TechSpot

Red biohazard

By EEI
Jul 11, 2008
Topic Status:
Not open for further replies.
  1. EEI

    EEI TS Rookie Topic Starter Posts: 47

    Hjt #4

    here is the HJT file from this morning. I'm online with this computer now. It seems to be working good. Sorry you had the flu. I took off yesterday at noon, and just got online again today. Look things over and let me know what else I need to do.
    Again thanks for the help. as I mentioned in previous posts, I unistalled Norton. Any additional clean up would be good.
  2. Blind Dragon

    Blind Dragon TS Evangelist Posts: 4,048

    Thats a clean log!

    I suggest you install an Anti-virus program now that you have uninstalled Norton - I see you have zone alarm for a firewall and that is good

    These are both free - download one, update definitions and run a full scan - they both also have great real time protection

    Anti-Virus
    Avast Free
    Avira Free <- My recommendation

    -------------------------------------------------------------------------------

    Update your Java Runtime Environment
    • Click the following link
      Java Runtime Environment 6 Update 7
    • The 5th option down is the one you want (click Download)
    • Check the box to agree to terms of service
    • Check the box for your operating system and click 'Download selected'at the bottom
    • After the install Go to Start-> Control Panel-> add/remove programs (Programs and features), and uninstall any old versions
    • Navigate to C:\programfiles\Java -> delete any subfolders except the jre1.6.0_07 folder

    -------------------------------------------------------------------------------------

    Download and Run ATF Cleaner
    Download ATF Cleaner by Atribune to your desktop.

    Double-click ATF Cleaner.exe to open it.

    Under Main choose:
    Windows Temp
    Current User Temp
    All Users Temp
    Cookies
    Temporary Internet Files
    Prefetch
    Java Cache

    *The other boxes are optional*
    Then click the Empty Selected button.

    Firefox or Opera:
    Click Firefox or Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

    Click Exit on the Main menu to close the program.

    ----------------------------------------------------------------------------------------
    Run Kaspersky Online AV Scanner

    Order to use it you have to use Internet Explorer.
    Go to Kaspersky and click the Accept button at the end of the page.

    Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
    • Read the Requirements and limitations before you click Accept.
    • Allow the ActiveX download if necessary.
    • Once the database has downloaded, click Next.
    • Click on "My Computer"
    • When the scan has completed, click Save Report As...
    • Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
    • Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
    Attach the report into your next reply
  3. BrentR

    BrentR TS Rookie Posts: 23

    what is the red biohazard infection?
  4. EEI

    EEI TS Rookie Topic Starter Posts: 47

    I am loading the Avira program. Is this something that I should leave active, or only use it periodically? especially since my Zone alarm had been working so good. I read some reviews of Avira. It received high marks for detection and removal, but lower ratings for infection treatment and self protection. I'll run the java runtime next. Are there reports that you would like to look at from these? And the Kaspersky is for ??what
  5. Blind Dragon

    Blind Dragon TS Evangelist Posts: 4,048

    Just so you know I run Avira Antivir on my systems - it does a good job - in my opinion it is currently the best free anti-virus available

    Zone alarm = firewall
    Avira = antivirus

    you should run both

    ------------------------------------------------------------

    Kaspersky is just an online scanner for a 2nd opinion - it will scan your system and may reveal things that I missed.

    Regards,

    BD
  6. EEI

    EEI TS Rookie Topic Starter Posts: 47

    Thanks. When I'm trying to run a scan, it pops up a screen that says 'self test failed'. Did I load something wrong? It as 4 'error' 'guard' 'error detected' in the Events log.It has a successful update after an unsucessful update in the Reports log. We lost internet access for a minute here so i reupdated. It has a red! by AntiVirGuard, Last Completed scan, and Last Update. Edit: I re loaded the update and it cleared the AntiVir/Last update red '!' and is scanning now.It popped up two 'trojans' immediatley. I'll let you know how many others come through this scan.
    If it has a report I'll send it if that will help at all.
    Edit 2: 17 detections (quarentined) 2 warnings showing.
    Question. Even thopugh I unistalled Norton...during the scanning, I noticed it scanning Norton files.
  7. EEI

    EEI TS Rookie Topic Starter Posts: 47

    Avira scan

    the scan finished with a total of 20 viruses or unwated programs found. They were quarentined, but I was never asked if I wanted them deleted. Are they removed automatically?
  8. EEI

    EEI TS Rookie Topic Starter Posts: 47

    I have not done the Java or ATF cleaner yet. Waiting to hear back from you about the Avira. I've restarted my computer a couple of times though, and it's starting up slower than before. Not horrible, just slower.
  9. EEI

    EEI TS Rookie Topic Starter Posts: 47

    Avira 3rd report

    Rand Avira again and it picked up 3 viruses log report attached
  10. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,214

    well since blind dragon is sick I can help for now. The 3 viruses that avira found are located in the system restore

    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP352\A0139250.dll
    [DETECTION] Is the Trojan horse TR/Killav.28714
    [NOTE] The file was moved to '48ac9ebb.qua'!
    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP352\A0139251.dll
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [NOTE] The file was moved to '48ac9ebd.qua'!
    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP352\A0139252.exe
    [DETECTION] Contains detection pattern of the dropper DR/FraudTool.SpyVampire.A.1
    [NOTE] The file was moved to '48ac9ebf.qua'!


    Please download ATF Cleaner by Atribune.
    This program is for XP and Windows 2000 only

    • Double-click ATF-Cleaner.exe to run the program.
      Under Main choose: Select All
      Click the Empty Selected button.
    If you use Firefox browser
    • Click Firefox at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    If you use Opera browser
    • Click Opera at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    Click Exit on the Main menu to close the program.
    For Technical Support, double-click the e-mail address located at the bottom of each menu.

    Now we need to create a new System Restore point.

    Click Start Menu > Run > type (or copy and paste)

    %SystemRoot%\System32\restore\rstrui.exe

    Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

    Next goto Start Menu > Run > type

    cleanmgr

    Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

    To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.
  11. EEI

    EEI TS Rookie Topic Starter Posts: 47

    Beside the 3 viruses, as per an earlier posting, there were 20 found. I'm assuming that they will all be dealt with. I've started the AFT, system restore point, and cleanup.
     
  12. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,214

    alot of them were in the system restore after you have done the steps above do another scan
  13. Blind Dragon

    Blind Dragon TS Evangelist Posts: 4,048

    Thanks daniel - Im feeling a little better

    Right click the red umbrella in the system tray and select start Antivir

    Click on the Administrative tab in the left pane - this brings up quarantine

    Highlight everything and click the trash can icon to delete from quarantine.

    Then run ATF Cleaner, update java and run Kaspersky online scanner if possible.

    I am surprised a few of those were missed in previous scans as they are usually picked up. Looks to me like you went to a site that was most likely through a search engine and it told you it needed to install a codec for you to continue - do you remember anything like this prior to becoming infected? Then you would have been forwarded to a legit looking site
  14. EEI

    EEI TS Rookie Topic Starter Posts: 47

    Blind Dragon,
    I ran the ATF, but haven't done anything else yet. I'll do it later today. Java and Kaspersky. That's exactly what happened though....a video sent to me. Zone Alarm flagged it as unknown, and it indicated I needed to update my media player/ActiveX or something. Since it was sent to me, I opened it. It had a real brief DOS run screen and then all **** broke loose. As I said before, it was my fault for allowing it. Just wasn't watching as close as I normally do. Thanks again for all your help. Oh I did do the system restore outlined above.
  15. Blind Dragon

    Blind Dragon TS Evangelist Posts: 4,048

    the activeX from Kaspersky is safe I give you my word.

    If you want an extra layer of protection now from new startup registry entries and Active X -> install winpatrol from my signature - its free - you won't hardly notice it is there other than the scotty dog in your system tray.

    Right click the scotty dog and select startup info... to control what programs load when you boot your computer - if there is something you don't need you can disable it so that you don't waste resources on it. Then you can select ActiveX to see what is installed on your machine and you can also disable ActiveX controls through there.

    I usually recommend installing it after we are done cleaning as part of the cleanup secure process - but I think you should check it out


    The reason the kaspersky scanner needs to install an ActiveX is because it scans your system without you having to download a scanner - the scanner is online

    Attach the log here once done
  16. EEI

    EEI TS Rookie Topic Starter Posts: 47

    trying to run the java, this window popped up...."Warning Failed to verify the authenticity of this certificate because these was and error parsing the certificate....installing and running this code is not allowed" Any ideas? So it wouldn't let me open or download.
  17. Blind Dragon

    Blind Dragon TS Evangelist Posts: 4,048

    This generally happens when you have an old version of Java 1.4.2 installed on your system, possibly alongside a newer version of Java. Shared Shell uses a production Sun/Verisign certificate, but this root certificate and chain is only supported in Java 1.4.2_06 and newer. Note that this may be true even if you check our "Verify your Java installation" link and it shows an up-to-date version of Java. This is because the Sun installer for Java allows multiple versions of the SDK and Runtime to be installed at the same time.

    Just go to add/remove programs and uninstall your old version first then install the current version

    *note old versions are easy exploits for malware - and you did have some infections that appeared java related
  18. EEI

    EEI TS Rookie Topic Starter Posts: 47

    Java and SRE

    Removing Java SE 1.4.2_03 now and will install the newer version.Also, I noticed that there is a Live Symantiec update program in there. Isn't that related to Norton, and can I go ahead and remove it?
    Edit: it gave me a window that indicated they were unable to detect a recent version of JRE on my system. I was directed to Java.com to download. I downloaded that and it shows Java (TM) 6 update 7 in my programs. I then went to the orignal download you suggested, ran it, and it still only shows the one Java program. were they one in the same? I did navigate to C:\projames \java and deleted the other subfolder
    I do now have an OpenOffice.org Installer 1.0\ooostub.exe shortcut on my desktop
    And a jre-6u7-windows-i586-p-iftw.exe shortcut on my desktop
  19. EEI

    EEI TS Rookie Topic Starter Posts: 47

    I'm proceeding one step at a time. I have not yet added the Kaspersky. was waiting to make sure the Java was correct. Also, I'm going to be traveling starting this evening, and would love to make full use of my computer. I'm using it now, but have not yet transfered any critical info until I feel comfortable that all is secure.
  20. Blind Dragon

    Blind Dragon TS Evangelist Posts: 4,048

    interesting were you trying to install open office?

    go to control panel -> java -> from the general tab -> click about -> it should tell you that you have java6 update7

    if so that is correct.

    For future reference you can click on the java icon and select the update tab to update through the java console if the auto updater is not working
    -----------------------------------------------------------------------------

    I would like to see what the kaspersky online scanner finds before telling you that your computer is secure, I would also like to clean up and secure the work we have done thus far - after seeing the log
  21. EEI

    EEI TS Rookie Topic Starter Posts: 47

    I wasn't trying to install open office, that seemed to come 'redirected' java download.
    It made a reference that it didn't have a management system to install the SE 6 update 7
    program from java.sun. I'll delete it if not needed. Let me know I'll start the Kaspersky download now. I noticed that Kaspersky indicated that I may have to shut other spyware off. it popped up a screen saying add-ons need to be managed. Then a second screen saying i needed Java 1.5 or newer.
  22. Blind Dragon

    Blind Dragon TS Evangelist Posts: 4,048

    As long as it shows jre6 u7 then you can move on to kaspersky - it can take a while
  23. EEI

    EEI TS Rookie Topic Starter Posts: 47

    The 'I accept' button is greyed out so I can't begin It has a setting on the left that asks if I want to download Java 1.5,,,do I do this to continue?
    Edit...it takes me to the same Java site I was at before when I was trying to download sun.java it verified that I have the appropriate Java.
  24. Habylab

    Habylab TS Rookie Posts: 307

    What do you mean grayed out, don't you have to scroll to the bottom?
  25. Blind Dragon

    Blind Dragon TS Evangelist Posts: 4,048

    are you using internet explorer?
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.