Computer infected

Status
Not open for further replies.
Hi Bill,

The computer appears to be behaving itself and operating ok now thanks. I have not noticed any strange behaviour and all the programs that I usually run appear to be operating ok.

It looks as though you have done a great job and fixed the problem for me.:thanks:

Regards

Andy
 
Hello andye, :bigthumb:
Really looking good now. Time for some clean up.

Your Java appears to be down level.
Navigate to Control Panel then open on Programs and Features (Vista / Windows7), or Add Remove Programs (XP).
Highlight each Java item listed then Remove or Uninstall.
Visit this site to down load and install the latest Java.

Next
To clear the Java Plug-in cache:
Click Start > Control Panel.
Double-click the Java icon in the control panel.
On the General tab, Click Settings under Temporary Internet Files.
On the Temporary Files Settings screen, Click Delete Files.
check all boxes
Click OK
Reboot the computer.

Next
You Adobe Reader is also a bit down level.
Please visit this site http://get.adobe.com/reader/ to download and install the latest Adobe.

Run OTL.exe, this will remove old and possibly infected restore points and create a new one.
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
Code: 
:OTL

:Commands
[emptytemp]
[CLEARALLRESTOREPOINTS]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL log (don't check the boxes beside LOP Check or Purity this time)

Next
Clean up with OTL: this will remove OTL and DDS.
  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.
You may remove ERUNT by using Control Panel -> Add Remove programs.
You should keep MalwaerBytes, run it periodically making sure to update before scanning. If you wish you may remove MalwareByes using the same method as ERUNT.

Lastly
Here are some tips to reduce the potential for spyware infection in the future:

1. Make your Internet Explorer More Secure
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab.
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
    • Change the Download signed ActiveX controls to Prompt.
    • Change the Download unsigned ActiveX controls to Disable.
    • Change the Initialise and script ActiveX controls not marked as safe to Disable.
    • Change the Installation of desktop items to Prompt.
    • Change the Launching programs and files in an IFRAME to Prompt.
    • Change the Navigate sub-frames across different domains to Prompt.
    • When all these settings have been made, click on the OK button.
    • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.
2. Update your Anti-Virus Software - I can not overemphasize the need for you to update your Anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.

3. Make sure you keep your Windows OS current by visiting Windows update regularly to download and install any critical updates and service packs. Without these you are leaving the back door open.

4. Consider a custom hosts file such as MVPS HOSTS. This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
For information on how to download and install, please read this tutorial by WinHelp2002
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.

5. Download and install the free version of WinPatrol. This program protects your computer in a variety of ways and will work well with your existing security software. Have a look at this tutorial to help you get started with the program.

6. Install Spybot - Search and Destroy - Download and install Spybot - Search and Destroy with its TeaTimer option. This will provide real time spyware and hijacker protection on your computer alongside your virus protection. You should scan your computer with the program on a regular basis just as you would with your anti-virus software. A tutorial on installing and using this product can be found here:
Instructions for - Spybot S & D and Ad-aware

7. Finally, I strongly recommend that you read TonyKlein's good advice So how did I get infected in the first place?


Again thanks for your patience and hard work, surf safe,
Bill :thanks:
In Training at WTT Classroom
 
Hi Bill,:confused:

I tried to do the Java and when I click on uninstal I get a message saying 'another installation is already in progress. Complete that installation before proceeding with this install'

I can't seem to uninstall Java.

Also, the windows updater keeps giving me a pop-up syaing that 'updating your computer is almost complete. You must restart your computer for the updates to take effect'. I have restarted it several times and each time I get the same message back again.

Regards

Andy
 
Hi Andy, sorry to hear of you problems:sad:
Can you right click on an empty part of the Task Bar (bottom of Desktop with Start on left and clock on the left) then left click on Task Manager. Click on Processes tap then click on Image Name to put processes in alphabetical order.
Then see how many instances of Msiexec.exe are listed and post back with the number please.
Thanks,
Bill
In Training at WTT Classroom
 
Hi Bill,

Just the one instance of Msiexec.exe running.

Since turning the pc on about 2 hours ago I have not had any pop-ups relating to windows updater either.

Regards

Andy
 
Hi again Bill,

Ok I just tried installing it and I get a Java setup pop-up saying

Error 1304. Error writing to file C:\Program Files\Java\jre6\zipper.exe. Verify that you have access to that directory.

I have looked at the specified file address and when I open the jre6 file it is empty.

Regards

Andy
 
Hello Andy
Try doing a cold boot, (power off) then power on, make sure there is no java in Add Remove Programs, delete c:\Programs and Files\Java. Then go to java.com and click on downloads, follow on screen instructions. If that doesn't work, please let me know, I have a backup plan also.

Thanks,
Bill
In Training at WTT Classroom
 
Last edited:
Hi Bill :greeting:

Looks like we are on a roll now, I have done as instructed and have now got Java successfully installed.

I assume you would like me to continue with the instructions you sent me regarding getting things updated and tidied up.

Regards

Andy
 
Hiya Bill, :bow:

I have done all the mentioned bits, here is the OTL log as requested:

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 28755 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes

User: All Users

User: Andy
->Temp folder emptied: 135769512 bytes
->Temporary Internet Files folder emptied: 178450854 bytes
->Java cache emptied: 1704279 bytes
->Flash cache emptied: 45581 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1138887 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2169250 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 65064024 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 53102 bytes
RecycleBin emptied: 45138852 bytes

Total Files Cleaned = 410.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.22.3 log created on 03192011_193417

Files\Folders moved on Reboot...
File move failed. C:\Documents and Settings\Andy\Local Settings\Temp\WCESLog.log scheduled to be moved on reboot.

Registry entries deleted on Reboot...


IE Settings were already as stated.

Anti-virus up to date and auto updates every 24 hours.

Windows update needed a couple of tweeks for sure.

Not done the Custom Hosts File thing yet.... to be honest I didn't totally understand it and need to go and read it again.....

WinPatrol now in place.

Spybot has been a resident on my system for a long time


I do believe that you have `aced` this one Bill, many thanks to you, you truly are a genius.

Regards

Andy
 
Hello andye,
Disregard the MVPS Host section and do the following, it is easier to Understand.
Download the HostsXpert 4.3 - Hosts File Manager.
  • Unzip HostsXpert 4.2.0.0 - Hosts File Manager to a convenient folder such as C:\HostsXpert
  • Click HostsXpert.exe to Run HostsXpert**- Hosts File Manager from its new home
  • Click "Make ReadOnly?"** in the upper left corner.
  • Click Restore Microsoft's Hosts file and then click OK.
  • Click the X to exit the program.
Thanks
Bill
In Training at WTT Classroom ]
 
Hi Bill,

Thanks for that update, I have downloaded and don as instructed with that Hosts File Manager.

My pc appears to be running ok still.

Many thanks once again for your invaluable assistance with this problem.

Regards

Andy
 
Status
Not open for further replies.
Back
Top