Win64/Patched.B.Gen

Broni · Jun 24, 2012

Run OTL
Under the Custom Scans/Fixes box at the bottom, paste in the following
Code:
:OTL
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
@Alternate Data Stream - 1203 bytes -> C:\Users\Greg\AppData\Local\Temp\:LBaTszL8jqAVq8idAy99RrOK2i
@Alternate Data Stream - 1203 bytes -> C:\Users\Greg\AppData\Local\Temp:LBaTszL8jqAVq8idAy99RrOK2i
@Alternate Data Stream - 1194 bytes -> C:\ProgramData\Microsoft:pi8Tt9GBwsPZWWmH9oz9auqsWi
@Alternate Data Stream - 1142 bytes -> C:\ProgramData\Microsoft:Bu2wJs8Xi1L3vP7rYLHuhFQ0iJedS3
@Alternate Data Stream - 1121 bytes -> C:\Users\Greg\AppData\Local\Temp\:sYvns2oSBVHPzpP6d0WiJNmy
@Alternate Data Stream - 1121 bytes -> C:\Users\Greg\AppData\Local\Temp:sYvns2oSBVHPzpP6d0WiJNmy

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
=====================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

Make sure the following options are checked:

Internet Services

Windows Firewall

System Restore

Security Center

Windows Update

Windows Defender

Press "Scan".

It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

4. Please, run F-Secure Online Scanner

Disable your Antivirus program.

Checkmark I have read and accepted the license terms.

Click on Run Check button.

Quick scan (recommended) option will come pre-checked. Don't change it.

Click on Start button.

When scan is done, in Step 3: Clean the files, leave all settings as they're.

Click Next button.

Click Full report... button.

Copy report's content and paste it into your next reply.

QuickUsername · Jun 24, 2012

Wow, I can't believe I never saw that post AT ALL. I was refreshing the page and seriously checking, I swear. I'll try to do it, but for now I have tons of files and such open that would time to close and I need to go to bed soon so this is not possible. I will do it tomorrow (probably at like 4pm) and then post back.

Broni · Jun 24, 2012

No worries

QuickUsername · Jun 25, 2012

Custom OTL

"Deleted by moderator"

QuickUsername · Jun 25, 2012

Security Check

"Deleted by moderator"

QuickUsername · Jun 25, 2012

And that F-Secure online does not work for me. I click on accept, and it juts goes into a continual loading phase. I tried 2 different browsers. Yeah, I saw the Java thing come up (firewall alert) and let it do it's thing, but it's doing nothing. Is it working from a certain port? I am on a router.

Broni · Jun 25, 2012

Your Java is fine but uninstall JavaFX 2.1.1.

Instead of F-Secure...

Please run a BitDefender Online Scan

Disable your antivirus program.

Click Start Scanner button.

Click Free scan now button

Allow browser plug-in to be installed when prompted.

Click I Agree to agree to the EULA.

Please refrain from using the computer until the scan is finished.

When the scan is finished, click on View report.

Notepad will open with scan results.

Save the report to your desktop and post its content in your next reply.

QuickUsername · Jun 26, 2012

Sorry for the huge delay. Like last time, every time I don't get a response back quickly, I start using my computer as I normally would, which means TONS of stuff is opened first, and then I need to close most which takes a long time. Not trying to blame you or tell you to hurry, just why there are breaks. The BitDefender is running now.

QuickUsername · Jun 26, 2012

BitDefender showed no report but it did say

"Good news! We found no active infections on your PC
Keep it clean with Bitdefender Internet Security 2012!"

Broni · Jun 26, 2012

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:
Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]
Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.

Close all other programs apart from OTL as this step will require a reboot

On the OTL main screen, press the CLEANUP button

Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.

QuickUsername · Jun 26, 2012

I'm running the stuff now. I'll let you know soon.

QuickUsername · Jun 26, 2012

It all seems fine, that I can tell. The main problem was really fixed after replacing Services.exe offline, and then ComboFix which surprisingly cleaned up the 1075 service errors.

Thanks so much for the help! Now to re-image my clean computer. I don't really know how system restore works, I thought Windows was supposed to make one automatically but mine never does. I just do full system images anyways so it's moot. I knew most of those steps you listed (like the custom installations), but some of them I never considered. Interesting! I already know how I got burned though lol. I guess that's one good thing. Knew the exact method of delivery. Somehow the java auto update was turned off. No idea how that happened if it was me or not. It was just drive by java exploitation through ads via SEO poisoning.

I have another question though before I leave: Is it possible you could erase all my log files posted here? I can't edit my posts and I really don't like posting any plain text log information like I've done here. Even the DDS says to either attach it instead of posting it as plain text. Hope you understand my privacy concerns and can remove those logs. I don't want anything else to be removed though since somebody else might still be able to use the non log info if they have a similar problem or something.

Also are the hard drive controller errors something to be worried about? I know it's off topic but I don't know if you could just happen to know that off the top of your head. If you don't know, that's fine. It's not really a big discussion I want to get into. The reason there was multiple errors was that I was performing a full system image right after I was infected and that tripped them I believe. The drive is new and shows on bad signs though. I think it's normal but I don't have any knowledge other than rationalization to back that up.

Broni · Jun 26, 2012

Is it possible you could erase all my log files posted here?

You'll have to PM one of global moderators.

Also are the hard drive controller errors something to be worried about?

In this forum, we make sure, your computer is free of malware and your computer is clean
Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
You'll get more attention.

Good luck and stay safe

TechSpot

Welcome to TechSpot

Win64/Patched.B.Gen

Broni Malware Annihilator Posts: 39,313 +175

QuickUsername Newcomer, in training Posts: 25

Broni Malware Annihilator Posts: 39,313 +175

QuickUsername Newcomer, in training Posts: 25

QuickUsername Newcomer, in training Posts: 25

QuickUsername Newcomer, in training Posts: 25

Broni Malware Annihilator Posts: 39,313 +175

QuickUsername Newcomer, in training Posts: 25

QuickUsername Newcomer, in training Posts: 25

Broni Malware Annihilator Posts: 39,313 +175

QuickUsername Newcomer, in training Posts: 25

QuickUsername Newcomer, in training Posts: 25

Broni Malware Annihilator Posts: 39,313 +175

Add New Comment

	Social Login & Guest Posting			TechSpot Members Login here or sign up for free, it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.