Author Topic: malware removal help  (Read 644 times)

Offline beasut

  • Jr. Member
  • **
  • Posts: 27
    • Personal Message (Offline)
malware removal help
« on: August 21, 2013, 02:19:28 PM »
I'm back with a different laptop, it runs Windows 8 which is completely new to me.
Attached is the logs from the Malware cleaning thread.
Thanks in advance for your help again!


Offline essexboy

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 28962
  • Gender: Male
  • Dragons by Sasha
    • Malware fixes
    • Personal Message (Offline)
Re: malware removal help
« Reply #1 on: August 21, 2013, 02:30:06 PM »
What problems are you experiencing ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following


Code: [Select]
:Commands
[CREATERESTOREPOINT]

:OTL
IE - HKU\S-1-5-21-3044800224-2891252120-4114236797-1002\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://search.conduit.com/Results.aspx?ctid=CT3302999&octid=EB_ORIGINAL_CTID&SearchSource=62&CUI=UN56501182822820508&UM=2&UP=SP7C6BAE8F-A353-4B65-A7BF-E2B32F31A7A6&q={SearchTerms}
IE - HKU\S-1-5-21-3044800224-2891252120-4114236797-1002\..\SearchScopes\{E8083B0C-F37D-4A47-8CCC-C3036F50986D}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289847&CUI=UN42202060282801916&UM=2
O2:64bit: - BHO: (Webroot Vault) - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\pkg\LPBar64.dll File not found
O2 - BHO: (Define) - {B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE} - C:\Users\Mariana\AppData\Local\DefineExt\temp.dat File not found
O2 - BHO: (no name) - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {97ab88ef-346b-4179-a0b1-7445896547a5} - No CLSID value found.
[2013/08/08 20:18:58 | 000,000,000 | ---D | C] -- C:\Users\Mariana\AppData\Local\lptmp836066380

:Commands
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Offline beasut

  • Jr. Member
  • **
  • Posts: 27
    • Personal Message (Offline)
Re: malware removal help
« Reply #2 on: August 21, 2013, 02:47:09 PM »
I tried to run OTL with your code but I got an error that windows experienced an error and needed to restart.  Should I try again?

The problem started as this laptop was riddled with toolbars and I think conflicting security programs.
I removed Norton and anything else I thought was necessary (backup mypc, or something like that).  I uploaded Avast and ran the scan following it's advice of removal of harmful items.  I came to this forum and ran the Malware removal.  Can you tell by the logs what else needs to be removed?

Thanks.

Offline beasut

  • Jr. Member
  • **
  • Posts: 27
    • Personal Message (Offline)
Re: malware removal help
« Reply #3 on: August 21, 2013, 03:59:44 PM »
MyPC Backup...I'd like to removed that completely.  I only just uninstalled it but I see some items in the C drive still.  I also see webroot, how can I completely remove that too?

Thanks.

Offline essexboy

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 28962
  • Gender: Male
  • Dragons by Sasha
    • Malware fixes
    • Personal Message (Offline)
Re: malware removal help
« Reply #4 on: August 21, 2013, 05:19:00 PM »
Aye run a fresh OTL scan and I will see what remains of those

Offline beasut

  • Jr. Member
  • **
  • Posts: 27
    • Personal Message (Offline)
Re: malware removal help
« Reply #5 on: August 21, 2013, 05:56:48 PM »
I reran the OTL as done the first time around but this time it didn't give me the extras. Hope this helps....

Offline essexboy

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 28962
  • Gender: Male
  • Dragons by Sasha
    • Malware fixes
    • Personal Message (Offline)
Re: malware removal help
« Reply #6 on: August 21, 2013, 06:32:46 PM »
Those programmes do not have any drivers/services running so the folders can be manually deleted.  Webroot has left some registry so I will remove that.  No need to re-run OTL after this 

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following


Code: [Select]
:Commands
[CREATERESTOREPOINT]

:OTL
O3:64bit: - HKLM\..\Toolbar: (Webroot Toolbar) - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll File not found
O9:64bit: - Extra Button: Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - Reg Error: Key error. File not found
O9:64bit: - Extra 'Tools' menuitem : Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - Reg Error: Key error. File not found
O33 - MountPoints2\{acf2a4d9-8300-11e2-be71-806e6f6e6963}\Shell\AutoRun\command - "" = "E:\WRSetupCD.exe"

:Files
C:\ProgramData\WRData

:Commands
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Offline beasut

  • Jr. Member
  • **
  • Posts: 27
    • Personal Message (Offline)
Re: malware removal help
« Reply #7 on: August 21, 2013, 07:37:19 PM »
Here ya go.

Thanks for your help....

Offline essexboy

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 28962
  • Gender: Male
  • Dragons by Sasha
    • Malware fixes
    • Personal Message (Offline)
Re: malware removal help
« Reply #8 on: August 21, 2013, 08:36:53 PM »
How is the computer behaving now ?

Offline beasut

  • Jr. Member
  • **
  • Posts: 27
    • Personal Message (Offline)
Re: malware removal help
« Reply #9 on: August 21, 2013, 09:50:51 PM »
Seems like all is good and running much faster.

Avast and whatever Windows loaded for security is all it has.  Do you recommend any other security programs?  A teen uses this laptop and some times downloads games and such.
What can I add to protect it from malware and is free?

Thanks again for all your help!

Offline essexboy

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 28962
  • Gender: Male
  • Dragons by Sasha
    • Malware fixes
    • Personal Message (Offline)
Re: malware removal help
« Reply #10 on: August 22, 2013, 06:43:50 PM »
As this is windows 8 then that is all I use
Turn on the PUP detection in Avast if your teen likes downloading things and try to train him in the use of the custom install option, thereby denying all toolbars and nice extra programmes on offer
Also get him to read this  http://blog.avast.com/2013/07/09/shady-practices-of-free-download-servers/
Keep MBAM on the system and run it weekly to be sure

Offline beasut

  • Jr. Member
  • **
  • Posts: 27
    • Personal Message (Offline)
Re: malware removal help
« Reply #11 on: August 22, 2013, 08:52:35 PM »
Thank you!!!

Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21671
  • Gender: Male
    • Personal Message (Offline)
Re: malware removal help
« Reply #12 on: August 22, 2013, 08:56:08 PM »
Quote
Keep MBAM on the system and run it weekly to be sure
or better, buy the PRO version, a one time fee for a lifetime license
then you get autoupdate and a  protection module that will block many of these install

Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now