Solved Javaw.exe variant, hundreds of conhost, svchost, netsh, etc

Sorry, I dont mean to be a pain. I live outside of a small ski town, and have no land based internet connection here.There is no local wireless available either, I use a program called EasyTether to "tether" my phones 3G to my computer and use it for my internet connection. Since I am somewhat "grandfathered" in with Verizon, I have truly unlimited data on my phone, so no excessive data charges... Like I said previously, the laptop, for whatever reason, does not recognize my phone. I will have to go to town or somewhere with an open wireless signal with the laptop, if an internet connection is necessary. My plan was to update everything prior to turning it over to my coworker, but perhaps this was a bad choice in judgement. Please lemme know how I should I proceed. I suppose I didn't follow directions to the T. Apologies for any extra headache or inconvenience I may be causing you.
 
Just got off the phone with a neighbor, may take me a bit but I'm gonna go over there and use his internet and get the scan completed. I'll be back soon, thank you for your patience.
 
F-Secure required a Java Runtime update, which I did from their website. Afterwards, F-Secure ran fine

Scanning Report
Monday, February 25, 2013 19:43:32 - 19:46:06
Computer name: JANI-PC
Scanning type: Quick scan
Target: System


--------------------------------------------------------------------------------

No malware found

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 5453
System: 5453
Not scanned: 0
Actions:
Disinfected: 0
Renamed: 0
Deleted: 0
Not cleaned: 0
Submitted: 0

--------------------------------------------------------------------------------

Options
Scanning engines:

--------------------------------------------------------------------------------

Copyright © 1998-2009 Product support | Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name. This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.
 
redtarget.gif
Update Adobe Flash Player: http://get.adobe.com/flashplayer/
Make sure you UN-check Yes, install McAfee Security Scan Plus

NOTE 1: Beginning with Adobe Flash Version 11.3, the universal installer includes the 32-bit and 64-bit versions of the Flash Player.
NOTE 2: While installing make sure you UN-check any extra garbage which wants to install alongside.

redtarget.gif
Update Adobe Reader

You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions (if present).
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

=======================================

redtarget.gif
Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

8. Run Temporary File Cleaner (TFC) weekly.

9. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

11. (Windows XP only) Run defrag at your convenience.

12. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

13. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

14. Please, let me know, how your computer is doing.
 
The laptop seems to be doing good again. Runs great on the internet with no hiccups. Here is the last log:

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: jani
->Temp folder emptied: 592879077 bytes
->Java cache emptied: 37858 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 506 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 789761 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 4154 bytes

Total Files Cleaned = 566.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: jani
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: jani
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 02252013_201428

Files\Folders moved on Reboot...
C:\Users\jani\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 
I was curious about a couple things.

I've always wondered, for those of us who may practice P2P, is there a way to create a secure folder that inhibits any execution of files within it, say for downloading unknown files into. I personally use VirtualBox, and run a separate version of Windows to download all of my files from the internet, scan them there, then transfer them eventually to my main system. But, for my friend, who has kids that may not listen so well, is there another option to "sandbox" files for later scanning with updated AV/Malware software? I realize that most software does this automatically, and I'm going to remove Chrome and install Comodo Dragon due to it's increased security, but any added protection is always better imo.

Second, I use Comodo I.S. and Malwarebytes, and installed both on the laptop. What do you use, if you dont mind my asking? Are there other sources than the ones you've provided in previous posts?

Lastly, I program on the side, and have had an interest in further education on detecting / fighting malware and the such, are you aware of any specific sites, besides Google, that you might suggest I visit? I have a strong interest in furthering my coding education, but I've had trouble finding organized information online.

Your assistance has been much appreciated, as well as your patience. I'm rather broke right now, but I will definitely be contributing in the future. Is there somewhere I can give you some kudos? I've seen some other posts where you helped folks, and if it has not been put out there I believe you deserve some recognition.

Thanks again! Quite satisfied!
 
1. I'd be against this forum rules to advice on P2P programs other than uninstall them.

2. I use Avast and Windows firewall plus free version of MBAM.

3. There are free schools available: http://www.uniteagainstmalware.com/schools.php

4.
Is there somewhere I can give you some kudos? I've seen some other posts where you helped folks, and if it has not been put out there I believe you deserve some recognition.
Click to expand...
You just did :)
 
Ohh.. One last thing, I know I'm pushin it on this post, I use Auslogics, but I've been lately disappointed with them, any suggestions for an alternative?
 
Just looking for something that clears old files, cache, temp folders and the registry in a user friendly manner. Boostspeed used to be free, I'd like to offer him something that doesn't require a fee.
 
Uninstall it.
Registry cleaners/optimizers are not recommended for several reasons:

  • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

    The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
  • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
  • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
  • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
  • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.

 
Nice, good to know, I think that about covers all my questions/concerns. Thanks again for all of your dedication and help man, you're a rockstar!:) Broni = huge(y)!
 
You must log in or register to reply here.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
825
uber_beetle
uber_beetle
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni

Latest posts

Back