48 replies to this topic

[imposs]

Dear Maniac

Since I sent you a PM I have heard that there was a major technical glitch at MBAM and a week's worth of posts were lost. Unfortunately in my case all the back history was lost as well. You had nearly finished curing my problem so I hope you will be able to do the last steps.

I started with a PUM.UserWLoad infection which after some scans you cleverly removed with a special Custom Scans/Fixes in OTL. You were worried because it had been in a temporary file as an .exe so you continued to check for any remaining problems and asked me to post a Security Check scan. You then told me to activate my UAC and remove and update my version of Java, both of which I have done. You then told me to download and run Complete Internet Repair, checkmarking all the boxes.

The heading on that checkbox page says that you should not "select an option unless your computer has the described problem". I do not know if my computer has all the problems listed and the ways they are solved seem rather harsh. For example one option says it should be used "with care" because certain things will have to be reinstalled afterwards. Do you think there are individual problems which I should cure this way? Please let me know because I have not used that software. I have however done a further Security Check scan which you asked for and show it below.

I look forward to receiving your extremely good help to finish off this infection.


Results of screen317's Security Check version 0.99.54
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
Norton 360
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
SUPERAntiSpyware Free Edition
Malwarebytes Anti-Malware version 1.65.1.1000
Java 7 Update 9
Adobe Reader X (10.1.4)
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 5%
````````````````````End of Log``````````````````````

• Back to top

[Maniac]

Your log file looks good. Could you please tell me how is your system now.

[imposs]

I am very glad we are in contact again. My computer system is not showing any problems now. In fact, it did not show any problems when I had the infection; it was MBAM which identified the PUM but could not get rid of it when my computer restarted. I had stopped other attacks in the last few weeks either with AVG or MBAM getting rid of them, all except this PUM. I also had emails sent out in my name to my contacts which I did not know anything about so I was very worried that other problems might arise.

I have one question about the log. It shows Norton 360 but that expired several months ago and I did not renew it. I thought I had removed it from my computer and it is not listed anywhere. Should I try to get rid of it (if so,how) or can it be left? I have AVG in its place.

Is it possible that infection can be reintroduced from video clips which I have downloaded and saved to a memory stick when I play them?

I look forward to your response.

[Maniac]

Quote

I also had emails sent out in my name to my contacts which I did not know anything about so I was very worried that other problems might arise.

Your system is safe now, so change all of your passwords. That should do the trick.

Quote

I have one question about the log. It shows Norton 360 but that expired several months ago and I did not renew it. I thought I had removed it from my computer and it is not listed anywhere. Should I try to get rid of it (if so,how) or can it be left? I have AVG in its place.

You should get rid of it. Follow the instructions here to clean it:
https://www-secure.s...n=1&lg=en&ct=us

Quote

Is it possible that infection can be reintroduced from video clips which I have downloaded and saved to a memory stick when I play them?

Everything is possible. You could scan them in www.virustotal.com to check that theory.

[imposs]

I have used the Norton Removal tool twice (and restarted my computer each time) and removed manually all references to Norton that I could find (including the removal tool itself) but Norton 360 still appears on the Security Scan as you can see on the following log. Should I just forget it?
Thank you for the suggestion of virustotal but their maximum file size is 32MB. That is not enough for a video clip and I do not want to bring the clips on to my computer to subdivide them in case that imports an infection. Do you know a website which will scan larger files?


Results of screen317's Security Check version 0.99.54
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
Norton 360
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
SUPERAntiSpyware Free Edition
Malwarebytes Anti-Malware version 1.65.1.1000
Java 7 Update 9
Adobe Reader X (10.1.4)
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 5%
````````````````````End of Log``````````````````````

[Maniac]

You could try this manually:
http://www.pchell.co...ty_center.shtml

That is a lot of size for such a scan, so you could upload it somewhere and to send it to any AV vendor such as AVG for further analysis.
http://www.avg.com/z...m-2142#faq_2142

[imposs]

Well done! PChell works and Norton 360 no longer appears on my SecurityCheck (latest log below).
What should I do about the Quarantine section of MBAM? The PUM which you have removed for me is listed several times there together with other bad looking infections. Is it safe to leave them there or should I delete the list?

Results of screen317's Security Check version 0.99.54
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
SUPERAntiSpyware Free Edition
Malwarebytes Anti-Malware version 1.65.1.1000
Java 7 Update 9
Adobe Reader X (10.1.4)
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 5%
````````````````````End of Log``````````````````````

[Maniac]

It is absolutely safe to be in Quarantine, because there is no chance to get out.

Do you have any more questions?

[imposs]

I have two more questions, please.

1. Following your last reply, is there any disadvantage in deleting the list in Quarantine?

2.My Desktop now has 9 extra icons (with shortcuts to programs) following your help because each item of software was saved to desktop. Can I delete some or all of the software or is it wise to keep them available in case the problem occurs again (particularly as your links were lost when my back history was wiped from this Forum last week)? The extra items are:
DDS, AppRemover, AdwCleaner, aswMBR, OTL, Complete Internet Repair(which I did not run), JavaRa, AVPTool. There is also Security Check but I want to keep that, in order to run it occasionally; it seems simple and very useful.

[Maniac]

Quote

1. Following your last reply, is there any disadvantage in deleting the list in Quarantine?

It is your personally choice. I was trying to explain you that malware in quarantine is like a person in prison (probably the best example is Guantanamo). If you decide - delete them.

About the other question:

• Download OTC to your desktop and run it
  
• Click Yes to beginning the Cleanup process and remove these components, including this application.
  
• You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

Next, manually delete the rest of tools.

Some malware prevention tips:
users.telenet.be/bluepatchy/miekiemoes/prevention.html


Safe surfing!

[imposs]

I have now removed them from my Desktop (except for SecurityCheck) and elsewhere where they showed up. I assume that means they have gone from my system. Incidentally, I have just noticed that the SecurityCheck logs show Google Chrome which I have never downloaded. My list of programs indicates that I have Google Chrome Frame which must have come with something else. Is that what the SecurityCheck log is showing up?

I have been wondering if MBAM Pro would have prevented my recent infection with a PUM which MBAM Free identified but could not remove on restart. What do you think?

Please look out for my PM which I sent recently.

[Maniac]

Quote

My list of programs indicates that I have Google Chrome Frame which must have come with something else. Is that what the SecurityCheck log is showing up?

Security Check shows that you have installed Google Chrome, but in Chrome Frame page there is the following information:
https://developers.g...e/chrome-frame/

Quote

Google Chrome Frame is an open source plug-in that seamlessly brings Google Chrome's open web technologies and speedy JavaScript engine to Internet Explorer.

So that may be.

Quote

I have been wondering if MBAM Pro would have prevented my recent infection with a PUM which MBAM Free identified but could not remove on restart. What do you think?

Yes, because MBAM Pro give you the chance to turn on the Real-Time protection module, which didn't exist in Free edition.

[imposs]

Thank you again for all your help. I think I have now finished with my problems. I will be much more careful with surfing in the future. I hope you have received the transfer.
Best wishes Imposs

[Maniac]

Thanks a lot!

You're most welcome!

[LDTate]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

[Maniac]

What's new there?

[imposs]

Dear Maniac

When you helped me to remove a PUM from my computer, you advised me to uninstall ZoneAlarm and rely on only one firewall. As well as using the usual uninstall procedure, you gave me a link to the tool “download.zonealarm.com/……./clean.exe” which removed all references to ZoneAlarm on my system. It also removed it from SystemCheck. I think this part of the history of your help was lost when the MBAM system had its breakdown about one month ago.

Since then I have not been able to scan from my HP wireless printer although I can arrange a scan from my computer which demonstrates that the basic scan system is working. HP website says this can be caused by firewall problems and when I use the HP test for firewalls it indicates the existence on my system of ZoneAlarm Pro Firewall. However I still cannot find it elsewhere and have rerun the cleaning tool mentioned above without effect.

Can you suggest another cleaning tool to get rid of the remaining ZoneAlarm? I suppose it is possible that this is a consequence of damage caused by the initial infection.
Thank you in advance for your continuing help

• Report

[Maniac]

Okay, let's check this one:

Please download AppRemover and save it on your desktop. Start the application and click Next and then select Clean Up a Failed Uninstall. Wait until AppRemover finishes scanning the computer and determines which security applications have elements installed. For some applications, AppRemover requires that you restart your computer to finish the uninstallation. If prompted, restart your computer before exiting AppRemover.

[imposs]

I think they have changed AppRemover recently. It is now called OPSWAT AppRemover and you are asked if you want an OPSWAT Security Toolbar installed. If you select (as I did) the alternative of "I only wish to run AppRemover" the only option available is "Uninstall your Security Application". This then showed that I had AVG and MBAM; because I did not want to uninstall either of them I closed the page. Your suggested "Clean up a Failed Uninstall" does not seem to be available.

Can you make another suggestion please?

[Maniac]

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.