Green Dot virus For a Friend

[Busymama62]

I think Norton may cause me issues.  I can not disable it because the subscription has expired.  Should I just go ahead and uninstall it since we will be putting Avast and Malwarebytes on the system?  The Norton's help page you provided in the link does not help since her subscription has expired.  Thanks!

[essexboy]

Yes please,  try too turn off Norton.  If you can't then continue and accept the combofix warnings   

[Busymama62]

I can't access the settings in Norton because it has expired.  Would it be better just to delete it before doing the Combofix?  I just talked to my friend and they are not planning on renewing the Norton.

[essexboy]

Aye uninstall combofix may still moan but let it run and we will remove the rest of Norton later

[Busymama62]

Please find the Combofix report attached.  As far as how the computer is running.  Sort of hard to say since this is actually the first time I have used her computer.  Some applications have windows that pop up wanting to know if I want to run the update.  I keep clicking no for now, after the computer is protected I will let them download.  The only issue so far that I have noticed is the touch pad locks up.  Just did so again and I had to do an improper shut down to be able to get things working again.

I am now posting from her computer.

[Busymama62]

Upon reboot after the Adware removal tool, the computer has a window that says  "System Recovery Options" and for me to choose a language.  Am I supposed to be seeing this?

[Busymama62]

What I decided to do was to shut down and it wouldn't let me.  I turned the power off and then on reboot had my report. The adwcleaner report is attached.  Something called jucheck.exe is flashing in the bottom toolbar and is saying it is requesting my permission.  For now I am going to ignor it as I don't know what it is and my friend said as far as she knew the Norton was the only virus program.  The icon to this is a gold and blue shield.

The touchpad just locked up again and the only thing I have been able to do is contl/alt/delete which takes me to a shut down page but the touchpad will still not work and I have to manually turn the power off.

[essexboy]

Could you confirm that the USB is now removed when you boot. 
My recommendation would be to uninstall Java totally via control panel. 
A programme is probably failing to release when the system shuts down we will investigate that next   

: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article and this article.
I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)


Download the Norton removal tool from here http://www.bleepingcomputer.com/download/norton-removal-tool/  the blue download button

Download Avast from here http://files.avast.com/iavs5x/avast_free_antivirus_setup.exe


Run the Norton removal tool and reboot
Then run the Avast setup file to install

Once completed could you let me know how the machine is behaving

[Busymama62]

Well, Last night I shut the computer down because it felt very hot, noticed when I did so it was installing updates.  I did this am change the boot order back to notebook/hard drive.  I  notice now that there is one more missing icon from the desktop other than the Norton, this not being my computer, I don’t know what it was.  We will not worry about that. 

I did uninstall Java, however, she may want to reinstall it.  If so I will help her turn disable it till needed.  That is what I am doing on our computers because some of the coupon printing programs I use, use Java.  She has Google Chrome installed and I don't use Google Chrome, every time it has been installed on our computers it would cause issues, with system lock ups.  I used IE to test her computer and visited a few other pages with no problem, slower than my system but that may just be that system. 

Upon reboot I did let the Adobe Reader and HP install updates.  Once I uninstalled Java the shield icon at the bottom of the screen that was flashing did disappear.  The only issue I have noticed is on reboot/restart I get this error message  "Unable to locate suitable Java RunTime Environment on this machine.

Thank you!

[essexboy]

There may be a heating problem on the system

Lets see if we can stop the Java

How is it behaving otherwise ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  
  

Code: [Select]

:OTL
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O16 - DPF: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 1.6.0_34)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 10.9.2)

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

[Busymama62]

Java error window still popped up on restart.  I think other than that it seems to be running fine.  I surfed the web a bit and didn't have any problems.  Her system seems slower to respond to clicks of the mouse than mine but I am thinking that is probably this system.  Today it doesn't seem to be getting as hot so I wonder if it was related to the lock ups I was having yesterday.  I just noticed that one of her USB ports did not register my flash drive just now.  That may be one reason I had trouble doing the initial boot from USB.

Please find the OTL report attached.

[essexboy]

Download Javara from here  http://fileforum.betanews.com/detail/JavaRa/1207335071/1
Run it and click Remove JRE

That should stop it unless there is a programme requiring Java, although I can see none

Lets clear my rubbish now and see how the computer behaves

Subject to no further problems   

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems 

Now the best part of the day ----- Your log now appears clean  :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset  System Restore points:

Remove ComboFix

• Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  
• In the Run box, type in ComboFix /Uninstall
   (Notice the space between the "x" and "/")
  then click OK
  
  
  
  
• Follow the prompts on the screen
• A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button.  It will remove all the programmes we have used plus itself. 

We will now confirm that your hidden files are set to that, as some of the tools I use will change that

• Click Start.
• Open My Computer.
• Select the Tools menu and click Folder Options.
• Select the View Tab.
• Under the Hidden files and folders heading select Do not show hidden files and folders.
  
• Click Yes to confirm.
• Click OK.

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

If you use on-line banking then as an added layer of protection install Trusteer Rapport

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

• Microsoft Windows Update

To learn more about how to protect yourself while on the internet read our little guide  How did I get infected in the first place ?Keep safe  :wave:

[Busymama62]

Well, I am just now getting to this today and the first time I went to the site to download JavaRa the browser locked up so I did End task and opened it again.  Clicked download and open instead of run, then the touch pad locked up on me.  As late as it is here for me and being Wednesday it will probably be tomorrow before I get all of this done.  Wed. evenings are very busy for me.  I will get all of it done and if things seem to be ok, I will let my friend do the 24 hour test drive since she is the one that uses the computer.  Sorry, But will be back.  Could there be something causing the touchpad to lock up or could it just be something that I am doing or not doing?  I prefer a mouse so I do not use a touch pad much at all.
Thanks again!

[essexboy]

Ref touchpads I dislike them as well which is why I have never had a laptop

Let me know how it goes as it may just be a one off

[Busymama62]

Well, sorry but I am having trouble.   There is not a "MY Computer" on her system.  I tried going into start, computer, local drive c, tools but the only options I have are Check now for drive errors, and On that I see that blue and gold shield, Defrag, and back up now.  So I am not where I need to be.  Also, the Adwcleaner is still showing on the desktop. 

A couple of questions.  What is your opinion of Google Chrome.  Anytime we have installed it on our systems it would cause the system to hang/lock up.  So we have just completely uninstalled it.  She has Google Chrome installed and I don't know if it is a good idea or not.

I did speak with her and she said she thinks there is one program that does use Java but can't remember which one.  I told her that during the 24 hour test drive she needs to do anything and everything she uses her system for so we can see how it is running and that if she needs Java we will reinstall and I will show her how to disable/enable.

So, I am at the point in your last directions to where I am supposed to do the My Computer and files, I have not done any of the instructions that followed that.

Thank you so much for all of your help.  Oh and your tidying up comment has made me remember I don't think I ever completed something on our desk top so I am going to go back thru my messages and ck that later.  Once we have this system finished.