TechSpot

Win32:Ircbot-ATD infection

By disturbedz24
Nov 28, 2007
Topic Status:
Not open for further replies.
  1. This popped up in my Avast run. I don't understand how to get rid of it.

    Please Help
  2. evilfantasy

    evilfantasy Banned Posts: 428

    Download, install and run CCleaner

    The next steps will produce two logs that we need in the next post

    Note: Be sure to un-check the Install Yahoo! Toolbar button during installation to avoid the unnecessary installation of the Yahoo! Toolbar.

    Download SUPERAntispyware Free Edition

    Install it and double-click the icon on your desktop to run it.
    * It will ask if you want to Update the program definitions, click Yes.
    * Under Configuration and Preferences, click the Preferences button.
    * Click the Scanning Control tab.
    * Under Scanner Options make sure the following are checked:
    + Close browsers before scanning
    + Scan for tracking cookies
    + Terminate memory threats before quarantining.
    + Please leave the others unchecked.
    + Click the Close button to leave the control center screen.
    * On the main screen, under Scan for Harmful Software click Scan your computer.
    * On the left check C:\Fixed Drive.
    * On the right, under Complete Scan, choose Perform Complete Scan.
    * Click Next to start the scan. Please be patient while it scans your computer.
    * After the scan is complete a summary box will appear. Click OK.
    * Make sure everything in the white box has a check next to it, then click Next.
    * It will quarantine what it found and if it asks if you want to reboot, click Yes.
    * To retrieve the removal information please do the following:
    + After reboot, double-click the SUPERAntiSpyware icon on your desktop.
    + Click Preferences. Click the Statistics/Logs tab.
    + Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    + It will open in your default text editor (such as Notepad/Wordpad).
    + Save the notepad file to your desktop by clicking (in notepad) "File" "Save As"
    * Save the log somewhere you can easily find it. (normally the desktop)
    * Click close and close again to exit the program.
    * Please add the log as an attachment in your post.

    Please run HijackThis only after the above steps have been completed

    Download HijackThis.
    Double-click on the installer you just downloaded.
    Click on the "Install" button to install.
    It will by default install to the directory - C:\Program Files\Trend Micro\HijackThis
    Please do not change the default install location.
    Upon install, HijackThis should open for you.

    Close HijackThis and rename it.
    Go to C:\Program Files\Trend Micro\HijackThis.exe
    Right click on HijackThis.exe and select Rename
    Type in crusty.exe and press enter.

    Next click on the "Do a system scan and save a log file" button.
    HijackThis will scan and then a log will open in notepad.
    In the top left of the notepad window click "File" > "Save As" name it hijackthis and then save it to the Desktop.
    Please save the log as a text (.txt) file or .log
    In your post, add the log as an Attachment
  3. disturbedz24

    disturbedz24 TS Rookie Topic Starter

    I'm working on it. my download speed on here had slowed to 0.2 kbps so its taking a while. but i'll let ya know as soon as its done.
  4. disturbedz24

    disturbedz24 TS Rookie Topic Starter

    I tried to run the installer but I got a message saying that its corrupted or incomplete. probably because of the virus, which according to the avast site is an exe infector. anything else i can do ?
  5. evilfantasy

    evilfantasy Banned Posts: 428

    Can you get the HijackThis log. It is a small download.

    Post it as an attachment please.
  6. disturbedz24

    disturbedz24 TS Rookie Topic Starter

    ok im not sure if this worked when i tried to include the log as an attachment. but this is what the hijack this program gave me when i ran it.
  7. evilfantasy

    evilfantasy Banned Posts: 428

    All of these programs are lightweight, they don't actually install. They run right from the desktop. So downloading them should be no problem.

    =====

    Please download ATF Cleaner by Atribune. ATF Cleaner.exe This program does not require an installation. The executable actually runs the program.

    We will use ATF Cleaner in a minute.

    =====

    Download ViewpointKiller

    * Unzip the program and all of the contents of ViewpointKiller.zip to a location such as your desktop.
    * Double click the ViewpointKiller icon to run ViewpointKiller.exe. Select the "File" menu, and select "Check to see if you have Viewpoint installed".
    * If ViewpointKiller indicates that any of the Viewpoint variants are installed, select the proper "Kill" option in the File menu.

    Follow the prompts and instructions very carefully, answering "Yes" or "No" depending on which option you are most comfortable with. The MsConfig instructions are very important, so be sure to read them carefully.

    * When ViewpointKiller is done a log will be shown. Please save the log and add that log as an attachment in the next post.

    Note: When done with ViewpointKiller, simply right click and delete all files that were unzipped.

    =====

    Go to add/remove programs and uninstall Starware316 (if there)

    =====

    Reboot the computer into safe mode
    1. Restart your computer.
    2. Before windows loads gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
    3. Select the option for Safe Mode using the arrow keys.
    4. Then press enter on your keyboard to boot into Safe Mode.

    Open HijackThis and select "Do a system scan only"

    Place a check mark next to (if there)

    O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
    O2 - BHO: (no name) - {45A4902E-4479-4EAE-A186-8D0F7E4C78DE} - C:\Program Files\Starware316\bin\Starware316.dll
    O3 - Toolbar: Starware Screensavers Toolbar - {9FB3908C-6565-4CB0-95F8-E9F85258723C} - C:\Program Files\Starware316\bin\Starware316.dll
    O8 - Extra context menu item: &Search - ?p=ZC
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe


    Now click "Fix checked"

    Exit Hijack This but remain in safe mode.

    Navigate to and delete this file if found: (in bold)

    C:\Program Files\Starware316\bin\Starware316.dll

    Navigate to and delete this folder if found: (delete the whole folder)

    C:\Program Files\Starware316

    Reboot into normal mode.

    =====

    Run ATF Cleaner.

    NOTE: ATF Cleaner will remove all files from the items that are checked so if you have some cookies you'd like to save. Please move them to a different directory first.
    * Double-click ATF-Cleaner.exe to run the program.
    * Under Main choose: Select All
    * Click the Empty Selected button.

    If you use Firefox browser
    * Click Firefox at the top and choose: Select All
    * Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    If you use Opera browser
    * Click Opera at the top and choose: Select All
    * Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    Click Exit on the Main ATF Cleaner menu to close the program.

    =====

    Please download Combofix by sUBs from either here or here

    Save Combofix.exe to your your Desktop.

    1. Double click combofix.exe & follow the prompts. (from the keyboard select 1 and press enter)
    2. When finished, it will produce a log for you.
    3. Attach that log in your next reply.

    Note:
    Do not mouseclick combofix's window while it's running. That may cause your computer to stall


    =====

    Now run a new HijackThis scan and save the new log.

    =====

    Next post please attach:
    ViewpointKiller log
    Combofix log
    New HijackThis log
  8. disturbedz24

    disturbedz24 TS Rookie Topic Starter

    i have the logs but it won't let me attach any files. Also when i was done running the hijackthis again i had to restart my internet connection..
  9. evilfantasy

    evilfantasy Banned Posts: 428

    Are you getting an error when trying to attach the logs?
  10. disturbedz24

    disturbedz24 TS Rookie Topic Starter

    no it just won't let me click on the attach link
  11. evilfantasy

    evilfantasy Banned Posts: 428

    Copy and paste the combofix and hijackthis log.

    Did the viewpoint killer work?
     
  12. disturbedz24

    disturbedz24 TS Rookie Topic Starter

    yes it did.. i will copy and paste that one too...

    here is viewpoint:
    ViewpointKiller Version 1.23 (final)

    ViewpointKiller is now attempting to remove VIEWPOINT MEDIA PLAYER...
    The removal process was started at Thu Nov 29 10:34:01 2007

    ViewpointKiller determined that "aim.exe" was not running.
    ViewpointKiller was able to close "aolsoftware.exe" successfully.
    ViewpointKiller was able to close "aim6.exe" successfully.
    ViewpointKiller determined that "aol.exe" was not running.
    ViewpointKiller determined that "MtsAxInstaller.exe" was not running.
    ViewpointKiller was not able to close "ViewpointService.exe"!


    Falling back to alternate "Viewpoint Manager Service" closure...

    It appears that ViewpointKiller was able to close "Viewpoint Manager Service" successfully.


    Ran registry removal functions.
    ViewpointKiller determined that the PROGRAMFILES variable was set to "C:\Program Files".

    ViewpointKiller determined that the path "C:\Program Files\Viewpoint\Viewpoint Media Player" does exist.
    ViewpointKiller was able to remove the "C:\Program Files\Viewpoint\Viewpoint Media Player" folder successfully.
    ViewpointKiller determined that the path "C:\Program Files\Viewpoint\Viewpoint Experience Technology" does not exist.
    ViewpointKiller did not find the folder "C:\Program Files\Viewpoint\Viewpoint Experience Technology".
    ViewpointKiller determined that the path "C:\Documents and Settings\All Users\Application Data\Viewpoint" does exist.
    ViewpointKiller was able to remove the "C:\Documents and Settings\All Users\Application Data\Viewpoint" folder successfully.
    ViewpointKiller determined that the path "C:\Program Files\MetaStream" does not exist.
    ViewpointKiller did not find the folder "C:\Program Files\MetaStream".
    ViewpointKiller determined that the path "C:\Documents and Settings\All Users.WINDOWS\Application Data\Viewpoint" does not exist.
    ViewpointKiller did not find the folder "C:\Documents and Settings\All Users.WINDOWS\Application Data\Viewpoint".
    ViewpointKiller determined that the path "C:\Program Files\Viewpoint\Common" does exist.
    ViewpointKiller was able to remove the "C:\Program Files\Viewpoint\Common" folder successfully.
    Finished reporting.
    ----------------------------------

    Here is Combofix:
    ComboFix 07-11-29.5 - David 2007-11-29 11:29:15.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.56 [GMT -5:00]
    Running from: C:\Documents and Settings\David\Desktop\ComboFix.exe
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\screensavers.com
    C:\Program Files\screensavers.com\Installer\temp\RKeula2.rtf
    C:\Program Files\screensavers.com\SSSInst\bin\iebyterange.xml
    C:\Program Files\screensavers.com\SSSInst\bin\iebyterange.xml.backup
    C:\Program Files\screensavers.com\SSSInst\bin\SSSUninst.exe
    C:\Program Files\screensavers.com\Wallpaper\Alligators.jpg
    C:\Program Files\screensavers.com\Wallpaper\Baby Doe.jpg
    C:\Program Files\screensavers.com\Wallpaper\Dolphins.jpg
    C:\Program Files\screensavers.com\Wallpaper\Private Beach.jpg
    C:\Program Files\screensavers.com\Wallpaper\Shrek 2 - Puss in Boots.jpg
    C:\Program Files\screensavers.com\Wallpaper\Streaming Elegance.jpg
    C:\Program Files\screensavers.com\Wallpaper\swpstart.exe
    C:\Program Files\screensavers.com\Wallpaper\The SpongeBob SquarePants Movie.jpg
    C:\Program Files\screensavers.com\Wallpaper\Tropical Waters.jpg
    C:\Program Files\screensavers.com\Wallpaper\Your View.jpg

    .
    ((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-29 )))))))))))))))))))))))))))))))
    .

    2007-11-29 02:59 . 2007-11-29 03:03 <DIR> d-------- C:\Program Files\Trend Micro
    2007-11-16 19:02 . 2007-11-16 19:02 <DIR> d-------- C:\Documents and Settings\David\Application Data\OpenOffice.org2
    2007-11-16 06:05 . 2007-11-24 08:43 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
    2007-10-30 11:35 . 2007-10-30 11:35 <DIR> d-------- C:\Documents and Settings\David\Application Data\MySpace

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-24 13:43 --------- d-----w C:\Program Files\Yahoo!
    2007-11-24 13:43 --------- d-----w C:\Program Files\Common Files\Real
    2007-11-24 13:43 --------- d-----w C:\Program Files\AWS
    2007-11-24 13:41 --------- d-----w C:\Program Files\Google
    2007-11-24 13:41 --------- d-----w C:\Program Files\AOD
    2007-11-24 13:41 --------- d-----w C:\Program Files\AIM
    2007-11-17 00:05 --------- d-----w C:\Program Files\OpenOffice.org 2.0
    2007-11-16 11:19 --------- d-----w C:\Program Files\MySpace
    2007-10-06 13:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL OCP
    2007-10-06 13:05 --------- d-----w C:\Program Files\AIM6
    2007-10-06 13:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
    2007-10-06 13:04 --------- d-----w C:\Program Files\Common Files\AOL
    2007-10-05 20:27 --------- d-----w C:\Documents and Settings\David\Application Data\Viewpoint
    2007-10-05 20:17 --------- d-----w C:\Documents and Settings\David\Application Data\Aim
    2007-09-30 14:42 --------- d-----w C:\Documents and Settings\David\Application Data\Yahoo!
    2007-09-30 13:37 --------- d-----w C:\Program Files\Java
    2007-09-29 20:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
    2001-01-01 06:29 774,144 -c--a-w C:\Program Files\RngInterstitial.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 07:00]
    "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 16:43]
    "YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 09:59]
    "Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-09-29 15:22]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-01-15 12:28]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
    "NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
    "SoundMan"="SOUNDMAN.EXE" [2002-09-27 22:44 C:\WINDOWS\SOUNDMAN.EXE]
    "AIMPro"="C:\Program Files\AIM\AIM Pro\aimpro.exe" []
    "YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 09:59]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)

    R3 nv3;nv3;C:\WINDOWS\system32\DRIVERS\nv3.sys

    *Newly Created Service* - CATCHME
    *Newly Created Service* - PROCEXP90
    .
    **************************************************************************

    catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-29 11:30:40
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-11-29 11:31:14
    .
    --- E O F ---
  13. disturbedz24

    disturbedz24 TS Rookie Topic Starter

    here is hijackthis:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:27:29 PM, on 11/29/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\WINDOWS\explorer.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Program Files\Trend Micro\crusty.exe\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://vids.myspace.com/index.cfm?fuseaction=vids.individual&VideoID=18393701
    R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AIMPro] "C:\Program Files\AIM\AIM Pro\aimpro.exe"
    O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
    O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
    O8 - Extra context menu item: &Search - ?p=ZC
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

    --
    End of file - 5223 bytes
  14. evilfantasy

    evilfantasy Banned Posts: 428

    Open HijackThis and select "Do a system scan only"

    Place a check mark next to:

    O8 - Extra context menu item: &Search - ?p=ZC

    Now click "Fix checked"

    =====

    [​IMG] Your Java is out of date
    Older versions have vulnerabilities that malware can use to infect your system. It is possible that you may be running Java code in your applications that absolutely require a specific version of the JRE to run. Please follow these steps to remove older version of Java components and update

    Updating Java:
    * Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
    * Check for any item with Java Runtime Environment (JRE or J2SE) in the name.
    ** The latest version is Java 6 Update 3. Remove all other entries.
    * Click the Remove or Change/Remove button.
    * Repeat as many times as necessary to remove each of the Java versions.
    * Reboot your computer once all Java components are removed.

    * Download the latest version of Java Runtime Environment (JRE) 6
    * Click the Free Java Download button.
    * Click the Download Now button.
    * When the Software Installation dialog box opens. Click on the Install Now button.
    * Follow the prompts to complete installation.

    =====

    Go to Start > Run and copy and paste next command in the field:

    ComboFix /u

    [​IMG]

    Make sure there's a space between Combofix and /
    Then hit Enter.

    This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again

    =====

    Let me know haw things are now.
  15. disturbedz24

    disturbedz24 TS Rookie Topic Starter

    its telling me that the installation of java failed because it is missing components..

    now what?
  16. evilfantasy

    evilfantasy Banned Posts: 428

    Try the Offline installer Here

    2nd choice under the windows section.
  17. disturbedz24

    disturbedz24 TS Rookie Topic Starter

    after hours of waiting for it to install it finally did, but when I try to open it i get a message saying that its not a valid win32 application
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.