Jump to content

Malicous websites blocked, without browser running


Recommended Posts

Sorry, I'm a little flustered. I meant my computer has been acting strange, and the scan results were no longer showing on the AVG console window; Windows was locking up when I tried to get online, and AVG wasdisabled, and so forth.

 

I uninstalled PCTools firewall, and reinstalled the windows firewall, so the AVG window and my internet can work properly for tonight.

 

The excluded file is in the documents and settings folder, under sony online entertainment, and it's called npsoeact.dll

Link to post
Share on other sites

That's a good file:

http://www.herdprotect.com/npsoeact.dll-43d591d71784bc640a36e0703b00afeaa2797928.aspx

--------------------------

Not sure why the firewall would cause that, did you download it from here:

http://www.softpedia.com/get/Security/Firewall/PC-Tools-Firewall-Plus.shtml

You can't uninstall or install the Windows firewall, just disable and enable it.

MrC

Link to post
Share on other sites

Whoops, I apparently missed your previous post. I did the FRST fix:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-04-2014
Ran by Ben at 2014-04-11 18:47:45 Run:1
Running from C:\Documents and Settings\Ben\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
S4 dvpapi; "C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe" [X]
C:\Program Files\Common Files\Authentium
*****************

dvpapi => Service deleted successfully.
"C:\Program Files\Common Files\Authentium" => File/Directory not found.

==== End of Fixlog ====

Link to post
Share on other sites

>You can't uninstall or install the Windows firewall, just disable and enable it.

 

Yes, I meant enable. And yes, I downloaded PCtools from that location.

 

Unfortunately, I have to leave for tonight and pick this up in the morning. I will try a full AVG scan in the morning and see if the results are any different now that PCTools Firewall is uninstalled.

Link to post
Share on other sites

Okay, so I ran the scan, and AVG found no threats, but still shows that one file as excluded. Thank you for looking into that too, btw. I was scratching my head trying to figure out which of my games was from Sony Online Entertainment. I had uninstalled Free Realms shortly after I installed it, but it doesn't show on my uninstaller. Can I simply delete that file?

Link to post
Share on other sites

Yes you can, getting back to the firewall...it has to go through a learning process for a while so it learns what programs you have running and are OK to run.

Also under Settings > Preferences > Set it to Normal user for now.

Also I would download and install CCleaner for temp file cleaning:

Download, install and run CCleaner free to clean out temp files.

Here's a Tutorial if needed.

Please stay away from the registry cleaner.

MrC

Link to post
Share on other sites

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
MrC
Link to post
Share on other sites

In the meantime, I ran a full AVG antivirus and full Malwarebytes check, and both were clean. Then, out of curiosity, I downloaded Avast! free antivirus, and it came up with an infected file: It calls it JS:Redirector-AJN [Trj]. It says it was last changed on 4/15/2012.

 

Here's the security check:

 

 Results of screen317's Security Check version 0.99.81  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
 avast! Free Antivirus    
 AVG 2014     
 Authentium AntiVirus SDK - 2  
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 51  
 Adobe Flash Player     12.0.0.77  
 Mozilla Firefox (28.0)
 Google Chrome 33.0.1750.154  
 Google Chrome 34.0.1847.116  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 AVG avgwdsvc.exe
 Malwarebytes Anti-Malware mbamscheduler.exe   
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 5%
````````````````````End of Log``````````````````````
 

Link to post
Share on other sites

In the meantime, I ran a full AVG antivirus and full Malwarebytes check, and both were clean. Then, out of curiosity, I downloaded Avast! free antivirus, and it came up with an infected file: It calls it JS:Redirector-AJN [Trj]. It says it was last changed on 4/15/2012.

Do you have the details....like the name and location of the file??

JS means Java script

This link explains how to clean out Java cache:
http://www.java.com/en/download/help/plugin_cache.xml

------------------------------------------------------------

Your FlashPlayer is out of date: (should be 13.0.0.182)
Adobe Flash Player 12.0.0.77 <---out of date


Flash Player:
Check for an update if available
Downloads are at the top of the page. (don't install the McAfee toolbar)

--------------------------------------------------------------

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter. (it may look like CF is re-installing but it's not)
This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

bwebb7v.jpgDownload Delfix from here and save it to your desktop.

  • Ensure Remove disinfection tools is checked.
  • Click the Run button.

Any other programs or logs you can manually delete. (right click.....Delete)
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall.

Note:
If you used FRST and can't delete the quarantine folder:
Download the fixlist.txt to the same folder as FRST.exe.
Run FRST.exe and click Fix only once and wait
That will delete the quarantine folder created by FRST.
The rest you can manually delete.

-------------------------------

Any questions...please post back.
If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again. (My Preventive Maintenance also found HERE)

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Oh yeah, flash player. I always have to install that manually, because I get an error saying "failed to initialize", However, since this last update, I can't find the direct download on Adobe's website (that usually works, instead of the automatic install that they do) So, I am just uninstalling it for now.

 

Unfortunately, I couldn't cut and paste where that file is, so I'm transcribing it here: C:\Documents and settings \ Ben\local settings\application data\{351442d5-8692-11E1-826D-B8AC6F996F26}\chrome\content\browser.xul

 

I almost never use Chrome, and coincidentally uninstalled it with Ccleaner just after that scan (not realizing that's where the file had been located.)

Link to post
Share on other sites

That link produces the same results, but a quick search came up with a page explaining that the new version may not work for everybody at the present time. I'll just keep it uninstalled until Adobe figures this out.

 

Again, I really appreciate all your help!

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.