8 Step Log Results for Laptop
- Thread starter Husky44
- Start date
- Status
Bobbye
Posts: 16,313 +36
Thank you for making it clear that you're working on two different computers! We don't always get that information and it makes us scratch our heads at times!
First thing for you to do is Empty the Recycle Bin- it's full of malware trash.
Are you having any problems or is this a kind of 'screening'? Mbam removed one file. HJ has left over toolbar from Real.com
REAL PLAYER:
First thing for you to do is Empty the Recycle Bin- it's full of malware trash.
Are you having any problems or is this a kind of 'screening'? Mbam removed one file. HJ has left over toolbar from Real.com
REAL PLAYER:
Bobbye
Posts: 16,313 +36
There are 10 of these entries in SAS:
Malware.Installer-Pkg/Gen
C:\RECYCLER\S-1-5-21-2855437500-1594634220-3818733573-500\DC31\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{6B6A7665-DB48-4762-AB5D-BEEB9E1CD7FA}.EXE
This is actually the Recycle Folder- Per MS:
The identifiers such as {6B6A7665-DB48-4762-AB5D-BEEB9E1CD7FA} all point to Wild Tangent which Dell included in the game console.
What is Wild Tangent?
You can try to empty the Recycler Folder:
Right click on Start> Explore> click to expand Recycler Folder> right click> delete on each file.
You may get an error preventing you from deleting the files- I usually do- it refers tot he folder being in use. Each user has their own Recycler- but in my case, there is no other user> Let me know if you can do the deletes and in the meantime, I'll ask around and see if their is some way to delete the malware files from the Recycler.
Mbam found one entry indicating the security center features had all been shut down. but it was quarantine and removed. If you show it as a "go", that's fine.
Meet me back here with results of attempts to remove contents of Recycler.
EDIT: Please run SDFix that I set up for the desktop. I want to be sure the Registry entries for the Security center shutdown are removed. Same instruction as given for desktop.
Malware.Installer-Pkg/Gen
C:\RECYCLER\S-1-5-21-2855437500-1594634220-3818733573-500\DC31\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{6B6A7665-DB48-4762-AB5D-BEEB9E1CD7FA}.EXE
This is actually the Recycle Folder- Per MS:
The identifiers such as {6B6A7665-DB48-4762-AB5D-BEEB9E1CD7FA} all point to Wild Tangent which Dell included in the game console.
What is Wild Tangent?
Check Add/Remove Programs for Wild Tangent. If found, uninstall it.
You can try to empty the Recycler Folder:
Right click on Start> Explore> click to expand Recycler Folder> right click> delete on each file.
You may get an error preventing you from deleting the files- I usually do- it refers tot he folder being in use. Each user has their own Recycler- but in my case, there is no other user> Let me know if you can do the deletes and in the meantime, I'll ask around and see if their is some way to delete the malware files from the Recycler.
Mbam found one entry indicating the security center features had all been shut down. but it was quarantine and removed. If you show it as a "go", that's fine.
Meet me back here with results of attempts to remove contents of Recycler.
EDIT: Please run SDFix that I set up for the desktop. I want to be sure the Registry entries for the Security center shutdown are removed. Same instruction as given for desktop.
1) Couldn't locate the recycle folder you referenced above. Tried search function, scanning through Windows Explorer--no luck. No C:\Recycler that I can find.
2) Initially tried to run SDFix on this machine. It got farther in the process than my other computer, but locked up with a message that said "cannot load VDM IPX/SPX support". I waited for at least 10 minutes with no change, then had to do a hard reboot to get out of it.
When I rebooted (not in safe mode), A blue screen opened that said
"Finishing Malware check
Please be patient as this may take several minutes
cannot load VDM IPX/SPX support".
I ended the task, then ran Combo-Fix and HiJackThis. Logs attached.
When I rebooted again, SDFix tried to run again, with the same message.
Obviously I need help figuring out how to turn off SDFix and undoing any damage I may have done by partially running it.
I'm also concerned that there is something wrong with my security center. On the main screen it says my firewall is on, but when I open the detail, it says it's turned off?
Thanks,
Greg
EDIT: Went for a walk after I posted this. When I got back, I had an SDFix window open, that said it was complete?! Wasn't running in safe mode, but I've attached the log. How much damage did I do?
2) Initially tried to run SDFix on this machine. It got farther in the process than my other computer, but locked up with a message that said "cannot load VDM IPX/SPX support". I waited for at least 10 minutes with no change, then had to do a hard reboot to get out of it.
When I rebooted (not in safe mode), A blue screen opened that said
"Finishing Malware check
Please be patient as this may take several minutes
cannot load VDM IPX/SPX support".
I ended the task, then ran Combo-Fix and HiJackThis. Logs attached.
When I rebooted again, SDFix tried to run again, with the same message.
Obviously I need help figuring out how to turn off SDFix and undoing any damage I may have done by partially running it.
I'm also concerned that there is something wrong with my security center. On the main screen it says my firewall is on, but when I open the detail, it says it's turned off?
Thanks,
Greg
EDIT: Went for a walk after I posted this. When I got back, I had an SDFix window open, that said it was complete?! Wasn't running in safe mode, but I've attached the log. How much damage did I do?
NO! I'm not that smart or technically savvy to do something like that! :O
Bobbye
Posts: 16,313 +36
We've all been so busy here- sorry for the delay. I've asked to see if you can close the ports using the CFFix for the Combofix entries. In the meantime, open the firewall port section of the Symantec program. IF you see checks to ALLOW port TCP 135 and TCP ports 5000 through 5020, uncheck them.
Here is the Combofix entry:
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
None of these should be globally open.
Here is the Combofix entry:
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
None of these should be globally open.
Thanks, and NO worries about timing. You guys provide an awesome service for an unbeatable price--how can I complain if you're busy?
The only place I could find a specific reference to these port numbers was in a screen that listed 50 or so ports. They had check boxes next to them, a field for name, "secured", and "Trojan". On all of them, the boxes were checked, "secure" was blank, and "Trojan" was x'ed. There was a radio button above that said "enable Secure Port technology". It was initially off, but when I turned it on, it changed all of the "secured" fields to x'ed also.
I'm pretty much bumbling in the dark here, so let me know if that was a good thing or not...
The only place I could find a specific reference to these port numbers was in a screen that listed 50 or so ports. They had check boxes next to them, a field for name, "secured", and "Trojan". On all of them, the boxes were checked, "secure" was blank, and "Trojan" was x'ed. There was a radio button above that said "enable Secure Port technology". It was initially off, but when I turned it on, it changed all of the "secured" fields to x'ed also.
I'm pretty much bumbling in the dark here, so let me know if that was a good thing or not...
Bobbye
Posts: 16,313 +36
Husky, I consulted touch about writing code for these ports. He was kind enough to do it. It should solve the port problem:
Originally Posted by touch
This should do the trick ->
Rescan with HijackThis when through and attach the new log along with the Combofix log.
Originally Posted by touch
This should do the trick ->
Thank you touch.Open notepad and copy/paste the text in the quotebox below into it:
Name the file as CFScript
and Save it on the desktop
Once saved, refering to this image and drag CFScript.txt into ComboFix.exe:
Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please attach it to your next post.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Rescan with HijackThis when through and attach the new log along with the Combofix log.
Ran the script as directed. First time it didn't fully launch Combo-fix. Ran it a second time, and first received a message: A critical update is required.
It then displayed a message saying it was connecting to Combofix servers, and did a countdown of some sort of download. Once complete, Combofix ran.
Here are the logs.
Thanks!
It then displayed a message saying it was connecting to Combofix servers, and did a countdown of some sort of download. Once complete, Combofix ran.
Here are the logs.
Thanks!
Bobbye
Posts: 16,313 +36
Husky, if you used the code for the ports, it didn't work. You need to open the Symantec firewall and manually close the ports. It will be easier if you do it in Safe Mode.
If you can't do that, uninstall then reinstall the security suite. NOTE: do this offline. IF you have the CD, use that. IF you don't download the setup to your desktop but don't install. Then> File> Work offline> uninstall> reinstall.
Hopefully it will reconfigure without those ports open. HJ is OK
If you can't do that, uninstall then reinstall the security suite. NOTE: do this offline. IF you have the CD, use that. IF you don't download the setup to your desktop but don't install. Then> File> Work offline> uninstall> reinstall.
Hopefully it will reconfigure without those ports open. HJ is OK
Bobbye:
Thanks for all your help. This port thing is kicking my rear because I can't figure out how to close the ports. When I open Symantec firewall, I don't see the ports specifically listed anywhere, nor do I find anything that says "close ports".
As far as re-installing, I'm going to need a new product. Got this access free from my old employer. Now that I'm retired, I have to pay for whatever I get.
Given that: I'm not a total technological *****, but I'm certainly not a guru when it comes to this stuff. I'd rather have something that's "set and forget" (other than an occasional preventative maintenance check every month or six).
Are Symantec's tools still good choices for a user like me (someone who doesn't want to spend a lot of time-or a little time on a regular basis-tinkering with my computer)? If not, what would you recommend for a good anti-virus and firewall?
Thanks!
Greg
Thanks for all your help. This port thing is kicking my rear because I can't figure out how to close the ports. When I open Symantec firewall, I don't see the ports specifically listed anywhere, nor do I find anything that says "close ports".
As far as re-installing, I'm going to need a new product. Got this access free from my old employer. Now that I'm retired, I have to pay for whatever I get.
Given that: I'm not a total technological *****, but I'm certainly not a guru when it comes to this stuff. I'd rather have something that's "set and forget" (other than an occasional preventative maintenance check every month or six).
Are Symantec's tools still good choices for a user like me (someone who doesn't want to spend a lot of time-or a little time on a regular basis-tinkering with my computer)? If not, what would you recommend for a good anti-virus and firewall?
Thanks!
Greg
Bobbye
Posts: 16,313 +36
Greg, this might help. Get down to #17 and tell me what is listed in the dialog box "What types of communication do you want to permit:
Begin here: http://www.pocketpcfaq.com/faqs/symatec-firewall.htm
Malware can change firewall settings- even close it down entirely. And Symantec/Norton has never made anything 'easy' for users- including uninstalling it!
Begin here: http://www.pocketpcfaq.com/faqs/symatec-firewall.htm
Malware can change firewall settings- even close it down entirely. And Symantec/Norton has never made anything 'easy' for users- including uninstalling it!
OK, I'm tracking down to item #17. I added the two port #s shown in the example (5678 and 5679). When I clicked next, the box appeared exactly like the one shown below. The slider buttons (up and down arrrows) were grayed out--I couldn't use either one.
(I clicked cancel, so I didn't actually add the ports, but can go back and do so if needed).
You're certainly going above and beyond on this one! I can't tell you how much I appreciate it.
If Symantec isn't easy/user-friendly, would you recommend a firewall and AV that is? Would that be the quickest way to resolve this? I'm willing to get a little drastic, (but would prefer not to do a complete reformat if there's another viable option).
(I clicked cancel, so I didn't actually add the ports, but can go back and do so if needed).
You're certainly going above and beyond on this one! I can't tell you how much I appreciate it.
If Symantec isn't easy/user-friendly, would you recommend a firewall and AV that is? Would that be the quickest way to resolve this? I'm willing to get a little drastic, (but would prefer not to do a complete reformat if there's another viable option).
Bobbye
Posts: 16,313 +36
Ah this is an easy one! But if you have the suite, it means you paid for it. If that is the case- to keep but reconfigure:
[1]Go offline (File> Work Offline)
[2]You will need to make sure though that it does not start when you boot, or it will not allow the uninstall:
[o]Start> Run> type in ''msconfig' without the quotes> Selective Start-up> Startup tab> uncheck the processes that is for this> Apply> OK.
[o]Reboot> Close the nag message that comes up after checking 'don't show this message again'.Stay in Selective Startup.
[3]Save your Product Key
[4]Now do the uninstall in the Control Panel> Add/Remove Programs.
[5]Reboot the computer.
If you are near the end of the subscription or if you want to make the change anyway:
[1]Download the Norton Removal Tool HERE and save to the desktop. (looks like you have Corporate Edition but I can't tell which year. So choose the appropriate version)
[2]Antivirus: Free Download either and save to your desktop:
[o]Avira: https://www.techspot.com/downloads/41-antivir-personal-edition.html
OR
[o]Avast: https://www.techspot.com/downloads/223-avast-home-edition.html
[3]Firewall: Free: Download either of these firewalls and save to the desktop:
[o]Zone Alarm: https://www.techspot.com/downloads/239-zonealarm-free.html
OR
[o]Comodo: https://www.techspot.com/downloads/3702-comodo-personal-firewall.html
[4]Begin with #1 to use the Norton Removal Tool- follow thru #5
STAY OFFLINE
[5] Run the antivirus setup.
[6] Run the firewall setup
[7] Reboot and go back online>>>> Update each of the programs.
The Symantec/Norton product uses a lot of resources. My preference is a combination of stand-alone products. There are many good free programs and there are also paid stand alones like Nod32 AV. And I think all of the 'suites' cost $$.
- Status
Similar threads
Latest posts
-
Bending metal: The changing server business- Arbie replied
-
Ryzen 7 5800X3D vs. Ryzen 7 7800X3D, Ryzen 9 7900X3D and 7950X3D- Q Wales replied
