C:\Documents and Settings\Brian\Application Data\Sun\Java\Deployment\cache\6.0\0\6685d300-3b030333 Java/Exploit.CVE-2010-4452.A trojan
C:\Documents and Settings\Brian\Local Settings\Application Data\Mozilla\Firefox\Profiles\67iqzyd3.default\Cache\A\1C\D452Fd01 JS/Kryptik.AI trojan
C:\System Volume Information\_restore{1B6499BB-770A-4B0E-95EC-4D4AA437B028}\RP1653\A0100018.sys Win32/Olmasco.E trojan
Run this cleaner and it will clear out your Java Cache
Please download ATF Cleaner by Atribune to your desktop.
Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up
- Double-click ATF-Cleaner.exe to run the program.
- Under Main choose: Select All
- Click the Empty Selected button.
Please note: If you use online banking or are registered online with any other organizations, ensure you have memorized password and other personal information as removing cookies will temporarily disable the auto-login facility.
You need to enable windows to Show all Files and Folders
Instructions for your Operating System HERE
Delete the file in bold
C:\Documents and Settings\Brian\Local Settings\Application Data\Mozilla\Firefox\Profiles\67iqzyd3.default\Cache\A\1C\D452Fd01 JS/Kryptik.AI trojan
The last one was in System Restore
System Restore is a component of Microsoft's Windows Me, Windows XP, Windows Vista and Windows 7 operating systems that allows for the rolling back of system files, registry keys, installed programs, etc., to a previous state in the event of malfunctioning or failure. Old restore points can be a source of re-infection.
Please follow the steps below to create a clean restore point:
- Click Start > Run > copy and paste the following into the run box:
%SystemRoot%\System32\restore\rstrui.exe- Press OK. Choose Create a Restore Point then click Next.
- Name it (something you'll remember) and click Create.
- When the confirmation screen shows the restore point has been created click Close.
Then remove all previous Restore Points
- Click Start > Run > copy and paste the following into the run box:
cleanmgr- Choose to scan drive C:\ (if C:\ is your main drive).
- At the top, click on More Options tab. Click the Clean up... button in the System Restore box.
- Click on the Yes button.
- When finished, click on Cancel button to exit.
How are things running now ?
Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014
ERROR MESSAGE 386
No KeyBoard Detected
Press F1 To Continue
Just a reminder that threads will be closed if no reply in 3 days.
Well, it appears to be better now... the annoying pop ups are gone, the iexplorer.exe no longer starts up in the background and the urls I enter in firefox are no longer being hijacked.
Once this is cleaned I will need to check my other PCs.
My bad, I was at work when I posted and my internet is somewhat limited
Open Firefox and go to Tools > Clear Resent History and make sure the cache is checked.
We just do one PC at a time in this thread, believe me it gets real complicated when we try to clean more than one, post back if your happy with the way your pc is running and I will close this thread and you can start a new topic for the other
Also want to point out that if your other computers are experiencing the same problems its possible that your router is infected, let me know
Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014
ERROR MESSAGE 386
No KeyBoard Detected
Press F1 To Continue
Just a reminder that threads will be closed if no reply in 3 days.
Thanks Ken,
This computer seems ok now.
If there is nothing more I need do with this one I will post the DDS file of my other computer. I checked it and found it has possibly 4 trojans on it.
Thank you for sharing your precious time with me.
Wonderful, great to hear.
But working more than one computer in this thread can be very confusing so what I will need you to do is after I close this thread you can just start a new topic for the other one, make sure you state that we cleaned this one and that this is another computer
- Click START then RUN
- Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.
Now to remove most of the tools that we have used in fixing your machine:
- Make sure you have an Internet Connection.
- Download OTC to your desktop and run it
- A list of tool components used in the cleanup of malware will be downloaded.
- If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
- Click Yes to begin the cleanup process and remove these components, including this application.
- You will be asked to reboot the machine to finish the cleanup process. If you are asked to reboot the machine choose Yes.
- How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.- Tutorial for System Restore <-- Do this first to prevent yourself from being reinfected.
- WhattheTech
- Grinler BleepingComputer
- GeeksTo Go
- Dslreports
Safe Surfn
Ken
Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014
ERROR MESSAGE 386
No KeyBoard Detected
Press F1 To Continue
Just a reminder that threads will be closed if no reply in 3 days.
Posting Permissions
