Author Topic: Virus "symptoms" still present after removal  (Read 14937 times)

0 Members and 1 Guest are viewing this topic.

Offline JanetB

  • Newbie
  • *
  • Posts: 19
Re: Virus "symptoms" still present after removal
« Reply #30 on: February 04, 2014, 03:33:53 PM »
One more question -- I did just install Malwarebytes, as part of this whole cleaning process--about 30 days ago, and it is updated.

Do I need to uninstall, and reinstall a clean version--or is it ok as is?

No problems with the delay. Thanks for letting me know the "why."

Will check the download and report back.

J.

Offline thekochs

  • Speak Your Mind, Who minds don't matter, Who matters won't mind
  • Advanced Poster
  • **
  • Posts: 1115
  • Hapkido Blackbelt
Re: Virus "symptoms" still present after removal
« Reply #31 on: February 04, 2014, 03:49:15 PM »
One more question -- I did just install Malwarebytes, as part of this whole cleaning process--about 30 days ago, and it is updated.

Do I need to uninstall, and reinstall a clean version--or is it ok as is?

No problems with the delay. Thanks for letting me know the "why."

Will check the download and report back.

J.

If you already have it just make sure to update the database before you run.
It should do this when you launch but if not go to the update tab within MBAM.

Also, as a FYI....I am by far no expert but I have both Avast & MBAM Pro on my PCs.
The MBAM Pro is one time charge (~$24) for lifetime.
MBAM & A/Vs (eg. Avast) play nice with each other and you can have both real-time shields running.
I schedule a system scan from each once a night (different times).
You'll have tons of folks with tons of different opinions on what to use.....some are too light, some overkill.
It really depends on type of user you are (what you do with PC) and techy sophistication (for tweaking).
I've personally found the middle road of ease of use + safety is Avast + MBAM Pro.
Again, my disclaimer is I'm no expert....especially on security software.....just a techy been around PCs for 20+ years.
I only mention since you have MBAM loaded.
You do have the choice of running MBAM from time to time without paying....like you are now.....but you have to do this manually....the paid version has the scheduler.
« Last Edit: February 04, 2014, 03:56:18 PM by thekochs »
OpenDNS + Avast Free + MBAM Premium + MBAE Free Anti-Exploit + CryptoPrevent + Windows Firewall
Avast FAQ Videos
Avast 2016 Videos
Avast Clean Un/Re-Install How-To

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40627
  • Dragons by Sasha
    • Malware fixes
Re: Virus "symptoms" still present after removal
« Reply #32 on: February 04, 2014, 04:00:48 PM »
No use the current copy but ensure it is updated.  The main thing is to check whether or not you can download any programmes/files

Offline thekochs

  • Speak Your Mind, Who minds don't matter, Who matters won't mind
  • Advanced Poster
  • **
  • Posts: 1115
  • Hapkido Blackbelt
Re: Virus "symptoms" still present after removal
« Reply #33 on: February 04, 2014, 04:22:58 PM »
Essexboy, I saw in your OTL fix where you removed old AVG Search.
This rang a bell with me: http://forum.avast.com/index.php?topic=81045.15 ........see last post of thread.
Seems that this does not get uninstalled with their uninstaller.
OpenDNS + Avast Free + MBAM Premium + MBAE Free Anti-Exploit + CryptoPrevent + Windows Firewall
Avast FAQ Videos
Avast 2016 Videos
Avast Clean Un/Re-Install How-To

Offline JanetB

  • Newbie
  • *
  • Posts: 19
Re: Virus "symptoms" still present after removal
« Reply #34 on: February 04, 2014, 04:24:03 PM »
SUCCESS!! On downloading an exe file. Thank you!

Now... I think I have two tasks remaining:
1) Run Malwarebytes Quick Scan
2) Download and run MCShield.

Essexboy--Is the MCShield scan still needed/advisable?  And, is it possible to tell me in a sentence or two, what the problem was? A file that just refused to be removed by Avast or Malwarebytes? Something else?

thekochs--thank you for the suggestion. The investment is small, and the autoscheduler is worth it, especially for said spouse in question, who does almost zero to safeguard anything!! (I have scheduled scans to run when he's at work.)

JB

Offline thekochs

  • Speak Your Mind, Who minds don't matter, Who matters won't mind
  • Advanced Poster
  • **
  • Posts: 1115
  • Hapkido Blackbelt
Re: Virus "symptoms" still present after removal
« Reply #35 on: February 04, 2014, 04:34:43 PM »
I'll let Essexboy comment on your questions but I think the culprit is you had AVG (A/V) on this machine prior and not all its items were uninstalled.  Not your fault (or spouse).....these A/Vs don't always uninstall cleanly so when you change over you really need to clean these old items....Avast has a FAQ on it: http://www.avast.com/faq.php?article=AVKB11#artTitle
Most typically people "uninstall" thru the Windows Programs or via Windows where the program has an uninstaller.....makes sense.....of course..........but for A/Vs there are "remover" utils to get rid of all remnants.  For most software this is a don't care....for A/Vs a different story.
« Last Edit: February 04, 2014, 04:38:17 PM by thekochs »
OpenDNS + Avast Free + MBAM Premium + MBAE Free Anti-Exploit + CryptoPrevent + Windows Firewall
Avast FAQ Videos
Avast 2016 Videos
Avast Clean Un/Re-Install How-To

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40627
  • Dragons by Sasha
    • Malware fixes
Re: Virus "symptoms" still present after removal
« Reply #36 on: February 04, 2014, 05:09:01 PM »
This was the problem :

Quote
IE - HKU\S-1-5-21-3334157229-1843940417-2705372315-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=F4Ohn6C-M-oPlcU5DzTcfMvYbJw?q={searchTerms}
IE - HKU\S-1-5-21-3334157229-1843940417-2705372315-1002\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=wp4geEaPqFbgGrkkgy2vaDNcg6A?q={searchTerms}
A proxy had been inserted to redirect all your searches and they would only allow you to use their DNS server, hence no tools are able to download

I would use MCShield if you use USB drives in the computer or you insert camera SD cards


Offline thekochs

  • Speak Your Mind, Who minds don't matter, Who matters won't mind
  • Advanced Poster
  • **
  • Posts: 1115
  • Hapkido Blackbelt
Re: Virus "symptoms" still present after removal
« Reply #37 on: February 04, 2014, 10:06:38 PM »
This was the problem :

Quote
IE - HKU\S-1-5-21-3334157229-1843940417-2705372315-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=F4Ohn6C-M-oPlcU5DzTcfMvYbJw?q={searchTerms}
IE - HKU\S-1-5-21-3334157229-1843940417-2705372315-1002\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=wp4geEaPqFbgGrkkgy2vaDNcg6A?q={searchTerms}
A proxy had been inserted to redirect all your searches and they would only allow you to use their DNS server, hence no tools are able to download


Essexboy, thx for the explanation.....I'm in learning mode out of curiosity.
I saw your OTL script and the AVG & McAfee items.....did not see nor clue in with the SearchScopes item with IP address.
Of course, that is why you are the expert and I'm not. :)
OpenDNS + Avast Free + MBAM Premium + MBAE Free Anti-Exploit + CryptoPrevent + Windows Firewall
Avast FAQ Videos
Avast 2016 Videos
Avast Clean Un/Re-Install How-To

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40627
  • Dragons by Sasha
    • Malware fixes
Re: Virus "symptoms" still present after removal
« Reply #38 on: February 04, 2014, 10:25:36 PM »
Unfortunately this is one area that very few tools look at so it does need the human eye :)

Offline JanetB

  • Newbie
  • *
  • Posts: 19
Re: Virus "symptoms" still present after removal
« Reply #39 on: February 05, 2014, 03:47:17 AM »
Log from the Malwarebytes Quick Scan, as requested.  Attached.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40627
  • Dragons by Sasha
    • Malware fixes
Re: Virus "symptoms" still present after removal
« Reply #40 on: February 05, 2014, 03:03:06 PM »
Nice :)  Any outstanding problems before I tidy up ?

Offline JanetB

  • Newbie
  • *
  • Posts: 19
Re: Virus "symptoms" still present after removal
« Reply #41 on: February 05, 2014, 06:01:45 PM »
No--everything seems to be fine at the moment. Please tidy up!

And thanks to everyone for their assistance and advice. You all have been great.

Janet B
P.S. Not directly related, but still important--I still get 404 when I click on the MCShield link provided in this thread. It's in Reply #6.
« Last Edit: February 05, 2014, 06:07:35 PM by JanetB »

Offline Charyb

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2317
Re: Virus "symptoms" still present after removal
« Reply #42 on: February 05, 2014, 06:14:08 PM »
I receive the same error.

Try here
http://www.mcshield.net/index.html

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40627
  • Dragons by Sasha
    • Malware fixes
Re: Virus "symptoms" still present after removal
« Reply #43 on: February 05, 2014, 06:52:51 PM »
Yep mea culpa... The download link changed for version 3, I have amended it in the main thread detailing tools and logs

The proper link:
 Download MCShield to your desktop and install



Subject to no further problems   :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems 

Now the best part of the day ----- Your log now appears clean  :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset  System Restore points:

Download and run Delfix

Clear Restore Points

Go Start > All Programmes > Accessories > System tools
Right click Disc Cleanup and select run as administrator
When it pops up at the first prompt select OK after it has done some calculations the tabs will appear
Select More Options tab
Press Sytem Restore and Shadow Copies Cleanup button



: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article and this article.
I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware



Malwarebytes.

Update and run weekly to keep your system clean


It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read our little guide  How did I get infected in the first place ?Keep safe  :wave:

Offline JanetB

  • Newbie
  • *
  • Posts: 19
Re: Virus "symptoms" still present after removal
« Reply #44 on: February 05, 2014, 08:24:49 PM »
Thanks for all this info. I'll clean-up later this evening.

I'm beginning to long for the days of DOS...... though I'm sure people were able to hack that, too.

J.