Can't install Super Anti or update Java

[KidF7]

Hey everyone. I am trying to complete all the 8 steps to post the logs. I successfully installed HiJack This, CCleaner and Malware Bytes, but when trying to install SuperAntispyware and update Java, I get a message saying "System Admin. has set policies against the installation." I am signed in to the admin. account and haven't set up any policy. I even looked up this problem and someone suggested downloading a windows installer fix. However I got the same message when doing so. Please help - anybody. I'm getting desperate.

Hey thank you so much for helping. I actually got the Java update and installed SAS (this was possible only after I ran Malware bytes. So I am waiting for the SAS log and then the Hijack log. Should I run Malware again and get a new log or just use the same one as before SAS and the Java update were made available?

Alright I have done the scans for each program but when I try to open the log for the SAS it freezes note pad. It doesn't do it for the other 2 though. I did however make the log for hijack without clicking next in sas to remove and quarantine them. (I don't know if it matters.) I will post the logs in my next reply. My question is should I click next to remove and quarantine in SAS and Hijack without getting a og from SAS?

Here are the 2

Hey sorry about that, I will continue here. I ran the Malware a few times like you said and updated each time with all programs before scanning. You were right it did frre up sas. Here are the new logs including 3 Malware ones. Thanks!

 

[mflynn]

Kid!

I told you this earlier! You are running MBAM appearently just looking at the screen and exiting the program.

All the MBAM logs show "No Action taken" to remove the Malware.

The SAS is clean.

Update MBAM run it and when it finds the Malware click the button in the bottom Rt corner to remove the Malware. Then attach the log!

Mike

EDIT:
Run HJT Scan only select and remove rhe below
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O20 - AppInit_DLLs: pkdbuh.dll (this one may not go, if not we will get it later)

 

[KidF7]

Hey I think I did but I was saving the log first and then clicking remove the malware. Sorry. I'll do it again but I think that it will always still show those 2 files.

Alright I ran the Malware again and saved the log after I got rid of them this time. Then I ran Hijack checked and removed the items. Saved a log. Then ran it again and saved a log. They appear o be gone. But I'm not sure if they will return soon. Here are the logs. What's next?

 

[mflynn]

OK good!

Now do below...

Download SDFix to Desktop.

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

On Desktop run SDdFix It will run (install) then close.

Then reboot into Safe Mode

As the computer starts up, tap the F8 key several times.

On the Boot menu Choose Safe Mode.

Click thu all the prompts to get to desktop.

At Desktop
My Computer C: drive. Double-click to open.

Look for a folder called SD Fix. Double-click to enter SD Fix.

Double-click to RunThis.bat. Type Y to begin.

SD Fix does its job.

When prompted hit the enter key to restart the computer

Your computer will reboot.

On normal restart the Fixtool will run again and complete the removal process then say Finished,
Hit the Enter key to end the script and load your desktop icons.

Once the desktop is up, the SDFix report will open on screen and also be saved to the SDFix folder as Report.txt.
Attach the Report.txt file to your next post.
=========================================
Download ComboFix

NOTE: If you have had ComboFix more than a few days old delete and re-download.

Get it here: https://www.techspot.com/downloads/5587-combofix.html
Or here: http://subs.geekstogo.com/ComboFix.exe

Double click combofix.exe follow the prompts.

When finished, it will open a log.
Attach the log and a new HJT log in your next reply.

Note: Do not click combofix's window while its running. That may cause it to stall.

Mike

 

[KidF7]

Alright

OK Here are the new logs. There might be a couple other problems... during the second part of the SDFIx problem it repeatedly said not enough space on disk. Also when Icons reappeared 2 windows opened one saying Old Virus Definition file and the other says Unhandled Exception. The windows appear to be either from Norton anitvirus or SAS but I'm not sure so I didn't touch them while running Hijack this. Never the less I got both logs. Thanks again for helping me.

 

[mflynn]

I didn't ask for or need another HJT log, no more until I ask!

I also wanted a ComboFix log!

But first!

If you received a low disk space warning this can cause all sorts of issues so do the below.

The issues can and are likely found is in System Restore so do the below

Start-Programs-Accessories-System Tools-Disk- System Restore and create a new Restore point. Name it "While cleaning at TechSpot".

Then Start-Programs-Accessories-System Tools-Disk Cleanup
Click OK to accept C:
Select all Boxes
Then click More Options
Here click System Restore and OK to "Are you sure" and the OK to Run.

As this runs it clears all but the most recent Restore Point but it does one other thing that can contain infested files and a huge amount of disk space.

It clears what is known as Shadow copies which are used by specialized back up programs.

This is if you have the Volume Shadow Copy running which is the default.

Then

Run CCleaner again twice or more on Cleanup temps, then on left click Registry then Scan for issues also repeat till clean.

Run ATF-Cleaner http://majorgeeks.com/ATF_Cleaner_d4949.html repeatedly until no more found.

KCleaner ftp://ftp2.kcsoftwares.com/kcsoftwa/files/kcleaner.exe
Fantastic cleaner.

After these are run then reboot and run ComboFix and get me a log!

Mike

 

[KidF7]

combofix log

Here it is!

 

[mflynn]

Yep, just like I thought!

Run ComboFix again to confirm it finds no more!

Did you do all else the cleanups etc?

How is computer now. What specifically do we need to work on now?

Now I want a HJT log last after this run of ComboFix.

Mike

 

[KidF7]

Last combo and hijack logs

Here are the second combofix log and the most recent hijack log. The computer seams fine! I don't know if I should run the Malware program and my seperate Norton antivirus programs again to make sure. What do you think? Also I'm trying to figure out what to do if the system is clean now, before I turn the internet back on (linking it to other computers.) Should I 1. Turn the auto-protect/other symantec antivirus processes back on? 2. Turn my firewall back on? 3. Keep which programs that I have downloaded (Hijack, SAS, CCleaner, K cleaner, ATF cleaner, Combofix, SDFix, Malware Bytes)? 4. Change back a system restore and/or defrag? 5. Do anything else you think would be a good idea before I resume normal computer use?

 

[mflynn]

You did not answer my question "Did you do all else the cleanups etc?"
KCleaner CCleaner etc. As advised in Post #14!

I even have another question? What about Java?

But I will answer yours, turn all your Protections back on (1,2, and 3) before plugging back up.

Keep MBAM and SAS! Update and run them at least every 2 weeks or at the sign of trouble.

In my closing after all my questions are answered, I will cover all the rest!

Mike

 

[KidF7]

Yeas, sorry I ran all those cleaners a bunch of times. I updates Java too. I will check your final post to see what else to do. Thank you so much for all your help! You are my hero. ~ Chris

 

[mflynn]

OK Good!

If Java updated then it now needs some cleaning of old versions and useless JRE files.

Do that with JavaRa

Cleanup old Java and update to newest version this program will do it all for you.

Download JavaRa http://prm753.bchea.org/JavaRa.html

Unzip it, run it, to update chose Jucheck (Suns updater) first, and if you do not have Jucheck then chose Update using Sun from here: https://www.techspot.com/downloads/6463-java-se.html

After update chose Cleanup old versions. Give it a minute and after it pops up the log file you will see what it removed.

Then click "Additional tasks" and check "remove Useless JRE files and Remove JavaRa log files.

After that run Search for Updates again to confirm you are up to date.
After that run remove older versions again. This time the Log file should be empty.

Thread closing-------------------------------------------------------------------

Some of these tools update so often they require downloading again later if needed. But keep and run MBAM and SAS to maintain.

Remove ComboFix
Start-Run
type
combofix /u
Hit enter or click OK.

Please download OTCleanIt http://download.bleepingcomputer.com/oldtimer/OTCleanIt.exe

Save to desktop.

This will remove all the tools we used to clean your computer.


Double-click OTCleanIt.exe. Click CleanUp. Yes to the "Begin cleanup Process?"

Approve all if prompted by Firewall. Approve Widows Defender or other guards or security programs while OTCleanIt attempting access to the Internet to allow all.

If prompted to Reboot click, Yes.
OTCleanit will delete itself when finished, If not delete it by yourself.

-------------------------------------------------------------------------------------
Run CCleaner again twice or more on Cleanup temps, then on left click Registry then Scan for issues also repeat till clean.

Run ATF-Cleaner http://majorgeeks.com/ATF_Cleaner_d4949.html Temp and Registry, repeatedly until no more found.

KCleaner ftp://ftp2.kcsoftwares.com/kcsoftwa/files/kcleaner.exe
Fantastic cleaner.
-------------------------------------------------------------------------------------
The issues can and are likely found is in System Restore so do the below

Start-Programs-Accessories-System Tools-Disk- System Restore and create a new Restore point. Name it "After cleanup at TechSpot".

Then Start-Programs-Accessories-System Tools-Disk Cleanup
Click OK to accept C:
Select all Boxes
Then click More Options
Here click System Restore and OK to "Are you sure" and the OK to Run.

As this runs it clears all but the most recent Restore Point but it does one other thing that can contain infested files and a huge amount of disk space.

It clears what is known as Shadow copies which are used by specialized back up programs.

This is if you have the Volume Shadow Copy running which is the default.
-------------------------------------------------------------------------------------

Every two weeks or so, run MBAM and SAS until clean.

They take a while, so leave scanning while you are sleeping working or watching TV. If not done under the gun they can be scheduled not to interfere with computer time.

If they find something they can not clean, then get back to us.

Additionally run CCleaner. ATF-Cleaner and KCleaner.
----------------------------------------------------------------------------------------
I have been using ThreatFire for more than a year, it just went from ver 3 to ver 4.

It was designed to be used with and to co-exist with other Virus scanners.

Additionally it uses a totally different process to protect. While conventional Virus scanners work from definitions ThreatFire works on recognizing Virus/Malware activity.

It's like looking at it with 2 sets of eyes and from a different angle.

It works like some Firewalls do to learn what is good/bad.

After install it will ask you about everything that could be a security issue. For example the first time you run IE or FireFox it will prompt you. You would answer to approve and remember the setting. From then on no more prompts about IE or FireFox unless the exe changes like in an update.

As it queries you about the prompt to help you determine to approve or not you can google it with one click.

http://www.threatfire.com/Download/
-------------------------------------------------------------------------------------
Look at http://www.javacoolsoftware.com/spywareblaster.html

Run SpyBot ocassionally and use the Immunize function.
http://www.safer-networking.org/en/download/

I highly reccomend Hostman: Hostman http://majorgeeks.com/HostsMan_d4592.html

Download install run and allow it to disable DNS Client and select all Host files and then Update and install all host files.

A Disk Scan (chkdsk) and Defrag are in order.

Mike

 

[KidF7]

Grrr. I ran Malware bytes again and it found those same 2 files.

Awwe man now it said it found 14, 2 were registry things the other 12 are files called relevant knowledge something. I have attached the log.

SAS log was clean, I also ran al the other cleaners till clean on each program.

Also my symantec anitvirus has 3 files under quarantine (Trojan horse- cbxrspoh.dll, Virusremover 2008- wininstall.exe, and another Virusremover2008 with an unknown file name and orig. location.) What should I do about these?

 

[kimsland]

Well done

You might want to uninstall

Ad-Aware 2007
SuperAntiSpyware
Symantec (Norton) Antivirus
Then run the Norton Removal tool

Install Avira Antivirus; update it and then run a full scan
I suspect it will find more malwares and remove them

Restart again
And provide a new HijackThis log

 

[mflynn]

My fault I should have had you run MBAM and SAS again after the last combofix.

I would keep SuperAntiSpyware myself but I agree with Kim on all the rest!

Run another MBAM until clean.

Be careful of what you are doing you may be clean and getting reinfected by a website, music file, video, email or infected Flash drive.

Mike

 

[KidF7]

Alrighty

Here is the new log and the Avira log, Norton, SAS, and adaware were removed then I ran the norton removl tool. I installed Avira. I'm not running any music or any other programs besides the cleaning etc. I am using a flashdrive to transfer cleaning tools from computer to computer to check it everytime. What's next?

 

[kimsland]

9 viruses and/or unwanted programs were found

That's better

I have not gone through the log (hoping mflynn will instead)
I must sign off, will check back later

 

[kimsland]

The following is not Malware, but can be fixed through another scan with HJT, to improve system performance (just slightly)

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - Startup: AutorunsDisabled
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

 

[KidF7]

Alright I'll remove those. What about the Infected objects that I keep finding with Malware bytes/ Avira? Am I ever going to get rid of those? Also, should I be deleteing them when I find them (what I've been doing) or quarantining them? The newest log files are attached after running malware and hijack again.

 

[kimsland]

Just a couple of questionable ones (again Not Malware as such):

Spintop online gaming

O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Chessmaster%20Challenge/Images/stg_drm.ocx
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Chessmaster%20Challenge/Images/armhelper.ocx

MediaLounge Centre device that allows the delivery of streaming video, photographs and music from a home PC acting as a server. (note To remove this one, you would need to find the program that uses it, and then un-install it)

O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe

Regarding why you have still found 1 more Malware, and what to do:
Clear system restore points

• 
  Clear your existing system restore points and establish a new clean restore point:
  • Go to Start > All Programs > Accessories > System Tools > System Restore
  • Select Create a restore point, and Ok it.
  • Next, go to Start > Run and type in cleanmgr
  • Select the More options tab
  • Choose the option to clean up system restore and OK it.
  This will remove all restore points except the new one you just created.