Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Malware infections?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Malware infections?

Unread postby Dorothy » October 20th, 2013, 5:45 pm

Says "No Fix text provided. Then ,. something like load it, but there is nothing to load.
Shall I click the CleanUp button?
Dorothy
Regular Member
 
Posts: 49
Joined: November 16th, 2010, 8:36 pm
Advertisement
Register to Remove

Re: Malware infections?

Unread postby deltalima » October 20th, 2013, 5:53 pm

Hi Dorothy,

Says "No Fix text provided


When you copy the code please do not include the words Code: select all
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Malware infections?

Unread postby Dorothy » October 20th, 2013, 6:08 pm

I receive message: " No Fix has been provided. Click to load it from a file or cancel"
I clicked but no file to load it from.
Sorry....
Shall I try the "CleanUp" tab???
Dorothy
Regular Member
 
Posts: 49
Joined: November 16th, 2010, 8:36 pm

Re: Malware infections?

Unread postby deltalima » October 20th, 2013, 6:17 pm

Hi Dorothy,

Shall I try the "CleanUp" tab???


No, that is for later once we are finished.

Just to confirm, you copied the following

Code: Select all
:Commands
[CREATERESTOREPOINT]

:processes
killallprocesses
:otl
O2 - BHO: (Define) - {B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE} - C:\Users\Cassidy\AppData\Local\DefineExt\temp.dat ()
:commands
[EMPTYTEMP]
[EMPTYFLASH]
[EMPTYJAVA]
[RESETHOSTS]
[REBOOT]


Then pasted into the Custom Scans/Fixes box before clicking Run Fix?
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Malware infections?

Unread postby Dorothy » October 20th, 2013, 6:31 pm

I'm going to try this post again...sorry if you've gotten it three times...looks like it posted, but didn't, I think.
Anyway, OTL says there is no Fix to run...says to click and load fix, but there is no such thing that I can find when I click.
Shall I try CleanUp instead?

Thanks so much.
Dorothy
Regular Member
 
Posts: 49
Joined: November 16th, 2010, 8:36 pm

Re: Malware infections?

Unread postby Dorothy » October 20th, 2013, 6:38 pm

Testing. Unable to post here this afternoon.
Dorothy
Regular Member
 
Posts: 49
Joined: November 16th, 2010, 8:36 pm

Re: Malware infections?

Unread postby Dorothy » October 20th, 2013, 6:42 pm

OK, let me try the fix thing again. I just now see your post. Thanks
Dorothy
Regular Member
 
Posts: 49
Joined: November 16th, 2010, 8:36 pm

Re: Malware infections?

Unread postby deltalima » October 20th, 2013, 6:57 pm

Hi Dorothy,

Let's try a different way of running the fix in OTL

Please download the attached file and save it to your desktop


Custom OTL Script:

  • Double-click OTL.exe to start the program.
  • Now double click anywhere inside the Custom Scans/Fixes box.
  • At the prompt Click Ok to load a custom scan from a file or Cancel to cancel.
  • Click the Ok button and navigate to the file Scan.txt which should be on your Desktop.
  • Select Scan.txt and click Open. Text will now appear in the Custom Scans/Fixes box.
  • Now click the red Run Fix button.
  • Let the program run unhindered.
  • If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.

Note: The logfile can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.
You do not have the required permissions to view the files attached to this post.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Malware infections?

Unread postby Dorothy » October 20th, 2013, 7:08 pm

Feel like an idiot--I apparently didn't paste that in, but now did and OTL custom fix was run. I'm very sorry. With no print spool loading, I have been unable to print the instructions. No excuse. This file resulted after Fix and reboot:
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== PROCESSES ==========
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}\ not found.
File C:\Users\Cassidy\AppData\Local\DefineExt\temp.dat not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Cassidy
->Temp folder emptied: 317816232 bytes
->Temporary Internet Files folder emptied: 577988571 bytes
->Java cache emptied: 462026 bytes
->FireFox cache emptied: 442405937 bytes
->Google Chrome cache emptied: 444031613 bytes
->Flash cache emptied: 32753 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: DefaultAppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 125511121 bytes
->Temporary Internet Files folder emptied: 8342693 bytes
->FireFox cache emptied: 88194357 bytes
->Flash cache emptied: 961 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1060030300 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36584 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 753 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42321377 bytes
RecycleBin emptied: 307430013 bytes

Total Files Cleaned = 3,256.00 mb


[EMPTYFLASH]

User: All Users

User: Cassidy
->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: DefaultAppPool

User: Guest
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Cassidy
->Java cache emptied: 0 bytes

User: Default

User: Default User

User: DefaultAppPool

User: Guest

User: Public

Total Java Files Cleaned = 0.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.69.0 log created on 10202013_175200

Files\Folders moved on Reboot...
C:\Users\Cassidy\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Cassidy\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
File move failed. C:\Windows\SysWow64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Dorothy
Regular Member
 
Posts: 49
Joined: November 16th, 2010, 8:36 pm

Re: Malware infections?

Unread postby deltalima » October 20th, 2013, 7:26 pm

Hi Dorothy,

I apparently didn't paste that in


No problem, it's done now.

The Bad report from Malwarebytes refers to Potentially Unwanted Programs, you should let Malwarebytes remove them unless you have reason to keep them.

The problem with the wireless printer may be unrelated to any malware issues.

Have the Ads and surveys stopped now?
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Malware infections?

Unread postby Dorothy » October 20th, 2013, 7:27 pm

Well, after reboot, have been testing. I received one redirect associated with TidyNetwork.com, but then no more on multiple site visits.
Print spool still not loading, apparently.
I still have some pop-ups on start up for JUcheck , iYogiSupport, and SSBkgupdate, the latter of which has been there forever. Not sure if these are any problem, just annoying.
I'll reinstall printer (AGAIN) and see if that helps. Also, will just continue use here and report tomorrow.
Thanks SO MUCH for this help.
Was there anything else to send you???
Dorothy
Regular Member
 
Posts: 49
Joined: November 16th, 2010, 8:36 pm

Re: Malware infections?

Unread postby Dorothy » October 20th, 2013, 7:28 pm

Indeed the wireless may be unrelated but have tried everything. Understood. Will run the Malwarebytes and removal now.
Dorothy
Regular Member
 
Posts: 49
Joined: November 16th, 2010, 8:36 pm

Re: Malware infections?

Unread postby deltalima » October 21st, 2013, 9:45 am

Hi Dorothy,

I received one redirect


There should be none so we need to look a little further.

TDSSKiller - Rootkit Removal Tool Image
Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  1. Double-click on TDSSKiller.exe to run the tool. Vista - W7 users: Right-click and select "Run As Administrator".
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com).
    If you don't see file extensions, please see: How to change the file extension.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. Click Change parameters
  4. Under Additional Options CHECK Verify file digital signatures
  5. IMPORTANT: Ensure Detect TDLFS file system remains UNCHECKED.
  6. Click OK if changes were made.
  7. Click Start scan and allow it to scan for Malicious objects.

    • If Malicious objects are detected, the default action will be Cure, ensure SKIP is selected... then click Continue
    • If suspicious objects are detected, the default action will be Skip, ensure Skip is selected... then click Continue
    • If Unsigned files are detected, the default action will be Skip, ensure Skip is selected... then click Continue
    DO NOT change the default actions, other than CURE to SKIP.
  8. You may be asked to reboot the computer to complete the process. Click on Reboot Now and allow the computer to reboot.
  9. A log will be created on your root drive (usually C:) drive. The log will have a name like Name.Version_Date_Time_log.txt.
    for example, C:\TDSSKiller.2.4.1.2_20.04.2010_15.31.43_log.txt.
  10. If no reboot is required, click on Report. A log file should appear.
  11. Please post the contents of the log file in your next reply
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Malware infections?

Unread postby Dorothy » October 22nd, 2013, 12:06 pm

Ran the TDSS Killer. It will not allow me to "copy" the report, but it indicated at the end of scan and on the report itself that there were Zero items detected. Is there any other helpful info that can be gleaned from the TDSS report? Thank you!!!
Dorothy
Regular Member
 
Posts: 49
Joined: November 16th, 2010, 8:36 pm

Re: Malware infections?

Unread postby deltalima » October 22nd, 2013, 12:17 pm

Hi Dorothy,

Update Java Runtime

You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, & also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 7 Update 45.
  • Download the latest version of Java Runtime Environment (JRE) 7 Here
  • Scroll down to where it says "Java SE 7u45"
  • Click the blue Download JRE button to the right
  • Select the Windows platform from the dropdown menu
  • Read the License Agreement and then check the box that says: "I agree to the Java SE Runtime Environment 7 with JavaFX License Agreement". Click on Continue.The page will refresh
  • Click on the link to download Windows Offline Installation & save the file to your desktop
  • Close any programs you may have running - especially your web browser
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs & remove all older versions of Java
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java(TM) ) in the name
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions
  • Reboot your computer once all Java components are removed
  • Then from your desktop double-click on jre-7u45-windows-i586.exe to install the newest version


Next

Please uninstall Java Auto Updater

Also, unless you have need for it please uninstall iYogi Support Dock

Now please run a new scan with OTL and post only the OTL.txt file.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 41 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware