TechSpot

LiveMessenger fails to connect, suspecting malware

Solved
By mbeaulie
May 27, 2011
Topic Status:
Not open for further replies.
  1. mbeaulie

    mbeaulie TS Rookie Topic Starter Posts: 22

    Sorry about skipping the Java part... Ran it and it crashed the first time around. Ran it a second time and it did not find anything to clean so I assume it crashed after doing it's job. Should I rerun the parts that were supposed to be AFTER it?

    ESet running now...

    Marc
     
  2. Broni

    Broni Malware Annihilator Posts: 46,860   +254

    You can post fresh SecurityCheck log and we'll see what happened.
     
  3. mbeaulie

    mbeaulie TS Rookie Topic Starter Posts: 22

    C:\System Volume Information\_restore{3A14DA4E-0831-4971-A57E-F84E26567476}\RP1695\A0271837.rbf Win32/RegistryBooster application
    C:\System Volume Information\_restore{3A14DA4E-0831-4971-A57E-F84E26567476}\RP1695\A0271838.rbf Win32/RegistryBooster application
    C:\System Volume Information\_restore{3A14DA4E-0831-4971-A57E-F84E26567476}\RP1695\A0271839.rbf Win32/RegistryBooster application
    C:\System Volume Information\_restore{3A14DA4E-0831-4971-A57E-F84E26567476}\RP1695\A0271840.rbf Win32/RegistryBooster application
    C:\System Volume Information\_restore{3A14DA4E-0831-4971-A57E-F84E26567476}\RP1695\A0271841.rbf Win32/RegistryBooster application
    C:\System Volume Information\_restore{3A14DA4E-0831-4971-A57E-F84E26567476}\RP1695\A0271842.rbf Win32/RegistryBooster application
    E:\Documents de Marc\Téléchargements\registrybooster.exe Win32/RegistryBooster application
    E:\Mes documents\Téléchargements\setup.exe a variant of Win32/Adware.ErrorRepair application
     
  4. Broni

    Broni Malware Annihilator Posts: 46,860   +254

    Were you able to fix Java?

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      
      :Services
      
      :Reg
      
      :Files
      E:\Documents de Marc\Téléchargements\registrybooster.exe 
      E:\Mes documents\Téléchargements\setup.exe
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ====================================================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how your computer is doing.
     
  5. mbeaulie

    mbeaulie TS Rookie Topic Starter Posts: 22

    The java cleanup did work fine, and I now have the latest...

    OTL logs:
    All processes killed
    ========== OTL ==========
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    E:\Documents de Marc\Téléchargements\registrybooster.exe moved successfully.
    E:\Mes documents\Téléchargements\setup.exe moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrateur
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Genevieve
    ->Temp folder emptied: 3400 bytes
    ->Temporary Internet Files folder emptied: 105813 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 40843413 bytes
    ->Flash cache emptied: 877 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Marc
    ->Temp folder emptied: 11874848 bytes
    ->Temporary Internet Files folder emptied: 7353240 bytes
    ->Java cache emptied: 2027 bytes
    ->FireFox cache emptied: 69018034 bytes
    ->Flash cache emptied: 790 bytes

    User: Marianne
    ->Temp folder emptied: 954 bytes
    ->Temporary Internet Files folder emptied: 61975 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Sylvie
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Xavier
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 664 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 123,00 mb


    [EMPTYFLASH]

    User: Administrateur

    User: All Users

    User: Default User

    User: Genevieve
    ->Flash cache emptied: 0 bytes

    User: LocalService

    User: Marc
    ->Flash cache emptied: 0 bytes

    User: Marianne
    ->Flash cache emptied: 0 bytes

    User: NetworkService

    User: Sylvie
    ->Flash cache emptied: 0 bytes

    User: Xavier
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0,00 mb


    OTL by OldTimer - Version 3.2.23.0 log created on 05312011_005558

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
     
  6. mbeaulie

    mbeaulie TS Rookie Topic Starter Posts: 22

    Restore point removal log:

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrateur
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Genevieve
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Marc
    ->Temp folder emptied: 577052 bytes
    ->Temporary Internet Files folder emptied: 61975 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 9944330 bytes
    ->Flash cache emptied: 790 bytes

    User: Marianne
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Sylvie
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Xavier
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 664 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 10,00 mb


    [EMPTYFLASH]

    User: Administrateur

    User: All Users

    User: Default User

    User: Genevieve
    ->Flash cache emptied: 0 bytes

    User: LocalService

    User: Marc
    ->Flash cache emptied: 0 bytes

    User: Marianne
    ->Flash cache emptied: 0 bytes

    User: NetworkService

    User: Sylvie
    ->Flash cache emptied: 0 bytes

    User: Xavier
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0,00 mb

    Restore points cleared and new OTL Restore Point set!

    OTL by OldTimer - Version 3.2.23.0 log created on 05312011_010149

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
     
  7. mbeaulie

    mbeaulie TS Rookie Topic Starter Posts: 22

    OK, cleaned the restore points, uninstalled the tools and installed the programs to check S/W versions.(and updated or removed some packages... some I cannot for lack of $$$ or conflicts with other apps.)

    Also had another chat with the kids about PC online security and protecting personal info and themselves.

    MSN is still broken, for some accounts, but at least I now have cleared the malware possibility!

    Thanks you very much for your dedication to helping me and others!

    Marc
     
  8. Broni

    Broni Malware Annihilator Posts: 46,860   +254

    You're very welcome :)

    Good luck and stay safe :)
     
  9. mbeaulie

    mbeaulie TS Rookie Topic Starter Posts: 22

    Just a quick update: When I tried to update my NVidia driver, the install kept failling.

    I traced it to permission problems in the registry. I fixed those permission issues through some subinacl commands and drivers installed fine after that.

    MSN also started working OK on all accounts so I assume the bad permissions were causing the MSN issues too!

    Happy now!

    Thanks!

    Marc
     
  10. Broni

    Broni Malware Annihilator Posts: 46,860   +254

    Great news :)
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.