Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Potential Bot infection - Windows 7 can't boot

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Potential Bot infection - Windows 7 can't boot

Unread postby Davvy » August 5th, 2015, 7:29 pm

FRST fixlog text:

Fix result of Farbar Recovery Scan Tool (x64) Version:02-08-2015 01
Ran by usa (2015-08-05 16:12:30) Run:1
Running from C:\Users\usa\Desktop\New Malware Scans
Loaded Profiles: usa (Available Profiles: usa)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKU\S-1-5-19\...\Run: [ArmA 2] => rundll32 "C:\Users\usa\AppData\Local\Oblivion\ArmA 2\maoe.dll",DllRegisterServer <===== ATTENTION
HKU\S-1-5-20\...\Run: [ArmA 2] => rundll32 "C:\Users\usa\AppData\Local\Oblivion\ArmA 2\maoe.dll",DllRegisterServer <===== ATTENTION
HKU\S-1-5-21-3152413659-541220980-1918132639-1000\...\Run: [ArmA 2] => rundll32 "C:\Users\usa\AppData\Local\Oblivion\ArmA 2\maoe.dll",DllRegisterServer <===== ATTENTION
HKU\S-1-5-18\...\Run: [ArmA 2] => rundll32 "C:\Users\usa\AppData\Local\Oblivion\ArmA 2\maoe.dll",DllRegisterServer <===== ATTENTION
C:\Users\usa\AppData\Local\Oblivion\ArmA 2\maoe.dll
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
Hosts:
EmptyTemp:
CMD: ipconfig /flushdns
*****************

HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\\ArmA 2 => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run\\ArmA 2 => value removed successfully
HKU\S-1-5-21-3152413659-541220980-1918132639-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ArmA 2 => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\ArmA 2 => value removed successfully
C:\Users\usa\AppData\Local\Oblivion\ArmA 2\maoe.dll => moved successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => key removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully.
Hosts restored successfully.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => 14.7 GB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 16:14:35 ====
Davvy
Regular Member
 
Posts: 22
Joined: June 6th, 2012, 11:59 pm
Advertisement
Register to Remove

Re: Potential Bot infection - Windows 7 can't boot

Unread postby Gary R » August 6th, 2015, 1:30 am

Java 7 Update 25 is an outdated version of Java, which is used to interpret programs written in Java. It is a buggy software and not often used by modern programmers, which gets exploited a lot by malware writers. Most people install it because they get it confused with Javascript, which is used by the vast majority of websites, and is not the same thing at all.

The vast majority of people do not need Java, and can happily get by without it. I haven't had it installed for years, and I can't remember the last time I landed on a site that needed it.

If however you find you have a site you regularly visit, or a program that requires Java to be installed, then you should always ensure that you have the latest version (which at the moment is Java 8 Update 51). Java gets updated a lot (because they keep finding new things in it to exploit) and the auto update function never quite seems to function properly, so you need to check it manually.

JavaFX 2.1.0 is a program used to create Java applications, it is not an interpreter as such, so it shouldn't be exploitable, since it is only called when you wish to write a Java based utility. I presume it's on your son's machine because he wanted to create something written with Java. If not, then you can safely uninstall it.

OK, it looks like everything that needed removing came off the computer without issue, so Use your machines for a couple of days or so, and see if you have any problems, you can contact your ISP if you wish and see whether they think you still have a bot, and if they do, please ask them what gives them that idea because it will help us narrow down what we need to check out.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Potential Bot infection - Windows 7 can't boot

Unread postby Davvy » August 6th, 2015, 1:46 am

Fantastic, it's such a relief to know that our machines are clean now. I will have everyone keep on using them and give you a report in a couple of days.

Thank you again very much, Gary. I shall be back for a final report soon then!

Davvy
Davvy
Regular Member
 
Posts: 22
Joined: June 6th, 2012, 11:59 pm

Re: Potential Bot infection - Windows 7 can't boot

Unread postby Gary R » August 6th, 2015, 3:26 am

You're welcome, I'll talk to you in a couple of days then. :)
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Potential Bot infection - Windows 7 can't boot

Unread postby Davvy » August 8th, 2015, 11:37 pm

Hello Gary, I'm back to give you an update. So far everything seems to be working well, with my own machine which got the new Windows 7 installation, and the other two PCs. Everything has been humming away nicely, and for the last 3 days we have not seen any new Security Warning from our ISP regarding bots. I did get a couple of crashes when I started playing World of Warcraft again on my computer- I did another chkdsk on the drive, and then a memory diagnosis of my installed RAM, but everything seems to be normal. It may be some incompatibilities between the game and my graphic drivers after all, so I will keep checking on that front.

I believe that you've definitely helped me get our machines rid of all malware, and would like to say a big thanks to you again. I will be cautious and keep a keen eye on our machines, it's been a good experience and I've learned a lot from you. TAgain, thank you very very much for your kind and patient help!

Wishing you and the whole MalwareRemoval team a great weekend,

Davvy
Davvy
Regular Member
 
Posts: 22
Joined: June 6th, 2012, 11:59 pm

Re: Potential Bot infection - Windows 7 can't boot

Unread postby Gary R » August 9th, 2015, 1:52 am

Glad to hear things are running smoother than they were.

So what we need to do now is to remove the tools we've been using to clean your computer, since because the way they work, some of them have sometimes been erroneously flagged as malware by heuristic processes. It's also a good idea if we remove any system restore points that might have been made while you were infected, since they too sometimes get flagged.

I didn't do it earlier, since I wanted to know things were running OK first.

So, for each machine we've checked ...

  • Please download delfix and save it to your desktop.
  • Right-click on delfix.exe and select " Run as administrator " to run it.
  • Check the following boxes ...
    • Remove disinfection tools
    • Purge system restore

    ... then click on Run.
  • Once it has finished, a notepad file named DelFix.txt will open. Post the contents of this notepad in your next reply.
  • The log can also be located at the root of the system drive, C:\DelFix.txt.

Also ...
Please read the article below which will give you a few suggestions for how to minimise your chances of getting another infection.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Potential Bot infection - Windows 7 can't boot

Unread postby Davvy » August 13th, 2015, 12:16 pm

Greetings, Gary!

I got swamped with work for the last several days, thus my reason for not being able to get back with you until today.

However I did finally get the delfix scans done today, and here are the logs, for all 3 of my machines. Thank you again for everything. So far all the computers have been working well, and I have not seen any crash on mine (maybe because I haven't played my WoW game at all for the last few days too). In any event, please let me know if there is anything else I should be doing. Have a great day, Gary. :-)
------------------
# DelFix v1.010 - Logfile created 13/08/2015 at 08:45:01
# Updated 26/04/2015 by Xplode
# Username : Davvy - ANTEC-902
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)

~ Removing disinfection tools ...


~ Cleaning system restore ...

Deleted : RP #17 [Installed Microsoft Office Professional Plus 2013 | 08/06/2015 02:26:01]
Deleted : RP #18 [PROPLUS | 08/06/2015 02:26:16]
Deleted : RP #19 [Windows Update | 08/06/2015 08:57:47]
Deleted : RP #20 [Windows Update | 08/06/2015 17:16:26]
Deleted : RP #21 [Windows Update | 08/06/2015 18:43:04]
Deleted : RP #22 [Windows Update | 08/09/2015 19:29:16]
Deleted : RP #23 [Device Driver Package Install: MagicISO, Inc. Storage controllers | 08/10/2015 06:09:08]

New restore point created !

########## - EOF - ##########
----------------------------------------------------------
# DelFix v1.010 - Logfile created 13/08/2015 at 08:55:59
# Updated 26/04/2015 by Xplode
# Username : Mailan - MAILAN-PC
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Mailan\Desktop\dds.scr
Deleted : C:\Users\Mailan\Desktop\dds.txt
Deleted : C:\Users\Mailan\Downloads\FRST64.exe
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis

~ Cleaning system restore ...

Deleted : RP #476 [Scheduled Checkpoint | 08/12/2015 23:16:15]

New restore point created !

########## - EOF - ##########
------------------------------------------------------------
# DelFix v1.010 - Logfile created 13/08/2015 at 08:59:34
# Updated 26/04/2015 by Xplode
# Username : usa - ALEX-I7PC
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : HKLM\SOFTWARE\AdwCleaner

~ Cleaning system restore ...

Deleted : RP #418 [Removed Java 7 Update 25 | 08/05/2015 22:55:15]
Deleted : RP #419 [Windows Update | 08/09/2015 07:08:27]
Deleted : RP #420 [Windows Update | 08/12/2015 20:36:08]

New restore point created !

########## - EOF - ##########
Davvy
Regular Member
 
Posts: 22
Joined: June 6th, 2012, 11:59 pm

Re: Potential Bot infection - Windows 7 can't boot

Unread postby Gary R » August 13th, 2015, 4:00 pm

No, nothing else to do, seems like everything has gone fine. Glad to hear you're not experiencing any problems.

So, we're finished.

Keep safe.

Gary

As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 103 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware