Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

bidder.tlvmedia.com etc from fake "Flash Player Update"

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: bidder.tlvmedia.com etc from fake "Flash Player Update"

Unread postby pgmigg » May 28th, 2013, 10:36 pm

Hello moonlighting,

Step 1.
OTL - Run Fix Script
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Double click on OTL.exe to run it.
  2. Underneath Output at the top, make sure Standard Output is selected.
  3. Copy and Paste the following code into the Image text box. Do not include the word Code
    Code: Select all
    :Commands
    [CREATERESTOREPOINT]
    
    :Files
    C:\Documents and Settings\Administrator\My Documents\My Pictures\WinneThePooh\Poohs_Fluff_and_Stuff.exe
    C:\Documents and Settings\Kevin\My Documents\Google Talk Received Files\RevelationV2.zip
    C:\Documents and Settings\Matthew\Application Data\Adobe\Adobe\afxjahc.dll
    C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\1plraout.default\extensions\rmdcdfchgi@rmdcdfchgi.org.xpi
    C:\Documents and Settings\Matthew\Local Settings\Application Data\getdislike\ie\aplayers.dll
    C:\Documents and Settings\Matthew\My Documents\andrewtaos\ADLSoft_UnCompressor.exe
    C:\Documents and Settings\Matthew\My Documents\mincraft skins\iron.exe
    C:\Documents and Settings\Matthew\My Documents\My Music\MP3+Rocket.exe
    C:\Documents and Settings\Melanie\My Documents\AdvBHO.dll
    C:\EVSInstallationFiles\TDK\setupnowTDK.exe
    C:\My Pictures\WinneThePooh\Poohs_Fluff_and_Stuff.exe
    C:\Password Revealer\RevelationV2.zip
    C:\Program Files\FLVPlayer\FLVPlayer.exe
    C:\Program Files\FLVPlayer\Uninstall\Uninstall.exe
    C:\Program Files\Hewlett-Packard\Firefox - HP Virtual Browser Edition\fslrdr\2\[_B_]SYSTEMDRIVE[_E_]\My Downloads\LGWirelessUSBModemDrivers\setup_602944.exe
    
    :Commands
    [emptytemp]
    
  4. Click under the Custom Scan/Fixes box and paste the copied text.
  5. Click the Run Fix button. If prompted... click OK. It may take a while - please be patient...
  6. OTL may ask to reboot the machine. Please do so if asked.
  7. When the scan completes, Notepad will open with the scan results (OTL.txt). The report is saved in the same location as OTL.
  8. Please post the contents of report in your next reply.

Step 2.
Malwarebytes' Anti-Malware (MBAM) Full Scan
Your logs indicates that you already have MBAM on your computer.
Please save any items you were working on... close any open programs. You may be asked to reboot your machine.
  1. Please start MBAM .
    You must be connected to the Internet to obtain any updates.
  2. Press the Update tab. Then press the Check for Updates button. <<---Important!
    Once any updates are installed or you get the message that you are up-to-date
  3. Press the Scanner tab...
  4. Select FULL SCAN this time... then press the Scan button. This scan will take a while, so please be patient.
    When the scan finishes...
  5. Check all items except any items (if present) in the C:\System Volume Information folder... then click on Remove Selected.
  6. Let MBAM remove what it can... if there are files to be deleted on reboot... please reboot the machine so MBAM can finish the removal.
    If you rebooted, then you'll need to start MBAM again.
  7. Press the LOG... tab. Locate the most current log file.
    Please copy and paste the most recent log (from this new run) in your next reply.
Remember to enable your Anti-virus protection before continuing!

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log log file after OTL FixScript run
  3. Contents of the most recent MBAM Log file.
  4. Do you see any changes in computer behavior?

Please do not hesitate to divide the post into multiple if it is too long...

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00
Advertisement
Register to Remove

Re: bidder.tlvmedia.com etc from fake "Flash Player Update"

Unread postby moonlighting » May 31st, 2013, 1:49 pm

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== FILES ==========
C:\Documents and Settings\Administrator\My Documents\My Pictures\WinneThePooh\Poohs_Fluff_and_Stuff.exe moved successfully.
C:\Documents and Settings\Kevin\My Documents\Google Talk Received Files\RevelationV2.zip moved successfully.
C:\Documents and Settings\Matthew\Application Data\Adobe\Adobe\afxjahc.dll moved successfully.
C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\1plraout.default\extensions\rmdcdfchgi@rmdcdfchgi.org.xpi moved successfully.
C:\Documents and Settings\Matthew\Local Settings\Application Data\getdislike\ie\aplayers.dll moved successfully.
C:\Documents and Settings\Matthew\My Documents\andrewtaos\ADLSoft_UnCompressor.exe moved successfully.
C:\Documents and Settings\Matthew\My Documents\mincraft skins\iron.exe moved successfully.
C:\Documents and Settings\Matthew\My Documents\My Music\MP3+Rocket.exe moved successfully.
C:\Documents and Settings\Melanie\My Documents\AdvBHO.dll moved successfully.
C:\EVSInstallationFiles\TDK\setupnowTDK.exe moved successfully.
C:\My Pictures\WinneThePooh\Poohs_Fluff_and_Stuff.exe moved successfully.
C:\Password Revealer\RevelationV2.zip moved successfully.
C:\Program Files\FLVPlayer\FLVPlayer.exe moved successfully.
C:\Program Files\FLVPlayer\Uninstall\Uninstall.exe moved successfully.
C:\Program Files\Hewlett-Packard\Firefox - HP Virtual Browser Edition\fslrdr\2\[_B_]SYSTEMDRIVE[_E_]\My Downloads\LGWirelessUSBModemDrivers\setup_602944.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: AD59A3~1

User: Administrator
->Temp folder emptied: 974305 bytes
->Temporary Internet Files folder emptied: 3582216 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 62603022 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 854 bytes

User: All Users

User: Andrew
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Kevin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Matthew
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Melanie
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9229 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 64.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 05312013_082558

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
moonlighting
Regular Member
 
Posts: 27
Joined: May 22nd, 2013, 11:32 am

Re: bidder.tlvmedia.com etc from fake "Flash Player Update"

Unread postby moonlighting » May 31st, 2013, 1:50 pm

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.05.31.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: MOONLIGHTINGPRO [administrator]

31/05/2013 8:38:25 AM
mbam-log-2013-05-31 (08-38-25).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 737558
Time elapsed: 2 hour(s), 2 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Bad: ("%1" %*) Good: (regedit.exe "%1") -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 23
C:\My Downloads\VBStuff\JSONVB.zip (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\Melanie\AdvBHO.dll.vir (PUP.BrowserModifyer) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05282013_095756\C_Documents and Settings\Matthew\My Documents\Downloads\PDFCreatorSetup.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05282013_095756\E_My Downloads\AMVVideoConverter\AMV_Convert_400.zip (Risktool.KillFiles) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05282013_095756\E_My Downloads\AMVVideoConverter\MSI.CAB (Risktool.KillFiles) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05282013_095756\E_My Downloads\CellUnlocker2\Setup.exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05282013_095756\E_My Downloads\CellUnlocker2\Setup2.exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05282013_095756\E_Program Files\MP3 Player Utilities 4.00\DelDrv.exe (Risktool.KillFiles) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05282013_095756\F_My Downloads\DVDXCopy_v1.3_Keygen.rar (Trojan.Agent.CK) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05282013_095756\F_My Downloads\DVD Cloner\DVD Cloner 2.32 + Registration.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05282013_095756\F_My Downloads\KazaaLite\klitekpp210b3e.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05282013_095756\F_My Downloads\Password Revealer\RevelationV2.zip (HackTool.SnadBoy) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05282013_095756\F_My Downloads\TellacomCOM\Macromedia Flash MX 2004 - good keygen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05282013_095756\F_Program Files\WASTE\Downloads\Codecs\Divx\DivXPro 502.exe (Adware.Gain) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05282013_095756\F_Program Files\WASTE\Downloads\Codecs\Divx\DivXPro502GAINBundle.exe (Adware.Gain) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05282013_095756\F_Program Files\WASTE\Downloads\divx &MP3\Divx\DivXPro502GAINBundle.exe (Adware.Gain) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05312013_082558\C_Documents and Settings\Kevin\My Documents\Google Talk Received Files\RevelationV2.zip (HackTool.SnadBoy) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05312013_082558\C_Documents and Settings\Matthew\My Documents\andrewtaos\ADLSoft_UnCompressor.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05312013_082558\C_Documents and Settings\Matthew\My Documents\mincraft skins\iron.exe (PUP.Adware.InstallCore) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05312013_082558\C_Documents and Settings\Matthew\My Documents\My Music\MP3+Rocket.exe (Trojan.Repacked) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05312013_082558\C_Documents and Settings\Melanie\My Documents\AdvBHO.dll (PUP.BrowserModifyer) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05312013_082558\C_Password Revealer\RevelationV2.zip (HackTool.SnadBoy) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Local Settings\Application Data\getdislike\uninst.exe (Adware.Adrotator) -> Quarantined and deleted successfully.

(end)
moonlighting
Regular Member
 
Posts: 27
Joined: May 22nd, 2013, 11:32 am

Re: bidder.tlvmedia.com etc from fake "Flash Player Update"

Unread postby moonlighting » May 31st, 2013, 1:50 pm

Not noticing any other changes at this time.
moonlighting
Regular Member
 
Posts: 27
Joined: May 22nd, 2013, 11:32 am

Re: bidder.tlvmedia.com etc from fake "Flash Player Update"

Unread postby pgmigg » May 31st, 2013, 2:05 pm

Hello moonlighting,

Your latest set of logs appear to be clean! :cheers:

This is my general post for when your logs show no more signs of malware.
Before I give you instructions how to keep your computer clean and secure, you need to make a few additional steps.

Step 1.
Hide Hidden and System files
  1. Right click on Start, select Open.
  2. Select the Tools menu and click Folder Options.
  3. Select the View Tab. Under the "Hidden files and folders" section
    • UNSELECT "Show hidden files and folders"
    • Place check mark in check box "Hide extensions for known file types"
    • Place check mark in check box "Hide protected operating system files"
  4. Click Apply to set. Click OK to exit.

Step 2.
Latest Java Installation Needed!

Attention: Print these instructions or copy them. You will be closing your browser!!

DOWNLOAD LATEST VERSION
  1. Get the latest version (7u21) of Java Runtime Environment (JRE)... © Sun Microsystems, Inc.
  2. Click the "Download JRE" button to the right.
  3. Check "Accept License Agreement "
  4. Locate the entry for Windows x86 Offline and click on the associated file name, save the file to your desktop.

INSTALL Java
  1. Close all open applications (standard), especially your browser.
  2. From desktop please double-click on jre-7u21-windows-i586.exe to install the newest version.
  3. Follow the on-screen directions and when installation is completed successfully, reboot your computer normally.
  4. Once the computer has been restarted, you can delete the "downloaded" installation file from your desktop.
OPTIONAL:
To prevent some unnecessary JAVA components from running when you boot your computer each time...
  1. Go to Control Panel and click on the JAVA icon.
  2. Press the Update tab and UNCHECK "Check for Updates Automatically". (You can check for updates manually.)
      Reply "Never Check" to the warning prompt.
  3. Now press the Advanced tab. Press the [+] to expand the "Miscellaneous" options.
  4. UNCHECK "Java Quick Starter".
  5. Press Apply and OK. Then close the Java Control Panel. Close and exit Control Panel.

Step 3.
Update Adobe Reader
Your version of Adobe Reader is out-of-date. There are serious security issues with older versions of Adobe Reader.

Please download the current version of Adobe Reader...Copyright © Adobe Systems Inc.
Please UNCHECK the box for the: Free McAfee® Security Scan Plus.
  1. Click the yellow Download now button. If you don't already have Adobe DLM... you may receive a prompt.
    Adobe DLM software removal instructions available here, if wanted.
  2. The Adobe installer will check your system and begin the installation process. Use the default installation parameters.
  3. When the installation is complete, please Close and re-open your Internet browser.

Adobe Reader XI - recommended (safety) program settings
When the program is open, click on Edit and select Preferences. In the categories below, use these settings:
  • Javascript - Uncheck Enable Acrobat Javascript.
  • Security (Enhanced) - Uncheck Automatically trust sites from my Win OS security zones.
  • Trust Manager- Uncheck Allow opening of non-PDF file attachments with external applications.

Step 4.
OTL - Run Fix Script
You should still have OTL on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Double-click on OTL.exe to run it.
  2. Copy and Paste the following code into the Image text box. Do not include the word Code
    Code: Select all
    :Commands
    [CREATERESTOREPOINT]
    [EMPTYTEMP]
    [CLEARALLRESTOREPOINTS]
    
  3. Click under the Custom Scan/Fixes box and paste the copied text.
  4. Click the Run Fix button. If prompted... click OK.
  5. OTL may ask to reboot the machine. Please do so if asked.

Step 5.
AdwCleaner - Uninstall
You should still have AdwCleaner on your Desktop.
  • Right click on adwcleaner.exe and select "Run as administrator..." to run it.
  • Click on Uninstall.
  • Confirm with yes.

Step 6.
OTL-Cleanup
You should still have OTL on your desktop.
  1. Double-click on OTL.exe to run it.
  2. Press the CleanUp button.
  3. When done, you will be prompted to reboot your system to finish file removal, please select OK to reboot your computer.

Then:
Please don't forget to enable all your defense software!

Finally:
Please click HERE to find a short guide to staying safer online.

Please don't hesitate to ask any additional questions.

Stay Safe! ;)
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: bidder.tlvmedia.com etc from fake "Flash Player Update"

Unread postby moonlighting » June 1st, 2013, 3:29 pm

Thank you for all the help and time you put in helping to fix the problems I had.
moonlighting
Regular Member
 
Posts: 27
Joined: May 22nd, 2013, 11:32 am

Re: bidder.tlvmedia.com etc from fake "Flash Player Update"

Unread postby pgmigg » June 1st, 2013, 5:37 pm

You are very welcome, moonlighting! :D

Stay Safe! ;)
pgmigg
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: bidder.tlvmedia.com etc from fake "Flash Player Update"

Unread postby Cypher » June 3rd, 2013, 12:53 pm

As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 267 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware