Possible Infection cleanup with Jay

Inactive
By zuuzuu2
Mar 26, 2013
  1. Sorry again about all the trouble. I managed to run ESET and will post the log. As I mentioned in my conversation with you, however, now both Firefox and Chrome consider the majority of sites I visit as untrusted and that their signatures have been unverified and refuse to let me access them. I'm not sure where we go from here. Sorry for the trouble and thank you for your time.

    ESET log:

    C:\Application Files\RealmOfTheMadGodLuncher_1_0_0_0\RealmOfTheMadGodLuncher.exe.deploy a variant of MSIL/PSW.Agent.NHQ trojan cleaned by deleting - quarantined
    C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\5EQHLJAG.3M8\YB37AY8D.GAB\real..tion_d4eef62879c534e4_0001.0000_a5ab67b65b083b51\RealmOfTheMadGodLuncher.exe a variant of MSIL/PSW.Agent.NHQ trojan cleaned by deleting - quarantined
    C:\Documents and Settings\Administrator\My Documents\Downloads\microsoft-excel-windows-malavida.exe Win32/Malavida.A application cleaned by deleting - quarantined
    C:\Program Files\Mozilla Firefox\RotmgPlugins\Application Files\RealmOfTheMadGodLuncher_1_0_0_0\RealmOfTheMadGodLuncher.exe.deploy a variant of MSIL/PSW.Agent.NHQ trojan cleaned by deleting - quarantined
  2. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Please do the following:

    Go to Start > Run, type in CMD and hit OK.

    Type this in Command Prompt and hit Enter: netstat -o > log.txt && log.txt

    It should launch a log, which I'll need posted, please.
  3. zuuzuu2

    zuuzuu2 Newcomer, in training Topic Starter

    Active Connections

    Proto Local Address Foreign Address State PID
    TCP HP29169229266:1028 localhost:27015 ESTABLISHED 1888
    TCP HP29169229266:1685 localhost:1686 ESTABLISHED 3472
    TCP HP29169229266:1686 localhost:1685 ESTABLISHED 3472
    TCP HP29169229266:1687 localhost:12080 ESTABLISHED 3472
    TCP HP29169229266:1689 localhost:12080 ESTABLISHED 3472
    TCP HP29169229266:1691 localhost:12080 ESTABLISHED 3472
    TCP HP29169229266:1699 localhost:12080 ESTABLISHED 3472
    TCP HP29169229266:1701 localhost:12080 ESTABLISHED 3472
    TCP HP29169229266:1703 localhost:12080 ESTABLISHED 3472
    TCP HP29169229266:1705 localhost:12080 ESTABLISHED 3472
    TCP HP29169229266:1708 localhost:12080 ESTABLISHED 3472
    TCP HP29169229266:1712 localhost:12080 ESTABLISHED 3472
    TCP HP29169229266:1715 localhost:12080 ESTABLISHED 3472
    TCP HP29169229266:1719 localhost:12080 ESTABLISHED 3472
    TCP HP29169229266:1720 localhost:12080 ESTABLISHED 3472
    TCP HP29169229266:1721 localhost:12080 ESTABLISHED 3472
    TCP HP29169229266:pptp localhost:12080 ESTABLISHED 3472
    TCP HP29169229266:1724 localhost:12080 ESTABLISHED 3472
    TCP HP29169229266:1727 localhost:12080 ESTABLISHED 3472
    TCP HP29169229266:1739 localhost:12080 ESTABLISHED 3472
    TCP HP29169229266:1742 localhost:12080 TIME_WAIT 0
    TCP HP29169229266:1749 localhost:12080 ESTABLISHED 3472
    TCP HP29169229266:1752 localhost:12080 ESTABLISHED 3472
    TCP HP29169229266:1755 localhost:12080 ESTABLISHED 3472
    TCP HP29169229266:1759 localhost:12080 TIME_WAIT 0
    TCP HP29169229266:1762 localhost:12080 TIME_WAIT 0
    TCP HP29169229266:1771 localhost:12080 ESTABLISHED 3472
    TCP HP29169229266:1776 localhost:12080 TIME_WAIT 0
    TCP HP29169229266:1780 localhost:12080 ESTABLISHED 3472
    TCP HP29169229266:1781 localhost:12080 ESTABLISHED 3472
    TCP HP29169229266:1783 localhost:12080 ESTABLISHED 3472
    TCP HP29169229266:1786 localhost:12080 ESTABLISHED 3472
    TCP HP29169229266:1797 localhost:12080 ESTABLISHED 3472
    TCP HP29169229266:1799 localhost:12080 TIME_WAIT 0
    TCP HP29169229266:1800 localhost:12080 TIME_WAIT 0
    TCP HP29169229266:1805 localhost:12080 TIME_WAIT 0
    TCP HP29169229266:1807 localhost:12080 TIME_WAIT 0
    TCP HP29169229266:1809 localhost:12080 TIME_WAIT 0
    TCP HP29169229266:1811 localhost:12080 TIME_WAIT 0
    TCP HP29169229266:1817 localhost:12080 TIME_WAIT 0
    TCP HP29169229266:1825 localhost:12080 ESTABLISHED 3472
    TCP HP29169229266:1827 localhost:12080 TIME_WAIT 0
    TCP HP29169229266:1830 localhost:12080 TIME_WAIT 0
    TCP HP29169229266:1832 localhost:12080 TIME_WAIT 0
    TCP HP29169229266:1834 localhost:12080 TIME_WAIT 0
    TCP HP29169229266:1836 localhost:12080 ESTABLISHED 3472
    TCP HP29169229266:1844 localhost:12080 TIME_WAIT 0
    TCP HP29169229266:1846 localhost:12080 ESTABLISHED 3472
    TCP HP29169229266:1849 localhost:12080 ESTABLISHED 3472
    TCP HP29169229266:1851 localhost:12080 ESTABLISHED 3472
    TCP HP29169229266:1856 localhost:12080 ESTABLISHED 3472
    TCP HP29169229266:1858 localhost:12080 TIME_WAIT 0
    TCP HP29169229266:1864 localhost:12080 TIME_WAIT 0
    TCP HP29169229266:1865 localhost:12080 TIME_WAIT 0
    TCP HP29169229266:1869 localhost:12080 TIME_WAIT 0
    TCP HP29169229266:1873 localhost:12080 TIME_WAIT 0
    TCP HP29169229266:1877 localhost:12080 TIME_WAIT 0
    TCP HP29169229266:1879 localhost:12080 TIME_WAIT 0
    TCP HP29169229266:1885 localhost:12080 TIME_WAIT 0
    TCP HP29169229266:1889 localhost:12080 TIME_WAIT 0
    TCP HP29169229266:1890 localhost:12080 ESTABLISHED 3472
    TCP HP29169229266:1891 localhost:12080 ESTABLISHED 3472
    TCP HP29169229266:1894 localhost:12080 TIME_WAIT 0
    TCP HP29169229266:1897 localhost:12080 TIME_WAIT 0
    TCP HP29169229266:1899 localhost:12080 TIME_WAIT 0
    TCP HP29169229266:1901 localhost:12080 TIME_WAIT 0
    TCP HP29169229266:1904 localhost:12080 TIME_WAIT 0
    TCP HP29169229266:1905 localhost:12080 TIME_WAIT 0
    TCP HP29169229266:1908 localhost:12080 TIME_WAIT 0
    TCP HP29169229266:1909 localhost:12080 TIME_WAIT 0
    TCP HP29169229266:1917 localhost:12080 TIME_WAIT 0
    TCP HP29169229266:1922 localhost:12080 TIME_WAIT 0
    TCP HP29169229266:1925 localhost:12080 TIME_WAIT 0
    TCP HP29169229266:1929 localhost:12080 TIME_WAIT 0
    TCP HP29169229266:1931 localhost:12080 TIME_WAIT 0
    TCP HP29169229266:1933 localhost:12080 TIME_WAIT 0
    TCP HP29169229266:1935 localhost:12080 TIME_WAIT 0
    TCP HP29169229266:1937 localhost:12080 TIME_WAIT 0
    TCP HP29169229266:1939 localhost:12080 TIME_WAIT 0
    TCP HP29169229266:1940 localhost:12080 TIME_WAIT 0
    TCP HP29169229266:1952 localhost:12080 ESTABLISHED 3472
    TCP HP29169229266:1953 localhost:12080 ESTABLISHED 3472
    TCP HP29169229266:1961 localhost:12080 ESTABLISHED 3472
    TCP HP29169229266:12080 localhost:1687 ESTABLISHED 1472
    TCP HP29169229266:12080 localhost:1689 ESTABLISHED 1472
    TCP HP29169229266:12080 localhost:1691 ESTABLISHED 1472
    TCP HP29169229266:12080 localhost:1699 ESTABLISHED 1472
    TCP HP29169229266:12080 localhost:1701 ESTABLISHED 1472
    TCP HP29169229266:12080 localhost:1703 ESTABLISHED 1472
    TCP HP29169229266:12080 localhost:1705 ESTABLISHED 1472
    TCP HP29169229266:12080 localhost:1708 ESTABLISHED 1472
    TCP HP29169229266:12080 localhost:1709 TIME_WAIT 0
    TCP HP29169229266:12080 localhost:1710 TIME_WAIT 0
    TCP HP29169229266:12080 localhost:1711 TIME_WAIT 0
    TCP HP29169229266:12080 localhost:1712 ESTABLISHED 1472
    TCP HP29169229266:12080 localhost:1715 ESTABLISHED 1472
    TCP HP29169229266:12080 localhost:1719 ESTABLISHED 1472
    TCP HP29169229266:12080 localhost:1720 ESTABLISHED 1472
    TCP HP29169229266:12080 localhost:1721 ESTABLISHED 1472
    TCP HP29169229266:12080 localhost:pptp ESTABLISHED 1472
    TCP HP29169229266:12080 localhost:1724 ESTABLISHED 1472
    TCP HP29169229266:12080 localhost:1727 ESTABLISHED 1472
    TCP HP29169229266:12080 localhost:1739 ESTABLISHED 1472
    TCP HP29169229266:12080 localhost:1749 ESTABLISHED 1472
    TCP HP29169229266:12080 localhost:1752 ESTABLISHED 1472
    TCP HP29169229266:12080 localhost:1755 ESTABLISHED 1472
    TCP HP29169229266:12080 localhost:1759 TIME_WAIT 0
    TCP HP29169229266:12080 localhost:1765 TIME_WAIT 0
    TCP HP29169229266:12080 localhost:1766 TIME_WAIT 0
    TCP HP29169229266:12080 localhost:1771 ESTABLISHED 1472
    TCP HP29169229266:12080 localhost:1774 TIME_WAIT 0
    TCP HP29169229266:12080 localhost:1780 ESTABLISHED 1472
    TCP HP29169229266:12080 localhost:1781 ESTABLISHED 1472
    TCP HP29169229266:12080 localhost:1783 ESTABLISHED 1472
    TCP HP29169229266:12080 localhost:1786 ESTABLISHED 1472
    TCP HP29169229266:12080 localhost:1789 TIME_WAIT 0
    TCP HP29169229266:12080 localhost:1797 ESTABLISHED 1472
    TCP HP29169229266:12080 localhost:1802 TIME_WAIT 0
    TCP HP29169229266:12080 localhost:1815 TIME_WAIT 0
    TCP HP29169229266:12080 localhost:1819 TIME_WAIT 0
    TCP HP29169229266:12080 localhost:1825 ESTABLISHED 1472
    TCP HP29169229266:12080 localhost:1827 TIME_WAIT 0
    TCP HP29169229266:12080 localhost:1832 TIME_WAIT 0
    TCP HP29169229266:12080 localhost:1836 ESTABLISHED 1472
    TCP HP29169229266:12080 localhost:1839 TIME_WAIT 0
    TCP HP29169229266:12080 localhost:1841 TIME_WAIT 0
    TCP HP29169229266:12080 localhost:1844 TIME_WAIT 0
    TCP HP29169229266:12080 localhost:1846 ESTABLISHED 1472
    TCP HP29169229266:12080 localhost:1849 ESTABLISHED 1472
    TCP HP29169229266:12080 localhost:1851 ESTABLISHED 1472
    TCP HP29169229266:12080 localhost:1854 TIME_WAIT 0
    TCP HP29169229266:12080 localhost:1856 ESTABLISHED 1472
    TCP HP29169229266:12080 localhost:1869 TIME_WAIT 0
    TCP HP29169229266:12080 localhost:1871 TIME_WAIT 0
    TCP HP29169229266:12080 localhost:1875 TIME_WAIT 0
    TCP HP29169229266:12080 localhost:1882 TIME_WAIT 0
    TCP HP29169229266:12080 localhost:1887 TIME_WAIT 0
    TCP HP29169229266:12080 localhost:1890 ESTABLISHED 1472
    TCP HP29169229266:12080 localhost:1891 ESTABLISHED 1472
    TCP HP29169229266:12080 localhost:1897 TIME_WAIT 0
    TCP HP29169229266:12080 localhost:1899 TIME_WAIT 0
    TCP HP29169229266:12080 localhost:1917 TIME_WAIT 0
    TCP HP29169229266:12080 localhost:1927 TIME_WAIT 0
    TCP HP29169229266:12080 localhost:1929 TIME_WAIT 0
    TCP HP29169229266:12080 localhost:1933 TIME_WAIT 0
    TCP HP29169229266:12080 localhost:1935 TIME_WAIT 0
    TCP HP29169229266:12080 localhost:1943 TIME_WAIT 0
    TCP HP29169229266:12080 localhost:1945 TIME_WAIT 0
    TCP HP29169229266:12080 localhost:1948 TIME_WAIT 0
    TCP HP29169229266:12080 localhost:1950 TIME_WAIT 0
    TCP HP29169229266:12080 localhost:1952 ESTABLISHED 1472
    TCP HP29169229266:12080 localhost:1953 ESTABLISHED 1472
    TCP HP29169229266:12080 localhost:1958 TIME_WAIT 0
    TCP HP29169229266:12080 localhost:1961 ESTABLISHED 1472
    TCP HP29169229266:12080 localhost:1964 TIME_WAIT 0
    TCP HP29169229266:12080 localhost:1966 TIME_WAIT 0
    TCP HP29169229266:27015 localhost:1028 ESTABLISHED 1240
    TCP HP29169229266:1035 r-054-044-234-077.ff.avast.com:http ESTABLISHED 1472
    TCP HP29169229266:1688 techspot04.techspot.com:http ESTABLISHED 1472
    TCP HP29169229266:1690 50.97.212.156-static.reverse.softlayer.com:http CLOSE_WAIT 1472
    TCP HP29169229266:1694 72.21.91.19:http CLOSE_WAIT 1472
    TCP HP29169229266:1700 mia05s18-in-f7.1e100.net:http ESTABLISHED 1472
    TCP HP29169229266:1702 ec2-23-23-145-155.compute-1.amazonaws.com:http ESTABLISHED 1472
    TCP HP29169229266:1704 204.13.194.181:http CLOSE_WAIT 1472
    TCP HP29169229266:1706 mia05s18-in-f27.1e100.net:http ESTABLISHED 1472
    TCP HP29169229266:1717 m-nb.xplusone.com:http ESTABLISHED 1472
    TCP HP29169229266:1718 server-54-239-142-99.mia50.r.cloudfront.net:http ESTABLISHED 1472
    TCP HP29169229266:1722 ec2-23-23-89-57.compute-1.amazonaws.com:http ESTABLISHED 1472
    TCP HP29169229266:1725 ec2-23-23-89-57.compute-1.amazonaws.com:http ESTABLISHED 1472
    TCP HP29169229266:1726 ec2-23-23-89-57.compute-1.amazonaws.com:http ESTABLISHED 1472
    TCP HP29169229266:1729 server-54-239-142-199.mia50.r.cloudfront.net:http ESTABLISHED 1472
    TCP HP29169229266:1731 ec2-23-23-89-57.compute-1.amazonaws.com:http ESTABLISHED 1472
    TCP HP29169229266:1732 ec2-23-23-89-57.compute-1.amazonaws.com:http ESTABLISHED 1472
    TCP HP29169229266:1741 mia05s18-in-f13.1e100.net:http ESTABLISHED 1472
    TCP HP29169229266:1747 192.204.82.144:http ESTABLISHED 1472
    TCP HP29169229266:1751 192.204.82.152:http ESTABLISHED 1472
    TCP HP29169229266:1754 event.or5.adxpose.com:http CLOSE_WAIT 1472
    TCP HP29169229266:1757 server-54-239-142-119.mia50.r.cloudfront.net:http ESTABLISHED 1472
    TCP HP29169229266:1773 ec2-54-243-246-193.compute-1.amazonaws.com:http ESTABLISHED 1472
    TCP HP29169229266:1782 208.43.96.8-static.reverse.softlayer.com:http ESTABLISHED 1472
    TCP HP29169229266:1785 mpr1.ngd.vip.bf1.yahoo.com:http CLOSE_WAIT 1472
    TCP HP29169229266:1788 ec2-23-21-81-234.compute-1.amazonaws.com:http ESTABLISHED 1472
    TCP HP29169229266:1795 208.43.96.8-static.reverse.softlayer.com:http ESTABLISHED 1472
    TCP HP29169229266:1798 ec2-23-23-145-155.compute-1.amazonaws.com:http ESTABLISHED 1472
    TCP HP29169229266:1826 server-54-239-142-95.mia50.r.cloudfront.net:http ESTABLISHED 1472
    TCP HP29169229266:1838 ec2-54-235-198-117.compute-1.amazonaws.com:http ESTABLISHED 1472
    TCP HP29169229266:1848 ec2-23-21-75-80.compute-1.amazonaws.com:http ESTABLISHED 1472
    TCP HP29169229266:1850 50.116.194.21:http CLOSE_WAIT 1472
    TCP HP29169229266:1853 a.tribalfusion.com:http ESTABLISHED 1472
    TCP HP29169229266:1861 192.204.82.136:http ESTABLISHED 1472
    TCP HP29169229266:1892 72.21.91.121:http CLOSE_WAIT 1472
    TCP HP29169229266:1893 72.21.91.121:http CLOSE_WAIT 1472
    TCP HP29169229266:1962 a23-5-159-8.deploy.akamaitechnologies.com:http ESTABLISHED 1472
  4. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Okay, good. I apologize if we repeat any scans. We got to look for whatever is causing these repeat issues.

    Let's look closer with this:

    Kaspersky GetSystemInfo Scan

    Please download the latest version of Kaspersky GetSystemInfo (GSI) from Kaspersky and save it to your Desktop.

    Note: please close all other applications running on your system.

    Double click GetSystemInfo.exe to open it. It will display an agreement. Click on I Agree to continue.

    Click the Settings button.[​IMG]

    [​IMG]

    Set the slider to Maximum.

    [​IMG]

    IMPORTANT! Then, click Customize - choose Driver / Ports tab and uncheck Scan Ports.


    [​IMG]

    On the General tab, make sure all of the boxes are checked.


    [​IMG]

    On the Misc tab, make sure all the checkboxes are checked.

    Then, click OK on the windows that you launched.


    [​IMG]
    Click Create Report to run it.

    [​IMG]
    It will begin scanning.

    It will create a zip folder called GetSystemInfo_XXXXXXXXXXXXXX.zip on your Desktop.

    It should automatically upload it to http://www.getsysteminfo.com. If it does not, then please submit it manually by going to the site and doing the upload process.

    It will redirect to a page, where it will provide a sharing URL for specialists. Copy and paste the url of the GSI Parser report in your next reply.
  5. zuuzuu2

    zuuzuu2 Newcomer, in training Topic Starter

  6. zuuzuu2

    zuuzuu2 Newcomer, in training Topic Starter

    Oh, and a note. It doesn't seem to be doing the unverified signature thing on Firefox anymore but websites on Chrome are still inaccessible.

    Nevermind, scratch that. It just did it again on Firefox. x_x
  7. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    OTL temp file cleaning

    Please run OTL
    • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

    • Then click the Run Fix button at the top.
    • Note: The fix for OTL sometimes hides your Desktop and Start menu so the cleanup can be completed. Do not be alerted, as this is normal.
    • It may open a log for you, but I don't need that.

    Let me know if the computer is running fine, and whether any of the problems noted still continue. :)
  8. zuuzuu2

    zuuzuu2 Newcomer, in training Topic Starter

    Hey Jay. I'm posting this from another computer. I've been running the OTL scan for about an hour now, and I was just wondering is it normal for it to go so long? I can't tell if it's still going or frozen. Thanks.
  9. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Not at all. Try to power it down with the power button by first pressing it once. If it doesn't respond, then, force power it down by holding the button in until it shuts off.

    CCleaner Temporary Files Cleaning

    NOTE: If you already have this installed, you don't have to reinstall it.

    Please download CCleaner Slim and save it to your Desktop - Alternate download link

    When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
    Follow the prompts to install the program.

    • Double-click the CCleaner shortcut on the desktop to start the program.
    • A prompt will ask you if you want CCleaner to do a check to see what cookies it needs to keep. Allow that operation.
    • On the Cleaner tab, check mark "Flush DNS cache" on the left and leave the rest of the options alone and then click on Run Cleaner on the bottom-right to run the program.
    • Important: Make sure that ALL browser windows are closed before selecting Run Cleaner, or it will ask if you want the program to close them for you (when you do this, all unsaved data may be lost in the browser).

    Caution: Only use the Registry feature if you are very familiar with the registry.
    Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.
  10. zuuzuu2

    zuuzuu2 Newcomer, in training Topic Starter

    Just checking back now and I left OTL to run while I was gone and it did nothing. I had to force shut down like you said and restart. I've downloaded CCleaner, however I don't see the option 'Flush DNS Cache'. I only see DNS Cache underneath the System header. Just want to confirm if this is the same thing you had in mind?
  11. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Yes, that was the same. Do that please, then let me know how it's functioning.
  12. zuuzuu2

    zuuzuu2 Newcomer, in training Topic Starter

    I ran CCleaner with DNS cache checked on the list. It ran fine. As far as the unverified certificate messages, I have checked a few different websites and am not getting that message any longer. Thank you, Jay! Hoping we aren't too far off now from finishing up this cleanup! :)

    I'd also like to add a Happy Easter to you! And if you don't celebrate it, well I just hope you're having a great Sunday!
  13. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hi there. It all appears to be good, so we will finish up to make sure your computer is protected from malware in the future.

    Clean up System Restore

    Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."
    • Select Start > All Programs > Accessories > System tools > System Restore.
    • On the dialogue box that appears select Create a Restore Point
    • Click NEXT
    • Enter a name e.g. Clean
    • Click CREATE

    Remove tools

    To remove all of the tools we used and the files and folders they created do the following:
    Double click OTL.exe.
    • Click the CleanUp button.
    • Select Yes when the "Begin cleanup Process?" prompt appears.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
    Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

    Security Check

    Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    Also, check out this review on Malwarebytes' Anti-Malware, as I highly recommend the purchase of it: http://www.helpmyos.com/t2958-malwa...s-protective-assets-powerful-technology#10102
     
  14. zuuzuu2

    zuuzuu2 Newcomer, in training Topic Starter

    I have created a new restore point and removed all previously used clean up tools. Here is the cleanup log:

    Results of screen317's Security Check version 0.99.61
    Windows XP Service Pack 3 x86
    Internet Explorer 8
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    avast! Antivirus
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.70.0.1100
    CCleaner
    JavaFX 2.1.0
    Java(TM) 6 Update 20
    Java 7 Update 9
    Java version out of Date!
    Adobe Flash Player 11.6.602.180
    Adobe Reader XI
    Mozilla Firefox (19.0.2)
    Google Chrome 25.0.1364.172
    ````````Process Check: objlist.exe by Laurent````````
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbamgui.exe
    Malwarebytes' Anti-Malware mbamscheduler.exe
    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast avastUI.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C:: 9%
    ````````````````````End of Log``````````````````````
  15. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Java Update!

    Please download the newest version of Java from Java.com.

    Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
    Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
    Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

    Once old versions are gone, please install the newest version.

    Read more about Java exploit problems


    Personal Tips on Preventing Malware

    See this page for more info about malware and prevention.


    Any other questions before I mark this topic solved?
  16. zuuzuu2

    zuuzuu2 Newcomer, in training Topic Starter

    I didn't realize this computer had so many old Java versions installed. That must have been putting it at serious risk. I've removed them all now and installed the newest version. Thank you for all of your time, patience and help, Jay. Now my brother can be ready to start his job on a fresh computer. I do have a few questions however. First question, and this may be a stupid one, but should I recommend he change all of his old/current passwords for security purposes? And also, I know you're busy, but would it be possible to explain to me a bit about what exactly you saw wrong with the computer?
  17. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    No stupid questions for security...I think you can never be 100% secure, so security questions are good.

    Yes, change all passwords...good idea! (y)


    As for what was wrong with the computer...

    A lot of cache buildup, causing the computer to freeze. Websites and programs use temporary files, also called cache, to help them load faster for you in the future. Much like a game on, say the Playstation Portable...it can download part of the game onto your memory stick, so that in the future, loading times are faster, making the gaming experience much better. Websites and programs work in this same way.

    However, there are times when this becomes a problem. When too many websites save too much data on a device/computer, the web browser mishandles the cache, slowing down the web browser. When a program has a lot of cache built up, it can work with it, until a certain point. Most programs delete their own cache, but some, like Windows programs for example, do not. Therefore, if you don't have the cache cleared from time to time, it can cause Windows to hang.

    Most of the time, web browsers are crafted with the ability to not make the operating system (Windows) hang, even if they have frozen. Web browsers are also now crafting themselves to not hang when a plugin freezes (like Adobe Flash Player or Java). Instead, it lets you kill whatever is freezing, so you can still surf the web with no problem.

    As for the malware on the machine...you had a couple of password stealing trojans and a major rootkit (which is a very sophisticated piece of malware/virus) that were brought on by fake games that were downloaded/installed. What I'm going to recommend, if you didn't already read my security article, is to get the Web of Trust browser add-on. It's available for every major browser. www.mywot.com - this will help ensure that whatever website you browse on to obtain a game or other program, that it is going to be safe, because it's coming from a verified safe website.

    People need to rely on trust when dealing with security problems. Security problems are everywhere everyday, in what most people ignore. Each little vulnerability can steal a load of money from people's pocketbooks. We don't need that. We need our identities, we need our money. So, the best way to stay safe, is to get verified protection. To invest into security for our computer, knowing that if we put our money into improving our own personal security instead of money being stolen from us (which could be a lot sometimes), we can know that we'll be protected by making good decisions.

    Most of the malware found on the machine was from temporary files, which means cleaning your temporary files from time to time with CCleaner is a good way to keep everything under control. Other than that, some adware, like browser toolbars, were removed. It's ALWAYS good to stay away from browser toolbars. You can avoid installing these by unchecking the installation of them when you install other programs/games. Many times they're bundled in, but usually not required. Sometimes program makers make it look like it's required, but usually it isn't.

    I have no other suggestion, as I'm confident that using this information will help you realize how important computer security is. I hope this works out for you, and you can be problem free in the future.

    Any more questions?


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.