Jump to content

Lerxst2112

Members
  • Posts

    20
  • Joined

  • Last visited

Reputation

0 Neutral
  1. MrC, I found one last issue that I forgot I had an problem with to complete this topic. You had asked me to uninstall Adobe Reader 8 (as well as Version 9) after it was found by SecurityCheck.exe. I found and deleted Adobe Reader 9, but I did not find Adobe Reader 8 listed under "Add or Remove Programs". I manually searched and found the folder c:\\Program Files\Adobe\Reader 8.0. What would be the best way to uninstall Adobe Reader 8 in this case? I checked for, but did not find an uninstaller on the Adobe website. I did a google search and found this link that discusses manually removing Adobe Reader 8. Should I follow the instructions provided by this link or would you have guidance that you could provide me? Thanks, Bob
  2. I want to purchase Malwarebytes Anti-Malware PRO. The only delivery option offered to users on the Malwarebytes website is to download the software, but they can order the CD for an additional cost. I prefer to just buy the CD without the additional cost. I looked on Amazon, but did not see Malwarebytes Anti-Malware PRO available for purchase directly from Malwarebytes. Are any of the vendors on Amazon authorized by Malwarebytes to sell the software? If so, who are the vendors permitted to sell the software? If none of the Amazon sellers are authorized, is purchasing it from the Malwarebytes website the only authorized way to purchase the software? I want to make sure that I am only buying it from a legitimate source. When buying it from the Malwarebytes website, can a user purchase the software from one computer, but download it on another computer? I have just fixed an issue with a backdoor Trojan virus (ZeroAccess) and I do not want to make credit card purchases from the infected computer. Thanks!
  3. Thanks again for all of your help, MrCharlie!! I just wanted to finish up just a few last issues. After re-booting several times after turning on System Restore again and setting a new System Restore point, it is still turned on, so I believe it is working now. I do not see the RK_Quarantine folder and its contents on the desktop anymore. Is it possible that it was deleted when I ran OTL and hit the CleanUp button? Prior to being deleted, were the contents inside the RK_Quarantine folder only reports or actually virus files? Like you suggested, I won't worry much about the deleted registry entry if I cannot retrieve it. Ideally, I would like to use only the firewall from Norton 360 (2013) (and turn off all other features), use Webroot SecureAnywhere Complete 2013 for the anti-virus features (and not use its firewall or anti-malware features), and use Malwarebytes Anti-Malware PRO for the anti-malware program. There is no need to comment on the specific programs mentioned, but would you know if it is possible to use one or some features of certain internet security suites and turn off the other features that I do not want to use? 5. I have noticed that my when I try to click and hold down the left mouse button in the Title Bar of an application window (e.g., Windows Explorer, Excel, Word, even FoxIt Reader) and slide the mouse in order to try to move the open application on the screen, I am finding that many times the application window either: (a) does not move at all, (b) moves just a little (instead of my intent to move it across the screen), or (c.) changes the application window to full screen (as if I double clicked the title bar). Could this be an issue related to my problems or would it seem unrelated? Would you have any solutions for this issue?
  4. Hi MrC, Thank you so much for all the help that you provided!! I have been working on the items in your above reply. After I finish everything else and run a backup to my external hard drive, then I will update Windows XP to SP3. I have been following your suggestions, like replacing Adobe Reader with FoxIt Reader. I have also been following your suggestions listed in your "Preventive Maintenance". Please let me know if there is more to do to finish the work on this computer. I had a few questions from issues encountered during this cleanup phase and thoughts going forward, as well as issues encountered during the work to fix the problems: 1. After performing most of the updating and cleanup work from your last reply, I tried to create a new System Restore point and found that System Restore was turned off, even though I had set System Restore points during the process of working with you to fix my computer. I don’t think that I would have been able to set System Restore points during this process with System Restore turned off. Could there still be an issue/virus that turned off System Restore? 2. AdwCleaner - After running Delete following the initial Search of AdwCleaner, I ran the "Search" process again with AdwCleaner, just to see whether anything was reported, but it did return something (i.e., several keys related to "...\Software\Microsoft\Internet Explorer\SearchScopes\...", which I do not know). I have attached the resulting AdwCleaner[R2].txt for your review. Please let me know if there is more to do there. Based on your "Preventive Maintenance", it looks like I should continue to use AdwCleaner to search for and delete Adware, Toolbars, et al. 3. Is there any concern that I should have regarding the registry entry that I accidently deleted (i.e., “Replaced (0)”) when using RogueKiller (mentioned near the bottom of page 1 of this topic)? Should that deleted entry be added back to the registry or is it ok to continue without that entry? The deleted entry again was: [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) I have downloaded ERUNT per your "Preventive Maintenance" to backup the registry going forward. 4. In your "Preventive Maintenance", you mentioned that there should only be one anti-virus program, one firewall, and one anti-malware program that provides realtime protection installed on the computer. Would having more than one anti-virus software cause problems that would impact performance? I previously had Norton & Webroot anti-virus programs. Is it best just to choose one and uninstall the other? Thanks, Bob AdwCleanerR2.txt
  5. Thanks McC! I will "go with the flow". Attached is the resulting AdwCleaner[s1].txt file after running Delete. After the running of Delete was completed, I ran the "Search" process again with AdwCleaner, just to see whether anything was reported, but it did return something. I have attached the resulting AdwCleaner[R2].txt for your review. Please let me know if there is more to do there. I have also run SecurityCheck.exe as you instructed. The contents of the resulting checkup.txt file are posted below. The results reported that several of my security software packages are out of date. This is due to not using this computer for several months due to the Log On/Log Off virus and finally having some time now to fix the virus (with the great help that you have provided). The virus problem occurred several months ago when I let the security software subscriptions lapse for a short period of time (which I had planned to re-new) and then I was hit by the virus. I plan to purchase current versions of Norton Internet Security and Webroot Spy Sweeper to replace the outdated versions as soon as we are finished fixing the viruses, as well as add Malwarebytes Anti-Malware PRO (you can let me know if any of this is overkill). Results of screen317's Security Check version 0.99.57 Windows XP Service Pack 2 x86 Out of date service pack!! Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Disabled! BitDefender Antivirus Norton Internet Security Antivirus out of date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Spy Sweeper Spy Sweeper Core Malwarebytes Anti-Malware version 1.61.0.1400 Java™ 6 Update 20 Java version out of Date! Adobe Flash Player 10 Flash Player out of Date! Adobe Reader 8 Adobe Reader out of Date! Adobe Reader 9 Adobe Reader out of Date! ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 0% ````````````````````End of Log`````````````````````` AdwCleanerS1.txt AdwCleanerR2.txt
  6. I have downloaded AdwCleaner to my desktop and ran the Search. Attached is the resulting report. I have reviewed the report and do not have a problem with deleting anything identified in the report. Please let me know when it is ok to turn on the Windows Firewall and re-activate the protections of the anti-virus and anti-malware software. Also, please let me know when it is ok to uninstall the ComboFix.exe (as I read in the instructions that it should be uninstalled) and if any of the other applications with which we have been working should be uninstalled or deleted. Thanks, Bob AdwCleanerR1.txt
  7. Following in the instructions you provided, I downloaded ComboFix to my desktop, turned off all anti-virus and anti-malware programs, turned off the Windows Firewall, and ran ComboFix. Attached is the log from C:\ComboFix.txt for your review. ComboFix.txt
  8. Hi MrCharlie, Thank you very much for your help and patience!!! It has been greatly appreciated. I apologize for any issues that I created which complicated this matter. Is there any concern that I should have regarding the registry entry that I accidently deleted (i.e., “Replaced (0)”)? Should that deleted entry be added back to the registry? The deleted entry again was: [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) I ran the fixdamage tool to address a Windows Firewall problem and now that seems to be working. Is there anything more that needs to be done? If there is nothing more to do: 1. The versions of internet security software packages have expired. Before I start using this computer again, I will purchase and install the current versions of those software packages, as well as add Malwarebytes Anti-Malware PRO. Considering that this computer was badly infected with Rootkit.ZeroAccess (a BackDoor Trojan), if I do not plan to use this computer for transactions with financial accounts and credit cards, and ensure that my passwords for my financial accounts are not on this computer, will this computer be safe to use on the internet? 2. If I decide to replace this computer at some point in the future, will it be safe to copy individual personal files from this computer to another computer? I would only copy such individual personal files that are known to me. My concern would be that I could potentially copy a virus file since this computer was badly infected. Thank you very much, Bob mbar-log-2013-02-16 (14-16-41).txt system-log.txt
  9. I apologize for that and agree that I made it more complicated than it needed to be. I swore that the box was unchecked for hitting Delete with RogueKiller. I am proceeding with MBAR (from the step where I left off with running Cleanup and then rebooting) and will report back to you. Thank you very much for your help and I appreciate your patience with me.
  10. I have followed your procedures above, but stopped at a point before running the Cleanup with Malwarebytes Anti-Rootkit ("MBAR") due to a potential problem encountered during RogueKiller. I scanned and deleted the registry item with RogueKiller, set the Restore Point, and scanned and identified one item with MBAR. I have attached the one RogueKiller report (after running Delete) and the two MBAR reports before running Cleanup. The scan of RogueKiller identified six registry items. I unchecked the first four boxes with a single click each (no problem). The fifth box I made several clicks into the box to uncheck the item, but it was not unchecking the box. After about five or six attempts to uncheck the box, the box was finally unchecked (I thought that was odd, but thought I was ok at that point). I left the sixth box checked in order to delete the ZeroAccess entry in the registry. I hit delete at that point, but then when RogueKiller returned the results, it showed that the fifth item in the list may have also been deleted (i.e., "Replaced (0)"). The RogueKiller report showed the following entry for the two items replaced: [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) [HJ INPROC][PREVRUN] HKCR\[...]\InprocServer32 : (C:\Documents and Settings\Bob\Local Settings\Application Data\{16d0acff-807c-891f-b9cc-d4bf027d28fa}\n.) [x] -> REPLACED (C:\WINDOWS\system32\shell32.dll) I am fearful of rebooting the computer with not knowing whether there will be problem with the unintended deletion of the one entry above, which is why at stopped prior to running Cleanup with MBAR, which may automatically reboot the computer. I thought if that item should not have been deleted, then possibly we need to insert the entry back into the registry before rebooting. Please let me know how to proceed. Thanks, Bob RKreport5_D_02162013_02d0806.txt system-log.txt mbar-log-2013-02-16 (08-52-27).txt
  11. I just have one question before I proceed. The first scan file showed the registry line in question as: [HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Documents and Settings\Bob\Local Settings\Application Data\{16d0acff-807c-891f-b9cc-d4bf027d28fa}\n.) [x] -> FOUND The second scan file (and the current scan) showed that same registry line in question as something slightly different: [HJ INPROC][PREVRUN] HKCR\[...]\InprocServer32 : (C:\Documents and Settings\Bob\Local Settings\Application Data\{16d0acff-807c-891f-b9cc-d4bf027d28fa}\n.) [x] -> FOUND It is the same directory path, but instead of showing the "type" as [ZeroAccess], it is now shown as [PREVRUN]. Just to confirm before I proceed, even though it is no longer identified as the "type" [ZeroAccess], should I leave the [PREVRUN] checked, so it can be deleted, and uncheck the others before clicking Delete?
  12. I have run the RogueKiller scan. I mistaken copied it to a directory, rather than to the desktop, when I ran the scan the first time (producing the attached file ending *048.txt). I then copied RogueKiller to my desktop and ran the scan a second time (producing the attached file ending *051.txt). Sorry about that mistake. After the scans completed, I closed the program and did not fix anything. RKreport1_S_02152013_02d2048.txt RKreport2_S_02152013_02d2051.txt
  13. Thank you for preparing the fixlist.txt file specific to my computer. I still had the desktop computer booted up with the OTLPE disk (i.e., I didn't re-boot). I copied the fixlist.txt file to the flash drive, ran FRST.exe, and clicked "Fix" once. It ran relatively quickly and produced the attached fixlog.txt file. I then re-started the computer normally and was able to successfully log into it for the first time in months!!!!! Assuming we are not finished yet, what should I do next?
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.