Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Virus shutting down IE and Outlook-Strange icon on desktop

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Virus shutting down IE and Outlook-Strange icon on deskt

Unread postby Scolabar » January 4th, 2012, 7:16 am

Hi jillo1013,

I am sorry to hear about your injury. I hope the damage to your finger isn't too severe and wish you a speedy recovery. :)
In the meantime I will try to keep the typing you need to do to a minimum. ;)

Please Note: I would be grateful if you could refrain from running any tools/utilites and installing/uninstalling any software unless I request you to do so until the computer has been declared to be clear of infection. Otherwise the cleanup process is likely to long-winded at best, if not fruitless. ;)

Again, please remember to read the instructions below carefully before executing and perform the steps, in the order given.
If you have any questions about or problems executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.

Before we proceed please make sure any open programs are closed.

Step 1:
Avast! Scan Reports

Let's get screen captures of those Avast boot and full scan reports:

For each Avast scan report, please complete the list of instructions below:
Note: Long scan reports will require multiple screen captures accomplished by scrolling through and capturing the report in sections.

  1. Open the scan report (- scroll down the report to make sure all entries are captured as required).
  2. Press the key called Print Screen (sometimes named PRTSCR) usually located on the top right-hand side of your keyboard.
  3. Click on Start > Run.
  4. In the text entry box type:

      mspaint

  5. Then click on the OK button. Ms Paint will now open.
  6. Select Edit > Paste to paste the screen capture into the MS Paint window.
  7. Select the File > Save As... option.
  8. Save file as <imagename>.jpg to the Desktop.
  9. Save as file type JPEG (*.JPG, *.JPEG...) to keep the file size to a minimum.
      Example file names:
        avastbs1.jpg <-- boot scan image 1
        avastbs2.jpg <-- boot scan image 2
        etc
        avastfs1.jpg <-- full scan image 1
        etc
  10. Please then either:
    1. Upload the images to ImageShack. Then Copy and Paste the url links generated into your next post.
        or
    2. Add the .jpg files as attachments to your next reply.

Step 2:
TDSSKiller Log

jillo1013 wrote:The tdsskiller scan reported no errors and what report it did show was not copyable.
Please locate and open the file C:\TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt in Notepad (- double-clicking on the file should automatically open the file in Notepad).
Then Copy and Paste the entire contents of the TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt file into your next reply.

Step 3:
Include in Next Post

  1. Did you have any problems carrying out the instructions?
  2. Screen Captures of Avast! Anti-Virus Scan Reports.
  3. TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt.

Scolabar
---------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed
User avatar
Scolabar
MRU Honors Grad Emeritus
 
Posts: 1172
Joined: April 22nd, 2009, 3:10 pm
Advertisement
Register to Remove

Re: Virus shutting down IE and Outlook-Strange icon on deskt

Unread postby jillo1013 » January 4th, 2012, 7:59 pm

THANK YOU FOR HELPING ME COPY THE AVAST SCREEN SHOTS!!!!

I am going to attach everything you've asked for.
You do not have the required permissions to view the files attached to this post.
jillo1013
Active Member
 
Posts: 13
Joined: December 28th, 2011, 1:22 pm

Re: Virus shutting down IE and Outlook-Strange icon on deskt

Unread postby jillo1013 » January 4th, 2012, 8:04 pm

Didn't realize the full scan didn't attach.

:?
You do not have the required permissions to view the files attached to this post.
jillo1013
Active Member
 
Posts: 13
Joined: December 28th, 2011, 1:22 pm

Re: Virus shutting down IE and Outlook-Strange icon on deskt

Unread postby Scolabar » January 5th, 2012, 4:45 am

Hi jillo1013,

I am afraid I have some bad news for you. :(

Your Avast reports show clear signs of multiple Keylogger/Backdoor/Rootkit infections.

This means your attacker may have full remote access to your computer and can use it as if he were sat in front of it.

You are strongly advised to do the following immediately:
  1. Disconnect the computer from the Internet and from any networked computers until it is cleaned.
  2. Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts. It will be a hassle but you should probably change all your account numbers.
  3. From a clean computer, change *ALL* your passwords: (Internet login, your email address(es), financial accounts, PayPal, eBay, Amazon... any online activities you carry out which require a username and password).
    Do NOT change your passwords from this computer, an attacker can still get all the new passwords and transaction records.
  4. Back up all your important data except programs. The programs can be reinstalled back from the original disc or from the Net.

As a result of the Keylogger/Backdoor/Rootkit nature of the infections, your computer is very likely to have been compromised and there is no way that it can be trusted again. Many experts in the security community believe that once infected with this type of malware, the best course of action would be to reformat and re-install the operating system (OS). This decision will have to be made by you...

Guide to re-formatting and re-installing courtesy of wng_z3r0.

To help you decide, please take some time to read the following articles:

What are Remote Access Trojans and why are they dangerous
How do I respond to a possible identity theft and how do I prevent it
When should I re-format and reinstall my OS
How and Where to backup your files
Restoring your backups

Please let me know how you would like to proceed.

Scolabar
---------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed
User avatar
Scolabar
MRU Honors Grad Emeritus
 
Posts: 1172
Joined: April 22nd, 2009, 3:10 pm

Re: Virus shutting down IE and Outlook-Strange icon on deskt

Unread postby jillo1013 » January 5th, 2012, 9:16 am

Scolabar,
You have given me very bad news indeed! I immediately disconnected the internet, have changed my bank password, as well as paypal. I will address Amazon here shortly, along with my online bill pay companies. I could really kick myself for being so negligent!

Sorry to put you through so much work only to have it end like this. I really appreciate what you did to help me. It's a blessing you folks offer us this service. I will follow your suggestions to dump the OS but only with help or get a friend to do it. It eventually will be given it to my father, so that day may have come sooner rather than later.

Thanks again,
Jillo1013
jillo1013
Active Member
 
Posts: 13
Joined: December 28th, 2011, 1:22 pm

Re: Virus shutting down IE and Outlook-Strange icon on deskt

Unread postby Scolabar » January 5th, 2012, 5:19 pm

Hi jillo1013,

Thank you for the update and letting me know your decision. :thumbright:

Just one recommendation I would sugest, having that you have multiple users on the computer, is that it would be advisable when setting any new system to configure the system with one admin user that has full administrative privileges, for the sole purpose of system adminstration where any software and updates should be installed, and then set up all the other users with standard privileges. Although this means normal users won't be able to install and update software, this will mean the system will be much less prone to malware infection and any software installations, removals and updates can be managed in a more controlled manner.

Below are the instructions I normally provide once a computer has been declared clear of infection, which will still be relevant once the reformatting and reinstallation of your computer has been completed:

Step 1:
Hard Disk Formatting Advice

When reformatting the hard disk it is advisable to select the low-level format (writing zeros - one pass is sufficient unless you are really paranoid) option, although this does take considerably longer depending on the size of the hard disk, it is the safest way to make sure you wipe all traces of data from the drive.

Step 2:
Security Vulnerabilities

I cannot stress how important it is to keep your security software up-to-date. In particular, if you don't keep your Operating System and Internet Explorer up-to-date the computer will be open to re-infection. Since we have been working on your computer the following software has been updated. ;)

The same equally applies to the programs you use. Please see the Further Guidelines section below for more information about the outdated programs on your infected system and for keeping your programs up-to-date in future.

Step 3:
Improve Your Computer's Security

MalwareBytes' AntiMalware
It is worth keeping MalwareBytes' AntiMalware and installing it on your reinstalled system. Updating the program and running a scan once every couple of weeks will help you to keep malware free.

Below are some additional (free) programs, that can help improve your computer's security.
Many feel that having a "layered" protection scheme is beneficial, you'll have to decide what works best for your situation. You may like to give them a try. :)

    WinPatrol
    Download it from Copyright © BillP Studios.
    Information about how WinPatrol works, is available Here.
    (The free version of WinPatrol provides limited real-time protection.)

    SiteAdvisor
    SiteAdvisor is a toolbar for Microsoft Internet Explorer and Mozilla Firefox which alerts you if you're about to enter a potentially dangerous website.
    You can find more information and download it from Here .

    SpywareBlaster
    Download and install Javacool's SpywareBlaster from Here.
    SpywareBlaster adds a list of ActiveX controls, tracking cookies and sites which will be blocked in either Internet Explorer or Firefox browsers. You need to manually check for updates regularly.

    Web of Trust (WOT)
    Install Web of Trust (WOT). WOT keeps you from dangerous websites with warnings and blockings.
    You can find more information about the program and download it from Here .

    MVPS Hosts
    For added protection you may also like to add a hosts file. A simple explanation of what a Hosts file does is provided here.
    Install MVPS Hosts File from here.
    The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
    You can read the Tutorial here.

    Panda USB Vaccine
    Protect your computer from removable or USB drive infections with Panda USB Vaccine. It is an effective method of preventing the spread of malware.
    You can download and learn more about this product from Here.

    Anti-virus Product Alternatives

    Should the need arise you may wish to try one of the the following recommended free Anti-Virus products:

    • avast! Free Antivirus - Excellent detection, the freeware version includes email scanning.
    • Microsoft Security Essentials ** - From Microsoft, with email scanning, easy to install, easy to use.
      ** Your PC must run a genuine version of the Windows OS to install Microsoft Security Essentials.

      Installing a new Anti-virus product.
      Do NOT uninstall any existing Anti-virus product yet!
      1. Download the new Anti-virus product to your computer desktop.
      2. Save any work. Close all applications, especially your Internet connection.
      3. Uninstall any existing Anti-virus product using the Anti-virus uninstall option, if available.
      4. Reboot your computer, if not done during the uninstall.
      5. Install the new Anti-virus product following the installation instructions.
      6. Check for updates to the new Anti-virus product, if not already done during the installation setup.

    Please Note: It is strongly recommended that you run only one Anti-virus program at a time. Having more than one Anti-virus program active in memory uses additional resources and results in program conflicts and false virus alerts.

Step 4:
Program Advisories

P2P Software Advisory


Registry Cleaners Advisory

    I do not recommend the use of ANY Registry Cleaner software (examples: IObit Advanced SystemCare 4, RegClean Pro, RegWork, Uniblue RegistryBooster - to mention just a few).
    Here is an excerpt from a discussion on Registry Cleaners:
    Most reg cleaners aren't "bad" as such, but they aren't perfect and even the best have been known to cause problems.
    The point we are trying to make is that the risk of using one far outweighs any benefit.
    If it does work perfectly you will not see any difference.
    If it doesn't work properly you may end up with an expensive doorstop.

    http://miekiemoes.blogspot.com/2008/02/registry-cleaners-and-system-tweaking_13.html
    http://forums.whatthetech.com/Regcleaner_t42862.html

Ad-Aware 2007 Advisory

    Lavasoft's Ad-Aware is now deemed to be ineffective in today's fight against malware and so I would advise against reinstalling this program.

Viewpoint Software Advisory

    Viewpoint, Viewpoint Manager, Viewpoint Media Player are Viewpoint components which are installed as a side effect of installing other software, most notably AOL and AOL Instant Messenger (AIM). Viewpoint Manager is responsible for managing and updating Viewpoint Media Player’s components. Anything that is installed without your consent is suspect. Though not exactly classed as malware they do have some undersirible characteristics. Read what Viewpoint says and make your own decision.
    To provide a satisfying consumer experience and to operate effectively, the Viewpoint Media Player periodically sends information to servers at Viewpoint. Each installation of the Viewpoint Media Player is identifiable to Viewpoint via a Customer Unique Identifier (CUID), an alphanumeric identifier embedded in the Viewpoint Media Player. The Viewpoint Media Player randomly generates the CUID during installation and uses it to indicate a unique installation of the product. A CUID is never connected to a user's name, email address, or other personal contact information. CUIDs are used for the sole purpose of filtering redundant information. Each of these information exchanges occurs anonymously.

    Usually there is no point uninstalling the Viewpoint program(s), as the AIM (plus other AOL software) application when present on a system will download/install the program(s) again without your knowledge the next time the AOL program is launched.

    However, it is possible to prevent it from being recreated every time you run the AOL software as follows:

    1. Open the AOL program.
    2. Go to Help > About AOL.
    3. Press Ctrl+D on the keyboard to access a hidden AOL panel.
    4. Disable all desktop and IM features associated with Viewpoint.
    5. Save the changes.
    6. Then Exit the AOL program.

Step 5:
Further Guidelines

Please follow these simple guidelines in order to help keep your computer more secure:

    Update your Anti-virus program and other programs regularly.
    Online Secunia Software Inspector - Copyright © Secunia.
    Refer to F-secure Health Check - Copyright © F-Secure Corporation.

      Outdated Software (on infected system):

      Please note the following software was all outdated on your infected system:

        Adobe Flash Player 10.3.183.7 <-- latest stable version is Adobe Flash Player 11.1.102.55.
        Adobe Reader 8.3.1 <-- latest version is Adobe Reader 10.1.1.
        Java SE Runtime Environment - See installed versions below! <-- latest version is Java SE 7 Update 2. Remember to check that all older versions are uninstalled once the program is updated.
          J2SE Runtime Environment 5.0 Update 2
          Java 2 Runtime Environment, SE v1.4.2_03
          Java(TM) 6 Update 17
          Java(TM) 6 Update 2
          Java(TM) 6 Update 3
          Java(TM) 6 Update 5
          Java(TM) 6 Update 7
        Mozilla Firefox 3.5.19 <-- latest version is Mozilla Firefox 9.0.1.

    Visit Microsoft often
    Keep on top of critical updates, as well as other updates for your computer.
    How to configure and use Automatic Updates in Windows XP
    Using Windows Update for Windows XP
    Microsoft Update Home

    Read, stay informed.
    To help minimize the chances of becoming re-infected, please read:
    Computer Security - a short guide to staying safer online

If your computer is running slowly after your clean up, please read:
What to do if your Computer is running slowly

Good luck with the reinstallation and stay safe. ;)

Please let me know when you have read this post and I will arrange to have the topic closed.

Scolabar
---------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed
User avatar
Scolabar
MRU Honors Grad Emeritus
 
Posts: 1172
Joined: April 22nd, 2009, 3:10 pm

Re: Virus shutting down IE and Outlook-Strange icon on deskt

Unread postby jillo1013 » January 7th, 2012, 5:02 pm

Thank you again! I will be working on my computer next week, and your recommendations will definitely help!

Jillo1013
jillo1013
Active Member
 
Posts: 13
Joined: December 28th, 2011, 1:22 pm

Re: Virus shutting down IE and Outlook-Strange icon on deskt

Unread postby Scolabar » January 7th, 2012, 8:50 pm

You're very welcome, jillo1013. :)
I will now arrange for this topic to be closed.

Scolabar
---------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed
User avatar
Scolabar
MRU Honors Grad Emeritus
 
Posts: 1172
Joined: April 22nd, 2009, 3:10 pm

Re: Virus shutting down IE and Outlook-Strange icon on deskt

Unread postby NonSuch » January 8th, 2012, 2:26 am

As it appears this issue will be resolved with a reformat, and advice has been given, this topic is now closed.

You can help support this site from this link :
Donations For Malware Removal
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27300
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 45 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware