Laurie 1 Posted October 18, 2009 Report Share Posted October 18, 2009 I just ran A-Squared which identified several suspect files. But when I tried to quarantine them, I get pop-up warnings saying that the files must be removed manually and to contact you. So here I am! I have read "Start Here" and run the programs as instructed including CCleaner and A2 Update. Please find attached the log files for the A-Squared scan and ISeeYouXP. However, I couldn't find any way to save a log of HiJackFree. Please advise and I will pass it on. Laurie Link to post Share on other sites
Lynx 34 Posted October 18, 2009 Report Share Posted October 18, 2009 ... I couldn't find any way to save a log of HiJackFree... Hi Laurie, and welcome to the forum use drop-down list at the left of the printer icon and choose "HJT compatible” option. My regards Link to post Share on other sites
Laurie 1 Posted October 19, 2009 Author Report Share Posted October 19, 2009 Thanks Lynx. Here's the HiJackFree log. What do I do now? Laurie Link to post Share on other sites
Kevin Zoll 309 Posted October 19, 2009 Report Share Posted October 19, 2009 Download ComboFix from one of these locations: Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop Link 1 Link 2 Link 3 * IMPORTANT !!! Save Combo-Fix to your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our toolsSee HERE for help Double click on ComboFix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, ComboFix will produce a log. Note: 1. Do not mouseclick combofix's window while it's running. That may cause it to stall! 2. Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet. ----------------------------------------------------------- Post fresh logs for: ComboFix (C:\combofix.txt) a-squared Free/Anti-Malware ISeeYouXP Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now! Link to post Share on other sites
Laurie 1 Posted October 20, 2009 Author Report Share Posted October 20, 2009 There you have it: The logs you requested. Although the ComboFix process was a bit scary as it produced a couple of red warnings from AVG 8.5 even though I turned it off the Resident Shield as instructed, the new run of A-Squared successfully quarantined the items it found this time around. In addition, it ran much faster than before so I'm hoping that means that my machine has been cleansed! Please let me know if there is anything more that I should do...and muchisima gracias for your help... Laurie Link to post Share on other sites
Kevin Zoll 309 Posted October 21, 2009 Report Share Posted October 21, 2009 The installed version of Java on this computer is out-dated. Install Java Runtime Environment (JRE) 6u16 available from Sun Microsystems. ----------------------------------------------------------- Using Add or Remove Programs in the Control Panel; uninstall the following: Java 6 Update 14Java 6 Update 7 ----------------------------------------------------------- Your logs look fine. Unless you are having problems from Malware it is time to do the final steps. If you used ComboFix, uninstall ComboFix: Click START then RUN and enter the below into the run box and then click OK. (Use only the command of the same name as your copy of combofix.) AvoidTDSS /u or combofix /uNote: The space before /u, must be there.This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults. Delete the C:\AvoidTDSS or C:\ComboFix folder from combofix.Delete everything in C:\!KillBox Delete the following from your Desktop (If they exist) Avenger.exe Avenger.txt Avenger.zip DisableAutoRuns.reg FixMe.reg FixReg.reg ISeeYouXP.exe ISeeYouXP.lnk ISeeYouXP.txt Anything else I had you use Delete the following: (If they exist) C:\Avenger.txt C:\Avenger C:\ComboFix.txt C:\ComboFix C:\SDFix C:\Qoobox You can delete and uninstall any programs I had you download, that you do not wish to keep on the system. Empty the Recycle Bin Run ATF Cleaner In the ISeeYouXP folder double-click HideIT.bat. Turn off System restore to flush all your restore points then turn system restore back on. To manually turn off System Restore, follow these steps: 1. Click Start, right-click My Computer, and then click Properties. 2. Click the System Restore tab. 3. Click to select the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK. 4 Click Yes when you receive the prompt to the turn off System Restore. To turn on System Restore, follow these steps: 1. Click Start, right-click My Computer, and then click Properties. 2. Click the System Restore tab. 3. Click to clear the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK. Delete C:\ISeeYouXP Run Windows Update and update your Windows Operating System. Run the Secunia Online Software Inspector, this will inspect your system for software that is out-of-date and in need of updating. Update anything program/application detected as being out-dated. That should take care of everything. Safe Surfing! Link to post Share on other sites
Laurie 1 Posted October 21, 2009 Author Report Share Posted October 21, 2009 Everything seemed to be going fine until I started messing with Java. After getting your note, I downloaded the JRE 6U 16 and tried to install it, but got a "Couldn't extract" error. Contacted Java and was told to first delete everything from the JRE folder in Program Files and then download and install the offline version instead. After that, I returned to your instructions about removing earlier versions from Add/Remove...and that's when I ran into trouble. Now I can't delete or reinstall Java! In Add/Remove Programs, I click 'Remove' and then confirm when it says "Are you sure you want to delete Java...?" It runs for a few seconds and then reports "Fatal Error During Installation". And when I attempt to reinstall, I get "Another version of Java is already running on your system..." So what do I do now? Laurie Link to post Share on other sites
Kevin Zoll 309 Posted October 22, 2009 Report Share Posted October 22, 2009 Download to your Desktop: - JavaRA Unzip the JavaRA zip file. Run JavaRA Click on the "Remove Older Versions" button. If you are ask which versions to uninstall, select all available. Link to post Share on other sites
Kevin Zoll 309 Posted October 25, 2009 Report Share Posted October 25, 2009 Thread Closed Reason: Resolved The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist. All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread Link to post Share on other sites
Recommended Posts