Solved Computer #2 Scans Ran

Status
Not open for further replies.

h2dav

Posts: 24   +0
This is my wifes computer and she is having all types of issues with pop ups and general slow or stalling of her computer. Thanks for any help provided in advance. Each and every time I run a virus scan on this computer it comes back with threats found. I have been running Norton Internet Security 2010 for months now before that I had the previose version 09' installed.
 

Attachments

  • mbam-log-2010-04-10 (13-08-35).txt
    28 KB · Views: 1
  • SUPERAntiSpyware Scan Log - 04-10-2010 - 14-42-36.log
    14.6 KB · Views: 1
Hello again! I can surely see why she's having issues! Please tell her to stay away from FunWebProducts and Gamevance. It looks like just about every file in her system had one or the other-or both! And please advise her that there are way too many processes starting on boot and running in the background.

I wish I could get more people to understand that cameras and scanners and photo.graphic and media players and printers-and games- could be started when needed. These processes use resources that slow a system down and present vulnerabilities when they run all the time.

So I'd like her to go through what I left for you- there will be a lot more malware to be removed:

Please download ComboFix HERE:
  • With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.
    Important! Save the renamed download to your desktop.
  • Please disable all security programs, such as antiviruses, antispywares, and firewalls.
  • Double click on the setup file on the desktop to run
  • If prompted to download and install the Recovery Console, please do so.
    (Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.)
  • If prompted to update, please allow.
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a log.Please include the C:\ComboFix.txt in your next reply.
Notes:

  • 1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings.
    3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security.
    4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run.
.
Run Eset NOD32 Online AntiVirus Scanner HERE
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the Active X control to install
  • Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
  • Click Start
  • Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
  • Click Scan
  • Wait for the scan to finish
  • Re-enable your Antivirus software.
  • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

Logs in next reply please..

Free screen savers and 3d Cursors and icons and coupons actually do come at a price> adware which sometime has bundled spyware and drive by Trojans!

If the two of you use a flash drive between the systems, we should disinfect that also.
 
I beleive these are the two log files you asked for.
 

Attachments

  • ComboFix.txt
    22.2 KB · Views: 1
  • log.txt
    1.2 KB · Views: 1
Please download OTMovit by Old Timer and save to your desktop.
  • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    Code:
    :Processes	
    
    :Services
    
    :Reg
    
    :Files  
    C:\Program Files\Mozilla Firefox\chrome\m3ffxtbr.jar 
    C:\Users\msnokitty\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com\components\FFTextLinks.dll	
    
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
================
Please disable Norton Internet Security and run a new scan with Combofix.
[/B
 
These are the two log files you asked for
 

Attachments

  • 04112010_133000.log
    4.6 KB · Views: 1
  • hijackthis.log
    16.1 KB · Views: 1
Okay, ask her how it's running now. Tell her if she continues using FunWebProducts and Gamevance ("free games with prizes) the malware will continue. Here is a description of the first:

Fun Web Products Spyware is embedded in the freeware programs distributed by Fun Web Products. Once Fun Web Products freeware is installed on your PC, expect a number of pop-up advertisements within minutes of the installation. Fun Web Products freeware will also update itself from the host computer server and try to install other ad and malware programs on your computer without permission. Fun Web Products Spyware is distributed manually through the end-user downloading and installing one of his freeware tools and will result in immediate degradation of computer performance when installed on your computer.

There is a possibility that there may be some additional hidden entries. There is a lengthy, specific removal for the MyWebSearch adware/spyware that comes with it.

There are multiple preloaded Dell entries on the system. Most users don't know they have them or use them. And most can be found in Add/remove Programs and uninstalled if not being used. There are also many unnecessary startups which will continue to run in the background and also the system down.
Review Add/Remove Programs and the Startup menu and remove all that don't need to start on boot.

Let me know how it's running. If okay for now, I'll have you remove the cleaning tools.
 
Status
Not open for further replies.
Back