Author Topic: "Privacy Protection" scam and disabling of avast,etc.  (Read 15992 times)

0 Members and 1 Guest are viewing this topic.

Offline choirgirl1

  • Jr. Member
  • **
  • Posts: 24
Re: "Privacy Protection" scam and disabling of avast,etc.
« Reply #30 on: November 28, 2011, 12:47:37 AM »
Running...

Offline choirgirl1

  • Jr. Member
  • **
  • Posts: 24
Re: "Privacy Protection" scam and disabling of avast,etc.
« Reply #31 on: November 28, 2011, 12:51:50 AM »
Here's the resulting file:

Offline choirgirl1

  • Jr. Member
  • **
  • Posts: 24
Re: "Privacy Protection" scam and disabling of avast,etc.
« Reply #32 on: November 28, 2011, 03:33:20 AM »
I also ran a thorough Malwarebytes scan and a custom (EVERYTHING) Avast scan and nothing was detected. I'm assuming everybody is shut down for the night, so I will too. Must do day job tomorrow, but will check back in the afternoon (Pacific time). I'll work offline until I hear back from someone, but it looks clean. Thank you!  :)

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4142
  • Some days..... MOS...this bug's for you
Re: "Privacy Protection" scam and disabling of avast,etc.
« Reply #33 on: November 28, 2011, 08:34:31 AM »
Hi choirgirl1,

Were Avast and MBAM updated when you ran the scans? If they were then you must have been connected to the internet. Did you notice anything unusual in the computer's behavior?

There are a couple of oddities in the log but I think that may be due to your operating system. When you post back please give me an update on the computer, ie it's running fine, better etc.

Thanks

Offline choirgirl1

  • Jr. Member
  • **
  • Posts: 24
Re: "Privacy Protection" scam and disabling of avast,etc.
« Reply #34 on: November 29, 2011, 12:48:40 AM »
Hi OLdman
No, I had disconnected from our wireless and the programs didn't update. The laptop seems to be working fine therwise, but I still haven't tried internet yet. Should I go ahead, connect, then update Avast & MBAM? Is there anything I should watch out for that would hint at a lurking problem? Thanks for all your help!

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4142
  • Some days..... MOS...this bug's for you
Re: "Privacy Protection" scam and disabling of avast,etc.
« Reply #35 on: November 29, 2011, 02:58:23 AM »
Hi choirgirl1,

Yes, connect and update both programs. Please post the MBAM log.

Offline choirgirl1

  • Jr. Member
  • **
  • Posts: 24
Re: "Privacy Protection" scam and disabling of avast,etc.
« Reply #36 on: November 29, 2011, 07:58:10 AM »
Avast updated but MBAM wouldn't - gave me an error message which I passed on to their support. I ran MBAM yesterday after starting up my laptop, so I'm attaching those logs. LAptop seems fine, and Firfox seems fine, but Internet Explorer isn't - doesn't load some pages or parts of pages. I think it had to do with Java script and I might have changed some settings, but have tried to put them back, so I don't know. So I'm still a little nervous about using the internet for business, payments, etc. What do you think?

YoKenny

  • Guest
Re: "Privacy Protection" scam and disabling of avast,etc.
« Reply #37 on: November 29, 2011, 02:32:10 PM »
That is a very old version of MBAM
Quote
Malwarebytes' Anti-Malware 1.40
Database version: 2551

The current version is 1.51.2.1300 and the database is at 8269
http://www.filehippo.com/download_malwarebytes_anti_malware

Please go to PROFILE then Modify Profile then Forum Profile Information then select your country in Please select your country: then update your Signature: with information like my signature as this helps the helpers offer pertinent advice.


Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4142
  • Some days..... MOS...this bug's for you
Re: "Privacy Protection" scam and disabling of avast,etc.
« Reply #38 on: November 29, 2011, 06:14:43 PM »
Hi choirgirl1 ,


I honestly don't know what to tell you. Your Operating System is a sense is unique and there aren't many of the tools we use that will run on it. For this reason many forums will not work on an XP 64bit machine. When xp64 came out it was thought of as "bullet proof" as it couldn't be infected with a rootkit and only the 32bit side could become infected which could easily be cleaned. The foks that develop the tools must have decided for those reasons and the fact that the OS was rare that it wasn't necessary to program the tools to deal with the OS. Even though it's a 64bit system it is not quite the same as a Vista or Win7 64 system and some of the routines that the tools use will not work. 

 I've compared your log to the few I could find on the internet and they look the same as far as what is shown in your log. Going on that we can clean this machine as best we can.

MBAM being that old may have tried to overinstall itself during the update. I've had that happen, an uninstall reinstall set things right. Stick with the MBAM topic as it may well be something else.

Was IE working properly before the infection? You can try the steps in the link elow to see if restting IE will help. There is also some info on what a reset will do. I suggest you not use the Fixt Tool as it may not be compatible with the OS. The FixIt Tool is an automated version of the manual steps outlined.

Give it a try and let us know how it goes.

http://support.microsoft.com/kb/923737

Offline choirgirl1

  • Jr. Member
  • **
  • Posts: 24
Re: "Privacy Protection" scam and disabling of avast,etc.
« Reply #39 on: November 30, 2011, 07:36:54 AM »
Thank you, I will. And yes, IE had been working okay - though maybe a little slow, but not buggy. I don't have much time im the next couple of days, but I'll see what MBAM has to say and follow your link, probably Thursday. I'll let you know what I find out. Thanks so much for hangin' in there with me! :)

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4142
  • Some days..... MOS...this bug's for you
Re: "Privacy Protection" scam and disabling of avast,etc.
« Reply #40 on: December 02, 2011, 02:25:52 AM »
Hi choirgirl1,

How you making out? We have a wee bit more to do but I was waiting for you.

Offline choirgirl1

  • Jr. Member
  • **
  • Posts: 24
Re: "Privacy Protection" scam and disabling of avast,etc.
« Reply #41 on: December 02, 2011, 05:49:24 AM »
Hi Oldman!
Finally had time to do something. I've downloaded and installed the updated version of MBAM. I ran a scan and it crashed, restarting my computer, so I ran it again. This time it actually found a Fake Trojan, which is certainly what that malicious program was. I've attached the resulting log. I will also look into the other lonk you sent, though I've played with the settings for IE and things seem to be working, but I'm not sure it's set securely enough. I probably need to update IE too, so will be looking at that too. You mentioned something else we should do, so I'll be back!

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4142
  • Some days..... MOS...this bug's for you
Re: "Privacy Protection" scam and disabling of avast,etc.
« Reply #42 on: December 02, 2011, 05:43:01 PM »
Hi choirgirl1,

Don't worry about the MBAM detection it was a file we had quarantined with OTL. The rest will be removed when we remove OTL. I think we have this cleaned up as best we can except for the old and most likely infected System Restore points. We'll clean those up.


Create a new restore point

You must be logged on to an administrator account
  • Go to Start - All Programs - Accessories - System Tools - System Restore.
  • Click Create a restore point, and then click Next.
  • In the text box labeled Restore Point Description, type a name for this restore point
  • click create
* Remove old restore points

  • Go to Start - All Programs - Accessories - system tools.
  • Launch the Disk Cleanup tool and let it run.
  • When it finishes a box with tabs will appear, select the more options tab.
  • On this tab you will find a section for System Restore.
  • If you press the Clean Up button for that section, Windows will delete all restore points except for the most recent one.


From your desktop, please delete, if present
  • any notepads/logs that we created


Next

Open OTL then click the Clean Up button. You may get prompted by your firewall that OTL wants to contact the internet -  allow this.  A cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click [color="red"]Yes[/color]. This will do some clean up tasks and delete some of the tools you have downloaded plus itself.

I suggest you keep MBAM. Keep it updated and use it regularly.



Updates and Upgrades

Looks like you have removed the Extra.txt from this thread so I'll have to go by memory. I seem to recall seeing some old java installed on the computer, possibly even version 4. The current version is Java SE 7u1.

  • Go to  Java
  • Scroll down to Java Platform, Standard Edition section. The subheading is Java SE 7 U1,
  • Click the Download JRE button on the right.
If Information Bar pop-ups up, right-click on it and say it's OK to display the blocked content.
  • Accept the license agreement,
  • Scroll down and click on jre-7u1-windows-x64.exe
  • Save the file jre-7u1-windows-x64.exe to your desktop;
Do not select Run . Do not install it yet.

When the download is complete, close yous browser.

Open Control Panel > Add/Remove Programs and uninstall

All older versions of java

Do not uninstall Java TM 7 Update 1 if found!

Reboot your computer.

  • Double-click on the saved file ( jre-7u1-windows-x64.exe) to install the update.
  • Decline the offer to install Ask ToolBar
  • Delete the downloaded installation file after completing the above procedure and reboot if not prompted to do so.

Next, clear the java cache

To clear the Java Plug-in cache:
  • Click Start > Control Panel.
  • Double-click the Java icon in the control panel.
  • On the General tab, Click Settings under Temporary Internet Files.
  • On the Temporary Files Settings screen, Click Delete Files.
  • check all boxes
  • Click OK
Some Recommendations and prevention tips

Basic security consists of 1 antivirus program, 1 resident antispyware program, 1 on demand antispyware program and a firewall. Just add a firewall to what you have.

* If you are behind a router Windows firewall should be fine. Otherwise a 3rd party firewall with outbound monitoring is recommended.

Click FIREWALL for links and tutorials to good, free and paid for firewalls. (Note: Zone Alarm is becoming bloatware)

You should also use Spyware Blaster to help immunize your computer.

 - SpywareBlaster will add a large list of programs and sites into your Internet Explorer
settings that will protect you from running and downloading known malicious programs.
 
OR

A guide to understanding and using the hosts file.

Learn how your Hosts file can protect you and how you can protect it.
Besides the Hosts file information, there are links to a very good updated hosts file, a host file manager. and some programs that can protect your hosts file.
HOSTS

Please read the info on disabling the DNS Client before installing a custom hosts file.


-Secure your Internet Explorer

From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.

- Keeping your Windows up-to-date is crucial to your computer's security. Please go to the Windows Update Site (using Internet Explorer) and download and install all critical updates on a regular basis

- Make sure you have reset Automatic Updates to your chosen optionClick your start button > Control Panel > System > Automatic Updates tab

- Keep your antivirus program updated, as well as any other security programs you have.

 Please post back if you have any problems.

Take care


Offline choirgirl1

  • Jr. Member
  • **
  • Posts: 24
Re: "Privacy Protection" scam and disabling of avast,etc.
« Reply #43 on: December 05, 2011, 02:49:34 AM »
Thank you for ALL your help Oldman. I did everything you suggested and I sincerely appreciate your patience and careful explaining to me. We'll see how it goes, but everything seems fine right now. Have a wonderful Christmas season! Thanks again!

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4142
  • Some days..... MOS...this bug's for you
Re: "Privacy Protection" scam and disabling of avast,etc.
« Reply #44 on: December 05, 2011, 06:03:08 PM »
Hi choirgirl1,

You're welcome.

Merry Christmas to you and yours too. If you have any problems you can always come back.


Take care, keep safe.