still need help?
still need help?
Windows Insider MVP Consumer Security 2009 - 2017
Please do not PM me for Malware help, we all benefit from posting on the open board.
i still need help, i just couldn't use the computer for a bit. i'm working on it now.
During the down time however:
malwarebytes woke up with an alert about a snapdo remnant in the registry (it quarantined it). I'll have a copy of the log for you when I can grab it.
It might have been blocked from updating, as wehn I came back it had like 10 notifications that malware was out of date and to update it.
I ran TFC, it cleared, no reboot.
couldn't open google chrome to get to the link for ESET.
I could click on the icon on the start bar and in the start menu explorer, but no dice.
I then noticed that the windows action center had a notice that avira desktop was turned off. I was trying to turn it on, but nothing would happen. I opened the action center to try seeing what was on, but it wouldn't let me close the window.
I had to reboot.
Rebooting is taking a looong time. Going to hard reboot it.
the reboot is successful, chrome opens, and i'm running ESET now.
here is the ESET scan
ESETSCAN.txt
and here is the Malwarebytes scan I woke up to: this was before the scans.
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 3/30/2014
Scan Time: 11:11:26 AM
Logfile:
Administrator: Yes
Version: 2.00.0.1000
Malware Database: v2014.03.28.02
Rootkit Database: v2014.03.27.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Becker
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 250240
Time Elapsed: 55 hr, 55 min, 32 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 1
PUP.Optional.SnapDo.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, http://feed.snapdo.com/?p=mKO_AwFzXIpYRaHk7fb-MO5XCXXVn6DMoLXA5bpSRiP8qgt8qU7OgttvXIHGsPLCbSq6DZIk8YcBZ4oFqibJHA57xcLNtmZ3waCu1wdEn92ITbJEZz_-CXeRhBiqQl7trvimvbGDwH43j_ilY78vTWIQtmGRhRoA0ssN42Ev0fg_6I122zXVnBkO2aY5VtgodTFDlZIabQ,,&q={searchTerms}, Good: (www.google.com), Bad: (http://feed.snapdo.com/?p=mKO_AwFzXIpYRaHk7fb-MO5XCXXVn6DMoLXA5bpSRiP8qgt8qU7OgttvXIHGsPLCbSq6DZIk8YcBZ4oFqibJHA57xcLNtmZ3waCu1wdEn92ITbJEZz_-CXeRhBiqQl7trvimvbGDwH43j_ilY78vTWIQtmGRhRoA0ssN42Ev0fg_6I122zXVnBkO2aY5VtgodTFDlZIabQ,,&q={searchTerms}),,[c7db0800116ace6867c559a6887b41bf]
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
Malwarebytes Anti-Malware quarantined that item right?
Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)
After running this script it should reboot your machine, don't be alarmed.start
C:\Program Files (x86)\Avira\AntiVir Desktop\offercast_avirav7_.exe
C:\Windows\Installer\MSI43DA.tmp
Reboot:
end
Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
Update me please, what malware issues remain?
Windows Insider MVP Consumer Security 2009 - 2017
Please do not PM me for Malware help, we all benefit from posting on the open board.
should I have certain things disabled or enabled when I run these scripts? should avira be off right now?
MALWARE BYTES FOUND AN ITEM AGAIN
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 4/1/2014
Scan Time: 5:56:49 PM
Logfile:
Administrator: Yes
Version: 2.00.0.1000
Malware Database: v2014.04.01.09
Rootkit Database: v2014.03.27.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Becker
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 250917
Time Elapsed: 8 min, 23 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 1
PUP.Optional.SnapDo.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, http://feed.snapdo.com/?p=mKO_AwFzXIpYRaHk7fb-MO5XCXXVn6DMoLXA5bpSRiP8qgt8qU7OgttvXIHGsPLCbSq6DZIk8YcBZ4oFqibJHA57xcLNtmZ3waCu1wdEn92ITbJEZz_-CXeRhBiqQl7trvimvbGDwH43j_ilY78vTWIQtmGRhRoA0ssN42Ev0fg_6I122zXVnBkO2aY5VtgodTFDlZIabQ,,&q={searchTerms}, Good: (www.google.com), Bad: (http://feed.snapdo.com/?p=mKO_AwFzXIpYRaHk7fb-MO5XCXXVn6DMoLXA5bpSRiP8qgt8qU7OgttvXIHGsPLCbSq6DZIk8YcBZ4oFqibJHA57xcLNtmZ3waCu1wdEn92ITbJEZz_-CXeRhBiqQl7trvimvbGDwH43j_ilY78vTWIQtmGRhRoA0ssN42Ev0fg_6I122zXVnBkO2aY5VtgodTFDlZIabQ,,&q={searchTerms}),,[fd30968f7a0174c27dd915f10bf97d83]
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by Becker at 2014-04-01 17:42:40 Run:2
Running from C:\Users\Becker\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
C:\Program Files (x86)\Avira\AntiVir Desktop\offercast_avirav7_.exe
C:\Windows\Installer\MSI43DA.tmp
Reboot:
end
*****************
Could not move "C:\Program Files (x86)\Avira\AntiVir Desktop\offercast_avirav7_.exe" => Scheduled to move on reboot.
C:\Windows\Installer\MSI43DA.tmp => Moved successfully.
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-04-01 17:45:25)<=
"C:\Program Files (x86)\Avira\AntiVir Desktop\offercast_avirav7_.exe" => File could not move.
==== End of Fixlog ====
yes, you can disable avira.
Hate to sound like a broken record but, did MBAM delete that file in question?
How is the computer today?
Windows Insider MVP Consumer Security 2009 - 2017
Please do not PM me for Malware help, we all benefit from posting on the open board.
C:\Program Files (x86)\Avira\AntiVir Desktop\offercast_avirav7_.exe
don't worry about this, when it installed it also installed ASK toolbar....so no biggie.
Windows Insider MVP Consumer Security 2009 - 2017
Please do not PM me for Malware help, we all benefit from posting on the open board.
Set as follows Internet Explorer back:
Open Internet Explorer and go to Tools -> Internet Options.
Click the Advanced tab, under "Internet Explorer Settings Reset" to reset ...
Click in the "Reset Internet Explorer settings" to confirm reset.
Windows Insider MVP Consumer Security 2009 - 2017
Please do not PM me for Malware help, we all benefit from posting on the open board.
Malwarebytes reported a clean sweep.
(previously it was just quarantining, it was deleting anything, so i told malware to delete it manually)
is there anything else I should run to make sure its clean?
if it is good, then what can I do to add protection?
leave malware on?
spybot? with or without teatimer?
avira? with or without desktop?
window's firewall and stuff.
what will interfere with what?
can I install a host's file that blocks all the bad sites? I did that for them on the last computer and it worked much better. where do I get one for windows 7?
what about some useful chrome or IE addon's? do you recomend a popup blocker that is safe?
is there anyway I can educate my parents on safe internet use?
I'll post information about this in my preventive tips.what about some useful chrome or IE addon's? do you recomend a popup blocker that is safe?
is there anyway I can educate my parents on safe internet use?
Blocking Unwanted Connections with a Hosts File http://winhelp2002.mvps.org/hosts.htm
scroll down to your version of windows
Leave Malwarebytes Anti-Malware on update regularly.if it is good, then what can I do to add protection?
leave malware on?
spybot? with or without teatimer?
avira? with or without desktop?
window's firewall and stuff.
what will interfere with what?
Keep SpyBot and teatimer, check for updates often
Avira is good (Will provide choices in preventive tips)
I use Windows Firewall and have had no issues but there are people who want other Firewalls, have these in my preventive tips as well.
Let's clean up the tools we used and remove quarantine folders.
Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
Run FRST/FRST64 and press the Fix button just once and wait.
no needed to post the log this time.
start
DeleteQuarantine:
end
~~~~~~~~~~~~~~
- Download Delfix from here
- Ensure Remove disinfection tools is ticked
Also tick:
- Create registry backup
- Purge system restore
- Click Run
Any other tools and files found can simply be deleted or uninstall via Add/Remove Programs in the Control Panel etc.
***************
Your good to go, good job!
Please take the time to read over a few of my preventive tips.
Computer Security
http://malwareremoval.com/forum/view...557960#p557960
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Be prepared for CryptoLocker:
Cryptolocker Ransomware: What You Need To Know
CryptoLocker Ransomware Information Guide and FAQ
to help protect your computer in the future I recommend that you get the following free programmes:
CryptoPrevent install this programme to lock down and prevent crypto ransome ware
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Please navigate to Microsoft Windows Updates and download all the "Critical Updates" for Windows.
Firefox 3
The award-winning Web browser is now faster, more secure, and fully customizable to your online life. With Firefox 3, added powerful new features that make your online experience even better. It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.
*NoScript - Addon for Firefox that stops all scripts from running on websites. Stops malicious software from invading via flash, java, javascript, and many other entry points.
AdblockPlus
- AdblockPlus, Surf the web without annoying ads!
- Blocks banners, pop-ups and video ads - even on Facebook and YouTube
- Protects your online privacy
- Two-click installation, It's free!
- click the icon that corresponds to your browser and download.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
WOT Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE.
- Green should be good to go
- Yellow for caution
- Red to stop
- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
How to prevent Malware: Created by Miekiemoes
WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article (http://www.forbes.com/sites/eliseack...-disable-java/
and this article (http://www.nbcnews.com/technology/te...late-1B7938755
I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser (http://www.geekstogo.com/2600/how-to...r-web-browser/) and How to unplug Java from the browser (http://krebsonsecurity.com/how-to-un...m-the-browser/))
Avoid P2P
P2P may be a great way to get lots of stuffs, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well.
Please read these short reports on the dangers of peer-2-peer programs and file sharing.
*********************************************
Please read the following safe computing articles..
Secure My Computer: A Layered Approach
Free Antivirus-AntiSpyware-Firewall Software
Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
Windows Insider MVP Consumer Security 2009 - 2017
Please do not PM me for Malware help, we all benefit from posting on the open board.