Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Malware that blocks sites and anti-malware

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Malware that blocks sites and anti-malware

Unread postby Alander » July 8th, 2012, 1:12 pm

Hi :)

ESET NOD32 Online Scan
Vista - W7 users: You will need to to right-click on the IE or FF icons on the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.
Note: If using Mozilla Firefox you will need to download "esetsmartinstaller_enu.exe" when prompted... then double click on it to install.
Please temporarily disable your Anti-virus real-time protection. If active, it could impact the online scan.
Do NOT use the computer while the scan is running... make sure all other programs and windows are closed!


Please go to ESET Online Scanner - © ESET All Rights Reserved... to run an online scan.
  1. Click the green [ESET Online Scanner] button.
  2. Read the End User License Agreement and check the box: [Yes, I accept the terms of use].
  3. Click the green [Start] button.
  4. Accept any security warnings from your browser and allow the download/installation of any require files.
    If your browser blocks or halts a download, please allow it to download any required files.
  5. Under scan settings:
    • Check "Scan archives"
    • Remove found threats is UNCHECKED
  6. Click Advanced settings ... select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  7. Click the [Start] button.
    ESET will install itself, download virus signature database updates and begin scanning your computer.
    The scan will take a while so please be patient. Do NOT use the computer while the scan is running.
  8. When the scan completes... press the text: Image
  9. Press the text: Image ... then save the file to your desktop as ESETScan.txt.
  10. Press the [Back] button... then press the [Finish] button.
  11. Copy and paste the contents of ESETScan.txt in your next reply.
    Note: If no threats are found, there is no option to create a log. Just report back to me there was nothing found.

Remember to enable your Anti-virus protection... before continuing!
User avatar
Alander
Regular Member
 
Posts: 1603
Joined: September 15th, 2007, 2:04 pm
Location: Singapore
Advertisement
Register to Remove

Re: Malware that blocks sites and anti-malware

Unread postby desux3 » July 9th, 2012, 7:28 am

Hi, the scan found 16 items.

C:\Dropbox\InternationalPrimoPDF.exe Win32/OpenCandy application
C:\Dropbox\PDFCreator-1_2_3_setup.exe multiple threats
C:\Program Files\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe Win32/Toolbar.Widgi application
C:\ProgramData\{ACFC9F59-F1AE-43D2-8CFE-E2F1E0F82ABA}\SavevidSetupV2.res a variant of Win32/Toolbar.SearchSuite application
C:\Qoobox\Quarantine\C\Users\Johnathan\AppData\Local\iudhwidq\qbuthije.exe.vir a variant of Win32/Kryptik.AHES trojan
C:\Qoobox\Quarantine\C\Users\Johnathan\AppData\Local\iudhwidq\_qbuthije_.exe.zip a variant of Win32/Kryptik.AHES trojan
C:\Users\All Users\{ACFC9F59-F1AE-43D2-8CFE-E2F1E0F82ABA}\SavevidSetupV2.res a variant of Win32/Toolbar.SearchSuite application
C:\Users\Johnathan\AppData\Roaming\OpenCandy\OpenCandy_D8E0D0EF18A644B491CFE7437A37E6B5\LatestDLMgr.exe Win32/OpenCandy application
C:\Users\Johnathan\AppData\Roaming\OpenCandy\OpenCandy_D8E0D0EF18A644B491CFE7437A37E6B5\RegistryReviverSetup-ppi_.exe Win32/RegistryReviver application
C:\Users\Johnathan\Documents\SmitfraudFix.exe multiple threats
C:\Users\Johnathan\Documents\AGTH TUTORIAL\agth.rar probably a variant of Win32/AGTH.A application
D:\programs.tm\cnet2_ComboFix_exe.exe a variant of Win32/InstallCore.D application
D:\programs.tm\SavevidSetupV2.exe a variant of Win32/Toolbar.SearchSuite application
D:\programs.tm\SUPERsetup.exe Win32/OpenCandy application
D:\programs.tm\winamp5601_full_emusic-7plus_en-us.exe Win32/OpenCandy application
D:\Softwares\WinRar_V393\Winrar393.zip a variant of Win32/Keygen.AI application
desux3
Active Member
 
Posts: 12
Joined: June 24th, 2012, 4:12 am

Re: Malware that blocks sites and anti-malware

Unread postby Alander » July 9th, 2012, 2:28 pm

Hi :)

We are almost done, how is the computer doing?

Run OTL Script

We need to run an OTL Fix

  • Right click on OTL.exe and run as administrator to start the program.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :files
    C:\Program Files\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe 
    C:\ProgramData\{ACFC9F59-F1AE-43D2-8CFE-E2F1E0F82ABA}\SavevidSetupV2.res 
    C:\Users\All Users\{ACFC9F59-F1AE-43D2-8CFE-E2F1E0F82ABA}\SavevidSetupV2.res 
    C:\Users\Johnathan\AppData\Roaming\OpenCandy\OpenCandy_D8E0D0EF18A644B491CFE7437A37E6B5\LatestDLMgr.exe 
    C:\Users\Johnathan\AppData\Roaming\OpenCandy\OpenCandy_D8E0D0EF18A644B491CFE7437A37E6B5\RegistryReviverSetup-ppi_.exe 
    C:\Users\Johnathan\Documents\SmitfraudFix.exe 
    D:\programs.tm\cnet2_ComboFix_exe.exe 
    D:\programs.tm\SavevidSetupV2.exe 
    
    :commands
    [emptytemp]
    
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.
User avatar
Alander
Regular Member
 
Posts: 1603
Joined: September 15th, 2007, 2:04 pm
Location: Singapore

Re: Malware that blocks sites and anti-malware

Unread postby desux3 » July 9th, 2012, 7:45 pm

The system's looking good, never seen it run so smoothly. Thank you :D

All processes killed
========== FILES ==========
C:\Program Files\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe moved successfully.
C:\ProgramData\{ACFC9F59-F1AE-43D2-8CFE-E2F1E0F82ABA}\SavevidSetupV2.res moved successfully.
File\Folder C:\Users\All Users\{ACFC9F59-F1AE-43D2-8CFE-E2F1E0F82ABA}\SavevidSetupV2.res not found.
C:\Users\Johnathan\AppData\Roaming\OpenCandy\OpenCandy_D8E0D0EF18A644B491CFE7437A37E6B5\LatestDLMgr.exe moved successfully.
C:\Users\Johnathan\AppData\Roaming\OpenCandy\OpenCandy_D8E0D0EF18A644B491CFE7437A37E6B5\RegistryReviverSetup-ppi_.exe moved successfully.
C:\Users\Johnathan\Documents\SmitfraudFix.exe moved successfully.
D:\programs.tm\cnet2_ComboFix_exe.exe moved successfully.
D:\programs.tm\SavevidSetupV2.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Johnathan
->Temp folder emptied: 28394732 bytes
->Temporary Internet Files folder emptied: 275215077 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 33373487 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 26347 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 29578118 bytes
RecycleBin emptied: 20586812 bytes

Total Files Cleaned = 369.00 mb


OTL by OldTimer - Version 3.2.53.0 log created on 07102012_093621

Files\Folders moved on Reboot...
C:\Users\Johnathan\AppData\Local\Temp\REG276B.tmp moved successfully.
C:\Users\Johnathan\AppData\Local\Temp\REG2E9D.tmp moved successfully.
C:\Users\Johnathan\AppData\Local\Temp\REGAFCB.tmp moved successfully.
C:\Users\Johnathan\AppData\Local\Temp\REGAFCC.tmp moved successfully.
C:\Users\Johnathan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Johnathan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WDQNWUBV\receiver[1].htm moved successfully.
C:\Users\Johnathan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WDQNWUBV\twitter_com[1].htm moved successfully.
File\Folder C:\Users\Johnathan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QXZBTVTH\01[1].htm not found!
File\Folder C:\Users\Johnathan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QXZBTVTH\ADSAdClient31[1].htm not found!
C:\Users\Johnathan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HQEJ11P0\Charade[1].htm moved successfully.

PendingFileRenameOperations files...
File C:\Users\Johnathan\AppData\Local\Temp\REG276B.tmp not found!
File C:\Users\Johnathan\AppData\Local\Temp\REG2E9D.tmp not found!
File C:\Users\Johnathan\AppData\Local\Temp\REGAFCB.tmp not found!
File C:\Users\Johnathan\AppData\Local\Temp\REGAFCC.tmp not found!
File C:\Users\Johnathan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat not found!
File C:\Users\Johnathan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WDQNWUBV\receiver[1].htm not found!
File C:\Users\Johnathan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WDQNWUBV\twitter_com[1].htm not found!
File C:\Users\Johnathan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QXZBTVTH\01[1].htm not found!
File C:\Users\Johnathan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QXZBTVTH\ADSAdClient31[1].htm not found!
File C:\Users\Johnathan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HQEJ11P0\Charade[1].htm not found!

Registry entries deleted on Reboot...
desux3
Active Member
 
Posts: 12
Joined: June 24th, 2012, 4:12 am

Re: Malware that blocks sites and anti-malware

Unread postby Alander » July 10th, 2012, 12:14 pm

Hi :)

Congratulations, Your latest set of logs appear to be clean!

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Clean up with OTL
  • Right click on OTL.exe And select Run as administrator to run it.
  • This will remove some of the tools we used to clean your pc.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.

You can now delete any tools/logs we used if they remain on your Desktop.


Create a new, clean System Restore point

  • Click Start, Right Click on Computer, and select Properties.
  • In the left pane, click System Protection > Create.
  • Give this restore point a descriptive name and click Create.
  • Click Apply and OK.

Note: Do not clear infected/old System Restore points before creating a new System Restore point first!

Flush infected System Restore points

  • Click Start, Right Click on Computer, and select Properties.
  • In the left pane, click System Protection.
  • untick the box labeled Vista C: an click Turn off system restore.
  • Click Apply and OK.
  • Restart your computer.


Protection Programs
Don't forget to re-enable any protection programs we disabled during your fix.

Here are some free programs I recommend that could help you improve your computer's security.
Install WinPatrol
As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
For more information, please visit HERE


MVPS Hosts

Install MVPS Hosts File From Here
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
You can Find the Tutorial HERE


Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check


Microsoft Windows Update
Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Install the updates immediately if they are found.
To update Windows
Go to Start > All Programs > Windows Update > Check for updates.
To update Office
Open up any Office program.
Go to Help > Check for Updates

I would be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Stay Safe!
User avatar
Alander
Regular Member
 
Posts: 1603
Joined: September 15th, 2007, 2:04 pm
Location: Singapore

Re: Malware that blocks sites and anti-malware

Unread postby desux3 » July 11th, 2012, 2:34 am

Thank you very much! :mrgreen:
desux3
Active Member
 
Posts: 12
Joined: June 24th, 2012, 4:12 am

Re: Malware that blocks sites and anti-malware

Unread postby Alander » July 11th, 2012, 8:15 am

You are welcomed
User avatar
Alander
Regular Member
 
Posts: 1603
Joined: September 15th, 2007, 2:04 pm
Location: Singapore

Re: Malware that blocks sites and anti-malware

Unread postby Cypher » July 11th, 2012, 10:54 am

As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 94 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware