Author Topic: Possible security issues?  (Read 10154 times)

0 Members and 1 Guest are viewing this topic.

Offline Jaymie1989

  • Newbie
  • *
  • Posts: 19
Re: Possible security issues?
« Reply #30 on: August 01, 2011, 11:15:58 PM »
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-08-01 22:15:25
Windows 6.1.7601 Service Pack 1
Running: gmer.exe


---- Registry - GMER 1.0.15 ----

Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001f8100011c                     
Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001f8100011c (not active ControlSet) 

---- EOF - GMER 1.0.15 ----

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40631
  • Dragons by Sasha
    • Malware fixes
Re: Possible security issues?
« Reply #31 on: August 02, 2011, 12:02:35 AM »
Another expert thought is to search the entire registry - this may take up to 10 minutes

1. Launch Notepad, and copy/paste the contents of the quote box below into a new Notepad file. Save it with file name options.txt and save as file type: all files to your desktop.   
   
Quote
RegSearch Options File   
   
[Search]   
 _uninst_39020753
8233203.exe
 
 
[Options]   
Filter=KVDLUI
   
 
2. Download Registry Search to your desktop.
  • Right click on the compressed RegSearch folder, and choose "Extract All". In the box that pops open, click "Next", then "Next" again, and then "Finish". You now have another RegSearch folder on your desktop.
  • Open the new folder, and double click on regsearch.exe
  • Click "Import" in the lower left corner and browse to the options.txt file that you just saved on your desktop. Do not choose the one in the RegSearch folder itself. 
  • Click OK and Registry Search will scan your registry for the file(s), and a Notepad box will open with a report.
  • Please reply here with the entire contents of the Notepad file from RegSearch.

Offline Jaymie1989

  • Newbie
  • *
  • Posts: 19
Re: Possible security issues?
« Reply #32 on: August 02, 2011, 06:09:15 PM »
Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.6.0

; Results at 02/08/2011 17:06:22 for strings:
;  '_uninst_39020753'
;  '8233203.exe'
; Strings excluded from search:
;  (None)
; Search in:
; Registry Keys  Registry Values  Registry Data 
; HKEY_LOCAL_MACHINE  HKEY_USERS 


[HKEY_USERS\S-1-5-21-2605978935-3684104221-935809672-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\\Users\\Freestyle Dust\\AppData\\Local\\Temp\\RarSFX0\\8233203.exe"="8233203"

[HKEY_USERS\S-1-5-21-2605978935-3684104221-935809672-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\\Users\\Freestyle Dust\\AppData\\Local\\Temp\\RarSFX0\\8233203.exe"="8233203"

; End Of The Log...

thats the exe that keeps popping up.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40631
  • Dragons by Sasha
    • Malware fixes
Re: Possible security issues?
« Reply #33 on: August 02, 2011, 09:02:59 PM »
Sneaky never seen one run from there before

Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

Code: [Select]

[Unregister Dlls]
[Custom Items]
:Files
ipconfig /flushdns /c
C:\Users\Freestyle Dust\AppData\Local\Temp\RarSFX0
:Reg
[HKEY_USERS\S-1-5-21-2605978935-3684104221-935809672-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Freestyle Dust\AppData\Local\Temp\RarSFX0\8233203.exe"=-
[HKEY_USERS\S-1-5-21-2605978935-3684104221-935809672-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Freestyle Dust\AppData\Local\Temp\RarSFX0\8233203.exe"=-
:end
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix.  Post that information back here

I will review the information when it comes back in.

Depending on what the fix contains, this process may take some time and your desktop icons might disappear or other uncommon behavior may occur.

This is no sign of malfunction, do not panic!

Offline Jaymie1989

  • Newbie
  • *
  • Posts: 19
Re: Possible security issues?
« Reply #34 on: August 03, 2011, 04:16:17 PM »
Files\Folders moved on Reboot...
C:\Users\Freestyle Dust\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Freestyle Dust\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{12CB48E9-DA42-42B1-BA11-10C3F11974FE}.tmp moved successfully.
C:\Users\Freestyle Dust\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{94B52F68-BF83-41C6-A1C3-D26342276A78}.tmp moved successfully.
C:\Users\Freestyle Dust\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{99D0E511-5330-4D07-9EE9-A1775F0699E7}.tmp moved successfully.
C:\Users\Freestyle Dust\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{EDA87615-D080-4811-AB28-B9FF28473036}.tmp moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-2512.log moved successfully.

Registry entries deleted on Reboot...

I am not getting that pop up anymore about the 8233203.exe

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40631
  • Dragons by Sasha
    • Malware fixes
Re: Possible security issues?
« Reply #35 on: August 03, 2011, 08:29:02 PM »
Grand - and I now have somwhere new to look

If all is OK by tomorrow let me know and I will remove my tools

Offline Jaymie1989

  • Newbie
  • *
  • Posts: 19
Re: Possible security issues?
« Reply #36 on: August 04, 2011, 04:31:38 PM »
Nothing has popped up anymore.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40631
  • Dragons by Sasha
    • Malware fixes
Re: Possible security issues?
« Reply #37 on: August 05, 2011, 08:42:59 PM »
Unfortunately I do not have access to my full clean spiel so

Subject to no further problems   :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

 Now the best part of the day ----- Your log now appears clean  :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset  System Restore points:

Run OTS and hit the cleanup button.  It will remove all the programmes we have used plus itself. 

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

   Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site  and click Do I have Java
  • It will check your current version and then offer to update to the latest version

SPRING CLEAN
 

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
 
Malwarebytes.  Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit To learn more about how to protect yourself while on the internet read our little guide  How did I get infected in the first place ?
Keep safe  :wave: