Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Malware Detection Defeated

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Malware Detection Defeated

Unread postby deltalima » September 9th, 2010, 6:17 am

Hi Tugboatden,

Is it OK to remove the O2 Connection Manager application completely via add/remove programs?


Yes, please do.

Please download GooredFix.exe...by jpshortstuff.
Save it to your desktop... Alternate Site.
  • Ensure all Firefox windows are closed.
  • Double-click GooredFix.exe to run it.
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log file will open... named "GooredFix.txt".
  • Please copy and paste the contents of the GooredFix.txt file in your next reply.

next

Create a batch file
  1. Open Notepad.
  2. Copy/paste the following text into the empty Notepad window.
    Code: Select all
    @echo off
    schtasks /query /fo LIST /v >> results.txt 
    start notepad results.txt
    Del %0
    
  3. Save the file as xxx.bat on your desktop. Save it with the file type... all types *.*.
  4. Double click the file xxx.bat to execute.

results.txt should open in Notepad automatically when the script has complete, post the contents of this file in your next response.

Please let me know if the Waiting for Zfsearch.com message has stopped.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove

Re: Malware Detection Defeated

Unread postby Tugboatden » September 9th, 2010, 8:17 am

Hi again,
O2 Connection Manager won't uninstall at present, it doesn't appear in the 'Add or Remove Programs' list and if I navigate to the 02CM-CE location in All programs and select 'Uninstall', it tells me "This action is only valid for products that are currently installed". OK, I think that's irrelevant to what we're trying to achieve (?) so I'll leave it be for the moment.
I ran GooredFix.exe...
GooredFix Log
GooredFix by jpshortstuff (03.07.10.1)
Log created at 11:47 on 09/09/2010 (abigail babess.x)
Firefox version 3.6.8 (en-US)

========== GooredScan ==========

Deleting HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{26EB2355-46D8-4EFD-98C2-E5D6988C24AA} -> Success!
Deleting C:\Documents and Settings\abigail babess.x\Local Settings\Application Data\{26EB2355-46D8-4EFD-98C2-E5D6988C24AA} -> Success!

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [05:04 03/11/2002]

C:\Documents and Settings\abigail babess.x\Application Data\Mozilla\Firefox\Profiles\7hecdypb.default\extensions\
ChoiceGuard@Microsoft [15:24 27/04/2001]
{e001c731-5e37-4538-a5cb-8168736a2360} [07:36 04/11/2002]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
(none)

-=E.O.F=-

I ran the batch file. The Results.txt file opened in Notepad but was blank.
I shut down and rebooted the computer...
Microsoft Updates found and installed 92 updates (!)
I opened Firefox and a box has opened:
"1 new add-on has been installed"
BitDefender QuickScan 0.9.9.34 is available
Microsoft .NET Framework Assistant - greyed out, red exclamation
Microsoft Choice Guard 1.2 - greyed out, red exclamation
Tugboatden
Active Member
 
Posts: 13
Joined: September 7th, 2010, 4:23 am

Re: Malware Detection Defeated

Unread postby deltalima » September 9th, 2010, 8:44 am

Hi Tugboatden,

O2 Connection Manager won't uninstall at present


We can disable it.

Please re-open HijackThis and select Scan. Check the boxes next to all the entries listed below (if present):

O4 - HKLM\..\Run: [O2Start] C:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe /s


Now close all other open windows and then click on Fix Checked. Close HijackThis.

I would remove the BitDefender QuickScan Add-on for Firefox for now, it can be added again later.

Has the Waiting for Zfsearch.com message stopped?
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Malware Detection Defeated

Unread postby Tugboatden » September 9th, 2010, 10:32 am

Hi once more,
Right the 'waiting for Zfsearch.com' message is gone and it all appears to be working ok. I thought there was a glimpse of 'a.l.ymg.com' or something similar on Yahoo!, but I've not been able to replicate this. Firefox has just updated to 3.6.9 and I've uninstalled BitDefender QuickScan
I think that you may have defeated what, it seems, were multiple infections of quite a virulent nature. If this is the case (your feedback awaited), I have quite a number of applications we've used over the last few days littered over my desktop:
Avira AntiVir Personal
Advanced SystemCare
Malwarebytes
Stinger
HijackThis
TDSSKiller
OTL
RKUnhooker
GooredFix

I propose to maintain active those needed and archive the remaining applications in a suitable folder, else delete on your advice.
I suspect I have a mess of odd broken links, shortcuts and other odd files not associated with anything. How best do I clean those?

And just as I'm writing on my PC alongside, Avira AntiVir has given me a detection on the Acer:
Object A0001124.exe
Detection TR/Trash.Gen
Action Move to quarantine
Tugboatden
Active Member
 
Posts: 13
Joined: September 7th, 2010, 4:23 am

Re: Malware Detection Defeated

Unread postby deltalima » September 9th, 2010, 10:41 am

Hi Tugboatden,

I think that you may have defeated what, it seems, were multiple infections


We certainly have removed several, still need to do some more checks before we can be sure it's all clean.

I will give instructions later to remove all the tools that have been installed, for now I would remove Advanced SystemCare .

And just as I'm writing on my PC alongside, Avira AntiVir has given me a detection


That may well be from the System Restore area and will also be cleared out once we are done.

Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Malware Detection Defeated

Unread postby Tugboatden » September 10th, 2010, 5:54 am

Hi again,
I successfully ran the Kaspersky scan and it showed no threats - The report file is blank! Is this good news?
To be on the safe side, I won't do anything with the machine until I hear from you next.
Tugboatden
Active Member
 
Posts: 13
Joined: September 7th, 2010, 4:23 am

Re: Malware Detection Defeated

Unread postby deltalima » September 10th, 2010, 6:01 am

Hi Tugboatden,

I successfully ran the Kaspersky scan and it showed no threats - The report file is blank! Is this good news?


Excellent news, unless you are aware of any further symptoms then the computer appears to be clean.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure

You should Download and Install the newest version of Adobe Reader for reading pdf files, due to the vulnerabilities in earlier versions.
All versions numbered lower than 9.3 are vulnerable.
  • Go HERE, UNCHECK any Free Add-Ons, and click Download to install the latest version of Adobe Acrobat Reader.
  • After it completes the Installation, close the Download Manager.

Clean up with OTL

  • Double-click OTL.exe to start the program. This will remove all the tools we used to clean your pc.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.


Create a new, clean System Restore point which you can use in case of future system problems:
  • Press Start >> All Programs >> Accessories >>System Tools >> System Restore
  • Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close
  • Now remove old, infected System Restore points:
  • Next click Start >> Run and type cleanmgr in the box and press OK
  • Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
  • Select the More Options tab, under System Restore press Clean up... and say Yes to the prompt
  • Press OK and Yes to confirm

Security Updates for Windows, Internet Explorer & Microsoft Office
Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.


Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:

Using SpywareBlaster to protect your computer from Spyware and Malware


Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety


Also, please read this great article by Tony Klein So How Did I Get Infected In First Place

Happy surfing and stay clean!
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Malware Detection Defeated

Unread postby Tugboatden » September 10th, 2010, 7:50 am

Well, it's all looking good, anti-virus and spyware checkers running and all quiet...
Thank you so much for your patience and perseverance and for meticulously working through multiple infections. I'm very grateful to you for this.
In the very nicest possible way, I hope not to speak to you again! :cheers:
Tugboatden
Active Member
 
Posts: 13
Joined: September 7th, 2010, 4:23 am

Re: Malware Detection Defeated

Unread postby deltalima » September 10th, 2010, 7:53 am

Thank you.

You're welcome!
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Malware Detection Defeated

Unread postby muppy03 » September 10th, 2010, 8:01 am

As your problems appear to have been resolved, this topic is now closed.
We are pleased we could help you resolve your computer's malware issues.

If you are satisfied with our assistance and wish to donate to help with the costs of this volunteer site, please read :
Donations For Malware Removal
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4798
Joined: December 4th, 2007, 5:30 am
Location: Australia
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 304 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware