"Potentially dangerous object" confusion

[TheWildInside]

I update and run AVG free 8.0 daily .. I keep up with removing tracking cookies to the virus vault, which I then delete. Other than these little disturbances, I've been careful and have been running clean for a quite some time.

All of a sudden this morning AVG's Resident Shield Alert pops up with a "Multiple threat detection" .. four tracking cookies. I was able to remove two of the four immediately; but even with AVG's little "Remove threat as a Power User", the remaining two ... remain.

I spent some time in AVG's online FAQ and discovered some information about Potentially Unwanted Objects (items that may actually owe their existence to some program or other) with instructions on how to create exceptions in AVG for these kinds of items. As one of these cookies is labeled "Doubleclick" and the other "Tacoda", I don't think that this is the case with these two items. However, no where in their FAQ does it mention Potentially Dangerous Objects and how to remove them.

When I click on each of the cookies within the Multiple threat detection window, some additional information appears in the lower left of the window:

The Doubleclick cookie reveals "Process Name: c:\Program Files\AT&T\Communication Manager\bmop.exe"; Process ID: 2728; Detected on Open; and when I click on "More information about this threat ..." I get an additional path: http://free.avg.com/ww.virbase-appf8?idn=@eid_cookie.

The Tacoda cookie reveals "Process Name: C:\Program Files\AOL 9.1\waol.exe"; Process ID: 1368; Detected on Open; and when I click on "More information about this threat .." the additional path reads the same as the path for the Doubleclick cookie.

I tried going to the AVG link revealed when I clicked on "More information ..", but it's looking for a virus name; and there was nothing I could input that returned any useful information.

So .. how do I get rid of these things??? ARE they potentially dangerous? I'm not sure I understand the relationship between the two of them and the AT&T and AOL executable files to which they've been associated. Did they ride in on those applications?? Should I even be concerned??

Please advise ..

Many thanks for any assistance or recommendations you can provide!!

Karan

 

[mflynn]

First go into TaskMgr, click the Process tab. Rt click these 2 processes and click End Process tree if it is available and just End process if not.

Then remove the cookies with AVG.

Then better do this before you reboot...

Do the TechSpot 8 steps: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/

Skip no steps (do not install another virus scanner if you already have one, ask me before installing a Firewall).

Most importantly update MalwareBytes and SuperAntiSpyware!

Do this even and especially if the Taskmgr and/or AVG can not remove the above.

Mike

 

[TheWildInside]

Clarification?

Thanks, Mike ..

I just want to be clear on what it is you're asking me to do in TaskMgr ... I right click on the waol.exe and bmop.exe processes and then click on "end process tree" (which is indeed available as a choice)? I am unclear as to exactly what this will do .. and as your next step (before rebooting) is to follow the 8 Steps .. I want to be sure that ending the process trees on these two online access executables isn't going to affect my connection before I attempt to go to the 8 steps link.

 

[mflynn]

Rt click and end process tree! Kill both of these from memory!

Does not uninstall or delete only removes from running!

If you reboot before running the 8 Steops they will load up again. We want them gone while running the 8 Steps and cleaning.

BTW is AOL your ISP?

Mike

 

[TheWildInside]

Got it, thanks (got a feeling this is gonna be a loooong day)

I've been using an AT&T G3 wireless (USB) modem since September but cannot give up AOL .. have had it since 1990, and besides everyone I've ever known having the one or two addresses I use regularly from within it, my business email (for the last 7 years) is also an AOL address .. and I have two thousand business cards with it printed upon them. I know it's evil incarnate, and I tried just accessing my AOL mail through firefox and deleting the damn software entirely .. but I also have years worth of bookmarks in there, and several attempts to transfer, translate and otherwise import them into Firefox and IE failed miserably. So I can't let go .. it feels like a ball and chain, but there it is.

I'll move on with my scheduled tasks and get back to ya .. thanks again, Mike. You guys are life savers for those of us who know just enough to get in trouble! Karan

 

[mflynn]

You have a misunderstanding! You do not need the full AOL installed unless they are your internet provider.

The AOL website is just another website and so is the email.

To confirm this on a friends or coworkers computer that has no AOL installed go to aol.com and see if you can get email and do all that you need.

If so you can uninstall all the AOL crap on your computer, save space resources and issues like this related to AOL!

Don't do it tho until you do test on a non AOL computer.

Mike

 

[TheWildInside]

Processes Killed, 8 Steps Completed!

I finally had a chance to complete everything from start to finish this morning .. the three logs listed in Step 8 are attached.

I will say, however, that I neglected to read all the way through to the end of Step 8 before re-enabling my AVG, successfully cleaning out all the "Potentially Dangerous Objects", which I was able to either delete or move to the Virus Vault and then delete .. and THEN scanning with Hijackthis (renamed TechSpot Scan in my log). Hope that didn't muck up the works.

As for the AOL thing, I cannot access my AOL "Favorites" in Mozilla (and I don't like using IE). I have tried repeatedly to import them (with directions given to me by several local tech wonks), and no matter how many times I try, way too many important bookmarks get dropped in the process. I've even tried importing them using the AOL Favorites Import device within Mozilla .. it tells me I have no favorites. I'm just tired of trying .. and 20 years of bookmarks is too many too lose .. many of them I use in my business. It'd be worse than losing my wallet. If you've got more specific directions on how to make this work, I would love nothing more than to trash the software and tell AOL to stop billing me monthly for it.

Thanks, Mike .. the 8 Steps are much more streamlined now than around this time a couple years ago. Course, I had a real nasty piece of something at that time .. took almost a week of back n forth to clean it.

Karan

 

[mflynn]

OK these logs are clean. Did you clean till the log was empty?

To be sure do the below and post logs. These don't take as long to scan.

Download SDFix to Desktop.

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

On Desktop run SDdFix It will run (install) then close.

Then reboot into Safe Mode

As the computer starts up, tap the F8 key several times.

On the Boot menu Choose Safe Mode.

Click thu all the prompts to get to desktop.

At Desktop
My Computer C: drive. Double-click to open.

Look for a folder called SD Fix. Double-click to enter SD Fix.

Double-click to RunThis.bat. Type Y to begin.

SD Fix does its job.

When prompted hit the enter key to restart the computer

Your computer will reboot.

On normal restart the Fixtool will run again and complete the removal process then say Finished,
Hit the Enter key to end the script and load your desktop icons.

Once the desktop is up, the SDFix report will open on screen and also be saved to the SDFix folder as Report.txt.
Attach the Report.txt file to your next post.
=========================================
Download ComboFix

NOTE: If you have had ComboFix more than a few days old delete and re-download.

Get it here: https://www.techspot.com/downloads/5587-combofix.html
Or here: http://subs.geekstogo.com/ComboFix.exe

Double click combofix.exe follow the prompts.

Install Recovery Console if connected to the Internet!

When finished, it will open a log.
Attach the log and a new HJT log in your next reply.

Note: Do not click combofix's window while its running. That may cause it to stall.

Mike

 

[TheWildInside]

More logs ..

Did I clean until the log was empty? I'm not sure I know what you mean. With CCleaner? I cleaned until nothing showed up anymore. Did I miss something?

SDFix, ComboFix and new HiJackThis logs attached.

Those same "Potentially Dangerous Object" tracking cookies continue to pop up .. though after this last round of cleaning, I was able (once again) to delete them outright or move them to the virus vault for deleting. What ARE those things?? Should I be stressing about them? What makes them more "potentially" dangerous than any of the other myriad tracking cookies that pop up in my daily AVG scans?

My Inspiron 8600 will be five years old this spring, and as I can't really afford a new system I'd like to keep things in balance for as long as I can. How often should I be running through all those various Cleaners, Spyware & Malware programs ... daily? weekly? How often are they updated on "8-Steps ...." page? Is there any way to get email notification when it updates?

Thanks, Mike .. will await your experienced word on the condition of my system

Karan

 

[mflynn]

In this case you may be lucky. But nest time post all logs. What you had gives us insight as to how to proceed.

Thread Closing-------------------------------------------------------------------

Some of these tools update so often they require downloading again later if needed. But keep and run MBAM and SAS to maintain.

Remove ComboFix
Start-Run
type
combofix /u
Hit enter or click OK.

Please download OTCleanIt http://download.bleepingcomputer.com/oldtimer/OTCleanIt.exe

Save to desktop.

This will remove all the tools we used to clean your computer.


Double-click OTCleanIt.exe. Click CleanUp. Yes to the "Begin cleanup Process?"

Approve all if prompted by Firewall. Approve Widows Defender or other guards or security programs while OTCleanIt attempting access to the Internet to allow all.

If prompted to Reboot click, Yes.
OTCleanit will delete itself when finished, If not delete it by yourself.

-------------------------------------------------------------------------------------
Run CCleaner http://www.ccleaner.com/download/builds (get SLIM at bottom no Yahoo toolbar)
Run twice or more on Cleanup temps, then on left click Registry then Scan for issues also repeat till clean.

Run ATF-Cleaner http://majorgeeks.com/ATF_Cleaner_d4949.html Temp and Registry, repeatedly until no more found.

KCleaner ftp://ftp2.kcsoftwares.com/kcsoftwa/files/kcleaner.exe
Fantastic cleaner.
-------------------------------------------------------------------------------------
The issues can and are likely found is in System Restore so do the below

Start-Programs-Accessories-System Tools-Disk- System Restore and create a new Restore point. Name it "After cleanup at TechSpot".

Then Start-Programs-Accessories-System Tools-Disk Cleanup
Click OK to accept C:
Select all Boxes
Then click More Options
Here click System Restore and OK to "Are you sure" and the OK to Run.

As this runs it clears all but the most recent Restore Point but it does one other thing that can contain infested files and a huge amount of disk space.

It clears what is known as Shadow copies which are used by specialized back up programs.

This is if you have the Volume Shadow Copy running which is the default.
-------------------------------------------------------------------------------------

Every two weeks or so, run MBAM and SAS until clean.

They take a while, so leave scanning while you are sleeping working or watching TV. If not done under the gun they can be scheduled not to interfere with computer time.

If they find something they can not clean, then get back to us.

Additionally run CCleaner. ATF-Cleaner and KCleaner.
----------------------------------------------------------------------------------------
I have been using ThreatFire for more than a year, it just went from ver 3 to ver 4.

It was designed to be used with and to co-exist with other Virus scanners.

Additionally it uses a totally different process to protect. While conventional Virus scanners work from definitions ThreatFire works on recognizing Virus/Malware activity.

It's like looking at it with 2 sets of eyes and from a different angle.

It works like some Firewalls do to learn what is good/bad.

After install it will ask you about everything that could be a security issue. For example the first time you run IE or FireFox it will prompt you. You would answer to approve and remember the setting. From then on no more prompts about IE or FireFox unless the exe changes like in an update.

As it queries you about the prompt to help you determine to approve or not you can google it with one click.

http://www.threatfire.com/Download/
-------------------------------------------------------------------------------------
Look at http://www.javacoolsoftware.com/spywareblaster.html

Run SpyBot ocassionally and use the Immunize function.
http://www.safer-networking.org/en/download/

I highly reccomend Hostman: Hostman http://majorgeeks.com/HostsMan_d4592.html

Download install run and allow it to disable DNS Client and select all Host files and then Update and install all host files.

A Disk Scan (chkdsk) and Defrag are in order.

Mike

 

[TheWildInside]

Egads, Mike!! I wish I could just download that part of your brain that instinctively understands what's needed .. not to mention be able to understand all that stuff "between the lines"! As it is, I've got another full day of offline work I must accomplish before I can complete this next round. How on earth do you keep up with it all?!?!

Coupla questions before I continue ..

1. In your first msg to me you suggest leaving the Firewall until asking you .. so I'm asking. All I have is Windows Firewall, which is pretty close to useless. I also have Windows Defender, but I have repeatedly tried to update it, and it repeatedly gets stuck in the middle somewhere and stops. I do not know why. I had ZoneAlarm once before an overanxious local "computer doctor" wiped my hard drive and neglected to reload that particular application .. I'm not familiar with the other one (Comodo?), except I think it was mentioned in the weekly Windows Newsletter I get. Is your suggestion of ThreatFire above an alternative to these, or strictly a hole-plugger for anything my AVG misses?

2. In your last set of instructions for download and use of SDFix and ComboFix, you suggest "Install Recovery Console if connected to the Internet!" I was a little concerned about the exclamation point after that line, especially since I was not connected to the internet, and the resulting ComboFix log had a line near the top reading: WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! Even once online I wasn't sure where to go to get it? Do I still need it???

3. In your note above you say ".... next time post all logs". I thought I posted everything you requested last time .. did you want re-scans using MBAM and SAS? You also say "What you had gives us insight as to how to proceed" ... what did I have?? What do these cookies labeled "Potentially Dangerous Objects" do????

Will return to run through all the stuff above once I complete some bread and butter chores today .. thanks again for your incredible time and consideration!!

Karan

 

[mflynn]

OK I will try to answer.

1. If your computer is connected directly to a cable/dsl modem (no router) then you do need an advanced Firewall my recommendation is Comodo.
If you are connected thu a Router then the Windows Firewall is suffecient. You see a Router is not a Firewall per say but a natural Firewall by what it does. Now there are routers with built in Hardware Firewalls.

But bottom line if you have a Router and good Virus/Malware and other security software ms updates you are OK. If paranoid then get a better FW. The reasoning here is if not necessary then why incur the CPU over head and maintaining the FW.

ThreatFire is a hole plugger and a good one. It has some learning curve but worth it.

2. If connected to the Internet ComboFix will install the Recovery console for you and yes I would do it. Just run ComboFix again and chose it!

3. I have many threads going you did post all logs. I must have had someone else in mind. sorry! Tracking cookies track you, They don't put Malware on your computer, a privacy issue clean them.

Mike