3 Viruses Found

[Raylene]

Thank you and I did go and download the Mcafee removal tool and opened it. It went through this super fast black screen and when it finished a lot of those little boxes that were on my desk top went away. I also went to add/remove and removed a few Mcafee files that were remaining there. The mccleanup.log icon is sitting on my desktop? Along with the VSCleanup program icon? Should I click on that icon?

So I wonder if I am all okay now with the Mcafee uninstalled? I still get that black screen when starting windows to please wait while my configuration settings are updated. It happens in a flash and windows loads really fast. So I am still wondering if thats normal. I don`t seem to be having any issues with anything going haywire on my computer.

I am always open to suggestions and certainly I am thankful for all info being graciously offered to me. Love and light. Many smiles and thanks to all................Savannah

[SafeSurf]

@ Savannah Grace Luciano,

You can right click the obsolete icons and delete them.  Then run CCleaner, then run TCF, and reboot.  Defrag your machine after it reboots to clean things up more; try free Puran http://www.puransoftware.com/Puran-Defrag.html and do a regular defrag then a boot-time defrag.  Reboot again.

[SafeSurf]

@ekitchens,

Please attach the log in your next post.

Essexboy will be back shortly.  Do you have the OTS log available to post for him to analyze?  Thank you.

[ArminPasalic!]

Here you can read about what can happen if running two AV

See the reply from quietman7
http://www.bleepingcomputer.com/forums/topic260844.html/page__view__findpost__p__1441638

It depends - I'm running Immunet Protect Cloud FREE side-by-side with Avast! Internet Security and it's great.

[Lisandro]

I'm running Immunet Protect Cloud FREE side-by-side with Avast! Internet Security and it's great.

And so?
Does it detect anything missed by avast?

[ArminPasalic!]

Actually, Avast! missed a year old Malware wich immunet blocked(Test at MalwareDomainList)

[Lisandro]

Actually, Avast! missed a year old Malware wich immunet blocked(Test at MalwareDomainList)

Isn't it a false positive?
What does virus total say? Can you post a link to vt?

[ekitchens]

Hello,

Just ran the scan. Attached is my OTS log.

Thanks in advance!

[Raylene]

Many thanks for all the help coming my way. I did clean up the Mcafee files still lurking and I run the cclean again and that black screen which asked me to wait while windiows updated my configuration files went away. Hoorah. I still have those Trj-malware files sitting in my Avast VC as I am still uneast deleting them. They have been there for a while now and when I scan them again (within the chest, right click and scan)  they still come up as Trj and such so I just leave them in the VC. I would like to delete them but not so comfortable doing so. I am not having any bad issues with my computer other than the OS...LOL

May I ask you something? Thank you. I have attempted to update my IE6 and every browser I try says it does not support my OS. If I went ahead and did it anyway would it possibly mess up my IE6? Love and light my friend. Have a wonderful day......Savannah

[essexboy]

@ekitchens,once this run is complete can you let me know what problems remain



Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

[Unregister Dlls]
[Files/Folders - Modified Within 30 Days]
NY ->  1327 C:\Users\Ekitchens\AppData\Local\Temp\*.tmp files -> C:\Users\Ekitchens\AppData\Local\Temp\*.tmp
NY ->  1 C:\Windows\*.tmp files -> C:\Windows\*.tmp
[Files - No Company Name]
NY ->  Rsinofibujidi.dat -> C:\Users\Ekitchens\AppData\Local\Rsinofibujidi.dat
NY ->  Pyeqeriyovuzika.bin -> C:\Users\Ekitchens\AppData\Local\Pyeqeriyovuzika.bin
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]
[Reboot]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix.  Post that information back here

I will review the information when it comes back in.

[ekitchens]

Hi essexboy,

The first time I ran the fix, OTS crashed on the [Emptying Temp Folders] line. I wasn't using the computer and didn't have any programs other than OTS running, so I don't know what happened. A Vista pop-up said it had stopped working.

So I ran the fix again. This time, it went through everything, asked me to reboot and this is the log of actions that came up the second time:

All Processes Killed
[Files/Folders - Modified Within 30 Days]
[Files - No Company Name]
File C:\Users\Ekitchens\AppData\Local\Rsinofibujidi.dat not found!
File C:\Users\Ekitchens\AppData\Local\Pyeqeriyovuzika.bin not found!
[Empty Temp Folders]
 
 
User: All Users
 
User: Ekitchens
->Temp folder emptied: 31832 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 70728047 bytes
->FireFox cache emptied: 85967246 bytes
->Flash cache emptied: 502710 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9676105 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32971 bytes
RecycleBin emptied: 1708641000 bytes
 
Total Files Cleaned = 1,789.00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Ekitchens
->Flash cache emptied: 0 bytes
 
User: Default
 
User: Default User
 
User: Public
 
Total Flash Files Cleaned = 0.00 mb
 
Restore point Set: OTS Restore Point
< End of fix log >
OTS by OldTimer - Version 3.1.38.1 fix logfile created on 10222010_195118

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

[essexboy]

@ekitchens that sometimes happens with Vista


What are your current problems ?

[ekitchens]

Hi essexboy,

My system doesn't seem to be having any trouble. Between the eapp32hst.dll repeat files (about 20 of the same one) being moved to the Avast chest and then deleted and MBAM detecting and deleting the Trojan.Alureon and Trojan.FakeAlert as well as the OTS fix you had me do, I don't know of any other problems at this point.

Does the system look clean or should I run some other log or program to take a look?

Thanks in advance for the help. You've been great!

[ekitchens]

Hi again,

Do you think my system is clean now and it is safe for me to logon to my sites and use this computer again?

Thanks!

[essexboy]

Looking at that I am a happy bunny 

I will remove my tools now and give some recommendations, but I would like you to run for 24 hours or so and come back if you have any problems

 Now the best part of the day ----- Your log now appears clean  :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset  System Restore points:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :Commands
  [resethosts]
  [purity]
  [emptytemp]
  [EMPTYFLASH]
  [Reboot]

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done

Run OTL and hit the cleanup button.  It will remove all the programmes we have used plus itself.  MBAM can be uninstalled via control panel add/remove along with ERUNT.  But they may be useful tools to keep

We will now confirm that your hidden files are set to that, as some of the tools I use will change that

• Click Start.
• Open My Computer.
• Select the Tools menu and click Folder Options.
• Select the View Tab.
• Under the Hidden files and folders heading select Do not show hidden files and folders.
  
• Click Yes to confirm.
• Click OK.

To manually create a new Restore Point

• Go to Control Panel and select System and Maintenance
  
• Select System
  
• On the left select Advance System Settings and accept the warning if you get one
  
• Select System Protection Tab
  
• Select Create at the bottom
  
• Type in a name i.e. Clean
• Select Create

Now we can purge the infected ones

• Go back to the System and Maintenance page
  
• Select Performance Information and Tools
  
• On the left select Open Disk Cleanup
  
• Select Files from all users and accept the warning if you get one
  
• In the drop down box select your main drive i.e. C
• For a few moments the system will make some calculations
• Select the More Options tab
  
• In the System Restore and Shadow Backups select Clean up
  
• Select Delete on the pop up
  
• Select OK
• Select Delete

You are now done

SPRING CLEAN
 
Download and run Puran Disc Defragmenter

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

• SpywareBlaster to help prevent spyware from installing in the first place.
  Malwarebytes.  Run weekly to keep your system clean
  

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

• Microsoft Windows Update
  

To learn more about how to protect yourself while on the internet read our little guide  How did I get infected in the first place ?
Keep safe  :wave: