3 logs attached from 8 steps to virus & malware removal
- Thread starter duneflyer
- Start date
- Status
Oops. Sorry about that. I had posted it in another thread, and completely spaced it. I had the "facebook virus" You get an email from a friend saying "Look at this video" etc. And it sends you to a you tube Video. Click on the link and it asks you to download a flash update. I almost never (cant say never anymore) do it, and my instincts told me it sounded fishy, but I was bored and clicked it. (Stupid, yes)
Almost immediately an email is sent out to everyone in my facebook acct. saying the same thing. It also took over my google toolbar. Anytime I would search for something, it would link it to a "virus cleaner" website. Everything else seemed to run ok.
I started the '8 steps' and after the malabytes program, I couldnt use my browser any longer. All my other net based programs(pc anywhere, limewire, etc) that didnt use a browser worked fine. I found that something had inserted a proxy setting( it was 127.0.0.1 PORT 9090) into HTTP setting. I erased that and now the browser is working fine. As you can see by the completed logs, I did finish the 8 steps, and sent them to you all.
Almost immediately an email is sent out to everyone in my facebook acct. saying the same thing. It also took over my google toolbar. Anytime I would search for something, it would link it to a "virus cleaner" website. Everything else seemed to run ok.
I started the '8 steps' and after the malabytes program, I couldnt use my browser any longer. All my other net based programs(pc anywhere, limewire, etc) that didnt use a browser worked fine. I found that something had inserted a proxy setting( it was 127.0.0.1 PORT 9090) into HTTP setting. I erased that and now the browser is working fine. As you can see by the completed logs, I did finish the 8 steps, and sent them to you all.
Bobbye
Posts: 16,313 +36
Thanks. It's helpful to know what problems are being experienced.
The Mbam log is clean-and it shouldn't be.
SAS shows some malware and the Tracking Cookies
But the most important thing I see is NO antivirus program!
I note PCAnywhere from Symantec and a Service for Live Update. But no indication that Symantec/Norton is installed or running.
There' no point in doing the cleaning if you don't get an AV program on the system: This is the first order of business:
Recommended Free Anti Virus:
Avast Free:http://www.avast.com/eng/download-avast-home.html
or
Avira Free:http://www.free-av.com/en/products/1/avira_antivir_personal__free_antivirus.html
You have a wireless connection and mention visiting Limewire. You are a sitting duck to get malware. I advise you to do NO browsing until you get protection on the system and we remove the malware. You should also not use System Restore. Malware can get in the restore points and since the are protected files, the cleaning programs don't remove them. We will drop the old restore points when through cleaning.
When you have downloaded and installed an antivirus program, please update and run a full scan
When through, rerun Malwarebytes, SuperAntispyware and HijackThis and attach the logs.
The Mbam log is clean-and it shouldn't be.
SAS shows some malware and the Tracking Cookies
But the most important thing I see is NO antivirus program!
I note PCAnywhere from Symantec and a Service for Live Update. But no indication that Symantec/Norton is installed or running.
There' no point in doing the cleaning if you don't get an AV program on the system: This is the first order of business:
Recommended Free Anti Virus:
Avast Free:http://www.avast.com/eng/download-avast-home.html
or
Avira Free:http://www.free-av.com/en/products/1/avira_antivir_personal__free_antivirus.html
You have a wireless connection and mention visiting Limewire. You are a sitting duck to get malware. I advise you to do NO browsing until you get protection on the system and we remove the malware. You should also not use System Restore. Malware can get in the restore points and since the are protected files, the cleaning programs don't remove them. We will drop the old restore points when through cleaning.
When you have downloaded and installed an antivirus program, please update and run a full scan
When through, rerun Malwarebytes, SuperAntispyware and HijackThis and attach the logs.
There is a antivirus program, I just didnt install it until after the logs. I have AVG 8.0.1. It scans daily, and any file downlaoded via limewire(which I rarely use), I always scan first. Also the malware log was clean because when the malware program shut down my browser for a couple days, I reran the malware when I got it fixed and that was the log from the second run. The first run DID have virus' removed. Ill attach that 1st log to this post.
Thats no problem. I know you can only go by what I tell you.
I reran the programs this morning. I actually ran superspyware twice. I noticed the first time I ran it I recognized the malware it found in the resgistry before. So after it ran, and I cleaned it out, I reran it again, and I note that the same malware is written in the reg. Any ideas?
Here are the logs, including both supersyware logs
I reran the programs this morning. I actually ran superspyware twice. I noticed the first time I ran it I recognized the malware it found in the resgistry before. So after it ran, and I cleaned it out, I reran it again, and I note that the same malware is written in the reg. Any ideas?
Here are the logs, including both supersyware logs
Bobbye
Posts: 16,313 +36
Here's where the Adware.E404 Helper/Variant-AR threat is:
Have HijackThis remove this entry
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
# Alias & packer info:
* not-a-virus:AdWare.Win32.E404.jd [Kaspersky Lab]
* packed with: PE_Patch.UPX [Kaspersky Lab]
Also search for and delete this entry:
%System%\351631
You may know more about this than I do but it is a matter of concern:
Download and run the Norton Removal Tool: The following Services is part of Norton Antivirus:
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
You also have PCAnywhere running:
When you have finished with the above, run SuperAntispyware and HijackThis and attach logs.
Have HijackThis remove this entry
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
# Alias & packer info:
* not-a-virus:AdWare.Win32.E404.jd [Kaspersky Lab]
* packed with: PE_Patch.UPX [Kaspersky Lab]
Also search for and delete this entry:
%System%\351631
You may know more about this than I do but it is a matter of concern:
Download and run the Norton Removal Tool: The following Services is part of Norton Antivirus:
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
You also have PCAnywhere running:
When you have finished with the above, run SuperAntispyware and HijackThis and attach logs.
- Status
