Avast WEBforum
Other => Viruses and worms => Topic started by: Jackiee on June 25, 2013, 06:59:02 PM
-
Seeking your professional assistance.
I have a computer run by windows xp SP2 which used to be sluggish recently.
I installed avast free two days ago, ran a full system scan and
came up with the following viruses:
C:/RECYCLER/...../80000000.@ [trj]
C:/RECYCLER/...../800000cb.@ [rtk]
....../spywarestrike.exe
I deleted them all and spywarestrike.exe never showed up again,
yet avast keeps poping up a small window every couple of minutes
( specially when computer is online) saying it's re-blocked 80000000.@
and 800000cb.@ on a process called svchost.exe and no further action
is required. Only a couple of minutes and everything recurs.
I've done a lot of search and found numerous solutions but 've tried none yet.
Finally, I decided to take step by step advice from here under your supervision.
For whoever who would kindly help me, I'd like him to know that
I've come by this article about zeroaccess removal at http://malwaretips.com/blogs/zeroaccess-sirefef-virus/
and I was about to procede through the steps ( which seemed very simillar to me to the procedure offered everywhere) as it requires no removable media or booting CDs.
I've also checked your procedure for simillar problems and have two problems with it:
At the moment, I've run out of removable flash drives( required for farbar recovery scan tool)
Also I'm having a problem with the lens on my cd- rom ( so won't be able to burn a CD with OTLPENet.exe)
My computer is running an OEM version of windows ( so apparently I don't have any boot CDs)
That being said, I wonder if someone would help me with the procedure in that article I've found or modify the procedure stated here to suit me for the moment.
I'd gratefully appreciate any help offered and I'm sorry for such a long post.
-
If you are able to boot the computer then there is no need for removable media
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your Desktop
Secondary link (http://www.itxassociates.com/OT-Tools/OTL.exe)
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
(https://dl.dropbox.com/u/73555776/OTL_Main_Tutorial.gif)
- Select All Users
- Under the Custom Scan box paste this in
netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
dir "%systemdrive%\*" /S /A:L /C
CREATERESTOREPOINT
- Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Post both logs
-
Thank you essexboy for your reply.
Please forgive my computer illiteracy but what do you mean by being able to boot the computer?
Does it mean removing and reinstalling windows? As I won't be able to do so for I don't have a windows CD at all. or you mean rebooting ( restarting)?
Also shall I begin with OTL directly or go through the whole procedure at
http://forum.avast.com/index.php?topic=53253.0
One last thing, I'd like to know your opinion of the procedure stated in the link I posted. Shall I go through it?
Many thanks
-
One last thing, I'd like to know your opinion of the procedure stated in the link I posted. Shall I go through it?
No as the malware has changed since that was written
By boot the computer I mean are you able to run windows normally (apart from the alerts that is) If so then download OTL from the link I provided and follow the instructions to generate the analysis log. Attach the log to this thread and we will then kill the blighter together :)
-
Thank you Essexboy for your patience and instructions.
I've run OTL as you told me to.But it saved only one log named OTL.txt.
You'll find it attached.
I've also noticed a few wierd things during the scan:
I've set all the parameters as shown in the picture in your first post, yet I noticed the "standard registry" option altered to "all" while scanning and then returned to "safelist".
Also towards the end of the scan, suddenly everything stopped and a black pop-up window opened ( seems like a command window) saying C:/ documents and settings/....... and dissapeared after a few seconds
Is all of this normal?
once more thank you :)
-
OK killing time
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
(https://dl.dropbox.com/u/73555776/OTL_Fix.GIF)
:Commands
[CREATERESTOREPOINT]
:OTL
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\WW91c3RpbmEgU29saW1hbg\command.exe -- (cmdService)
SRV - [2011/08/09 14:29:52 | 002,051,472 | ---- | M] (Bandoo Media Inc.) [Auto | Running] -- C:\Program Files\Bandoo\Bandoo.exe -- (Bandoo Coordinator)
IE - HKU\S-1-5-21-3433162778-3685698554-67682326-1006\..\SearchScopes\{A2B2E73C-A6EF-4016-A791-ABFEB7E61784}: "URL" = http://www.mysearchresults.com/search?c=2402&t=01&q={searchTerms}
O2 - BHO: (no name) - {7825CFB6-490A-436B-9F26-4A7B5CFC01A9} - No CLSID value found.
O2 - BHO: (BandooIEPlugin Class) - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files\Bandoo\Plugins\IE\ieplugin.dll (Bandoo Media Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found.
O3 - HKU\S-1-5-21-3433162778-3685698554-67682326-1006\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3433162778-3685698554-67682326-1006\..\Toolbar\WebBrowser: (no name) - {736B5468-BDAD-41BE-92D0-22AE2DDF7BCB} - No CLSID value found.
O4 - HKU\.DEFAULT..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe File not found
O4 - HKU\.DEFAULT..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe File not found
O4 - HKU\S-1-5-18..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe File not found
O4 - HKU\S-1-5-18..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe File not found
O4 - HKU\S-1-5-21-3433162778-3685698554-67682326-1006..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe File not found
O4 - HKU\S-1-5-21-3433162778-3685698554-67682326-1006..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe File not found
O4 - HKU\S-1-5-21-3433162778-3685698554-67682326-1006..\Run: [Internet Security] C:\Documents and Settings\All Users\Application Data\amsecure.exe File not found
O18 - Protocol\Filter\text/html {2F6E85DC-8D2D-4896-8A4F-7DF8A7B1749D} - C:\PROGRA~1\Jalmp\jalmp.dll File not found
O20 - AppInit_DLLs: (c:\progra~1\bandoo\bndhook.dll) - c:\Program Files\Bandoo\BndHook.dll (Discordia Limited)
[2012/01/11 06:26:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bandoo
[2012/01/11 05:12:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bandoo(2)
[2008/06/28 08:33:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA
:Files
C:\Program Files\Bandoo
C:\RECYCLER\S-1-5-18
:Commands
[resethosts]
[emptytemp]
[Reboot]- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
THEN
Download and Install Combofix
Download ComboFix from one of the following locations:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here (http://forums.whatthetech.com/How_Disable_your_Security_Programs_t96260.html&pid=494216#entry494216)
- Double click on ComboFix.exe & follow the prompts.
- Accept the disclaimer and allow to update if it asks
- Allow the installation of the recovery console
(http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png)
(http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png)
- When finished, it shall produce a log for you.
- Please include the C:\ComboFix.txt in your next reply.[/b]
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.
Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
-
Fine, I'll follow your instructions.
Just a few questions:
Would I lose any data or files during or after running this fix? Even if infected?
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.
What reboot do you mean? Will I reboot after combofix finishes?
-
No all your files will remain intact. Once combofix has finished it's work it will reboot the computer for you automatically. If you receive errors about programmes being marked for deletion then reboot the computer to clear that
-
Ok, thanks. I'll begin in a few minutes.
I feel lucky to have found someone this helpful.
-
If you have any questions or are not sure then just ask :)
-
sorry for bothering you every now and then, just wanted to make sure about a few things: :-\
You've willingly unchecked "all users", "LOP check", "Purity check" before running the fix? right?
Also will I uncheck them for the quick scan too, or keep them checked as the very first scan?
One more thing, after running the quick OTL scan. Will it be safe to log onto the internet to download combofix?
that's because I feel that the trojan becomes activated or maybe what's called " trying to connect to a certain remote server" whenever I'm online, just wondering?
-
HELPPP
I got a frozen screen of my desktop while running combo fix.
It downloaded the recovery cosole,created a restore point and said that it was scanning for viruses which would take no more than 10 minutes.
I left it overnight, slept besides it and woke up to find it all froxen. Even the blinking "-" at the bottom of the command box won't blink anymore .
I tried the MOVE the mouse cursor but it didn't ever respond, yet I made sure that I didn't CLICK on anything.
I've read that combofix would result in unexpected results if run wrongly, so is this the case here?
What shall I do?
-
Anybody there? Please help me.
It's almost 12 hours since running combofix and getting everything frozen like a still picture.
I don't want to take any action with cmbofix without supervision. So please help me as soon as you get to see my posts.
-
Please have patience, essexboy should be on the forum in a few hours.
-
I'm waiting and I have no other choice.
I just hope it doesn't get worse like that.
-
Can anyone help me?
It's been 20 hours, yet nobody suggests any sort of solution.
Is it unrepairable? Will I be hanged this way forever?
I've no means of contact with Essexboy, and all I could reach is that he's been offline all the time.
I wonder if any administrator could reach for him...could anybody respond...?
-
As Craig said, please be patient.
-
Alright, I'll try to be. Thanks for responding anyway.
-
NP. It shouldn't take too long.
-
Hi reboot the computer using the power button
Then run a fresh OTL scan so that I can see what remains
-
Rubbing my eyes :)
Have you come to save me at last... :D
-
Shall I run a " scan " or a " quick scan " ?
-
Sorry about that I had to do some actual work today :)
Press run scan and that should reveal anything that combofix missed
-
It's ok. I'm glad you came back anyway.
I'm running it at the moment, meanwhile I want to let you learn about a few things:
1- I checked " all users", " LOP", "Purity" for this scan i'm running now, just as the very first one I'd run.
2- I saw the black screen of the recovery console on reboot this time.
3- There seems to be a folder called Qoobox in my C:/ drive now, shall I look for any logs there?
4- There's also a copy of " my computer" called "combofix" in C:/ drive
5- This time after the reboot a message came from the tray saying that I was insecure and I had my firewalls turned off, is it dangerous?
I know it's a lot of things, but just wanted to make sure it's ok.
-
Once done we will hide the recovery console until you need it (hopefully never)
Qoobox is where combfix quarantines the bad boys
We will check the firewall next, is it just the windows one ?
-
yes, I think it's the windows firewall, shall I have any others?
Here I attached the log from the OTL scan of today and you'll find also the one after the running the fix yesterday together with that of the quick scan before running combofix.
-
Looks good, can you confirm that the avast alerts have ceased ?
Lets now look at the firewall
Download and run farbar service scanner (http://download.bleepingcomputer.com/farbar/FSS.exe)
(http://i1224.photobucket.com/albums/ee362/Essexboy3/Farbar/FSS-1.jpg)
Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.
-
Yes, they've ceased since the very first scan run by OTL yesterday, even along going online no alerts or pop-ups since then. ( previously I couldn't get online without those alerts poping every couple of minutes that I disconnected the cable most of the time)
-
Good so it is now repair time :)
-
Glad to hear it's good. :D But for you, it wouldn't have been so. :)
here's farbar's log...
I want to tell you that I've been having some difficulty since yesterday, after runing the OTL fix, making me unable to download anything, even a few megabytes, without being stopped at the 95% point exactly and getting a message in a window saying that whatsoever I was downloading couldn't be downloaded because the operation timed out.
Yesterday I tried downloading Combofix about 6 or 7 times and getting to the same cut end. In the last time I went clicking continously on the download window at the 95% point and then it completed and I got the file at last.
Today, the same exact story happened with Farbar and was resolved in the same way.
I'm sorry for such a long story, but I want to know if it's something to do with the either the infection or the fix.
-
OK we will need to run combofix one more time, this time it should run smoothly
Run combofix and allow it to update if it asks
The problems may be due to the shared access registry file being deleted by the malware, this time combofix should repair it
-
It's been running for more than 30 minutes now, but hadn't stopped like before.
It's scanning the machine while "-" is still blinking and the screen seems responsive.
I'm afraid it could freeze the same way as before if left to run to long, any advice ?
-
Ok, here we go back to zero point.
Combofix has made everything freeze like it did yesterday.
It seems that you are offline, anyway I'll wait for a couple of hours in case you replied.
-
OK reboot again and we will try a different fix
I will just create a registry fix for it
-
Here we go .. The manual method :)
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
(https://dl.dropbox.com/u/73555776/OTL_Fix.GIF)
:Commands
[CREATERESTOREPOINT]
:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SHAREDACCESS]
"NextInstance"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SHAREDACCESS\0000]
"Service"="SharedAccess"
"Legacy"=dword:00000001
"ConfigFlags"=dword:00000020
"Class"="LegacyDriver"
"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
"DeviceDesc"="Windows Firewall/Internet Connection Sharing (ICS)"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SHAREDACCESS\0000\Control]
"ActiveService"="SharedAccess"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess]
"DependOnGroup"=hex(7):00,00
"DependOnService"=hex(7):4e,00,65,00,74,00,6d,00,61,00,6e,00,00,00,57,00,69,00,\
6e,00,4d,00,67,00,6d,00,74,00,00,00,00,00
"Description"="Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network."
"DisplayName"="Windows Firewall/Internet Connection Sharing (ICS)"
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00
"ObjectName"="LocalSystem"
"Start"=dword:00000002
"Type"=dword:00000020
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch]
"Epoch"=dword:00000012
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
69,00,70,00,6e,00,61,00,74,00,68,00,6c,00,70,00,2e,00,64,00,6c,00,6c,00,00,\
00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Setup]
"ServiceUpgrade"=dword:00000001
:Commands
[resethosts]
[emptytemp]
[Reboot]- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
-
Ok, I'll begin immediately.
I beg you to stay online just for a while till we get through it all together.
-
Yep the wife has let me have the computer back :)
-
here are both logs
I renamed the old OTL log so that it may not be overwritten, so this the most recent.
-
OK could you confirm the firewall is now working ... Next how is the computer behaving what problems still remain
I will look at the latest log now whilst you let me know
-
ok, first almost all the toolbars in IE went black before the fix. Now everything is normally back.
As for the firewalls, I can no longer see the red balloon in the tray, so most likely it's working.
I may also mention that till the very moment, IE becomes unbearably sluggish the first time I run it after the reboot. Eventually it becomes "not responding" , I'd have to end the process manually and start all over again.
This has been the same for weeks, maybe months, and until now.
As for combofix, I doubt that it'd been corrupted during download because I don't find a reason for the "freeze" it causes whenever run. Shall I redownload it? Is it crucial to use it with my infection? Could the computer ever get 100% clean once more without running it?
finally a big thank you :)
-
Oh I forgot to tell you that since yesterday, a new pale icon appeared on the desktop named "Thumb.db"
I've seen it before, a couple of months ago, thought it was just an old unused icon and deleted it.
Is it an important file or just a part of the infection?
-
Nope we don't need combofix now :)
Thumbs is a system file and I will rehide them when we are done (it will be recreated after deletion so no problem)
Lets see if we can sus out the net speed next
This will reset the internet connections, I will just need the fix.txt that pops up when it finishes .. No need to run another scan
During this run several black boxes will popup and disappear :)
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
(https://dl.dropbox.com/u/73555776/OTL_Fix.GIF)
:Commands
[CREATERESTOREPOINT]
:Files
ipconfig /flushdns /c
ipconfig /release /c
ipconfig /renew /c
netsh winsock reset catalog /c
[Reboot]- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
-
here's the fix log
This time the computer didn't reboot and I didn't restart it manually, is this ok?
Also since first running combofix and till the momnent IE settings have been altered, it's no longer my default browser and it keeps asking about it, this's also fine, right?
By the way, I wanted to tell you that all the previous fix logs weren't saved to the desktop as the scan logs and I had to manually copy and paste them.
-
Yes accept the default for IE ..
Reboot the computer now and try out the internet, let me know if there is a difference
I will be going off line soon but will be back tomorrow dinnertime :)
-
Thank you, Essexboy for your time and effort. :) I beieve I made you stay till late.
As for the internet, it seems fairly better, still slow on the first launch but managable. I'll try it more tomorrow and I let you know about everything.
-
I'm baaaack :)
Yep let me know the result as we will have a big download for you to do soon..... SP3
-
I'm sorry, couldn't get to see the post earlier. :$
And I'm all ready for trustworthy instructions.
As for the computer performance,
IE is still slow that I had to end the process manually the first time it launched.
But I don't care much about it as long as the machine's clean. Maybe it's the connection or my RAMs in need for an upgrade, but hopefully not because of some malware running its processes in the background.
No more alerts have shown up, neither of the firewalls nor from avast (except for being updated).
" thumbs.db " has vanished from the desktop.
I think everything else is ok.
And here I am, ready for today's work. :)
-
OK first we will try it the easy way
Go to windows updates and see if you are offered SP3 if so accept it
Microsoft Windows Update (http://windowsupdate.microsoft.com)
If not let me know and I will give the direct download
-
one question please,
is it safe to go onto the internet with some other equipment hooked to the same router?
Or it could act as a bridge for the infection to pass to other devices?
Also 3 or 4 toolbars in IE browser went black while one other toolbar went transparent that I can see the desktop through it.
-
That is a lot of toolbars .. Do you need them all ?
Do you mean a second computer/phone using the router ? If so no problem
-
Avast toolbar is the transparent one, while the others being the menu bar, the favourites and bookmarks bar, and that last bar with tools, home . print menues.
If any of these is unneccessary, then no need for them. Exept for the favourites and history which I do need frequently.
And yes I mean other tablets, receivers and stuff like that, is it dangerous?
-
Microsoft wants me to install activeX control so as to view their website...is it safe?
shall I install it? or I'd search in the windows update center in "start" menu instead?
-
Allow the active x as your current one is a tad old :)
There is no problem with the other devices using the router, one thing we have not yet done is clear any remaining adware. We will do that once the rest is done. That may ease the connection problems
-
installed... then shall I choose custom or express?
-
Go for custom :)
-
I picked custom and it kept checking for ages, more than 40 minutes maybe an hour.
I tried to close it but it wouldn't close, ended the process and started all over again.
Is there another way to go?
-
When was the last time that you updated windows ?
Lets check there is no adware remaining and I will give the direct link to SP3
CLEAR THE BAD TOOLBARS
Download AdwCleaner from here (http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/2-adwcleaner) to your desktop
Run AdwCleaner and select Delete
(https://dl.dropbox.com/u/73555776/AdwCleaner.GIF)
Once done it will ask to reboot, allow this
On reboot a log will be produced please attach that
SP3 Download http://www.microsoft.com/en-gb/download/details.aspx?id=24
-
I beilive I hadn't attempted to update the windows till last year.
When I downloaded SP3 last year, some problem appeared with the internet connection that I couldn't run the web browser.
I contacted my internet provider and he claimed it was because of updating a non-purchased (OEM) copy of windows.
So, I restored the computer to a point before the the SP3 download and everything seemed to be resolved.
But since then I never thought of making any more updates. Actually, I got afraid of it. :) :)
-
I contacted my internet provider and he claimed it was because of updating a non-purchased (OEM) copy of windows.
So, I restored the computer to a point before the the SP3 download and everything seemed to be resolved.
He is talking out of his posterior to put it mildly
-
yep, and maybe I was ignorant enough to believe him... >:(
So, this is the Adwcleaner log.
Sorry for the delay, but browsing was even slower that I rebooted twice.
-
We will do a cleanup and defrag towards the end, after the SP install as that creates some fragmentation of the drive
Is it downloading OK ?
-
Yes, I'm currently downloading it to the desktop.
-
Good, I will be away at another forum for about an hour, but I will check back then
-
Operation timed out at first, redownloaded it but seems to take a long while: 1 hour 15 minutes remaining.
Maybe I should get a download manager.
By the way, they offered me these also but I didn't get them:
Cumulative Security Update for Internet Explorer 8 for Windows XP (KB2618444)
Update for Windows XP (KB932823)
-
I have used Leechget before and I found that easy to use http://www.filehippo.com/download_leechget/
-
I'd like to get that, shall I download it now?
I modified the post...seen it?
-
SP3 should cover those for you. When you install Leechget use the custom install in case it comes with a toolbar... I fact I will install it to check the functions
-
Operation timed out once more >:(
I got LeechGet and am trying to download through it.
I'd like to know what are those tasks that I pick a number of them in the download window?
it'd make 3 tasks but i made them only one...
-
I got a full installation as it seemed customized to fit IE...
-
OK no bad stuff with it :)
The number of tasks is the concurrent downloads, what it does is split the download into say 3 parts and downloads them at the same time. At the end it puts it all back together again so it should only take one third as long
-
Then I should have picked the highest number.... :(
The day is almost done, yet I couldn't finish a single task...
-
Life is an experience :) At least the malware has gone and all we are doing now is securing your system and trying to achieve the best performance
-
At last...it's downloaded...hopefully all of it. <sigh>
I tried to open it but I don't know the right program to.
I've attached a screeenshot of the browser, could the toolbar part be normal like that?
Would it be better to install another browser, I have Safari installation pack for example.
I can't find the words to thank yopu properly, Essexboy. :) I'm full of gratidude that I can't express.
You've cast away the malware and now trying to improve my computer's performance ... how commendable you are.
-
Just double click the file as it is an exe and should run
We will reset IE to defaults next
-
I did, but it opened an "open with" window to choose a program.
I don't think it's an .exe, it says it's a self-extracting cabinet.
-
Intriguing I have just downloaded it as an exe file ? I will put it in my dropbox for you and post the link as soon as it has done
Meanwhile
Run Avast
Select Browser Cleanup
Select IE
Select restore to defaults
Does that clear the toolbar problem
-
I have uploaded the exe file here for your downloading https://dl.dropboxusercontent.com/u/73555776/WindowsXP-KB936929-SP3-x86-ENU.exe
-
I'm sorry. I've been out for a while, but I'll procede immediately.
-
Tried a dozen times with browser closed, yet couldn't complete the browser cleanup.
Instead got this message in the attached picture.
-
OK go to control panel > internet options > Advanced tab
Click the reset button
-
How is the browser behaving now ?
Also could you try windows updates again please
-
Thanks to you, it's, at least, 4x faster after resetting from the control panel.
Also tried with avast and it says: Clean, excluding highly rated add ons.
I'll give it another try with update.microsoft.com, maybe it'd check faster now.
-
Grand slowly but surely :)
-
Hello Essexboy, I hope you still remember me and my problem, which you solved. :)
I tried to get SP3 from microsoft several times. All of which would stop unexpectedly saying "can not copy file blastcln.exe please retry or change the location and put ( Windows XP System Files ) in the drive you specify".
I tried to change the path to C:\WINDOWS\SYSTEM32\blastcln.exe, but all in vein. I also searched for it and found over 30 dublicates in the results for mainly 3 locations: SYSTEM32, Service Pack Files and Software Distribution but none was of any use.
Shall I correct the path otherwise or just give up and install the downloaded version?
-
That is part of the windows malicious software removal tool. Try an install of the downloaded version
-
I tried, but the same problem persists. I'm attaching a picture of the error message.
-
I know I've been bothering you for long. But I don't if I should give up with the installation or there could another way.
thanks
-
My apologies for the delay on this but I had a dead system on another forum that my student was trying to resuscitate.... We won :)
As it stands this is an unusual error
From control panel > add/remove
Tick the show updates box
Locate and uninstall KB833330
-
It's all Ok. I'm glad you won and I'm sure you'll always do.
I searched a lot for that specific number but never found it. There are lots of numbered updates, which I can list in a text file if you wish, but KB833330 is not one of them.
-
Could you run the MSFixit on this page and see if it fixes the problem http://support.microsoft.com/kb/949377
-
I tried and I got the same window with the same error. The installation wizard asked me every time if I wanted to continue the setup without copying that file and I refused.
Shall I ignore the problem and continue without it? Or shall I manually copy and paste Blastcln.exe in the service pack files?
Could there be a problem with the permissions and settings of this file? as Avast has repeatedly reported it in the results report after complete scans.
-
If you cancel does it progress to the next file ?
-
If I clicked "yes" (continue without copying the file), I think it would.
-
OK give that a whirl whilst I do a little more checking
-
Fine I did. I hit "Run" and it says "no enough disk space for file expansion".
I've previously emptied more than 3 GB before I first run it and now it's only about 600 MB. Seems that it has been extracted every time I tried to run it to fix the problem, which is more than 5 times till now.
Is there a way to clear the space it filled for no use? if yes, what's the path and location?
Should I go for a system restore?
I do apologize for all the trouble I exhaust you with, Essexboy.
-
Not a problem :) Lets clear some space first
1.From the Start button menu, choose All Programs→Accessories→System Tools→Disk Cleanup.
2.When it opens check all options
3.Click OK
When done the window will close
Let me know if that clears enough space
-
After reboot, I got my disk space back, did the cleanup but not to the end and ran SP3.
I ignored blastcln copying and now it's installed. When it restarted the computer after the install, it asked about automatic updates and I turned them on.
So, is everything OK till now? Shall we check blastcln.exe and copy it manually?
-
No blastcln is related to SP1 nad is no longer relevant to XP
How is the computer behaving now ?
-
very slow, maybe due to installing updates.
-
OK lets now clear some rubbish and get the speed back :) After this could you let me know if there is an improvement
Subject to no further problems :)
I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems
Now the best part of the day ----- Your log now appears clean :thumbsup:
A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:
Run OTL- Under the Custom Scans/Fixes box at the bottom, paste in the following
:Commands
[resethosts]
[emptytemp]
[CLEARALLRESTOREPOINTS]
[Reboot]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
Remove ComboFix- Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
- In the Run box, type in ComboFix /Uninstall
(Notice the space between the "x" and "/")
then click OK
(http://i1224.photobucket.com/albums/ee362/Essexboy3/Misc%20screen%20shots/CF_Uninstall-1.jpg)
- Follow the prompts on the screen
- A message should appear confirming that ComboFix was uninstalled
Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Malwarebytes (http://www.malwarebytes.org/mbam-download.php).
Update and run weekly to keep your system clean
Download and install FileHippo update checker (http://www.filehippo.com/updatechecker/) and run it monthly it will show you which programmes on your system need updating and give a download link
If you use on-line banking then as an added layer of protection install Trusteer Rapport (http://www.trusteer.com/Products/Trusteer-Rapport-for-Online-Banking)
It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit - Microsoft Windows Update (http://windowsupdate.microsoft.com)
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ? (http://www.geekstogo.com/forum/topic/225044-preventing-malware-and-safe-computing/)Keep safe :wave:
-
Shall I do these first or finish installing updates?
If I chose custom installation, would I choose from these or install them all?
Cumulative security update for Internet Explorer 8 for Windows XP (KB2846071)
Microsoft office compatability pack service pack 3 (SP3)
Microsoft Office file validation Add-in
Office XP service pack 3
Security update for Windows XP (KB2115168)
Security update for Windows XP (KB2378111)
Security update for Windows XP (KB2478971)
Security update for Windows XP (KB2479943)
Security update for Windows XP (KB2491683)
Security update for Windows XP (KB2544893)
Security update for Windows XP (KB2585542)
Security update for Windows XP (KB2631813)
Security update for Windows XP (KB2691442)
Security update for Windows XP (KB2712808)
Security update for Windows XP (KB2758857)
Security update for Windows XP (KB2850851)
Update for Windows XP (KB2345886)
Windows malicious software removal tool - July 2013 (KB890830)
Shall I use "express installation" instead?
-
Use express install to get the ones that are really needed
Once they have all installed then do the cleanup to remove all the rubbish :)
-
OK, thank you. :) I will