLASH]

    User: All Users

    User: AppData

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: owner
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYJAVA]

    User: All Users

    User: AppData

    User: Default

    User: Default User

    User: owner
    ->Java cache emptied: 0 bytes

    User: Public

    Total Java Files Cleaned = 0.00 mb

    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.69.0 log created on 03102013_090001

    Files\Folders moved on Reboot...
    C:\Users\owner\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
  13. BobDylan

    BobDylan TechSpot Enthusiast Topic Starter Posts: 114

    OK all done. Thanks very much for your help.

    Sadly, the IE fixit procedure.didn't work. Still IE just pops up for a milisecond and then dissapears.
  14. Broni

    Broni Malware Annihilator Posts: 46,479   +252

    Download Windows Repair (All in One) from this site

    Install the program then run it.

    NOTE 1. In Windows Vista, 7 and 8 right click on the program, click "Run As Administrator".
    NOTE 2. Disable your antivirus program before running Windows Repair.


    Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

    [​IMG]



    Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:

    [​IMG]


    Go to Step 4 and under "System Restore" click on Create button:

    [​IMG]


    Go to Start Repairs tab and click Start button.

    Leave all checkmarks as they're.
    NOTE for Windows 8 users. Reset Registry Permissions is NOT checked by design.

    Click on Start button.

    [​IMG]

    Post Windows Repair log which is located in the following folder:
    64-bit systems - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs
    32-bit systems - C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs
  15. BobDylan

    BobDylan TechSpot Enthusiast Topic Starter Posts: 114

    For the 64 bit there are 7 notepad files. The top one is titled '_windows_repair_log'. I have copy and pasted that one below. The rest are either called 'windows_repair_hkey_classes_root_log_.... etc' or 'windows_repair_hkey_local_machine_3_log' etc. I am not sure if I am meant to copy and paste all of them as its quite a lot.

    Running Repair Under System Account
    Starting Repairs...
    Start (10/03/2013 20:25:28)

    Reset Registry Permissions 01/03
    HKEY_CURRENT_USER & Sub Keys
    Start (10/03/2013 20:25:28)
    Running Repair Under Current User Account
    Done (10/03/2013 20:25:37)

    Reset Registry Permissions 02/03
    HKEY_LOCAL_MACHINE & Sub Keys
    Start (10/03/2013 20:25:37)
    Running Repair Under System Account
    Done (10/03/2013 20:28:26)

    Reset Registry Permissions 03/03
    HKEY_CLASSES_ROOT & Sub Keys
    Start (10/03/2013 20:28:26)
    Running Repair Under System Account
    Done (10/03/2013 20:29:29)

    Register System Files
    Start (10/03/2013 20:29:29)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (10/03/2013 20:30:33)

    Repair WMI
    Start (10/03/2013 20:30:33)
    Running Repair Under Current User Account
    Invalid Global Switch.

    Invalid Global Switch.

    Running Repair Under System Account
    Invalid Global Switch.

    Invalid Global Switch.

    Done (10/03/2013 20:34:18)

    Repair Windows Firewall
    Start (10/03/2013 20:34:18)
    Running Repair Under Current User Account
    The Internet Connection Sharing (ICS) service is not started.

    More help is available by typing NET HELPMSG 3521.

    The Internet Connection Sharing (ICS) service could not be started.

    The service did not report an error.

    More help is available by typing NET HELPMSG 3534.

    Running Repair Under System Account
    The Internet Connection Sharing (ICS) service is not started.

    More help is available by typing NET HELPMSG 3521.

    The Internet Connection Sharing (ICS) service could not be started.

    The service did not report an error.

    More help is available by typing NET HELPMSG 3534.

    Done (10/03/2013 20:35:07)

    Repair Internet Explorer
    Start (10/03/2013 20:35:07)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (10/03/2013 20:35:41)

    Repair MDAC/MS Jet
    Start (10/03/2013 20:35:41)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (10/03/2013 20:36:11)

    Repair Hosts File
    Start (10/03/2013 20:36:11)
    Running Repair Under System Account
    Done (10/03/2013 20:36:13)

    Remove Policies Set By Infections
    Start (10/03/2013 20:36:13)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (10/03/2013 20:36:18)

    Repair Icons
    Start (10/03/2013 20:36:18)
    Running Repair Under System Account
    Could Not Find C:\Users\owner\AppData\Local\IconCache.db.bak
    Could Not Find C:\Users\owner\AppData\Local\IconCache.db
    Done (10/03/2013 20:36:21)

    Repair Winsock & DNS Cache
    Start (10/03/2013 20:36:21)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (10/03/2013 20:36:40)

    Repair Proxy Settings
    Start (10/03/2013 20:36:40)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (10/03/2013 20:36:45)

    Repair Windows Updates
    Start (10/03/2013 20:36:45)
    Running Repair Under Current User Account
    The Windows Update service is not started.

    More help is available by typing NET HELPMSG 3521.

    Access is denied.
    Running Repair Under System Account
    The Cryptographic Services service is not started.

    More help is available by typing NET HELPMSG 3521.

    The Background Intelligent Transfer Service service is not started.

    More help is available by typing NET HELPMSG 3521.

    The Windows Update service is not started.

    More help is available by typing NET HELPMSG 3521.

    Access is denied.
    Done (10/03/2013 20:37:30)

    Repair CD/DVD Missing/Not Working
    Start (10/03/2013 20:37:30)
    Done (10/03/2013 20:37:30)

    Repair Volume Shadow Copy Service
    Start (10/03/2013 20:37:30)
    Running Repair Under Current User Account
    The Volume Shadow Copy service is not started.

    More help is available by typing NET HELPMSG 3521.

    The Microsoft Software Shadow Copy Provider service is not started.

    More help is available by typing NET HELPMSG 3521.

    Running Repair Under System Account
    The Volume Shadow Copy service is not started.

    More help is available by typing NET HELPMSG 3521.

    The Microsoft Software Shadow Copy Provider service is not started.

    More help is available by typing NET HELPMSG 3521.

    Done (10/03/2013 20:37:43)

    Repair MSI (Windows Installer)
    Start (10/03/2013 20:37:43)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (10/03/2013 20:37:56)

    Repair bat Association
    Start (10/03/2013 20:37:56)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (10/03/2013 20:38:01)

    Repair cmd Association
    Start (10/03/2013 20:38:01)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (10/03/2013 20:38:06)

    Repair com Association
    Start (10/03/2013 20:38:06)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (10/03/2013 20:38:10)

    Repair Directory Association
    Start (10/03/2013 20:38:11)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (10/03/2013 20:38:15)

    Repair Drive Association
    Start (10/03/2013 20:38:15)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (10/03/2013 20:38:20)

    Repair exe Association
    Start (10/03/2013 20:38:20)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (10/03/2013 20:38:27)

    Repair Folder Association
    Start (10/03/2013 20:38:27)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (10/03/2013 20:38:32)

    Repair inf Association
    Start (10/03/2013 20:38:32)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (10/03/2013 20:38:37)

    Repair lnk (Shortcuts) Association
    Start (10/03/2013 20:38:37)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (10/03/2013 20:38:41)

    Repair msc Association
    Start (10/03/2013 20:38:41)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (10/03/2013 20:38:46)

    Repair reg Association
    Start (10/03/2013 20:38:46)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (10/03/2013 20:38:51)

    Repair scr Association
    Start (10/03/2013 20:38:51)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (10/03/2013 20:38:56)

    Repair Windows Safe Mode
    Start (10/03/2013 20:38:56)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (10/03/2013 20:39:03)

    Repair Print Spooler
    Start (10/03/2013 20:39:03)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (10/03/2013 20:39:14)

    Restore Important Windows Services
    Start (10/03/2013 20:39:14)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (10/03/2013 20:39:21)

    Set Windows Services To Default Startup
    Start (10/03/2013 20:39:21)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (10/03/2013 20:39:44)

    Cleaning up empty logs...

    All Selected Repairs Done.
    Done (10/03/2013 20:39:44)
    Total Repair Time: 00:14:16


    ...YOU MUST RESTART YOUR SYSTEM...
    Running Repair Under System Account
  16. BobDylan

    BobDylan TechSpot Enthusiast Topic Starter Posts: 114

    Just realised that for '32-bit systems - C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs' , there doesn't appear to be such a thing. Tweaking.com only appears in C:\programfiles(x86).



    EDIT: But IE is now working!!!
  17. Broni

    Broni Malware Annihilator Posts: 46,479   +252

    Excellent!

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

    6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    8. Run Temporary File Cleaner (TFC) weekly.

    9. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    11. (Windows XP only) Run defrag at your convenience.

    12. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    13. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

    14. Please, let me know, how your computer is doing.
  18. BobDylan

    BobDylan TechSpot Enthusiast Topic Starter Posts: 114

    OK I did all of the above earlier, before I highlighted the IE problem, so think it should be OK unless you say otherwise.

    Thanks you so much for all of your help, it is very good of you and much appreciated.
  19. Broni

    Broni Malware Annihilator Posts: 46,479   +252

    Way to go!! [​IMG]
    Good luck and stay safe :)


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.