Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

HELP - Vista Internet Security and more..

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: HELP - Vista Internet Security and more..

Unread postby Cypher » May 6th, 2011, 1:36 pm

Ok lets run one more scan to rule malware out as the cause of your problems.

Java SE Runtime Environment (JRE).

Please download from HERE
  • Find Java SE Runtime Environment (JRE) 6 Update 25.
  • Click the Download JRE button to the right.
  • Choose the correct Platform and Multi-language. Next, check the box that says I agree to the Java SE Runtime Environment 6 License Agreement.
  • Click the Continue button.
  • Click on the filename under Windows Offline Installation and save it to your desktop.
  • Close all active windows.
  • Install the program.
  • Note: remember to Uncheck Free McAfee® Security Scan Plus (optional)

Next.

Please download ATF Cleaner to your desktop.

  • Right-click ATF-Cleaner.exe And select " Run as administrator " to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Next.

ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • First please Disable any Antivirus you have active, as shown in This topic.
  • Note: Don't forget to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scannner
  • Then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.


Logs/Information to Post in your Next Reply

  • ESET log.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove

Re: HELP - Vista Internet Security and more..

Unread postby daboywonder96 » May 6th, 2011, 10:54 pm

Im really sorry for the late reply. I had to leave for work. I really appreciate your help and your patience. I did what u asked me to do. I see the 6 infections are still here. I guess its because even though MBAM found/removed them earlier..the fact that I cant reboot properly (due to the blue screen) thats why they are here. but what do I know lol. Here is the ESET log ;

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - delete file error:Accès refusé.

OnlineScanner.ocx - copy file error :Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.

OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=5be3160b9025084ba286a28461753401
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-05-07 01:25:08
# local_time=2011-05-06 09:25:08 (-0500, Est (heure d'été))
# country="Canada"
# lang=1033
# osver=6.0.6000 NT
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 37419636 37419636 0 0
# compatibility_mode=1024 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776550 66 100 22642200 141327424 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=139258
# found=6
# cleaned=0
# scan_time=11612
C:\Qoobox\Quarantine\[4]-Submit_2011-05-06_10.11.03.zip multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\ProgramData\eK31001IoLbB31001\eK31001IoLbB31001.exe.vir a variant of Win32/Kryptik.NGI trojan (unable to clean) 00000000000000000000000000000000 I
C:\Windows\System32\config\systemprofile\AppData\Local\hnb.exe a variant of Win32/Kryptik.NKR trojan (unable to clean) 00000000000000000000000000000000 I
C:\Windows\System32\config\systemprofile\AppData\Local\jlm.exe a variant of Win32/Kryptik.NGM trojan (unable to clean) 00000000000000000000000000000000 I
C:\Windows\System32\config\systemprofile\AppData\Local\lye.exe Win32/Injector.GCX trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTM\MovedFiles\05062011_123813\C_Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\conhost.exe a variant of Win32/Kryptik.NKV trojan (unable to clean) 00000000000000000000000000000000 I
daboywonder96
Regular Member
 
Posts: 21
Joined: December 13th, 2010, 1:26 pm

Re: HELP - Vista Internet Security and more..

Unread postby Cypher » May 7th, 2011, 5:36 am

Hi daboywonder96.
Im really sorry for the late reply.

No need to apologise it's not a problem :)

Re-run OTM
  • Right-click OTM.exe and select " Run as administrator " to run it.
  • Right-click then copy the following code, Do not include the word Code.
    Code: Select all
    :Files
    C:\Windows\System32\config\systemprofile\AppData\Local\hnb.exe
    C:\Windows\System32\config\systemprofile\AppData\Local\jlm.exe 
    C:\Windows\System32\config\systemprofile\AppData\Local\lye.exe
    ipconfig /flushdns /c
    
    :Commands
    [EmptyFlash]
    [emptytemp]
    [start explorer]
    [Reboot]
    

    • Return to OTM, right-click then paste the code into the blank box below Image
    • Next click on the largeImage button.
    • OTM may ask to reboot the machine. Please do so if asked.
    • Copy everything in the Results window (under the green bar), and paste it in your next reply.

NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Next.

Malwarebytes Anti-Malware

  • Launch the application, Check for Updates >> Perform Quick Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt


Logs/Information to Post in your Next Reply

  • OTM log.
  • Malwarebytes log.
  • Please give me an update on how your computer is performing.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: HELP - Vista Internet Security and more..

Unread postby daboywonder96 » May 7th, 2011, 10:26 pm

Nice the mbam quick scan says theres no infections hehe. but im still worried about the blue screen that i get when I restart/shut down the laptop. it still crash. not sure if u got a solution for that. Here are the log ;

EDIT : I just got a pop up saying "Host Process for windows services stopped working and was closed" (I had it before, but still here)

OTM;

All processes killed
========== FILES ==========
C:\Windows\System32\config\systemprofile\AppData\Local\hnb.exe moved successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\jlm.exe moved successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\lye.exe moved successfully.
< ipconfig /flushdns /c >
Configuration IP de Windows
Cache de r‚solution DNS vid‚.
C:\Users\Jay\Desktop\cmd.bat deleted successfully.
C:\Users\Jay\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Jay
->Temp folder emptied: 772683 bytes
->Temporary Internet Files folder emptied: 486549836 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 8583 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 35840 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 664 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 465.00 mb


OTM by OldTimer - Version 3.1.17.2 log created on 05072011_221159

Files moved on Reboot...

Registry entries deleted on Reboot...

MBAM ;

Malwarebytes' Anti-Malware 1.50.1.1100
http://www.malwarebytes.org

Version de la base de données: 6529

Windows 6.0.6000
Internet Explorer 8.0.6001.18904

07/05/2011 10:22:30 PM
mbam-log-2011-05-07 (22-22-30).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 146499
Temps écoulé: 5 minute(s), 14 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
daboywonder96
Regular Member
 
Posts: 21
Joined: December 13th, 2010, 1:26 pm

Re: HELP - Vista Internet Security and more..

Unread postby Cypher » May 8th, 2011, 5:40 am

Hi daboywonder96.
but im still worried about the blue screen that i get when I restart/shut down the laptop. it still crash. not sure if u got a solution for that.

As this is a dedicated Malware Removal site I think those issues are best left to experts elsewhere..
If you wish i can direct you to a Tech site where they could better advise you than myself about that problem.

your latest set of logs appear to be clean!
This is my general post for when your logs show no more signs of malware.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Time for some housekeeping

  • Click on Start > All programs > Accessories > Run.
  • Now type in ComboFix /Uninstall into the box and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
    Image
The above procedure will reset your System Restore and clear out the backups and quarantines created during the course of this fix.

Next

Clean up with OTM

  • Right-click OTM.exe And select " Run as administrator " to run it. If Windows UAC prompts you, please allow it.
  • This tool will remove all the tools we used to clean your pc.
  • Close all other programs apart from OTMoveIt3 as this step will require a reboot
  • On the OTM main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.

You can now delete any tools we used if they remain on your Desktop.

Update Firefox

  • Your version of Firefox is outdated.
  • In the Firefox browser click Help > Check for updates to install the latest version.

Here are some free programs I recommend that could help you improve your computer's security.

Install SpywareBlaster
Download and install Javacools SpywareBlaster from Here
SpywareBlaster adds a list of ActiveX controls, tracking cookies and sites which will be blocked in either Internet Explorer or Firefox browsers. You need to manually check for updates regularly.

Install SiteAdvisor
SiteAdvisor is a toolbar for Microsoft Internet Explorer and Mozilla Firefox which alerts you if you're about to enter a potentially dangerous website.
You can find more information and download it from Here

Install WinPatrol
As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
For more information, please visit HERE

MVPS Hosts

Install MVPS Hosts File From Here
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
You can Find the Tutorial HERE

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Microsoft Windows Update
Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Install the updates immediately if they are found.
To update Windows
Go to Start > All Programs > Windows Update > Check for updates.
To update Office
Open up any Office program.
Go to Help > Check for Updates

I would be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Safe surfing!
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: HELP - Vista Internet Security and more..

Unread postby daboywonder96 » May 8th, 2011, 11:56 am

Hey Cypher, thanks again. really appreciate. I got one last problem lol remember i renamed the combofix to "ahshshha" to make it work earlier? now when i try to uninstall it with " ComboFix /Uninstall " it says windows cant find ahshshha. I tried to rename it "ComboxFix) but then when i try to uninstall it..it just doesnt appear in the run box lol weird.
and yes i would appreciate if you could give me a good tech site for my blue screen problem =]
daboywonder96
Regular Member
 
Posts: 21
Joined: December 13th, 2010, 1:26 pm

Re: HELP - Vista Internet Security and more..

Unread postby Cypher » May 8th, 2011, 12:03 pm

Hi.
To uninstall ComboFix just do the following.


Here are some excellent Tech sites (in no particular order) that may be able to help with your other problem:


Any other questions?
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: HELP - Vista Internet Security and more..

Unread postby daboywonder96 » May 8th, 2011, 12:38 pm

I wanna thank you again for your time and patience. You're the best Cypher. Have a great day!!!
daboywonder96
Regular Member
 
Posts: 21
Joined: December 13th, 2010, 1:26 pm

Re: HELP - Vista Internet Security and more..

Unread postby Cypher » May 8th, 2011, 12:44 pm

Hi.
I wanna thank you again for your time and patience.

You're most welcome, good luck and stay safe.
As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 284 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware