GT500

Emsisoft Employee
  • Content Count

    13513
  • Joined

  • Days Won

    421

Posts posted by GT500


  1. You're quite welcome. ;)

    Since everything seems OK, I am going to go ahead and close this topic.

    Note: The instructions in this forum topic have been customized based on the logs posted by the person asking for assistance. Please do not attempt to follow any of the instructions in this forum topic, as they could cause damage to your computer. If you require assistance, please start here if you believe your computer is infected, and one of our experts will be happy to assist you by analyzing your logs.


  2. You're quite welcome. ;)

    Here's some final instructions for you:

    1. Make Sure Java is Updated:

    1. Click on the
      Start
      button.

    2. Click on
      Control Panel
      .

    3. Click
      Uninstall a program
      .

    4. Look for Java in the list (should be alphabetical), and uninstall all versions of Java that you find listed.

    5. Click on
      this link
      and download and install the latest Java (the
      Windows Online
      download will be faster).

    2. Make Sure Adobe Flash is Updated:

    1. Click on
      this link
      and download the latest version of Adobe Flash Player for your web browser.

    2. You will need to close your web browser when installing Flash.

    3. Make Sure Adobe Acrobat Reader is Updated:

    1. Click on the
      Start
      button.

    2. Click on
      Control Panel
      .

    3. Click
      Uninstall a program
      .

    4. Look for any versions of Adobe Reader or Adobe Acrobat Reader in the list (should be alphabetical), and uninstall all of them (if you have Adobe Acrobat, which is the premium software from Adobe, then you
      do not
      need to uninstall it).

    5. Click on
      this link
      to go to the Adobe Reader download page, make sure to unselect any offers for toolbars or other free software, and download and install the latest version of Adobe Reader.

    (please note that some people do prefer to use third-party PDF viewers such as
    PDF X-Change Viewer
    and
    Foxit Reader
    which are not as commonly exploited as Adobe Reader, so if you would prefer to use one of those then you do not need to download and install Adobe Reader)

    4. Make Sure Your Computer Has The Latest Windows Updates:

    1. Click on the
      Start
      button.

    2. Go to
      All Programs
      .

    3. Click on
      Windows Update
      .

    4. Click
      Check for updates
      in the menu on the left (should be near the top).

    5. Once it is done checking for updates, click the
      Install updates
      button on the right.

    6. Make sure that if your computer wants to restart after the updates are done, that you allow it so.

    5. Web Of Trust Extension:

    While this is not a requirement, I highly recommend that you click
    this link
    and check out the Web Of Trust extension for your web browser. It will add an extra layer of protection to your web browsing for free, and it is especially helpful when doing searches on Google, Yahoo!, Bing, etc. as it will point out what sites are considered trustworthy and what sites are not by drawing a colored circle to the right of each search result. Green means trusted, red means not trusted, yellow is in between, and white means it is not in Web Of Trust's database.

    6. Empty The System Restore:

    1. Click on the
      Start
      button.

    2. Right-click on
      Computer

    3. Select
      Properties
      from the list.

    4. In the window that pops up, click on the
      System protection
      link in the menu on the left.

    5. The buttons may not be clickable for a few moments, but once you can click on them select the drive in the list near the bottom that shows protection is on (this will usually be you
      C:
      drive) and click the
      Configure...
      button.

    6. Click the button near the bottom-right that says
      Delete
      to clear all System Restore data.

    7. Once finished, click
      OK
      to close that window.

    8. Now you will want to make sure that the correct drive is selected again (usually your
      C:
      drive) and click on the
      Create
      button to create a new restore point.

    9. Fill in a name for the restore point, and click the
      Create
      button.

    10. Once it is done, you can close the windows that were opened to get to the System Restore settings.


  3. OK, lets get rid of those registry entries. I have written another CFScript. Here are the instructions again:

    1. Download an updated version of ComboFix from one of the following links:
      [list=]
    2. BleepingComputer
    3. InfoSpyware

    [*] Turn off your Anti-Virus software.

    [*] Click your Start button, go to All Programs (or just Programs on Vista and Windows 7), go to Accessories, and then open Notepad.

    [*] Please copy and paste the contents of the box below into Notepad (here is a link to instructions if you do not know how to copy and paste):

    http://support.emsisoft.com/topic/7831-i-have-malwarewin32amn/
    
    KillAll::
    
    Registry::
    [-hkey_current_user\software\imesh]
    [-hkey_current_user\software\microsoft\internet explorer\searchscopes\{4b8c28a7-a9bc-45f8-990d-21499eed643c}]

    [*] Save this as a Text Document named CFScript in the same location as ComboFix (which should be on your desktop).

    [*] Close Notepad and verify that the CFScript file is saved on your desktop.

    [*] Referring to the animated picture below, click the left mouse button on top of the CFScript icon on your desktop, then holding the mouse button down drag the CFScript icon on your desktop onto the ComboFix icon, and then drop it (let go of the mouse button) on top of the ComboFix icon:

    CFScriptB-4.gif

    When finished, it will display a new log in Notepad. Please attach that log to a reply the same way you did before. If you prefer, you can save the log on your desktop to make it easier to find.


  4. Please run OTL by following the instructions below:

    1. Click this link to save OTL onto your desktop (please make sure to click 'Save' instead of 'Run').
    2. Double click on the OTL icon on your desktop to run it. Make sure all other windows are closed and to let it run uninterrupted.
    3. Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan will take a few minutes.
    4. When the scan completes, it will open two Notepad windows. OTL.Txt and Extras.Txt. The first one (OTL.txt) will be automatically saved on your desktop next to OTL, and the second one will need to be saved manually.
    5. Please make sure that both OTL.txt and Extras.txt are saved on your desktop, and then attach both of them to a reply so that we can take a look at them.


  5. ... every time (when the IE starts), a new (allowed) temp file is created....

    ..... and a lot of greyed (old temp files) are accumulated.

    What about yours?

    I restored my VM to a snapshot after testing, so I can't check and see if there are a lot of listings for temp files accumulating in the list. I fully expect that it would have been the same in my test environment as well.


  6. I did some testing, and the issue appears to be related to the Webroot SecureAnywhere Essentials. With just Online Armor and Webroot SecureAnywhere Essentials installed, I experienced the issue with the green border not appearing around Firefox when launching it in RunSafer mode.


  7. After some testing, it looks like the the Flash plugin's BHO (Browser Helper Object) is loading as a randomly named temp file. I was able to stop it from popping up, however. I selected the checkbox to remember my decision, and I clicked the Allow button. I had to do that about 5 times before it stopped warning me about the temp file, however it no longer pops up now that I have done that.


  8. OK, I'll do some testing, and see if I can learn some more about this issue. It doesn't sound like it is related to an update, so I want to see if I can figure out why the Flash plugin is creating and running a randomly named temp file every time it loads.

    Theoretically, when the update is released to Online Armor that resolves the issue with installing/updating the Flash plugin, it should fix this as well. I will let you know more once I have had a chance to test this. ;)

    BTW: Is your Windows Vista 32-bit or 64-bit?


  9. We like to think our software offers good protection, and there are a lot of reviewers who agree. As for detection rate, that can depend on where you get your samples from. ;)

    Here's some final instructions for you:

    1. Make Sure Java is Updated:

    1. Click on the
      Start
      button.

    2. Click on
      Control Panel
      .

    3. Click
      Add or Remove Programs
      .

    4. Look for Java in the list (should be alphabetical), and uninstall all versions of Java that you find listed.

    5. Click on
      this link
      and download and install the latest Java (the
      Windows Online
      download will be faster).

    2. Make Sure Adobe Flash is Updated:

    1. Click on
      this link
      and download the latest version of Adobe Flash Player for your web browser.

    2. You will need to close your web browser when installing Flash.

    3. Make Sure Adobe Acrobat Reader is Updated:

    1. Click on the
      Start
      button.

    2. Click on
      Control Panel
      .

    3. Click
      Add or Remove Programs
      .

    4. Look for any versions of Adobe Reader or Adobe Acrobat Reader in the list (should be alphabetical), and uninstall all of them (if you have Adobe Acrobat, which is the premium software from Adobe, then you
      do not
      need to uninstall it).

    5. Click on
      this link
      to go to the Adobe Reader download page, make sure to unselect any offers for toolbars or other free software, and download and install the latest version of Adobe Reader.

    (please note that some people do prefer to use third-party PDF viewers such as
    PDF X-Change Viewer
    and
    Foxit Reader
    which are not as commonly exploited as Adobe Reader, so if you would prefer to use one of those then you do not need to download and install Adobe Reader)

    4. Make Sure Your Computer Has The Latest Windows Updates:

    1. Click on the
      Start
      button.

    2. Go to
      All Programs
      .

    3. Click on
      Windows Update
      .

    4. If you have never run Windows Update, then it will probably need to install an ActiveX control and update the Windows Update software before it can continue, so make sure you keep an eye out for that pale-yellow bar that pops up at the top of the page when Windows Update needs to install a new component, and click on the yellow bar and select to allow it.

    5. Once it is loaded, click on the
      Express
      button.

    6. It will check for available updates, and once it is done you can click the
      Install Updates
      button.

    7. It may ask you to accept a license agreement before it installs, so make sure you say
      Yes
      .

    8. When it is done installing updates, it may ask you to restart your computer, so close anything you are working on and allow it to restart.

    9. Note that the update process can take a while, and you may need to run it several times before all of the updates get installed.

    5. Web Of Trust Extension:

    While this is not a requirement, I highly recommend that you click
    this link
    and check out the Web Of Trust extension for your web browser. It will add an extra layer of protection to your web browsing for free, and it is especially helpful when doing searches on Google, Yahoo!, Bing, etc. as it will point out what sites are considered trustworthy and what sites are not by drawing a colored circle to the right of each search result. Green means trusted, red means not trusted, yellow is in between, and white means it is not in Web Of Trust's database.

    6. Empty The System Restore:

    1. Click on the
      Start
      button.

    2. Right-click on
      My Computer

    3. Select
      Properties
      from the list.

    4. In the window that pops up, click on the
      System Restore
      tab.

    5. Click the check box to
      Turn off System Restore
      .

    6. Click the
      Apply
      button at the bottom-right, and answer
      Yes
      to the question.

    7. Depending on how much data is saved in the System Restore, it could take more than a few minutes to empty it.

    8. Click the check box to
      Turn off System Restore
      again and click
      OK
      to turn the System Restore back on.

    9. Click on the
      Start
      button again.

    10. Go to
      All Programs
      .

    11. Go to
      Accessories
      .

    12. Go to
      System Tools
      .

    13. Click on
      System Restore
      .

    14. Select
      Create a restore point
      on the right, and click
      Next
      at the bottom.

    15. Enter a description for the restore point, and click
      Create
      .

    16. Click
      Close
      to finish the process.


  10. That log looks pretty good. Lets get a virus scan just to make sure that I'm not missing something. Please run an online virus scan through ESET by following the steps below:

    1. Turn off your anti-virus software.
    2. Click on this link.
    3. Click on the ESET Online Scanner button.
    4. Put a check in the box that says YES, I accept the Terms of Use.
    5. Click the 'Start' button just to the right of the checkbox.
    6. Uncheck the box that says Remove found threats (this is very important).
    7. Click on Advanced settings.
    8. Put a check in the box that says Scan for potentially unsafe applications.
    9. Verify that Scan for potentially unwanted applications is also checked.
    10. Verify that Enable Anti-Stealth technology is also checked.
    11. Click the Start button in the lower-right corner of the page, and it will begin downloading it's database, and then it will start scanning.
    12. When the scan is done, if it shows a screen that says Threats found!, then click List of found threats, and then click Export to text file... (if nothing was found, then just let me know that no threats were found).
    13. Save that text file on your desktop, and then attach it to a reply (using the More Reply Options button in the lower-right corner of this forum topic) for me.
    14. Close the ESET online scan.

    I will take a look at the log, and let you know if anything needs removed.


  11. OK, we'll need to delete some of those detected files. I have written a script that will tell ComboFix which files to delete. Here are the instructions on what to do with the script again:

    1. Download an updated version of ComboFix from one of the following links:
      [list=]
    2. BleepingComputer
    3. InfoSpyware

    [*] Turn off your Anti-Virus software.

    [*] Click your Start button, go to All Programs (or just Programs on Vista and Windows 7), go to Accessories, and then open Notepad.

    [*] Please copy and paste the contents of the box below into Notepad (here is a link to instructions if you do not know how to copy and paste):

    http://support.emsisoft.com/topic/7831-i-have-malwarewin32amn/
    
    KillAll::
    
    Folder::
    C:\Program Files (x86)\iMesh Applications

    [*] Save this as a Text Document named CFScript in the same location as ComboFix (which should be on your desktop).

    [*] Close Notepad and verify that the CFScript file is saved on your desktop.

    [*] Referring to the animated picture below, click the left mouse button on top of the CFScript icon on your desktop, then holding the mouse button down drag the CFScript icon on your desktop onto the ComboFix icon, and then drop it (let go of the mouse button) on top of the ComboFix icon:

    CFScriptB-4.gif

    When finished, it will display a new log in Notepad. Please attach that log to a reply the same way you did before. If you prefer, you can save the log on your desktop to make it easier to find.