-
Hi jacknjaspa,
Let's try some thing first.
Open windows explorer (right click the Start button and click Explore)
At the top of windows explorer, click tools, folder options, click the
view tab- check Display the contents of system folders
- check Show hidden files and folders
- uncheck "Hide extensions for known file types" box
- uncheck "Hide protecting operating system files" box
Click apply, click ok
Navigate to C:\Windows\System32
In the right hand panel you will see the list of files in the folder. Use the file list in the combofix log HERE as a reference. They are listed alphabetically near the top of the log under FILE ::
See if any of the files are actually present in the System32 folder. Don't take any action just let me know.
-
None are present, this file is close but not the actual one
clipsrv.exe (not dll as in log)
Any more ideas?
-
Hi jacknjaspa,
clipsrv.exe is a legit file and should be there. It seems like AVG may have been corrupted during the infection.
Let's see what happens when you uninstall it and reinstall it. This will show us if it is actually AVG or something else.
Download a new copy of AVG and save it to your desktop. Do not install it yet.
Download the AVG Removal tool from HERE and save it to your desktop.
Disconnect from the internet- Uninstall AVG 2012 via add/remove programs
- run the AVG removal tool (avg_remover_stf_x86_2012_2125.exe)
- install the new copy
Any warnings?
-
Did it all .........& no more pop ups.
i reckon you've fixed it & if so your a champion &n cant think you enough for your help.
(i'll keep an eye on it & let you know if anything pops up)
-
Hi jacknjaspa,
Good job. 
I think this is the first time I've seen an av hijacked like that. We'll clean up the tools and send you on your way.
From your desktop, please delete, if present- any notepads/logs that we created
- DDS.scr
- Farbar Service Scanner
- TDSSKiller.exe
- avg_remover_stf_x86_2012_2125.exe
- the AVG set up files
You can also delete- C:\TDSSKiller.[Version]_[Date]_[Time]_log.txt
- C:\TDSSKiller_Quarantine
Empty the Recycle Bin
Next
Open windows explorer (right click the Start button and click Explore)
At the top of windows explorer, click tools, folder options, click the
view tab- uncheck Display the contents of system folders
- uncheck Show hidden files and folders
- check "Hide extensions for known file types" box
- check "Hide protecting operating system files" box
Click apply, click ok
Open OTL then click the Clean Up button. You may get prompted by your firewall that OTL wants to contact the internet - allow this. A cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will do some clean up tasks and delete some of the tools you have downloaded plus itself.
I suggest you keep MBAM. Keep it updated and use it regularly.
* Create a new restore point
You must be logged on to an administrator account - Go to Start - All Programs - Accessories - System Tools - System Restore.
- Click Create a restore point, and then click Next.
- In the text box labeled Restore Point Description, type a name for this restore point
- click create
* Remove old restore points
- Go to Start - All Programs - Accessories - system tools.
- Launch the Disk Cleanup tool and let it run.
- When it finishes a box with tabs will appear, select the more options tab.
- On this tab you will find a section for System Restore.
- If you press the Clean Up button for that section, Windows will delete all restore points except for the most recent one.
Updates and upgrades
You have an older version of Adobe Reader. You can download the current version HERE
You may want to consider Foxit Reader instead. It may be a bit lighter on resources. If you choose to use Foxit decline the Foxit Tool bar during the install.
Visit their support forum
Foxit Forum
In either case you should uninstall Adobe Reader 9.5.0 first. Be sure to move any PDF documents to another folder first though.
Some Recommendations and prevention tips
Basic security consists of 1 antivirus program, 1 resident antispyware program, 1 on demand antispyware program and a firewall. Just add a firewall to what you have.
* If you are behind a router Windows firewall should be fine. Otherwise a 3rd party firewall with outbound monitoring is recommended.
Click FIREWALL for links and tutorials to good, free and paid for firewalls. (Note: Zone Alarm is becoming bloatware)
You can use Spybot to install a Custom Hosts file.
1-Left-click the "Spybot - Search & Destroy" shortcut to open the program
2-Right-click an item in the list of immunizations and click "Deselect All."
3-Scroll down to the bottom of the list and click the checkbox to the left of "Global (Hosts)" under the "Windows" header.
4-Click "Immunize" on the Spybot toolbar.
OR
A guide to understanding and using the hosts file.
Learn how your Hosts file can protect you and how you can protect it.
Besides the Hosts file information, there are links to a very good updated hosts file, a host file manager. and some programs that can protect your hosts file.
HOSTS
Please read the info on disabling the DNS Client before installing a custom hosts file.
-Secure your Internet Explorer
From within Internet Explorer click on the Tools menu and then click on Options.- Click once on the Security tab
- Click once on the Internet icon so it becomes highlighted.
- Click once on the Custom Level button.
- Change the Download signed ActiveX controls to Prompt
- Change the Download unsigned ActiveX controls to Disable
- Change the Initialize and script ActiveX controls not marked as safe to Disable
- Change the Installation of desktop items to Prompt
- Change the Launching programs and files in an IFRAME to Prompt
- Change the Navigate sub-frames across different domains to Prompt
- When all these settings have been made, click on the OK button.
- If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
- Keeping your Windows up-to-date is crucial to your computer's security. Please go to the Windows Update Site (using Internet Explorer) and download and install all critical updates on a regular basis
- Make sure you have reset Automatic Updates to your chosen optionClick your start button > Control Panel > System > Automatic Updates tab
- Keep your antivirus program updated, as well as any other security programs you have.
-More tips and programs can be found HERE
Please post back if you have any problems.
Take care
-
OK all done.....evrything appears to be running well & no sing of threats or notifications.
Thankyou so much for your advice & patience, it is very much appreciated!
-
Hi jacknjaspa,
You are more than welcome.
Take care, keep safe.
-
Since this issue appears to be resolved ... this Topic has been closed.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
