Author Topic: Daily Trojan (Read 13377 times)

REDACTED · « **Reply #15 on:** November 22, 2015, 09:20:08 PM »

No, I am not working with anyone else, or on another system. I have done everything you asked me to do, and the fixlog is from the FRST scan of 11/20 and the previous logs from the day before....11/19, the Additions and FRST scan. I didn't realize I'd sent the fixlog twice, pardon my error. I am just hoping to find a way to stop this Trojan, which may have been the cause of the destruction of my Desktop computer, which I hope to rebuild this week, if I get the memory stick. I hope to prevent this laptop from being similarly destroyed...I need it.

Are you saying you want me to start all over with the FRST scans and logs? A complete re-do?

dbrisendine · « **Reply #16 on:** November 22, 2015, 11:51:38 PM »

Don't need a complete redo yet; just follow these steps and then we will go from there. Thanks.

FIRST >>>>

Please go to START (Windows Orb) >> Control Panel >> Uninstall a Program or Programs and Features and remove the following (if listed):

Freemake Audio Converter version 1.1.0
Freemake Video Converter version 4.1.7
Freemake Youtube Mp3 Converter

To do so, left clicking on the name once and then click Uninstall/Change at the bar above the list window.

Follow the prompts of the uninstaller BUT please read carefully any questions it asks before answering; some uninstallers will try and deceive you into keeping the software.

SECOND >>>>

Open notepad by pressing the Windows Key + R Key, typing in Notepad in the Run dialog and then pressing Enter. Please copy the contents of the Code box below. To do this highlight the contents of the box by clicking [Select] next to Code: , then right click on any of the highlighted text and select copy. Paste this into the open notepad. Save it to your desktop as fixlist.txt

Code: [Select]

Start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-930250783-1986003217-1596953152-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-930250783-1986003217-1596953152-1000\...\MountPoints2: {2ec08c1c-0914-11de-bdfb-001e339035d3} - F:\LaunchU3.exe -a
HKU\S-1-5-21-930250783-1986003217-1596953152-1000\...\MountPoints2: {a58c71df-023d-11e3-b860-001e339035d3} - E:\menu.exe
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1324741842&rver=6.1.6206.0&wp=MBI&wreply=hxxp:%2F%2Fmail.live.com%2Fdefault.aspx&lc=1033&id=64855&mkt=en-us&cbcxt=mai&snsc=1
SearchScopes: HKLM -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
FF Homepage: hxxps://login.live.com/login.srf?wa=wsignin1.0&rpsnv=12&ct=1431382295&rver=6.4.6456.0&wp=MBI_SSL_SHARED&wreply=hxxps:%2F%2Fmail.live.com%2Fdefault.aspx&lc=1033&id=64855&mkt=en-us&cbcxt=mai
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2015-09-01] (Freemake) [File not signed]
C:\ProgramData\Freemake
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [30976 2014-08-13] ()
C:\Windows\system32\drivers\hitmanpro37.sys
R2 secdrv; C:\Windows\system32\Drivers\secdrv.sys [20480 2006-11-02] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
C:\Windows\system32\Drivers\secdrv.sys
2015-10-22 16:34 - 2015-09-24 15:37 - 00000000 ____D C:\Program Files\Freemake
2013-07-24 13:43 - 2013-07-24 13:43 - 0005101 _____ () C:\ProgramData\cyzlxojr.ycm
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{00021401-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{00EEBF57-477D-4084-9921-7AB3C2C9459D}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{076C2A6C-F78F-4C46-A723-3583E70876EA}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{078759D3-423B-48AD-AB6A-5638C2884DBE}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{0AF10CEC-2ECD-4B92-9581-34F6AE0637F3}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{0B91A74B-AD7C-4A9D-B563-29EEF9167172}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{0C15D503-D017-47CE-9016-7B3F978721CC}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{1765E14E-1BD4-462E-B6B1-590BF1262AC6}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{1D2680C9-0E2A-469D-B787-065558BC7D43}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{1F2E5C40-9550-11CE-99D2-00AA006E086C}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{275C23E2-3747-11D0-9FEA-00AA003F8646}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{35786D3C-B075-49B9-88DD-029876E11C01}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{3AD05575-8857-4850-9277-11B85BDB8E09}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{3EA48300-8CF6-101B-84FB-666CCB9BCD32}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{4657278A-411B-11D2-839A-00C04FD918D0}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{4DF0C730-DF9D-4AE3-9153-AA6B82E9795A}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{6311429E-2F1A-4777-880F-C7289FD10169}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{640167B4-59B0-47A6-B335-A6B3C0695AEA}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{681EE9BC-D825-4A1D-BA73-A4C1C173C2DB}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{6D68D1DE-D432-4B0F-923A-091183A9BDA7}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{6F13DD2E-EBEE-4DD5-A72E-850B2087F5DD}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{72B624DF-AE11-4948-A65C-351EB0829419}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{7444C719-39BF-11D1-8CD9-00C04FC29D45}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{77F419AA-771A-45FF-AC66-7567FA3243D3}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{7F12E753-FC71-43D7-A51D-92F35977ABB5}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{807C1E6C-1D00-453F-B920-B61BB7CDD997}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{82C588E7-E54B-408C-9F8C-6AF9ADF6F1E9}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{88C6C381-2E85-11D0-94DE-444553540000}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{88D96A05-F192-11D4-A65F-0040963251E5}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{9113A02D-00A3-46B9-BC5F-9C04DADDD5D7}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{A38B883C-1682-497E-97B0-0A3A9E801682}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{AA94DCC2-B8B0-4898-B835-000AABD74393}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{B056521A-9B10-425E-B616-1FCD828DB3B1}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{B155BDF8-02F0-451E-9A26-AE317CFD7779}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{B8967F85-58AE-4F46-9FB2-5D7904798F4B}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{BD84B380-8CA2-1069-AB1D-08000948F534}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{BDEADF00-C265-11D0-BCED-00A0C90AB50F}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{CACAF262-9370-4615-A13B-9F5539DA4C0A}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{CD773740-B187-4974-A1D5-E0FF91372277}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{CFC399AF-D876-11D0-9C10-00C04FC99C8E}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{D0A03AD0-F49C-4E01-9C1D-CA3B7B73B08E}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{D3C25535-8D07-4A8E-B24F-B917CCD78A0F}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{E88DCCE0-B7B3-11D1-A9F0-00AA0060FA31}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{EDB5F444-CB8D-445A-A523-EC5AB6EA33C7}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{F3364BA0-65B9-11CE-A9BA-00AA004AE837}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{F5175861-2688-11D0-9C5E-00AA00A45957}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{FE841493-835C-4FA3-B6CC-B4B2D4719848}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{FF4FF418-2C5B-455E-B4E6-B530FABF04AF}\InprocServer32 -> no filepath
HKU\S-1-5-21-930250783-1986003217-1596953152-1000\Software\Classes\.exe:  =>  <===== ATTENTION
cmd: sfc /scanfile=C:\Windows\system32\dnsapi.dll
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
CMD: bitsadmin /reset /allusers
RemoveProxy:
EmptyTemp:
Reboot:
end

NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 by right clicking on the FRST64.exe file, selecting "Run as Administrator..". The User Account Control may open up; if it does, select Yes to continue to let FRST open and load.

The tool will check for an updated version of itself every time it loads; please allow it to do this and the program will either inform you it is downloading an updated copy (and to wait until it is safe to continue) or show nothing (meaning there is no update found) and you can continue on. Press the Fix button just once and wait. The tool will create a restore point, process the script and ask for a restart of your system.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please attach it to your reply post. Also, tell me how your system is running now.

REDACTED · « **Reply #17 on:** November 23, 2015, 06:11:27 AM »

All done, have been using private browsing on Firefox, feels safer (hope it is). And setting up sync just to see how the computer is performing, and to see if it freezes as usual...it didn't...Thanks!

So I just ran MBAM scan, and am so disappointed to find the same Trojan there...this is 5-6 hrs after the fix.

dbrisendine · « **Reply #18 on:** November 23, 2015, 06:33:00 AM »

Pictures are nice but in this case the complete log from Malwarebytes will help me nail this one.

Open Malwarebytes' Anti-Malware.
Click on History.
Click on Application Logs.
Click on one of the Scan Log.
Click on the Export (bottom left hand corner) and select Text file (*.txt).
Select a name that is easy to remember ( like MBAM_scan log.txt) and a location to save the file to. It is easiest to save this to the desktop.
Attach this file to a reply post here; this will have a detail of the Key path in the Registry. Thanks.

REDACTED · « **Reply #19 on:** November 23, 2015, 05:02:45 PM »

Ok, here is the log:

dbrisendine · « **Reply #20 on:** November 23, 2015, 11:41:23 PM »

FIRST >>>>

Right click on FRST64.exe on your desktop and select "Run as Administrator..." When the tool opens click Yes to disclaimer.
Type FBEB8A05-BEEE-4442-804E-409D6C4515E9 into the Search Box.
Press the Search Registry button.
It will produce a log called search.txt in the same directory the tool is run from.
Please copy and paste log back here.

SECOND >>>>

Open notepad by pressing the Windows Key + R Key, typing in Notepad in the Run dialog and then pressing Enter. Please copy the contents of the Code box below. To do this highlight the contents of the box by clicking [Select] next to Code: , then right click on any of the highlighted text and select copy. Paste this into the open notepad. Save it to your desktop as fixlist.txt

Code: [Select]

Start
CreateRestorePoint:
CloseProcesses:
REG: reg query HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9} /s
Reboot
end

NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 by right clicking on the FRST64.exe file, selecting "Run as Administrator..". The User Account Control may open up; if it does, select Yes to continue to let FRST open and load.

The tool will check for an updated version of itself every time it loads; please allow it to do this and the program will either inform you it is downloading an updated copy (and to wait until it is safe to continue) or show nothing (meaning there is no update found) and you can continue on. Press the Fix button just once and wait. The tool will create a restore point, process the script and ask for a restart of your system.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please attach it to your reply post.

REDACTED · « **Reply #21 on:** November 24, 2015, 06:15:53 AM »

Farbar Recovery Scan Tool (x86) Version:23-11-2015
Ran by Owner (2015-11-24 00:09:28)
Running from C:\Users\Owner\Desktop
Boot Mode: Normal

================== Search Registry: "FBEB8A05-BEEE-4442-804E-409D6C4515E9" ===========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\{fbeb8a05-beee-4442-804e-409d6c4515e9}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\PropertySheetHandlers\{fbeb8a05-beee-4442-804e-409d6c4515e9}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{fbeb8a05-beee-4442-804e-409d6c4515e9}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\AutoplayHandlers\CancelAutoplay\CLSID]
"fbeb8a05-beee-4442-804e-409d6c4515e9"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\ShellServiceObjects\{fbeb8a05-beee-4442-804e-409d6c4515e9}]
[HKEY_USERS\S-1-5-21-930250783-1986003217-1596953152-1000\Software\Classes\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}]
[HKEY_USERS\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}]

** attached scan done right before I checked your message

REDACTED · « **Reply #22 on:** November 24, 2015, 06:51:04 AM »

Ok, all done, here are your logs: Looks like what I thought I attached before has vanished. Hope this is the right thing...added another MBAM scan log.

dbrisendine · « **Reply #23 on:** November 24, 2015, 08:45:27 AM »

I believe that there is something hiding in your Recycle Folder ( the Recycle Bin ). Follow the directions given here (steps to view all files on your system, delete the $Recycle.bin folder and restart your system).
http://www.tech-recipes.com/rx/2802/vista_how_to_reset_recycle_bin/

If MalwareBytes finds the same listing again after doing this, please run the last Fixlist.txt file (the one with the REG query line in it) BEFORE having MBAM remove the registry value. This will allow me to read the entire key data (if there is any) and further narrow down the approach.

REDACTED · « **Reply #24 on:** November 25, 2015, 01:40:23 AM »

Well, we may have found the culprit...I have run 4 MBAM scans at different times today, and no Trojan found so far. All clean scans, finally...Thank you, I'm almost afraid to think this is it, but I'm going to pray that it is done!!

dbrisendine · « **Reply #25 on:** November 26, 2015, 10:43:37 PM »

Since the flag has not been thrown by MBAM in some days, I will post our clean-up steps and let you on your way ....

Clean up of Malware Removal Tools
Now that we are through using these tools, let's clean them off your system so that should you ever need to have malware removed again (we hope not) fresh, updated copies will be downloaded.

Download Delfix from here to your desktop and double click it to start the program
Ensure Remove disinfection tools is ticked
Also tick:
Activate UAC
Create registry backup
Purge system restore
Reset system settings

Click Run
The program will run for a few moments and then notepad will open with a log. Note: Please save this log first before rebooting your system (if asked to); DelFix does not save the log as it is trying to remove all traces of our work on your system. Please attach the log in your next reply.

You can delete any log files left on your desktop as these are no longer needed.

Also, if you do not have to have all the various versions of Java on your system, this utility is a good way to clean those up and keep the latest Java installed (if you need it):

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older versions of Java components and upgrade the application.

Upgrading Java :
Please download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe, then click on Remove Java Runtime.
Select the Java version you have from the drop down list, and then click on Run Uninstaller
Press Yes if it asks to uninstall the product.
Allow the uninstaller to remove the installed version.
When its finished, go back to JavaRa, and click Back
Click on Update Java Runtime and then select Download and install latest version.
Press Next
Press Java Manual Download.
A browser window will open with the Java download page.
Click the Windows offline link to download Java.
Run the installer.
Close JavaRa

REDACTED · « **Reply #26 on:** November 27, 2015, 10:04:10 PM »

Ok, still no sign of the Trojan, so it seems to be gone...Thank you so much for hanging in there with me and finding the culprit...wish I could get my hands on the culprit who sent it to me. I would like to pay you something, and would also like to see if you could help me with a dispute I have ongoing since May with Avast for charging me $119 for an unsuccessful remote session that lasted 4-5 hours, and which I did not request. My computer repairman did write a letter attesting to the fact that the session did not repair my problem.
But that aside, I really do appreciate your assistance. KW

dbrisendine · « **Reply #27 on:** November 28, 2015, 05:52:40 AM »

I'm glad the trojan is gone. As to the other matter, I'm not sure I can help you any as I am not affiliated with Avast in any way. I am just a trained volunteer helping out here as best I can.

Have a very Merry Holidays and surf safely!

REDACTED · « **Reply #28 on:** November 29, 2015, 09:09:43 PM »

I am grateful for your assistance...please don't think the amount of my donation reflects the amount of gratitude I feel...just my circumstances. KW

REDACTED · « **Reply #29 on:** November 29, 2015, 11:36:20 PM »

Celebrated too soon, I'm afraid...same Trojan back on today's mbar scan. Do you mind helping? No recycle bin showing in C drive, even after "un-hiding" hidden files.

Author Topic: Daily Trojan (Read 13377 times)

REDACTED

Re: Daily Trojan

dbrisendine

Re: Daily Trojan

REDACTED

Re: Daily Trojan

dbrisendine

Re: Daily Trojan

REDACTED

Re: Daily Trojan

dbrisendine

Re: Daily Trojan

REDACTED

Re: Daily Trojan

REDACTED

Re: Daily Trojan

dbrisendine

Re: Daily Trojan

REDACTED

Re: Daily Trojan

dbrisendine

Re: Daily Trojan

REDACTED

Re: Daily Trojan

dbrisendine

Re: Daily Trojan

REDACTED

Re: Daily Trojan

REDACTED

Re: Daily Trojan