also @ TechSpot: 'Supercapacitor' could fully charge your phone in less than 30 seconds

Spyware download fail

Discussion in 'Virus and Malware Removal' started by samsont1, Oct 17, 2010.

Page 4 of 6

  1. Broni Malware Annihilator Posts: 39,307   +175

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL

:Services

:Reg

:Files
C:\Nexon\MapleStory\JackMs.exe

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =====================================================================

    Your computer is clean [IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how is your computer doing.
    Broni, Nov 5, 2010
    #61

  2. samsont1 Newcomer, in training Posts: 84

    All processes killed
    ========== OTL ==========
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    C:\Nexon\MapleStory\JackMs.exe moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Mcx1-SAMSON-PC
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public

    User: Samson
    ->Temp folder emptied: 473453 bytes
    ->Temporary Internet Files folder emptied: 407000 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 97100356 bytes
    ->Flash cache emptied: 2015 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 4646 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 93.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Mcx1-SAMSON-PC
    ->Flash cache emptied: 0 bytes

    User: Public

    User: Samson
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.17.2 log created on 11052010_205810

    Files\Folders moved on Reboot...
    C:\Users\Samson\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    File\Folder C:\Users\Samson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{662DCCE1-013A-40C6-A911-427FACBF5BD0}.tmp not found!

    Registry entries deleted on Reboot...
    samsont1, Nov 5, 2010
    #62

  3. samsont1 Newcomer, in training Posts: 84

    i didnt get a log when i did the clean up
    samsont1, Nov 5, 2010
    #63

  4. Broni Malware Annihilator Posts: 39,307   +175

    There isn't any.
    Broni, Nov 5, 2010
    #64

  5. samsont1 Newcomer, in training Posts: 84

    can i delete all the txt files and java RA from my computer and should i delete that trojan file
    samsont1, Nov 5, 2010
    #65

  6. Broni Malware Annihilator Posts: 39,307   +175

    Which trojan file?

    As for removing stuff, run all of my steps first.
    OTL Cleanup will remove most of tools, we used.
    Whatever is left, you can delete manually.
    Broni, Nov 5, 2010
    #66
     

  7. samsont1 Newcomer, in training Posts: 84

    the Maplestory jackms file
    samsont1, Nov 5, 2010
    #67

  8. Broni Malware Annihilator Posts: 39,307   +175

    We just removed it by running OTL script.
    Broni, Nov 5, 2010
    #68

  9. samsont1 Newcomer, in training Posts: 84

    O man nice and the trojan threat is from what that i need 2 change my password
    samsont1, Nov 5, 2010
    #69

  10. Broni Malware Annihilator Posts: 39,307   +175

    Yes, definitely.
    Give me a final word, when you're done with all steps.
    Broni, Nov 5, 2010
    #70

  11. samsont1 Newcomer, in training Posts: 84

    Noo that was a question idk where i should be looking for the trojan alert if i get one
    samsont1, Nov 5, 2010
    #71

  12. Broni Malware Annihilator Posts: 39,307   +175

    There were no trojans present, so your passwords should be safe.
    Broni, Nov 5, 2010
    #72

  13. samsont1 Newcomer, in training Posts: 84

    and my computer has been running mighty slow should i be worried and that was a question
    samsont1, Nov 5, 2010
    #73

  14. samsont1 Newcomer, in training Posts: 84

    where should i be looking for the trojan alert
    samsont1, Nov 5, 2010
    #74

  15. Broni Malware Annihilator Posts: 39,307   +175

    As for the computer running slow, I'm not sure, what to tell you.
    My duty is to make sure, your computer is clean and it is.
    You may have some other issues (hardware? Windows files?)).

    I can see, you had MyCleanPC Registry Cleaner installed in the past.
    Assuming, you used it, it may be a part of your problem.
    Registry tools are not recommended and here is why: http://miekiemoes.blogspot.com/2008/02/registry-cleaners-and-system-tweaking_13.html

    I also, somehow, missed the fact, that you appear to be running two AV programs, McAfee and Microsoft Security Essentials.
    Is that true?
    It's little bit confusing, because OTL shows MSE, but SecurityCheck doesn't.
    Let me know.
    Broni, Nov 5, 2010
    #75

  16. samsont1 Newcomer, in training Posts: 84

    Yes i am because when my Mcafee runs out i will now have to relie on the MSE yy is that the problem and how do i remove the registy tool
    samsont1, Nov 5, 2010
    #76

  17. Broni Malware Annihilator Posts: 39,307   +175

    No, you can't run two AV programs.
    You have to uninstall one of them.
    Running two AV programs may cause all kind of problems.
    Let me know, which one you want to keep.

    As for MyCleanPC Registry Cleaner, I don't see it in Add\Remove list, so it's probably uninstalled, but its entry is still present as a startup.

    Download, and install Quick Startup: http://www.glarysoft.com/qs.html
    Go File>Export, save report, and paste it into your next post.
    Broni, Nov 5, 2010
    #77

  18. samsont1 Newcomer, in training Posts: 84

    I dont know which security system to keep since i paid for macfee but the windows is what i need in the future since it was freee
    samsont1, Nov 5, 2010
    #78

  19. Broni Malware Annihilator Posts: 39,307   +175

    MSE will always be free.
    I'm not a big fan of McAfee, but since you paid for it, uninstall MSE.

    Don't forget to post QuickStartup log.
    Broni, Nov 5, 2010
    #79

  20. samsont1 Newcomer, in training Posts: 84

    and the thing u said to download says
    unable to execute file
    creatprocess failed; cod 740
    the request operation requires elevation
    samsont1, Nov 5, 2010
    #80
Page 4 of 6
Topic Status:
Not open for further replies.

Add New Comment

Social Login & Guest Posting

TechSpot Members
Login here or sign up for free,
it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.