Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

slow computer, credit card# stolen, FB ID taken.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: slow computer, credit card# stolen, FB ID taken.

Unread postby Dakeyras » March 14th, 2011, 6:50 pm

Hi. :)

the computer is running smoothly now. Start up is quick, and no freezing up.
Good.

Just another thing that I thought of.... we recently got a new FIOS connection with wireless router, we have had it for a little over a month. After years of being on DSL and having relatively no computer problems it sure is a coincidence that I suddenly had problems.
Probably be prudent too reset your Router, apply a new admin' password and check for any firmware updates also as a precaution.

New Adobe Reader Installation:

  • Go here and click on AdbeRdr1000_en_US.exe to download the latest version of Adobe Reader.
  • Save this file to your desktop and run it to install the latest version of Adobe Reader.
  • After the new Reader is installed, Open Adobe Reader X. (Right click and Run as administrator in Visat/Win7)
  • OK the license.
  • Click on Edit and select Preferences.
  • On the Left, click on the Javascript category and Uncheck Enable Acrobat Javascript.
  • Click on the Security (Enhanced) category and Uncheck Automatically trust sites from my Win OS security zones.
  • Click on the Trust Manager category and Uncheck Allow opening of non-PDF file attachments with external applications.
  • Click the OK button

New Java Installation:

  • Click here to visit Java's website.
  • Scroll down to Java SE 6 Update 24 (JDK or JRE). Click on Download JRE.
  • Select Windows from the drop-down list for Platform.
  • Check (tick) Java SE Runtime Environment 6u24 with JavaFX License Agreement box and click on Continue.
  • Click on jre-6u24-windows-i586.exe link to download it and save this to a convenient location.
  • Double-click on jre-6u24-windows-i586.exe to install Java.

Note: During installation de-select the option to install McAfee Security Scan Plus.

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go here then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered?
  • Eset Log.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra
Advertisement
Register to Remove

Re: slow computer, credit card# stolen, FB ID taken.

Unread postby Mossydog » March 15th, 2011, 12:40 pm

Hi Dakeyras,
the computer is still running good.
I am definitely going to take care of the password on the new router today.

I had a bit of trouble running the ESET Online Scanner... It kept saying that it had an error while downloading the database. I had turned off the AVG anti-virus but I then turned off the ZoneAlarm firewall too. I finally got it to download the files it needed and it scanned just fine.

Thanks, Mossydog

Below is the log file...

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=b0758e224ce494428deb33e6202327d6
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-03-15 08:21:21
# local_time=2011-03-15 01:21:21 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1032 16777189 100 95 0 56895752 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# compatibility_mode=9217 16777214 75 70 377157 2012362 0 0
# scanned=174821
# found=1
# cleaned=0
# scan_time=5583
C:\1-Angie\RegistryEasy.exe a variant of Win32/Adware.RegistryEasy application (unable to clean) 00000000000000000000000000000000 I
Mossydog
Regular Member
 
Posts: 32
Joined: January 12th, 2005, 12:42 pm
Location: Seattle

Re: slow computer, credit card# stolen, FB ID taken.

Unread postby Dakeyras » March 15th, 2011, 6:12 pm

Hi. :)

the computer is still running good.
I am definitely going to take care of the password on the new router today.
Good.

I had a bit of trouble running the ESET Online Scanner... It kept saying that it had an error while downloading the database. I had turned off the AVG anti-virus but I then turned off the ZoneAlarm firewall too. I finally got it to download the files it needed and it scanned just fine.
OK and thank you for the information/update etc.

What the online scan has flagged appears to be what is known as a false positive and most likely relates to the installer for Registry Easy application(not installed as far as I can tell)...These types of applications actually very very rarely perform what they advertise and actually in most instances do more harm than good and can leave a machine unbootible. Anyway either way, it is best removed and by doing so will not affect your machine adversely.

Now if you do not mind I would like a copy of the file in question for analysis/future reference please...

Next:

Ensure hidden files(as a precaution just in-case the below is hidden) are visible via checking as follows:-

  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Show hidden files and folders.
  • Uncheck the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Click OK.

Now please go to my file submission channel here.

Next to the box:- Link to topic where this file was requested: Add in the below:-
Code: Select all
http://www.malwareremoval.com/forum/viewtopic.php?f=11&t=56046
Next to the box: Browse to the file you want to submit: click on the Browse... tab and navigate to the below:-

C:\1-Angie\RegistryEasy.exe

Then click on the Send File tab. I will be notified when the file has been uploaded, thank you.

Custom OTL Script:

  • Double-click OTL.exe to start the program.
  • Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
Code: Select all
:Files 
C:\1-Angie\RegistryEasy.exe

:Commands
[EmptyTemp]
  • Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
  • Then click the red Run Fix button.
  • Let the program run unhindered.
  • If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.

Note: The logfile can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

Next:

When completed the above, post the log from the above custom script and let myself know if any further issues remaining, thank you.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: slow computer, credit card# stolen, FB ID taken.

Unread postby Mossydog » March 15th, 2011, 8:20 pm

Hi Dakeyras,
The computer rebooted after running the OTL program and it was the fastest reboot ever. I am amazed. I have never used that Registry Easy program, it looks like I downloaded it a year ago and can't remember why. Anything that involves the registry I do not mess with unless told to by one of you experts. :)

I sent the file to your site on Bleepingcomputer.

Once again, I thank you for all the time that you have spent with me and my computer.

Below is the OTL log...

All processes killed
========== FILES ==========
C:\1-Angie\RegistryEasy.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: The Moss Family
->Temp folder emptied: 549468 bytes
->Temporary Internet Files folder emptied: 328420911 bytes
->Java cache emptied: 0 bytes
->Opera cache emptied: 14942426 bytes
->Flash cache emptied: 3766 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 739 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 328.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 03152011_165543

Files\Folders moved on Reboot...
C:\Documents and Settings\The Moss Family\Local Settings\Temp\~DF4F90.tmp moved successfully.
File\Folder C:\WINDOWS\temp\ZLT028c8.TMP not found!

Registry entries deleted on Reboot...
Mossydog
Regular Member
 
Posts: 32
Joined: January 12th, 2005, 12:42 pm
Location: Seattle

Re: slow computer, credit card# stolen, FB ID taken.

Unread postby Dakeyras » March 16th, 2011, 5:56 am

Hi. :)

The computer rebooted after running the OTL program and it was the fastest reboot ever. I am amazed.
Good.

I have never used that Registry Easy program, it looks like I downloaded it a year ago and can't remember why. Anything that involves the registry I do not mess with unless told to by one of you experts. :)
:thumbup:

I sent the file to your site on Bleepingcomputer.
Thank you.

Once again, I thank you for all the time that you have spent with me and my computer.
You're most welcome! Congratulations your computer appears to be malware free!

Now I have some tasks for your good self to carry out as part of a clean up process and some advice about online safety.

Importance of Regular System Maintenance:

I advice you read both of the below listed topics as this will go a long way to keeping your Computer performing well.

Help! My computer is slow!

Also so is this:

What to do if your Computer is running slowly

Reset SR Points/Clean up with OTL:

  • Double-click OTL to start the program.
  • Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
Code: Select all
:Commands
[ClearAllRestorePoints]
  • Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
  • Then click the red Run Fix button.
  • Let the program run unhindered. When finished click on OK and close the log that appears.
  • Note: I do not need to review the log produced.
  • Now close all other programs apart from OTL as this step will require a reboot.
  • On the OTL main screen, depress the CleanUp button.
  • Say Yes to the prompt and then allow the program to reboot your computer.

The above process will flush old System Restore points and create a new clean one. It should also clean up and remove the vast majority of scanners used and logs created etc.

Any left over merely delete yourself and empty the Recycle Bin.

Now some advice for on-line safety:

Malwarebyte's Anti-Malware:

This is a excellent application and I advise you keep this installed. Check for updates and run a scan at least once a week.

Other installed security software:

Your presently installed security application, AVG11 automatically checks for updates and downloads/installs them with every system reboot and or periodically if the machine is left running providing a internet connection is active.

I advise you also run a complete scan with this also at least once per week.

Erunt:

Emergency Recovery Utility NT, I advice you keep this installed as a means to keep a complete backup of your registry and restore it when needed.

Myself I would actually create a new back up once per week as this along with System Restore may prove to be invaluable if something unforeseen occurs!

Keep your system updated:

Microsoft releases patches for Windows and other products regularly:


Be careful when opening attachments and downloading files:

Never open email attachments, not even if they are from someone you know. If you need to open them, scan them with your antivirus program before opening.
Never open emails from unknown senders.
Beware of emails that warn about viruses that are spreading, especially those from antivirus vendors. These email addresses can be easily spoofed. Check the antivirus vendor websites to be sure.
Be careful of what you download. Only download files from known sources. Also, avoid cracked programs. If you need a particular program that costs too much for you, try finding free alternatives on Sourceforge or Pricelessware.

Stop malicious scripts:

Windows by default allow scripts (which is VBScript and JavaScript) to run and some of these scripts are malicious. Use Noscript by Symantec or Script Defender by AnalogX to handle these scripts.

Avoid Peer to Peer software:

P2P may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. My advice is avoid these types of software applications.

Hosts File:

A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your computer will look up the website's IP address before you can view the website.

Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.

Here are some Hosts files:


Only use one of the above!

Update your installed WinPatrol:

WinPatrol alerts you about possible system hijacks, malware attacks and critical changes made to your computer without your permission.

Download the latest version from from here.

You can find information about how WinPatrol works here.

Next:

This is a very helpful/useful set of advice from Microsoft: Microsoft Safety & Security Center

Any questions? Feel free to ask, if not stay safe!
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: slow computer, credit card# stolen, FB ID taken.

Unread postby Wingman » March 17th, 2011, 12:22 pm

As your problems appear to have been resolved, this topic is now closed.
We are pleased we could help you resolve your computer's malware issues.

If you are satisfied with our assistance and wish to donate to help with the costs of this volunteer site, please read :
Donations For Malware Removal
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14109
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 44 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware