beathbarb2

Help with email virus

Recommended Posts

Once again my email has been infected with a virus that sends out emails to everyone on my contact list. Why does this happen? What can you do? Why did Emsisoft not pick it up. I have the Online Armor Emsisoft package deal. This is happened in the past to my gmail account and now to my husbands yahoo mail account. Help It is very embarassing. Barb Beath

Share this post


Link to post
Share on other sites

Hello and welcome to the Emsisoft support forums.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread also read the Emsisoft Support Forums Terms of Use

To Highlight a few:

  • If you are seeking help make sure to only create one thread per problem at a time. Multiple threads about the same problem will get closed.
  • To keep the threads clean please don't post the content of log or report files directly in your reply. Instead please attach any reports or logs you were asked to submit as a file attachment.
  • Don't use any kind of "l33t" speak or slang and always keep in mind that most of the other people here don't speak English as their native language.
  • Asking for help is only allowed in the forums. Requesting help via PM or mail is prohibited.
  • Because of the potential for harm only selected members as well as our employees are allowed to offer help in the malware removal sections of the forum. If you have a strong malware fighting background and want to help please contact Emsi, Fabian Wosar and ShadowPuterDude (yes, all three of them) via forum PM.

Share this post


Link to post
Share on other sites

Once again my email has been infected with a virus that sends out emails to everyone on my contact list. Why does this happen? What can you do? Why did Emsisoft not pick it up. I have the Online Armor Emsisoft package deal. This is happened in the past to my gmail account and now to my husbands yahoo mail account. Help It is very embarassing. Barb Beath

Share this post


Link to post
Share on other sites

I merged your new thread with the old one. Don't start new threads, stay in your original thread.

Please attach the logs again. The originals were lost when the treads were merged.

Share this post


Link to post
Share on other sites

I merged your new thread with the old one. Don't start new threads, stay in your original thread.

Please attach the logs again. The originals were lost when the treads were merged.

I am not to computer literate how am I starting new threads? How do I stop doing this? I don't know how to reattach the info you need. How is that done?Thanks Barb

Share this post


Link to post
Share on other sites

Run OTL.exe

  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
    :OTL
    O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll File not found
    O4 - HKLM..\Run: []  File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
    O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found
    O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found
    O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found
    O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found
    O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
    O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    [2012/05/31 12:35:57 | 000,000,000 | ---D | C] -- C:\Users\Beath\AppData\Local\{3E7E6759-F552-4745-8763-B4E86AA4CACB}
    [2012/05/31 12:35:46 | 000,000,000 | ---D | C] -- C:\Users\Beath\AppData\Local\{A7DA4D5F-2235-4637-889A-A92FAA68714F}
    [2012/05/31 12:30:37 | 000,000,000 | ---D | C] -- C:\Users\Beath\AppData\Local\{5D958C12-0F80-4D2A-A303-2BF55E7EE4CE}
    [2012/05/31 12:30:25 | 000,000,000 | ---D | C] -- C:\Users\Beath\AppData\Local\{FF04F7E2-9AD6-4023-B693-9072F7BD165A}
    [2012/05/31 12:23:45 | 000,000,000 | ---D | C] -- C:\Users\Beath\AppData\Local\{228FA479-346D-41EF-BADF-8B5AD2FDC7B5}
    [2012/05/31 12:18:32 | 000,000,000 | ---D | C] -- C:\ProgramData\202D8
    [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    
    :Commands
    [ClearAllRestorePoints]
    [CreateRestorePoint]
    [Purity]
    [EmptyTemp]
    [EmptyFlash]
    [EmptyJava]
    [ResetHosts]
    [ZipFiles]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Attach the new log produced by OTL (C:\_OTL). (USE THE "MORE REPLY OPTIONS" BUTTON TO BE ABLE TO DO THIS)

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!

Share this post


Link to post
Share on other sites

Last time I run OTL I had all users checked but I did not on the previous one I just sent you so I did another scan with all users checked just in case it makes a difference. However, there should only be one user on this computer (Beath). Thanks again for putting up with me. Barb

Share this post


Link to post
Share on other sites

Run OTL.exe

  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
    :OTL
    O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll File not found
    O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found
    O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found
    O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found
    O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found
    O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
    O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    [2012/06/01 11:53:02 | 000,000,000 | ---D | C] -- C:\Users\Beath\AppData\Local\{F4AEE17F-6EBE-44DD-BE35-699E3CB73238}
    [2012/06/01 11:52:50 | 000,000,000 | ---D | C] -- C:\Users\Beath\AppData\Local\{071260E4-4400-47E3-B2A7-B07A54F059DE}
    [2012/06/01 11:52:24 | 000,000,000 | ---D | C] -- C:\Users\Beath\AppData\Local\{DD32BF44-FB57-43AF-90E8-1DADB1655763}
    [2012/06/01 11:52:11 | 000,000,000 | ---D | C] -- C:\Users\Beath\AppData\Local\{D53218F4-DD0E-45AA-8B7B-7B2CBFDFC3B7}
    [2012/06/01 11:48:57 | 000,000,000 | ---D | C] -- C:\Users\Beath\AppData\Local\{7B551927-EE32-4F83-8C24-77C00927BD62}
    
    :Commands
    [Purity]
    [EmptyTemp]
    [EmptyFlash]
    [EmptyJava]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Attach the new log produced by OTL (C:\_OTL). (USE THE "MORE REPLY OPTIONS" BUTTON TO BE ABLE TO DO THIS)

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!

Share this post


Link to post
Share on other sites

Download ComboFix from one of these locations:

Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop

Link 1

Link 2

* IMPORTANT !!! Save Combo-Fix to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    See HERE for help
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: (This applies to Windows XP systems only) If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

When finished, ComboFix will produce a log.

Note:

1. Do not mouseclick combofix's window while it's running. That may cause it to stall!

2. Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet.

Attach logs for: (USE THE "MORE REPLY OPTIONS" BUTTON TO BE ABLE TO DO THIS)

  • ComboFix (C:\combofix.txt)

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!

Share this post


Link to post
Share on other sites

Download Windows Repair by Tweaking.com to your desktop. Use the direct download link for the Portable version of Windows Repair by Tweaking.com

  • Double-click tweaking.com_windows_repair_aio.zip and extract the Tweaking.com - Windows Repair folder to your desktop.
  • Now open this folder and double-click Repair_Windows.exe.
  • Click the Start Repairs tab on the far right.
  • Click the Start button (bottom right)
    Note: When asked if you would like to create a restore point. It is recommended just in-case something does not go as planned.
  • Click Unselect All
  • Put a checkmark in the following items:
    • Reset Registry Permissions
    • Reset File Permissions
    • Repair Windows Firewall
    • Remove Policies Set By Infections
    • Set Windows Services To Default Startup

    Note: Leave everything else unchecked

    [*]Put a checkmark in Restart System When Finished

    [*]Now click the Start button (bottom right)

Download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update

    [*]Press "Scan".

    [*]It will create a log (FSS.txt) in the same directory the tool is run.

    [*]Please attach the log to your reply.

Share this post


Link to post
Share on other sites

You may need to uninstall Emsisoft Anti-Malware, reboot, and install Emsisoft Anti-Malware.

Share this post


Link to post
Share on other sites

Hi I uninstalled Emsisoft mal ware and reinstalled. I had origionally saved to my downloads so I just used that one again. Should I have gone to the web site instead to install it as I notice there is a new version as it popped up on my alerts that it was already downloaded. Would the setup I have saved in my downloads be updated? Is everything with the virus ok now?

Share this post


Link to post
Share on other sites

Emsisoft Anti-Malware has an automatic update mechanism. When first ran it will update itself, if an update is available.

Unless you are having problems, it is time to do the final steps.

Now to remove most of the tools that we have used in fixing your machine:

  • Download OTC to your desktop and run it
  • A list of tool components used in the cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
  • Click Yes to begin the cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the cleanup process. If you are asked to reboot the machine choose Yes.

Delete the following files: (If they exist)

C:\ComboFix.txt

Delete the following folders: (If they exist)

C:\ComboFix

C:\Qoobox

Empty the Recycle Bin

Download to your Desktop:

- CCleaner Portable

  • UnZip CCleaner Portable to a folder on your Desktop named CCleaner

Run CCleaner

  • Open the CCleaner Folder on your Desktop and double click CCleaner.exe (32-bit) or CCleaner64.exe (64-bit)
  • The following should be selected by default, if not, please select:
    4l5a4i.png
  • Click 16jox2o.png and choose 5x3nu8.gif
  • Uncheck amuvj8.gif
  • Then go back to 2jb4qyb.gif and click nf47ev.gif to run it.
  • Exit CCleaner.

Turn off System restore to flush all your restore points then turn system restore back on. See How To Enable and Disable System Restore.

You can delete and uninstall any programs I had you download, that you do not wish to keep on the system.

Run Windows Update and update your Windows Operating System.

Run the Secunia Online Software Inspector, this will inspect your system for software that is out-of-date and in need of updating. Update anything program/application detected as being out-dated.

Articles to read:

How to Protect Your Computer From Malware

How to keep you and your Windows PC happy

Web, email, chat, password and kids safety

10 Sources of Malware Infections

That should take care of everything.

Safe Surfing!

Share this post


Link to post
Share on other sites

My Emsisoft is all working now. Hopefully I have the newest version. So if everything is good now. I would like to thank you very much. You have been more then helpful. Until next time Barb Beath

Share this post


Link to post
Share on other sites

Sorry false alert. I just got a pop up saying my anti melware was updating. It is now version 6.5 something. The same as what is the new one for download on the website. Thank you again, So my machine is virus free now? Barb Beath

Share this post


Link to post
Share on other sites

Again I want to thank you so very much. We have had no complaints from the people on our email contact lists so it must be gone. How does this happen when you have a virus program? We figure we know where it came from. It was from a friend on our contact list that appeared to send us an email saying Hi. We opened it and that is when something was sent out to all the people on our contact list. Is there anything that can prevent this? Why did it not go to spam? The internet is so confusing. I would also like to take the time to ask another question. If my system is 64 bit how come things keep downloading in 32bit when you do not get the choice to check 64bit? Is there two systems on my laptop and is it unneccessary to have both? Barb

Share this post


Link to post
Share on other sites

Most Windows applications are 32-bit, there are very few 64-bit Windows applications. A 64-bit operating system can run both 32-bit and 64-bit applications. Windows 7 is the first version of Windows to be shipped with the 64-bit version of the OS installed by default on new systems.

Your anti-virus application should scan all email attachments, by default, when they are opened or saved.

Email being identified as Spam and moved to the junk folder, depends entirely on your junk mail rules and anti-spam application.

Share this post


Link to post
Share on other sites

Thread Closed

Reason: Resolved

The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.