Avast WEBforum
Other => Viruses and worms => Topic started by: beasut on August 21, 2013, 04:19:28 PM
-
I'm back with a different laptop, it runs Windows 8 which is completely new to me.
Attached is the logs from the Malware cleaning thread.
Thanks in advance for your help again!
-
What problems are you experiencing ?
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
(https://dl.dropbox.com/u/73555776/OTL_Fix.GIF)
:Commands
[CREATERESTOREPOINT]
:OTL
IE - HKU\S-1-5-21-3044800224-2891252120-4114236797-1002\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://search.conduit.com/Results.aspx?ctid=CT3302999&octid=EB_ORIGINAL_CTID&SearchSource=62&CUI=UN56501182822820508&UM=2&UP=SP7C6BAE8F-A353-4B65-A7BF-E2B32F31A7A6&q={SearchTerms}
IE - HKU\S-1-5-21-3044800224-2891252120-4114236797-1002\..\SearchScopes\{E8083B0C-F37D-4A47-8CCC-C3036F50986D}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289847&CUI=UN42202060282801916&UM=2
O2:64bit: - BHO: (Webroot Vault) - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\pkg\LPBar64.dll File not found
O2 - BHO: (Define) - {B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE} - C:\Users\Mariana\AppData\Local\DefineExt\temp.dat File not found
O2 - BHO: (no name) - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {97ab88ef-346b-4179-a0b1-7445896547a5} - No CLSID value found.
[2013/08/08 20:18:58 | 000,000,000 | ---D | C] -- C:\Users\Mariana\AppData\Local\lptmp836066380
:Commands
[resethosts]
[emptytemp]
[Reboot]- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
-
I tried to run OTL with your code but I got an error that windows experienced an error and needed to restart. Should I try again?
The problem started as this laptop was riddled with toolbars and I think conflicting security programs.
I removed Norton and anything else I thought was necessary (backup mypc, or something like that). I uploaded Avast and ran the scan following it's advice of removal of harmful items. I came to this forum and ran the Malware removal. Can you tell by the logs what else needs to be removed?
Thanks.
-
MyPC Backup...I'd like to removed that completely. I only just uninstalled it but I see some items in the C drive still. I also see webroot, how can I completely remove that too?
Thanks.
-
Aye run a fresh OTL scan and I will see what remains of those
-
I reran the OTL as done the first time around but this time it didn't give me the extras. Hope this helps....
-
Those programmes do not have any drivers/services running so the folders can be manually deleted. Webroot has left some registry so I will remove that. No need to re-run OTL after this
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
(https://dl.dropbox.com/u/73555776/OTL_Fix.GIF)
:Commands
[CREATERESTOREPOINT]
:OTL
O3:64bit: - HKLM\..\Toolbar: (Webroot Toolbar) - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll File not found
O9:64bit: - Extra Button: Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - Reg Error: Key error. File not found
O9:64bit: - Extra 'Tools' menuitem : Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - Reg Error: Key error. File not found
O33 - MountPoints2\{acf2a4d9-8300-11e2-be71-806e6f6e6963}\Shell\AutoRun\command - "" = "E:\WRSetupCD.exe"
:Files
C:\ProgramData\WRData
:Commands
[resethosts]
[emptytemp]
[Reboot]- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
-
Here ya go.
Thanks for your help....
-
How is the computer behaving now ?
-
Seems like all is good and running much faster.
Avast and whatever Windows loaded for security is all it has. Do you recommend any other security programs? A teen uses this laptop and some times downloads games and such.
What can I add to protect it from malware and is free?
Thanks again for all your help!
-
As this is windows 8 then that is all I use
Turn on the PUP detection in Avast if your teen likes downloading things and try to train him in the use of the custom install option, thereby denying all toolbars and nice extra programmes on offer
Also get him to read this http://blog.avast.com/2013/07/09/shady-practices-of-free-download-servers/
Keep MBAM on the system and run it weekly to be sure
-
Thank you!!!
-
Keep MBAM on the system and run it weekly to be sure
or better, buy the PRO version, a one time fee for a lifetime license
then you get autoupdate and a protection module that will block many of these install