Page 3 of 4 FirstFirst 1234 LastLast
Results 21 to 30 of 32

Thread: Systemerrorfixer etc

  1. #21
    Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,300

    Default

    Hi

    Let's run SuperAntiSpyware next. Before it uninstall Malwarebytes' Anti-malware thru add/remove programs.


    Then download SUPERAntispyware Free Edition (http://www.superantispyware.com/download.html)

    Install it and double-click the icon on your desktop to run it.
    * It will ask if you want to Update the program definitions, click Yes.
    * Under Configuration and Preferences, click the Preferences button.
    * Click the Scanning Control tab.
    * Under Scanner Options make sure the following are checked:
    • Close browsers before scanning
    • Scan for tracking cookies
    • Terminate memory threats before quarantining.
    • Please leave the others unchecked.
    • Click the Close button to leave the control center screen.

    * On the main screen, under Scan for Harmful Software click Scan your computer.
    * On the left check C:\Fixed Drive.
    * On the right, under Complete Scan, choose Perform Complete Scan.
    * Click Next to start the scan. Please be patient while it scans your computer.
    * After the scan is complete a summary box will appear. Click OK.
    * Make sure everything in the white box has a check next to it, then click Next.
    * It will quarantine what it found and if it asks if you want to reboot, click Yes.
    * To retrieve the removal information please do the following:
    • After reboot, double-click the SUPERAntiSpyware icon on your desktop.
    • Click Preferences. Click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • It will open in your default text editor (such as Notepad/Wordpad).
    • Save the notepad file to your desktop by clicking (in notepad) "File" "Save As"

    * Save the log somewhere you can easily find it. (normally the desktop)
    * Click close and close again to exit the program.
    * Please add the log as an attachment in your post.


    Then run Spyware Doctor again and let me know if the finding amount has decreased.
    Microsoft Windows Insider MVP 2016
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  2. #22
    Junior Member
    Join Date
    Apr 2008
    Posts
    17

    Default

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 04/15/2008 at 07:18 PM

    Application Version : 4.0.1154

    Core Rules Database Version : 3412
    Trace Rules Database Version: 1404

    Scan type : Complete Scan
    Total Scan Time : 01:02:20

    Memory items scanned : 648
    Memory threats detected : 0
    Registry items scanned : 3840
    Registry threats detected : 25
    File items scanned : 44216
    File threats detected : 4

    Adware.Tracking Cookie
    C:\Documents and Settings\Helen\Cookies\helen@media.sensis.com[1].txt
    C:\Documents and Settings\Helen\Cookies\helen@socialmedia[2].txt
    C:\Documents and Settings\Helen\Cookies\helen@rocku.adbureau[2].txt

    Unclassified.Oreans32
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32#NextInstance
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Service
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Legacy
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#ConfigFlags
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Class
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#ClassGUID
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#DeviceDesc
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Capabilities
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Driver
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000\LogConf
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000\Control
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000\Control#ActiveService
    HKLM\SYSTEM\CurrentControlSet\Services\oreans32
    HKLM\SYSTEM\CurrentControlSet\Services\oreans32#Type
    HKLM\SYSTEM\CurrentControlSet\Services\oreans32#Start
    HKLM\SYSTEM\CurrentControlSet\Services\oreans32#ErrorControl
    HKLM\SYSTEM\CurrentControlSet\Services\oreans32#DisplayName
    HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Security
    HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Security#Security
    HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum
    HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#0
    HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#Count
    HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#NextInstance
    C:\WINDOWS\SYSTEM32\DRIVERS\OREANS32.SYS

  3. #23
    Junior Member
    Join Date
    Apr 2008
    Posts
    17

    Default Spyware Doctor Scan

    OK

    Of the 4 it found last time:
    Quote Originally Posted by Cats08 View Post
    Rootkit.Agent
    Trojan-Downloader.Conhook
    RogueAntiSpyware.SpywareNo
    Spyware.180search_Assistant
    The first two are gone (which it rated as the most dangerous).

    The last two are still there, along with
    Trojan.Generic

    and an application (NirCmd) which it rates as legit.

  4. #24
    Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,300

    Default

    Hi

    Yes, NirCmd is legit. Let's try to remove that other one with a little registry fix.


    Save text below as fix.reg on Notepad (save it as all files (*.*)) on the Desktop.

    Code:
    REGEDIT4
    
    [-HKEY_USERS\S-1-5-21-1149337873-3581715974-4078141996-1005\Software\Wget]
    It should look like this ->

    Doubleclick fix.reg, press Yes and ok.

    (In case you are unsure how to create a reg file, take a look here with screenshots.)

    Let me know if that helped
    Microsoft Windows Insider MVP 2016
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  5. #25
    Junior Member
    Join Date
    Apr 2008
    Posts
    17

    Default

    Something called 'Application.TrackingCookies' (also apparently legit) has replaced the Trojan one. The other 3 are still there.

  6. #26
    Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,300

    Default

    Hi

    To be able to help I would need to see all items Spyware Doctor finds. Cookie is not a problem but if you want those registry findings cleaned I need to see their complete paths. The regfix I provided in my previous post was easy enough to create 'cos I could see whole key in the screenshot.
    Microsoft Windows Insider MVP 2016
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  7. #27
    Junior Member
    Join Date
    Apr 2008
    Posts
    17

    Default

    OK

    There are two registry keys for each of the two that are still a problem.

    For RogueAntiSpyware.SpywareNo (7 infections):
    HKEY_USERS\S-1-5-21-1149337873-3581715974-4078141996-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A26F07F-0D60-4835-91CF-1E1766A0EC56}\iexplore
    HKEY_USERS\S-1-5-21-1149337873-3581715974-4078141996-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A26F07F-0D60-4835-91CF-1E1766A0EC56}

    For Spyware.180search_Assistant (6 infections):
    HKEY_USERS\S-1-5-21-1149337873-3581715974-4078141996-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DECEAAA2-370A-49BB-9362-68C3A58DDC62}\iexplore
    HKEY_USERS\S-1-5-21-1149337873-3581715974-4078141996-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DECEAAA2-370A-49BB-9362-68C3A58DDC62}


    Do you need registry values as well?

  8. #28
    Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,300

    Default

    Hi

    Save text below as fix.reg on Notepad (save it as all files (*.*)) on the Desktop.

    Code:
    REGEDIT4
    
    [-HKEY_USERS\S-1-5-21-1149337873-3581715974-4078141996-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A26F07F-0D60-4835-91CF-1E1766A0EC56}]
    
    [-HKEY_USERS\S-1-5-21-1149337873-3581715974-4078141996-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DECEAAA2-370A-49BB-9362-68C3A58DDC62}]
    It should look like this ->

    Doubleclick fix.reg, press Yes and ok.

    (In case you are unsure how to create a reg file, take a look here with screenshots.)
    Microsoft Windows Insider MVP 2016
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  9. #29
    Junior Member
    Join Date
    Apr 2008
    Posts
    17

    Default

    It only finds cookies and NirCmd now! Could this mean we've succeeded...?

  10. #30
    Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,300

    Default

    Yep. If you install that hosts file I meantioned you won't see too many cookies either. Can't recall whether or not I meantioned this but it's recommended to run ATF Cleaner occasionally (once or twice a month). That way you can clean out temporary files that otherwise keep piling up.
    Microsoft Windows Insider MVP 2016
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •