Red biohazard

[EEI]

Hjt #4

here is the HJT file from this morning. I'm online with this computer now. It seems to be working good. Sorry you had the flu. I took off yesterday at noon, and just got online again today. Look things over and let me know what else I need to do.
Again thanks for the help. as I mentioned in previous posts, I unistalled Norton. Any additional clean up would be good.

 

[Blind Dragon]

Thats a clean log!

I suggest you install an Anti-virus program now that you have uninstalled Norton - I see you have zone alarm for a firewall and that is good

These are both free - download one, update definitions and run a full scan - they both also have great real time protection

Anti-Virus
Avast Free
Avira Free <- My recommendation

-------------------------------------------------------------------------------

Update your Java Runtime Environment

• Click the following link
  Java Runtime Environment 6 Update 7
• The 5th option down is the one you want (click Download)
• Check the box to agree to terms of service
• Check the box for your operating system and click 'Download selected'at the bottom
• After the install Go to Start-> Control Panel-> add/remove programs (Programs and features), and uninstall any old versions
• Navigate to C:\programfiles\Java -> delete any subfolders except the jre1.6.0_07 folder

-------------------------------------------------------------------------------------

Download and Run ATF Cleaner
Download ATF Cleaner by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it.

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

Firefox or Opera:
Click Firefox or Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.

----------------------------------------------------------------------------------------
Run Kaspersky Online AV Scanner

Order to use it you have to use Internet Explorer.
Go to Kaspersky and click the Accept button at the end of the page.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

• Read the Requirements and limitations before you click Accept.
• Allow the ActiveX download if necessary.
• Once the database has downloaded, click Next.
• Click on "My Computer"
• When the scan has completed, click Save Report As...
• Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
• Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.

Attach the report into your next reply

 

[BrentR]

what is the red biohazard infection?

 

[EEI]

I am loading the Avira program. Is this something that I should leave active, or only use it periodically? especially since my Zone alarm had been working so good. I read some reviews of Avira. It received high marks for detection and removal, but lower ratings for infection treatment and self protection. I'll run the java runtime next. Are there reports that you would like to look at from these? And the Kaspersky is for ??what

 

[Blind Dragon]

Just so you know I run Avira Antivir on my systems - it does a good job - in my opinion it is currently the best free anti-virus available

Zone alarm = firewall
Avira = antivirus

you should run both

------------------------------------------------------------

Kaspersky is just an online scanner for a 2nd opinion - it will scan your system and may reveal things that I missed.

Regards,

BD

 

[EEI]

Thanks. When I'm trying to run a scan, it pops up a screen that says 'self test failed'. Did I load something wrong? It as 4 'error' 'guard' 'error detected' in the Events log.It has a successful update after an unsucessful update in the Reports log. We lost internet access for a minute here so i reupdated. It has a red! by AntiVirGuard, Last Completed scan, and Last Update. Edit: I re loaded the update and it cleared the AntiVir/Last update red '!' and is scanning now.It popped up two 'trojans' immediatley. I'll let you know how many others come through this scan.
If it has a report I'll send it if that will help at all.
Edit 2: 17 detections (quarentined) 2 warnings showing.
Question. Even thopugh I unistalled Norton...during the scanning, I noticed it scanning Norton files.

 

[EEI]

Avira scan

the scan finished with a total of 20 viruses or unwated programs found. They were quarentined, but I was never asked if I wanted them deleted. Are they removed automatically?

 

[EEI]

I have not done the Java or ATF cleaner yet. Waiting to hear back from you about the Avira. I've restarted my computer a couple of times though, and it's starting up slower than before. Not horrible, just slower.

 

[EEI]

Avira 3rd report

Rand Avira again and it picked up 3 viruses log report attached

 

[xxdanielxx]

well since blind dragon is sick I can help for now. The 3 viruses that avira found are located in the system restore

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP352\A0139250.dll
[DETECTION] Is the Trojan horse TR/Killav.28714
[NOTE] The file was moved to '48ac9ebb.qua'!
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP352\A0139251.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '48ac9ebd.qua'!
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP352\A0139252.exe
[DETECTION] Contains detection pattern of the dropper DR/FraudTool.SpyVampire.A.1
[NOTE] The file was moved to '48ac9ebf.qua'!

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

• 
  Double-click ATF-Cleaner.exe to run the program.
  Under Main choose: Select All
  Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Now we need to create a new System Restore point.

Click Start Menu > Run > type (or copy and paste)

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

Next goto Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.

 

[EEI]

Beside the 3 viruses, as per an earlier posting, there were 20 found. I'm assuming that they will all be dealt with. I've started the AFT, system restore point, and cleanup.

 

[xxdanielxx]

alot of them were in the system restore after you have done the steps above do another scan

 

[Blind Dragon]

Thanks daniel - Im feeling a little better

Right click the red umbrella in the system tray and select start Antivir

Click on the Administrative tab in the left pane - this brings up quarantine

Highlight everything and click the trash can icon to delete from quarantine.

Then run ATF Cleaner, update java and run Kaspersky online scanner if possible.

I am surprised a few of those were missed in previous scans as they are usually picked up. Looks to me like you went to a site that was most likely through a search engine and it told you it needed to install a codec for you to continue - do you remember anything like this prior to becoming infected? Then you would have been forwarded to a legit looking site

 

[EEI]

Blind Dragon,
I ran the ATF, but haven't done anything else yet. I'll do it later today. Java and Kaspersky. That's exactly what happened though....a video sent to me. Zone Alarm flagged it as unknown, and it indicated I needed to update my media player/ActiveX or something. Since it was sent to me, I opened it. It had a real brief DOS run screen and then all **** broke loose. As I said before, it was my fault for allowing it. Just wasn't watching as close as I normally do. Thanks again for all your help. Oh I did do the system restore outlined above.

 

[Blind Dragon]

the activeX from Kaspersky is safe I give you my word.

If you want an extra layer of protection now from new startup registry entries and Active X -> install winpatrol from my signature - its free - you won't hardly notice it is there other than the scotty dog in your system tray.

Right click the scotty dog and select startup info... to control what programs load when you boot your computer - if there is something you don't need you can disable it so that you don't waste resources on it. Then you can select ActiveX to see what is installed on your machine and you can also disable ActiveX controls through there.

I usually recommend installing it after we are done cleaning as part of the cleanup secure process - but I think you should check it out


The reason the kaspersky scanner needs to install an ActiveX is because it scans your system without you having to download a scanner - the scanner is online

Attach the log here once done

 

[EEI]

trying to run the java, this window popped up...."Warning Failed to verify the authenticity of this certificate because these was and error parsing the certificate....installing and running this code is not allowed" Any ideas? So it wouldn't let me open or download.

 

[Blind Dragon]

This generally happens when you have an old version of Java 1.4.2 installed on your system, possibly alongside a newer version of Java. Shared Shell uses a production Sun/Verisign certificate, but this root certificate and chain is only supported in Java 1.4.2_06 and newer. Note that this may be true even if you check our "Verify your Java installation" link and it shows an up-to-date version of Java. This is because the Sun installer for Java allows multiple versions of the SDK and Runtime to be installed at the same time.

Just go to add/remove programs and uninstall your old version first then install the current version

*note old versions are easy exploits for malware - and you did have some infections that appeared java related

 

[EEI]

Java and SRE

Removing Java SE 1.4.2_03 now and will install the newer version.Also, I noticed that there is a Live Symantiec update program in there. Isn't that related to Norton, and can I go ahead and remove it?
Edit: it gave me a window that indicated they were unable to detect a recent version of JRE on my system. I was directed to Java.com to download. I downloaded that and it shows Java (TM) 6 update 7 in my programs. I then went to the orignal download you suggested, ran it, and it still only shows the one Java program. were they one in the same? I did navigate to C:\projames \java and deleted the other subfolder
I do now have an OpenOffice.org Installer 1.0\ooostub.exe shortcut on my desktop
And a jre-6u7-windows-i586-p-iftw.exe shortcut on my desktop

 

[EEI]

I'm proceeding one step at a time. I have not yet added the Kaspersky. was waiting to make sure the Java was correct. Also, I'm going to be traveling starting this evening, and would love to make full use of my computer. I'm using it now, but have not yet transfered any critical info until I feel comfortable that all is secure.

 

[Blind Dragon]

interesting were you trying to install open office?

go to control panel -> java -> from the general tab -> click about -> it should tell you that you have java6 update7

if so that is correct.

For future reference you can click on the java icon and select the update tab to update through the java console if the auto updater is not working
-----------------------------------------------------------------------------

I would like to see what the kaspersky online scanner finds before telling you that your computer is secure, I would also like to clean up and secure the work we have done thus far - after seeing the log

 

[EEI]

I wasn't trying to install open office, that seemed to come 'redirected' java download.
It made a reference that it didn't have a management system to install the SE 6 update 7
program from java.sun. I'll delete it if not needed. Let me know I'll start the Kaspersky download now. I noticed that Kaspersky indicated that I may have to shut other spyware off. it popped up a screen saying add-ons need to be managed. Then a second screen saying i needed Java 1.5 or newer.

 

[Blind Dragon]

As long as it shows jre6 u7 then you can move on to kaspersky - it can take a while

 

[EEI]

The 'I accept' button is greyed out so I can't begin It has a setting on the left that asks if I want to download Java 1.5,,,do I do this to continue?
Edit...it takes me to the same Java site I was at before when I was trying to download sun.java it verified that I have the appropriate Java.

 

[Habylab]

What do you mean grayed out, don't you have to scroll to the bottom?

 

[Blind Dragon]

are you using internet explorer?