CheapProductsCoupons

[Blade81]

Hi,

Go here to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

• Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
• Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how.
• Click the blue Run ESET Online Scanner button
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
• Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
• Click on Advanced Settings
• Make sure that the option Remove found threats is unticked.
• Ensure these options are ticked
  • Scan archives
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
• Click Start
• Wait for the scan to finish
• When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
• Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
• Close the ESET online scan, and let me know how things are now.

[tampacate]

Hi,

Go here to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

• Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
• Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how.
• Click the blue Run ESET Online Scanner button
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
• Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
• Click on Advanced Settings
• Make sure that the option Remove found threats is unticked.
• Ensure these options are ticked
  • Scan archives
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
• Click Start
• Wait for the scan to finish
• When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
• Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
• Close the ESET online scan, and let me know how things are now.

Hi,
Yes, threats were found. File enclosed. However, I messed up and forgot to go to advanced settings and unclick "remove found threats". So, they've been removed. Sorry. I can't believe we went through all those steps and there were still threats.

C:\AdwCleaner\Quarantine\C\Program Files\CheapProductsCoupons\Shopalooza.dll.vir a variant of Win32/SProtector.Q potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\comiomcpmjjbamckaofaihngeohecbnl\content.js.vir JS/Adware.MultiPlug.B application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\comiomcpmjjbamckaofaihngeohecbnl\t8e7OdYke.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\fdnolplnofjhffmggppnjejkonmhlnkl\lsdb.js.vir JS/Adware.MultiPlug.B application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\fdnolplnofjhffmggppnjejkonmhlnkl\tKmbca9.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\gdjnohoegomjephliankgbomeifahlcp\hNrk_ac.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\rrealdeaal\DdC0BJhhdR9XDg.exe.vir a variant of Win32/AdWare.MultiPlug.BN application cleaned by deleting - quarantined
C:\Users\Catherine\Desktop\Downloads\FreeFileViewerSetup.exe a variant of Win32/FileTypeAssistant.A potentially unwanted application deleted - quarantined

[Blade81]

Hi,

All but the last one on the list were items that adwCleaner had already quarantined so situation looks good from that point of view. How's the system running now? Any problems left?

[tampacate]

Hi,

All but the last one on the list were items that adwCleaner had already quarantined so situation looks good from that point of view. How's the system running now? Any problems left?

So far it seems OK. Thanks so much for your time and expertise.

[Blade81]

Good. Let's see the final steps then


THESE STEPS ARE VERY IMPORTANT

Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

A To disable the System Restore feature:

1. Click on the Start button.
2. Hover over the Computer option, right click on it and then click Properties.
3. On the left hand side, click Advanced Settings.
4. If asked to permit the action, click on Allow.
5. Click on the System Protection tab.
6. Select c: drive and click Configure...
7. Select Turn off protection
8. Press OK.
Repeat steps 6-8 for each hard drive.

B. Reboot.

C Turn ON System Restore.
Follow the steps like you did when disabling system restore but on step 7. select Restore system settings and previous versions of files -option.


Now let's uninstall adwCleaner:

• Double click on adwcleaner.exe to run the tool.
• Click on Uninstall.
• Confirm with yes.

Please download OTC and save it to desktop.

• Double-click OTC.exe.
• Click the CleanUp! button.
• Select Yes when the
  Begin cleanup Process?
  prompt appears.
• If you are prompted to Reboot during the cleanup, select Yes.
• The tool will delete itself once it finishes, if not delete it by yourself.

Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

Recommended program to help in keeping the system up-to-date:
Download and run Secunia Personal Software Inspector (PSI) (tutorial can be found here) and fix its findings. Leave the program installed so you'll stay alarmed about vulnerable components in future too.


Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


Once again, please post and tell me how things are going with your system... problems etc.

Have a great day,
Blade

[Blade81]

Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread.

If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.