Windows Vista Security virus

Resolved
By mom26gr8kids
Dec 14, 2011
Topic Status:
Not open for further replies.
  1. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Looking good. Go ahead with below. We'll finish up Monday.

    Norton Removal Tool

    Have a Happy and Peaceful Holiday![​IMG]
  2. mom26gr8kids

    mom26gr8kids TechSpot Maniac Topic Starter Posts: 387

    eset logs

    C:\Users\Dad\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\7bec11ca-2bd9a135 Java/Exploit.CVE-2011-3544.F trojan
    C:\Users\Dad\Downloads\CouponPrinter.exe probably a variant of Win32/Adware.Softomate.AD application
    C:\Users\Dad\Downloads\SoftonicDownloader_for_stykz.exe a variant of Win32/SoftonicDownloader.A application
  3. mom26gr8kids

    mom26gr8kids TechSpot Maniac Topic Starter Posts: 387

    I downloaded the Comodo premium by mistake, but it is working. I disabled the antivirus that comes with it, so that I only have one antivirus running. However, the firewall is working. If I have time tomorrow then I will uninstall the Comodo Premium and install just the Comodo firewall. Otherwise I will leave it for the weekend and fix that on Monday. At least at this point I have a firewall up and running.

    Look forward to finishing this up next week. Hope you had a Merry Christmas.
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    I had a nice holiday, thank you. Lots of activity for you, I'll bet!

    You are still actively getting malware. There is malware in the Java cache from Java v6u10. Check Add/Remove Programs for Java. The only version you should show is the current one, v6u29. uninstall any other. Please follow the Java Update instructions given previously
    ------------------------------------
    From the Eset entries:
    Softonic.com is a software download portal based in Barcelona, Spain. Downloads hosted at Softonic can be preceded by a customized installer called "Softonic Downloader" which shows "commercial offers, such as the Softonic Toolbar

    About the Coupon Printer: It requires a new Active-X control to be installed. This is frequently a good way for adware and possibly other malware to get into the system. on site to download, part of the description is: ""The Coupon Printer allows us to offer you this coupon." You should know, however, that whoever is being 'allowed' is Anonymous. Entries are being remove from the Eset scan, but I recommend that you uninstall both of these.
    ------------------------------------
    Please download OTMovit by Old Timer and save to your desktop.
    • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
      Code:
      :Files 
      C:\Users\Dad\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\7bec11ca-2bd9a135 
      C:\Users\Dad\Downloads\CouponPrinter.exe 
      C:\Users\Dad\Downloads\SoftonicDownloader_for_stykz.exe 
      :Commands
      [purity]
      [emptytemp]
      [start explorer]
      [Reboot]
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
    • Click the red Moveit! button.
    • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
    • Close OTMoveIt3
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
    ===========================================
    • Please download SuperAntiSpyware from HERE
    • Launch SuperAntiSpyware and click on 'Check for updates'.
    • Wait for the updates to be installed
    • On the main screen click on 'Scan your computer'.
    • Check: 'Perform Complete Scan then Click 'Next' to start the scan.
    • Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
    • Make sure everything found has a checkmark next to it,then press 'Next'.
    • Click on 'Finish' when you've done.
    It's possible that the program will ask you to reboot in order to delete some files.

    Obtain the SuperAntiSpyware log as follows:
    • Click on 'Preferences'.
    • Click on the 'Statistics/Logs' tab.
    • Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
    It will then open in your default text editor,such as Notepad. Paste the notepad file here on your reply
    ==========================================
    After SAS has removed the Tracking Cookies, Please do the following on ALL accounts:
    Reset Cookies

    For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> CHECK 'override automatic Cookie handling'> CHECK 'accept first party Cookies'> CHECK 'Block third party Cookies'> CHECK 'allow per session Cookies'> Apply> OK.

    For Firefox: Tools> Options> Privacy> Cookies> CHECK ‘accept Cookies from Sites’> UNCHECK 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')

    I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
    AdBlock Plus
    Easy List

    For Chrome: Tools> Options> Under The Hood> Privacy Section> CHECK 'Restrict how third party Cookies can be used'> Close.
    (First-party and third-party cookies can be set by the website you're visiting and websites that have items embedded in the website you're visiting. But when you next visit the website, only first-party cookie information is sent to the website. Third-party cookie information isn't sent back to the websites that originally set the third-party cookies.)
    ========================================
    I'll review the new logs and if clean, I'll have you remove the cleaning tools.
  5. mom26gr8kids

    mom26gr8kids TechSpot Maniac Topic Starter Posts: 387

    update

    Glad you had a nice holiday. This afternoon the computer shut itself off and when we turn it on it says there has been a fatal crash error and keeps restarting itself. I am going to go and launch startup repair and see if I can't get it to go back to normal
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    You can look in the Event Viewer and see what happened:

    Please download VEW and save it to your Desktop:

    Setting up the program

    Double-click VEW.exe to run.

    • Select log to query, select
    • Application
    • System

      Under Select type to list, select:
    • Critical (Vista only)
    • Error

      Click the radio button for Number of events
    • Type 10 in the 1 to 20 box
    • Then click the Run button.
    • Notepad will open with the output log.

      Load the log
    • In Notepad, click Edit> Select all
    • Then press Edit > Copy
    • Press Ctrl+V on your keyboard to paste the log to your next reply.

    (Courtesy rev-Olie)
  7. mom26gr8kids

    mom26gr8kids TechSpot Maniac Topic Starter Posts: 387

    Here are the MOveit logs
    All processes killed
    ========== FILES ==========
    C:\Users\Dad\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\7bec11ca-2bd9a135 moved successfully.
    C:\Users\Dad\Downloads\CouponPrinter.exe moved successfully.
    File/Folder C:\Users\Dad\Downloads\SoftonicDownloader_for_stykz.exe not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Dad
    ->Temp folder emptied: 165240073 bytes
    ->Temporary Internet Files folder emptied: 272522330 bytes
    ->Java cache emptied: 3133117 bytes
    ->FireFox cache emptied: 52319905 bytes
    ->Flash cache emptied: 1057483 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 2516756 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 14272929 bytes
    %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 5587141 bytes
    %systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 664 bytes
    RecycleBin emptied: 322380475 bytes

    Total Files Cleaned = 800.00 mb


    OTM by OldTimer - Version 3.1.19.0 log created on 12262011_191800

    Files moved on Reboot...
    File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
    File move failed. C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be moved on reboot.
    File move failed. C:\Windows\temp\CLDigitalHome\PCMMediaServer.log scheduled to be moved on reboot.

    Registry entries deleted on Reboot...
  8. mom26gr8kids

    mom26gr8kids TechSpot Maniac Topic Starter Posts: 387

    When I try to run the event viewer I get a message that says: Run Time Error 75, path/File access error

    I already have SuperAntiSpyware on my system as I regularly scan and remove tracking/adware cookies. Do you want me to re-install it or can I use the one I have?
  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    From OTM: Total Files Cleaned = 800.00 mb...This is a huge amount of files! Best step up the maintenance, starting with the Error Check> this could handle the 'fatal error':

    Right click on Start> Explore> My Computer> Right click on the Local Drive (usually C)> Properties> Tools tab:
    • Click on the Error Check
    • On the screen that comes up, check both boxes
    • Close the nag message and reboot the computer
    • The error Check should start in a few seconds.
    • Let it complete. It may take a long time if you do no do this regularly.
    • The system will reboot when finished.

    Let me know what the status is after doing that.
  10. mom26gr8kids

    mom26gr8kids TechSpot Maniac Topic Starter Posts: 387

    I ran the error check and it did take a long time. My system rebooted and seems to be doing fine. I tried to run Event Viewer again and got the same message as before. Would you like me to run Super Anti-Spyware now?
  11. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Sometimes all it takes is a reboot or an error check!

    Please go ahead with SAS.
     
  12. mom26gr8kids

    mom26gr8kids TechSpot Maniac Topic Starter Posts: 387

    SAS logs

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 12/26/2011 at 08:07 PM

    Application Version : 5.0.1142

    Core Rules Database Version : 8087
    Trace Rules Database Version: 5899

    Scan type : Quick Scan
    Total Scan Time : 00:11:30

    Operating System Information
    Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
    UAC On - Limited User (Administrator User)

    Memory items scanned : 771
    Memory threats detected : 0
    Registry items scanned : 32159
    Registry threats detected : 0
    File items scanned : 6976
    File threats detected : 89

    Adware.Tracking Cookie
    C:\USERS\DAD\AppData\Roaming\Microsoft\Windows\Cookies\Low\JZJ827WJ.txt [ Cookie:dad@invitemedia.com/ ]
    C:\USERS\DAD\AppData\Roaming\Microsoft\Windows\Cookies\Low\23MJKFG4.txt [ Cookie:dad@accounts.google.com/ ]
    C:\USERS\DAD\AppData\Roaming\Microsoft\Windows\Cookies\Low\L0CBKT3K.txt [ Cookie:dad@collective-media.net/ ]
    C:\USERS\DAD\AppData\Roaming\Microsoft\Windows\Cookies\Low\EYFSJCFL.txt [ Cookie:dad@at.atwola.com/ ]
    C:\USERS\DAD\AppData\Roaming\Microsoft\Windows\Cookies\Low\S3HX6MXC.txt [ Cookie:dad@tacoda.at.atwola.com/ ]
    C:\USERS\DAD\AppData\Roaming\Microsoft\Windows\Cookies\Low\XESWH6PB.txt [ Cookie:dad@legolas-media.com/ ]
    C:\USERS\DAD\AppData\Roaming\Microsoft\Windows\Cookies\Low\S2XPCZP4.txt [ Cookie:dad@tacoda.net/ ]
    .collective-media.net [ C:\USERS\DAD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVJTKM5Q.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\USERS\DAD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVJTKM5Q.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\USERS\DAD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVJTKM5Q.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\USERS\DAD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVJTKM5Q.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\USERS\DAD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVJTKM5Q.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\USERS\DAD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVJTKM5Q.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\USERS\DAD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVJTKM5Q.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\USERS\DAD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVJTKM5Q.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\DAD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVJTKM5Q.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\DAD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVJTKM5Q.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\DAD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVJTKM5Q.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\USERS\DAD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVJTKM5Q.DEFAULT\COOKIES.SQLITE ]
    .apmebf.com [ C:\USERS\DAD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVJTKM5Q.DEFAULT\COOKIES.SQLITE ]
    .yieldmanager.net [ C:\USERS\DAD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVJTKM5Q.DEFAULT\COOKIES.SQLITE ]
    .adxpose.com [ C:\USERS\DAD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVJTKM5Q.DEFAULT\COOKIES.SQLITE ]
    .imrworldwide.com [ C:\USERS\DAD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVJTKM5Q.DEFAULT\COOKIES.SQLITE ]
    .imrworldwide.com [ C:\USERS\DAD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVJTKM5Q.DEFAULT\COOKIES.SQLITE ]
    .legolas-media.com [ C:\USERS\DAD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVJTKM5Q.DEFAULT\COOKIES.SQLITE ]
    .legolas-media.com [ C:\USERS\DAD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVJTKM5Q.DEFAULT\COOKIES.SQLITE ]
    .legolas-media.com [ C:\USERS\DAD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVJTKM5Q.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\USERS\DAD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVJTKM5Q.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\USERS\DAD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVJTKM5Q.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\USERS\DAD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVJTKM5Q.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\USERS\DAD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVJTKM5Q.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\USERS\DAD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVJTKM5Q.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\USERS\DAD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVJTKM5Q.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\USERS\DAD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVJTKM5Q.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\USERS\DAD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVJTKM5Q.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\USERS\DAD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVJTKM5Q.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\USERS\DAD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVJTKM5Q.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\USERS\DAD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVJTKM5Q.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\USERS\DAD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVJTKM5Q.DEFAULT\COOKIES.SQLITE ]
    .apmebf.com [ C:\USERS\DAD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVJTKM5Q.DEFAULT\COOKIES.SQLITE ]
    .adserver.adtechus.com [ C:\USERS\DAD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVJTKM5Q.DEFAULT\COOKIES.SQLITE ]
    .unrulymedia.com [ C:\USERS\DAD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVJTKM5Q.DEFAULT\COOKIES.SQLITE ]
    .lfstmedia.com [ C:\USERS\DAD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVJTKM5Q.DEFAULT\COOKIES.SQLITE ]
    .lfstmedia.com [ C:\USERS\DAD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVJTKM5Q.DEFAULT\COOKIES.SQLITE ]
    .yadro.ru [ C:\USERS\DAD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVJTKM5Q.DEFAULT\COOKIES.SQLITE ]
    .lfstmedia.com [ C:\USERS\DAD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVJTKM5Q.DEFAULT\COOKIES.SQLITE ]
    .legolas-media.com [ C:\USERS\DAD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVJTKM5Q.DEFAULT\COOKIES.SQLITE ]
    .legolas-media.com [ C:\USERS\DAD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVJTKM5Q.DEFAULT\COOKIES.SQLITE ]
    .pro-market.net [ C:\USERS\DAD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVJTKM5Q.DEFAULT\COOKIES.SQLITE ]
    .pro-market.net [ C:\USERS\DAD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVJTKM5Q.DEFAULT\COOKIES.SQLITE ]
    .lucidmedia.com [ C:\USERS\DAD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVJTKM5Q.DEFAULT\COOKIES.SQLITE ]
    statsadv.dadapro.com [ C:\USERS\DAD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVJTKM5Q.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\DAD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVJTKM5Q.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\DAD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVJTKM5Q.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\DAD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVJTKM5Q.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\DAD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVJTKM5Q.DEFAULT\COOKIES.SQLITE ]
    .apmebf.com [ C:\USERS\DAD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVJTKM5Q.DEFAULT\COOKIES.SQLITE ]
    .eyewonder.com [ C:\USERS\DAD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVJTKM5Q.DEFAULT\COOKIES.SQLITE ]
    .eyewonder.com [ C:\USERS\DAD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVJTKM5Q.DEFAULT\COOKIES.SQLITE ]
    affiliate.a4dtracker.com [ C:\USERS\DAD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVJTKM5Q.DEFAULT\COOKIES.SQLITE ]
    .interclick.com [ C:\USERS\DAD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVJTKM5Q.DEFAULT\COOKIES.SQLITE ]
    .interclick.com [ C:\USERS\DAD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVJTKM5Q.DEFAULT\COOKIES.SQLITE ]
    .moviepilot.com [ C:\USERS\DAD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVJTKM5Q.DEFAULT\COOKIES.SQLITE ]
    .moviepilot.com [ C:\USERS\DAD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVJTKM5Q.DEFAULT\COOKIES.SQLITE ]
    .moviepilot.com [ C:\USERS\DAD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVJTKM5Q.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\USERS\DAD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVJTKM5Q.DEFAULT\COOKIES.SQLITE ]
    .interclick.com [ C:\USERS\DAD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVJTKM5Q.DEFAULT\COOKIES.SQLITE ]
    .media6degrees.com [ C:\USERS\DAD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVJTKM5Q.DEFAULT\COOKIES.SQLITE ]
    .liveperson.net [ C:\USERS\DAD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVJTKM5Q.DEFAULT\COOKIES.SQLITE ]
    .liveperson.net [ C:\USERS\DAD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVJTKM5Q.DEFAULT\COOKIES.SQLITE ]
    sales.liveperson.net [ C:\USERS\DAD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVJTKM5Q.DEFAULT\COOKIES.SQLITE ]
    .amazon-adsystem.com [ C:\USERS\DAD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVJTKM5Q.DEFAULT\COOKIES.SQLITE ]
    .lfstmedia.com [ C:\USERS\DAD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVJTKM5Q.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\USERS\DAD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVJTKM5Q.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\USERS\DAD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVJTKM5Q.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\USERS\DAD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVJTKM5Q.DEFAULT\COOKIES.SQLITE ]
    .tacoda.at.atwola.com [ C:\USERS\DAD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVJTKM5Q.DEFAULT\COOKIES.SQLITE ]
    .ar.atwola.com [ C:\USERS\DAD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVJTKM5Q.DEFAULT\COOKIES.SQLITE ]
    .atwola.com [ C:\USERS\DAD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVJTKM5Q.DEFAULT\COOKIES.SQLITE ]
    .ar.atwola.com [ C:\USERS\DAD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVJTKM5Q.DEFAULT\COOKIES.SQLITE ]
    .atwola.com [ C:\USERS\DAD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVJTKM5Q.DEFAULT\COOKIES.SQLITE ]
    track.prd1.netshelter.net [ C:\USERS\DAD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVJTKM5Q.DEFAULT\COOKIES.SQLITE ]
    .tacoda.net [ C:\USERS\DAD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVJTKM5Q.DEFAULT\COOKIES.SQLITE ]
    .at.atwola.com [ C:\USERS\DAD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVJTKM5Q.DEFAULT\COOKIES.SQLITE ]
    .tacoda.at.atwola.com [ C:\USERS\DAD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVJTKM5Q.DEFAULT\COOKIES.SQLITE ]
    .tacoda.at.atwola.com [ C:\USERS\DAD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVJTKM5Q.DEFAULT\COOKIES.SQLITE ]
    .tacoda.at.atwola.com [ C:\USERS\DAD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVJTKM5Q.DEFAULT\COOKIES.SQLITE ]
    .tacoda.at.atwola.com [ C:\USERS\DAD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVJTKM5Q.DEFAULT\COOKIES.SQLITE ]
    .at.atwola.com [ C:\USERS\DAD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVJTKM5Q.DEFAULT\COOKIES.SQLITE ]
  13. mom26gr8kids

    mom26gr8kids TechSpot Maniac Topic Starter Posts: 387

    I can't get the ad-block plus or the easy list to add-on to Mozilla. I keep getting the message Can't download add-on because it didn't match the add-on Firefox expected, but I was able to reset the cookies, so maybe that will help.

    My only question is that we have done so much better since the last virus in July. I installed Web of Trust so the kids don't go to unsafe websites, I installed Spybot, etc. So, is there more I can do to keep my system from being vulnerable, or was this just one of those instances where the virus creators are good at what they do and sometimes all of us get something? The only thing the kids installed in that week before we got the virus was Spotify, could that have been the culprit?

    As for the Java, my Java was set to do regular updates, so I am not sure why it was out of date. Is there I way I can manually check from time to time to make sure I have the newest version? I know Java can cause vulnerabilities to the system, so I do want to keep that updated, but I thought I was doing that.

    Thanks for the help. Seems like everything is running better now. Let me know if there are more things I need to do.
  14. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    About Java: Although everyone had Java auto-updating, it is only recently that the update overwrites the previous version. So the updates would be added, but the old versions stayed on the system! I don't know why it took their authors so long to overwrite!
    -------------------------------
    I know you have multiple users on the system, but the only account name is DAD:
    Only user with the Tracking Cookies also shows only DAD. Suggest you set up accounts for the munchkins. They can be limited accounts. Having only one account name could cause a problem at some time of trying to figure out a system problem or setting.
    ===============================
    About AD Block Plus on Firefox v8:
    Some users found it wasn't compatible if they also had the Status-4-Evar addon.

    If you give me a better description of the "Can't download add-on because it didn't match the add-on Firefox expected" message, I'll try to check it out for you.

    An aside: I started using Firefox when they came out with the full v1. But when they started 'fast tracking' Firefox, a lot of the addon authors didn't or couldn't keep up. A lot of good addons could be used. I've had to stay with an earlier version because I need the addons I have.
    ==================================
    FYI: Runtime error 75 - Path/File access error
    Program does not have rights or access to a file. Often this is caused when a program is trying to access a network file it doesn't have proper access to either because of network privileges or something is blocking the program. This issue can also be caused when the file is being used by another program or is read-only.To Take ownership:
    Add "Take Ownership" to Explorer Right-Click Menu in Win 7 or Vista

    DownloadTakeOwnership.zip and save to your desktop.
    • Unzip (extract) the files contained in the zipfile.
    • Double-click the InstallTakeOwnership.reg file and click through the prompts. No reboot necessary.
    [​IMG]
    Here’s what the new right-click menu will look like after installing this registry hack.
    [​IMG]
    (Images courtesy howtogeek)
    This should allow you to do the right click on those parts of the system that are denying you permissions and 'take ownership.'
    ================================
    Is there anything remaining that hasn't been resolved yet?
  15. mom26gr8kids

    mom26gr8kids TechSpot Maniac Topic Starter Posts: 387

    I think everything is resolved now. So, if my system is clean then I will delete all the cleaning programs and be on my way. Thanks for the help. I think I already mentioned it, but a couple of my friends had to take their computers to the Geek Squad and I am relieved to have been able to do it here at home with your help.

    Let me know if my system needs anything else and if I can start deleting cleaning files. If I remember correctly there is a special way to uninstall ComboFix, so let me know if I need to do anything specific to remove the programs. I assume that I remove the txt files as well?

    One more question, and I feel dumb for not knowing it, but I now know that I have not been running maintenance on my computer, and would like to change that. Besides running regular virus scans and Super Anti-Spyware, and occasionally cleaning the dust out of the tower do I also need to be running disk check or de-frag on a regular basis? Is that all?
  16. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Okay Kendra, here you go:

    First: Removing all of the tools we used and the files and folders they created
    • Uninstall ComboFix and all Backups of the files it deleted
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
      [​IMG]
    • Download OTCleanIt by OldTimer and save it to your Desktop.
    • Double click OTCleanIt.exe.
    • Click the CleanUp! button.
    • Select Yes when the "Begin cleanup Process?" prompt appears.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
    -----
    Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

    Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
    ------------------------------------------
    • You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
    • Go to Start > All Programs > Accessories > System Tools
    • Click "System Restore".
    • Choose "Create a Restore Point" on the first screen then click "Next".
    • Give the Restore Point a name> click "Create".
    • Go back and follow the path to > System Tools.
      [*]Choose Disc Cleanup
      [*]Click "OK" to select the partition or drive you want.
      [*]Click the "More Options" Tab.
      [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.


    Empty the Recycle Bin
    =============================================
    Second: Tips for added security and safer browsing: (Links are in Bold Blue)
    1. Browser Security
      [o] Safe Settings (Please ignore the suggestion to use the Registry Editor in this section "Creating a Custom Security Zone")
      [o] ZonedOut. This manages the Zones in Internet Explorer. (For IE7 and IE8, Windows 2000 thru Vista. No Windows 7)
      [o] Replace the Host Files
      [o] Google Toolbar Pop Up Blocker
      [o]Web of Trust (WOT) Site Advisor. Traffic-light rating symbols show which rate the site for Trustworthiness, Vendor Reliability, Privacy, Child Safety.
    2. Have layered Security:
      [o]Antivirus :(only one):Both of the following programs are free and known to be good:
      [o]Avira-AntiVir-Personal-Free-Antivirus
      [o]Avast-Free Antivirus
      [o]Firewall (only one): Use bi-directional firewall. Both of the following programs are free and known to be good:
      [o]Comodo
      [o]Zone Alarm
    3. Antimalware: I recommend all of the following:
      [o]Spywareblaster: SpywareBlaster protects against bad ActiveX.
      [o]Spybot Search & Destroy
    4. Updates: Stay current:
      [o] the Microsoft Download Sitefrequently. All updates marked Critical and the current SP updates.
      [o]Adobe Reader Install current, uninstall old.
      [o]Java Updates Install current, uninstall old.
    5. Tracking Cookies
      Reset Cookie:> Previously given.
    6. Do regular Maintenance
      [o]Clean the temporary internet files often: Temporary File Cleaner
      [o]Run the Disc cleanup, Error Check & Defrag once a month
    7. Restore Points:
      [o]See System Restore Guide
    8. Safe Email Handling
      [o] Don't open email from anyone you don't know.
      [o] Don't open Attachments in the email. Safe to your desktop and scan for viruses using a right click
      [o] Don't leave your personal email address on the internet. Have a separate email account at one of the free web-based emails like Yahoo.
    Please let me know if you find any bad link.
    =============================
    Maintenance suggestions can be found in #6. Spybot S&D and the AV are only concerned with malware. They have no functions to keep the system itself in good operating condition. Other than TFC, you don't need extra programs for this. Windows already have the features as part of the OS- all you have to do is remember to use them!

    Two other suggestions:
    1. Windows needs to be rebooted occasionally. OK to use Standby or Sleep but the reboot will restore some memory and put back some order.
    2. Check the Add/remove Program list occasionally. Uninstall any program you don't use and/or any outdated programs.
    3. Check the Cookies occasionally. Whenever you visit a site, you will get their First Party Cookie- this is normal. But they can add up. Delete those you don't need, keep the ones that store a user name and password.
    Have a Happy and Peaceful Holiday![​IMG]
  17. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    The problem you described in your PM with the Combofix uninstall is not normal:
    You should not have gotten any security alerts. But since I have no idea what the prompts were that you allowed, I do not have enough information to address the problem.

    Reboot the computer, then run it through the Error Check again:
    Right click on Start> Explore> My Computer> Right click on the Local Drive (usually C)> Properties> Tools tab:

    * Click on the Error Check
    * On the screen that comes up, check both boxes
    * Close the nag message and reboot the computer
    * The error Check should start in a few seconds.
    * Let it complete. It may take a long time if you do no do this regularly.
    * The system will reboot when finished.
    ========================================
    If there are any new problems, you can let me know Monday:
    New Holiday Notice! I will not be working on the threads Sat. Dec. 31 or Sunday Jan. 1 I will begin with the oldest threads first on Monday. I will do my best to get you finished or as far along as I can before that. Please do not send a PM during those days.
  18. mom26gr8kids

    mom26gr8kids TechSpot Maniac Topic Starter Posts: 387

    Small problems

    All right,. Since I uninstalled ComboFix a few days ago I have been having some problems with my computer.

    I did manage to uninstall ComboFix and run The tool that takes off all the virus software we installed during the clean-up process. As previously mentioned when I was running ComboFix Uninstall I kept getting alerts from Comodo and then right afterwards my computer had another fatal error crash dump.

    In regards to the prompts I received they were no different than prompts I normally get when Comodo is in training mode and I am installing or uninstalling a program. They were messages about how whatever.exe is a safe application, but it didn't recognize the parent application. Going into my Comodo I can only view portions of the alerts, but they are all in regards to ComboFix. Since I recently re-installed Comodo I have been getting those prompts when I run programs, so it didn't seem atypical.

    Last night when I sat down to run a check disk my computer was causing me some problems. I kept getting alerts from Spybot. Here are some o them: detected registry entry changed: Browser Helper Object: 8E5E2654-AD2D-48bf-AC2D-D17F00898D06 and then a similar message with this instead: 9030D464-4CO2-4ABF-8ECC-5164760863C6. There were others, but when they came up I clicked deny change. The problem was that after I clicked deny change on those alerts they came up again. I denied them several times and then it wouldn't let me deny them anymore, so the only way to get them off my screen was to allow them. (I didn't allow them, but that was the only option available that I could click on)

    In addition I kept getting error messages when I tried to access the check disk. So, I did a manual reboot of my computer to get rid of the Spybot messages and when everything came back up I was able to run the check disk.

    Since the check disk I am having no problems with my computer and I ran both my Avast and SAS this morning with no major threats detected (SAS had a couple tracking cookies). The only issue was that my AVAST had two files it could not scan because it could not find the system path.

    The other weird thing is that even though I deleted Norton last week when I turned my computer on yesterday it was back up and asking me for permission to scan something or update, I can't remember. Could this be what is causing all the alerts about changes?

    So my question is: Is this even a virus issue? Should I try de-fragging the system and see if that helps, or do you want me to run through the preliminary steps again to see if there is anything on my system?

    And when we have a minute I would like to remove the Norton and keep it from coming back.

    Thanks
  19. mom26gr8kids

    mom26gr8kids TechSpot Maniac Topic Starter Posts: 387

    Okay, before I got off the computer for a bit I decided to click on the Norton Internet Security Icon that was on my system and all of the updates and such were running. There were live updates running and script blocking protection and browser security. I disabled everything because I already have virus software running, but I think it is a possibility that Norton is what caused all the confusion in my system last night since I had multiple anti-virus programs running, particularly since the majority of the alerts from Spybot had to do with my IE browser. Maybe now I won't have any additional problems.

    Kendra
  20. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Glad you resolved the problem.

    Thread being reclosed at member's request.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.