WiredWX Hobby Weather ToolsLog in

 


Removed Antivirus Action, now No Internet

2 posters

descriptionRemoved Antivirus Action, now No Internet - Page 2 EmptyRe: Removed Antivirus Action, now No Internet

more_horiz
Did everything you mentioned in the last post. Please see the log details below. 3 log files were generated:


1)
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4841

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

10/20/2010 1:28:14 PM
mbam-log-2010-10-20 (13-28-14).txt

Scan type: Quick scan
Objects scanned: 131547
Time elapsed: 10 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
------------------------------------------------------------------------------------------

2)
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4841

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

10/15/2010 2:31:58 PM
mbam-log-2010-10-15 (14-31-58).txt

Scan type: Quick scan
Objects scanned: 131992
Time elapsed: 11 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
------------------------------------------------------------------------------------------

3)
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4841

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

10/15/2010 2:15:38 PM
mbam-log-2010-10-15 (14-15-38).txt

Scan type: Quick scan
Objects scanned: 130933
Time elapsed: 6 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mprumdcj (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\user1\AppData\Local\Temp\ueapwlugh\feryfrgyhsn.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\user1\AppData\Local\Temp\045426ac.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
----------------------------------------------------------------------------------------

Thank you!

descriptionRemoved Antivirus Action, now No Internet - Page 2 EmptyRe: Removed Antivirus Action, now No Internet

more_horiz
How is your PC doing patdg?

descriptionRemoved Antivirus Action, now No Internet - Page 2 EmptyRe: Removed Antivirus Action, now No Internet

more_horiz
I just ran a full malwarebytes scan and 22 infected files were found. ALl of them said websearch. I removed them all.
I think Internet is working fine now. But maybe too soon to be sure since I just did the updates. Maybe use a couple days and see the performance.

Since after the virus I installed Kaspersky on it, everytime the program does updates, Internet slows down a bit. I guess I have to get used to it. But for whatever reasonI don't have this issue on my laptop during the Kaspersky updates. And it has Vista on it.
Is it normal for a PC to slow down in performance during updates?
How did all the log reports look?

I can't tell you enough how much I appreciate your help. Thank you again.

descriptionRemoved Antivirus Action, now No Internet - Page 2 EmptyRe: Removed Antivirus Action, now No Internet

more_horiz
I just ran a full malwarebytes scan and 22 infected files were found. ALl of them said websearch

Be carefull what you download. As WebSearch was not in your previous log/logs

Is it normal for a PC to slow down in performance during updates?

Yes it does. Also, If your Internet speed is fast one day and slow on another day? Talked to your ISP Server if this happens a lot. To test internet speed. Go to http://www.speedtest.net/

Your Computer is Clean
Removed Antivirus Action, now No Internet - Page 2 CLEAN-1


Some final items:


Follow these steps to uninstall Combofix and tools used in the removal of malware


  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the x and /)
    Removed Antivirus Action, now No Internet - Page 2 CF_Uninstall-1
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.


Here are some additional links for you to check out to help you with your computer security.

Browsers

Just because your computer came loaded with Internet Explorer doesn't mean that you have to use it, there are other free alternatives, FIREFOX and OPERA, both are free to use and are more secure than IE.

If you are using firefox you can stay more secure by adding NoScript and WOT (Web Of Trust)

NoScript stops Java scripts from starting on a web page unless you give permission for them, and WOT (Web Of Trust) has a comprehensive list of ratings for different websites allowing you to easily see if a website that you are about to go to has a bad reputation; in fact it will warn you to check if you are sure that you want to continue to a bad website.

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.


Additional Security Measures


Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

SpywareBlaster- SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

Cookienator- Scans your PC for tracking cookies in multiple browsers as well as in Adobe Flash.

Secunia software inspector & update checker

Visit My Blog for Malware and Spyware Tips


Removed Antivirus Action, now No Internet - Page 2 6567E80CC55576485246E130E48A9FA8



descriptionRemoved Antivirus Action, now No Internet - Page 2 EmptyRe: Removed Antivirus Action, now No Internet

more_horiz
I will do combofix uninstall as you mentioned.

Here is the log that I got from full scan Malwarebytes:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4841

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

10/21/2010 11:49:43 AM
mbam-log-2010-10-21 (11-49-43).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 263057
Time elapsed: 1 hour(s), 49 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 22

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{AFEA99AF-490C-456F-AADA-B5BA8FF5A67F}\RP51\A0047353.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AFEA99AF-490C-456F-AADA-B5BA8FF5A67F}\RP53\A0048424.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Windows.old\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Windows.old\Program Files\MSN Messenger\riched20.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Windows.old\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Windows.old\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Windows.old\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Windows.old\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Windows.old\Program Files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Windows.old\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Windows.old\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Windows.old\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Windows.old\Program Files\MyWebSearch\bar\1.bin\M3MEDINT.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Windows.old\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Windows.old\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Windows.old\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Windows.old\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Windows.old\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Windows.old\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Windows.old\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Windows.old\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Windows.old\Windows\system32\f3PSSavr.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.


Anything to worry about?

descriptionRemoved Antivirus Action, now No Internet - Page 2 EmptyRe: Removed Antivirus Action, now No Internet

more_horiz
Anything to worry about?

Nope. Smile...

descriptionRemoved Antivirus Action, now No Internet - Page 2 EmptyRe: Removed Antivirus Action, now No Internet

more_horiz
I removed combofix, and was checking Windows Update. My PC was set to check updates automatically. But when I clicked on the little 'flag' incon on bottom right of taskbar, and clicked on Windows update on the left pane, I saw the last update was done on 15th, that's when I had the virus attack. When I clicked to check for updates, I am not able to do it. I get his message:
An error occured when checking for new updates.
Code 80072EFE

So I clicked on the www.windows update link above and got the white error page:
IE cann't display the webpage.

descriptionRemoved Antivirus Action, now No Internet - Page 2 EmptyRe: Removed Antivirus Action, now No Internet

more_horiz
Might let Kaspersky know to access microsoft or use troubleshooter:

http://windows.microsoft.com/en-US/windows7/Windows-Update-error-80072ee2

1.Open the Kaspersky application Settings window
2.select Firewall under Protection.
3.Click on Settings under Filtration System.
4.In the Settings: Firewall window, select the Rules for Applications tab for MS udates.

descriptionRemoved Antivirus Action, now No Internet - Page 2 EmptyRe: Removed Antivirus Action, now No Internet

more_horiz
I think I need more directions here. I have Kasperksy 2010.
I went to Protections\Firewall
On the right side are two options:
Setting- Click Settings button to configure allowing and blocking rules for data transferring according to direction, protocol,port and distinations address.
Rules for Application Statuses-Configure Rules.

When I clicked on Setting there are 3 tabs:
Filtering Rules, Networks, Resources

There is no Rules for Application tab for MS updates.

descriptionRemoved Antivirus Action, now No Internet - Page 2 EmptyRe: Removed Antivirus Action, now No Internet

more_horiz
Disable Kaspersky Firewall and see if you can update windows. See site below:

http://www.ehow.com/how_6002548_disable-kaspersky-firewall.html

Be sure to set it back when you are done.

descriptionRemoved Antivirus Action, now No Internet - Page 2 EmptyRe: Removed Antivirus Action, now No Internet

more_horiz
I disabled Kaspersky fireweall and it still didn't work.
Anything else I can do?
Also my PC in general has gotten slower at times. Other times it works fine. But at times it "thinks" too much, even when I am not on the Internet. During those slow times it 'blinks" one or two times before returning to normalcy. Could it be due to the installation of different programs trying to get clean my PC?
I also have Kaspersky on my laptop and I have no performance issue.

descriptionRemoved Antivirus Action, now No Internet - Page 2 EmptyRe: Removed Antivirus Action, now No Internet

more_horiz
A fragmented drive causes a slow system.
Easy steps to defragment your drive:


1. open My Computer.
2. Rightclick on the drive you want to defragment and select "Properties".
3. Click on the Tools tab.
4. Select Defragment Now....

As for Windows updates:

Please visit the links HERE and HERE first to read about this new Microsoft tool!

Then you can download and use: Removed Antivirus Action, now No Internet - Page 2 Logo_FixIt_Final Microsoft Fix it Center Online
Microsoft Fix it Center Client contains troubleshooters that help detect issues on target PCs and solve them on demand or proactively before you even know they exist!
It finds and fixes many common PC and device problems automatically. It also helps prevent new problems by proactively checking for known issues and installing updates. Fix it Center helps to consolidate the many steps of diagnosing and repairing a problem into an automated tool that does the work for you.

Microsoft Fix it Center makes getting support easier than ever, with tools that help solve the issues you have now and prevent new ones.



  • Easy to Install and Run: Easy-to-use wizards will guide you through the set-up process and help you anytime you need support.

  • Automated: With automated troubleshooters, Fix it Center helps solve issues with your PC, even if you're not sure what the exact problem is. Fix It Center scans your device to diagnose and repair problems, then gives you the option to "Find and fix" or to "Find and report.

  • Preventive Care: By helping you find and fix issues before they become real problems, Fix it Center helps keep your PC running smoothly and automatically downloading the latest solutions.


Let me know after you had run all the troubleshooters on your pc if it corrected your problem.


descriptionRemoved Antivirus Action, now No Internet - Page 2 EmptyRe: Removed Antivirus Action, now No Internet

more_horiz
Hi,
PC has gotten a bit faster, still testing it out. But Fix It did not work when I tried to run it both from the website and by saving on my desktop.
Error Message:
Fix It Center Setup encountered an error.
An unexpected error has occured. Please close and try to run setup again later.

I will try at a later time, hoping it would work.
Thanks

descriptionRemoved Antivirus Action, now No Internet - Page 2 EmptyRe: Removed Antivirus Action, now No Internet

more_horiz
Sorry to say still slow, at times freezes and I have to do a force shutdown.
Still can't update windows or run fixit.

descriptionRemoved Antivirus Action, now No Internet - Page 2 EmptyRe: Removed Antivirus Action, now No Internet

more_horiz
Still the same issue as above, on top of it have search engine redirect error.
I have been using yahoo, when search for something, the list of result is displayed. But clicking on any result, redirects me to a different website, very annoying, so using google now, so far works.
I will run full scan tomorrow for malwarebytes, maybe it will pick up the search engine errror as it did before.

descriptionRemoved Antivirus Action, now No Internet - Page 2 EmptyRe: Removed Antivirus Action, now No Internet

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum