WiredWX Hobby Weather ToolsLog in

 


Scammed-need to clear computer of contamination!

2 posters

descriptionScammed-need to clear computer of contamination! - Page 2 EmptyRe: Scammed-need to clear computer of contamination!

more_horiz
After 3 hours+ and only being at 47%, I left the computer running at a friend's house. This morning, the power seemed to be off and needed to be restarted but amazingly found on the desktop everything the way I had left it and still at 47% but still scanning files. After 21+ hours it finally went from 78% to done!! It said that there were no threats (amazing) and gave me no option for the button "List of Found Threats" or "Export to text file"...only an option to Finish. So I found the log thanks to your posting where I could find it in the ESET program files.  Here is the log:

ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=1e44cf19a861ce4ba2b8376f6b3fcb43
# engine=18117
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-05-02 06:31:03
# local_time=2014-05-02 02:31:03 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode=5122 16777214 66 62 0 25360149 0 0
# compatibility_mode=5893 16776574 100 94 1030033 23015156 0 0
# scanned=5742
# found=0
# cleaned=0
# scan_time=127
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=1e44cf19a861ce4ba2b8376f6b3fcb43
# engine=18117
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-05-03 05:01:02
# local_time=2014-05-03 01:01:02 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode=5122 16777214 66 62 0 25441148 0 0
# compatibility_mode=5893 16776574 100 94 1111032 23096155 0 0
# scanned=208165
# found=0
# cleaned=0
# scan_time=80885

descriptionScammed-need to clear computer of contamination! - Page 2 EmptyRe: Scammed-need to clear computer of contamination!

more_horiz
How's the computer now? Any other issues?

descriptionScammed-need to clear computer of contamination! - Page 2 EmptyRe: Scammed-need to clear computer of contamination!

more_horiz
I didn't remove any of the ESET scan downloads....and have closed out those screens.......?

descriptionScammed-need to clear computer of contamination! - Page 2 EmptyRe: Scammed-need to clear computer of contamination!

more_horiz
"by Superdave on Sat 03 May 2014, 2:10 pm
How's the computer now? Any other issues?"

My computer has run smoothly all along but I was concerned about threats, changes of settings and all these programs that were installed and staring at me on my desk top (see my initial post):

1. Are you saying my computer is clear...no problems?
2. other issues: when I boot up, I see a flash of the black run window and at the same time it shows an icon on the task bar but both are gone in a flash. I don't remember seeing this prior to this hacking/technician event....maybe this doesn't have anything to do with it or maybe someone can access my computer thru this???? (He did change settings here and there and I took photos while he did it...and I don't know what those changes imply)

3. Previously, I had a house button on the task bar and it was sort of like a START button....had put off exploring it but now it's not there.....was it removed somewhere along all of this??
4. The regular icon for Mozilla/Firefox appears as a sheet with a turned down corner....how do I get back the regular fox in a circle icon back???
5. what do I do with all these programs that were installed??? 4 have MS blue & yellow shields on them...does that mean they have been OKed???



descriptionScammed-need to clear computer of contamination! - Page 2 EmptyRe: Scammed-need to clear computer of contamination!

more_horiz
Did you still want me to run Security Check by screen317?

descriptionScammed-need to clear computer of contamination! - Page 2 EmptyRe: Scammed-need to clear computer of contamination!

more_horiz
Previously, I had a house button on the task bar and it was sort of like a START button....had put off exploring it but now it's not there.....was it removed somewhere along all of this??

I'm not sure about that button. I've never seen it before. Is it something you installed yourself?
The regular icon for Mozilla/Firefox appears as a sheet with a turned down corner....how do I get back the regular fox in a circle icon back???

Your best bet would be to uninstall and re-install Firefox.
what do I do with all these programs that were installed??? 4 have MS blue & yellow shields on them...does that mean they have been OKed???

You may keep AdwCleaner and MBAM and run them on a regular basis, if you have room for them.
Did you still want me to run Security Check by screen317?.

I just wanted to see what you have for protection but this next scanner will tell me.

Download Combofix from any of the links below, and save it to your DESKTOP.
If your version of Windows defaults to you download folder you will need to copy it to your desktop.

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

  • Close any open windows and double click ComboFix.exe to run it.

    You will see the following image:

Scammed-need to clear computer of contamination! - Page 2 NSIS_disclaimer_ENG

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:

Scammed-need to clear computer of contamination! - Page 2 NSIS_extraction

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.

Scammed-need to clear computer of contamination! - Page 2 RcAuto1

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Scammed-need to clear computer of contamination! - Page 2 Whatnext

Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

descriptionScammed-need to clear computer of contamination! - Page 2 EmptyRe: Scammed-need to clear computer of contamination!

more_horiz
"To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure."

I am unsure and the "here" link comes up with an "error|PC Help Forum" (and I'm logged in). need new link, please.

descriptionScammed-need to clear computer of contamination! - Page 2 EmptyRe: Scammed-need to clear computer of contamination!

more_horiz
Sorry, To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

descriptionScammed-need to clear computer of contamination! - Page 2 EmptyRe: Scammed-need to clear computer of contamination!

more_horiz
1. Thank's for the new link, however, McAfee LiveSafe-Internet Security (the 30 day trial included with this new computer) is not listed.  I tried the other McAfee options to see if they led me to possibly disabling it. Will turning off the Real-Time scanning be ENOUGH? or do I need to turn something else off as well? like the firewall? I checked to see if the Windows firewall was on but it said that it was under the control of McAfee (which expires in 11 days but I would like to delete the whole thing and install Panda in the next 5 days).

2. Do I need to also disable Malwarebytes, which opened upon bootup, for the first time today, and said that I was updated and protected! And what about all that other stuff that was put on my computer: Anti Hacker, AFT Cleaner, Webshield, Computer Performance, Event C, & CCleaner???? Do any of these need to be disabled? (I have not even opened them and don’t know if they are actively running).

3. I thought that I’d download ComboFix and be ready for your responses. While trying to do this, suddenly McAfee said that I had a Trojan:
Item: Wcj+TfdH.exe.part     Threat:   Artemis!D0270A3C736B  
and was put in quarantine...no further actions were necessary. I tried to download 3 more times with the other Artemis items being E4LK7Y0y.exe.part and twice it was ComboFix.exe

4. So, I realized that I needed to turn off McAfee's Real-Time scanning just to download ComboFix. I did that, without McAfee’s interference, put the icon on the desktop & double clicked; I got the following message and have no idea where to look to change the “Modes”:
“ComboFix is not meant to run in ‘Compatibility Mode’.  The program shall now exit”.
FYI, I am now back home and hope to respond more quickly....thanks for your patience and guidance.

descriptionScammed-need to clear computer of contamination! - Page 2 EmptyRe: Scammed-need to clear computer of contamination!

more_horiz
It appears that bleeping computer is the designated site (?) for combofix based on this following guide: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

so I assume they have the latest version. I believe that I chose the BC link that you offered to download from. It appears that combofix is still not compatible with 8.1....Do you want me to uninstall it, make sure it is downloaded from BC and try again? what do you want me to do next?

descriptionScammed-need to clear computer of contamination! - Page 2 EmptyRe: Scammed-need to clear computer of contamination!

more_horiz
In my reading about Combofix, it says to basically NOT touch or click on the computer. This brings me to my concern about any of these scans...before doing them, is it OK to go to Power options>change when the computer sleeps>and since I have it plugged in, choose to NEVER put the computer to sleep?....so that I don't have to jiggle the mouse or tap something......?

descriptionScammed-need to clear computer of contamination! - Page 2 EmptyRe: Scammed-need to clear computer of contamination!

more_horiz
Will turning off the Real-Time scanning be ENOUGH?

That's it.
or do I need to turn something else off as well? like the firewall?

Only if it interferes with the running of CF.
Do I need to also disable Malwarebytes, which opened upon bootup, for the first time today, and said that I was updated and protected! And what about all that other stuff that was put on my computer: Anti Hacker, AFT Cleaner, Webshield, Computer Performance, Event C, & CCleaner???? Do any of these need to be disabled? (I have not even opened them and don’t know if they are actively running).

No, that shouldn't be necessary.

is it OK to go to Power options>change when the computer sleeps>and since I have it plugged in, choose to NEVER put the computer to sleep?....so that I don't have to jiggle the mouse or tap something......?.

Try changing the settings before running CF.

descriptionScammed-need to clear computer of contamination! - Page 2 EmptyRe: Scammed-need to clear computer of contamination!

more_horiz
I just turned off the Real time scanning in McAfee, changed the power options to Never and double clicked on the CF icon and again (as I mentioned two posts ago-above) I got the following message and have no idea where to look to change the “Modes”:
“ComboFix is not meant to run in ‘Compatibility Mode’.  The program shall now exit”. What do I do?

descriptionScammed-need to clear computer of contamination! - Page 2 EmptyRe: Scammed-need to clear computer of contamination!

more_horiz
Ok, here's what I found in my Windows 8 about compatibility. You can access it by going to Start, Control Panel and clicking on Troubleshooting. Click on Programs to run ComboFix in normal mode.

Program Compatibility Assistant

When you install or run an app, Windows monitors the app for symptoms of known compatibility issues. If it finds an issue, Program Compatibility Assistant provides some recommended actions that you can take to help the app run properly on Windows 8.

Note that Program Compatibility Assistant doesn't monitor apps that work at low system levels (for example, kernel mode drivers, security, and backup apps). Due to the dependency of these apps on Windows system internals, you generally can't apply compatibility fixes to them.

If you try to run an app with known incompatibilities, you'll see a message telling you about the problem, and, depending on the severity of the problem, Program Compatibility Assistant might prevent the app from running.

Troubleshoot for app compatibility

1.
From Start, swipe in from the right edge of the screen and then tap Search (or if you're using a mouse, point to the upper-right corner of the screen, move the mouse pointer down, and then click Search).

2.
Enter troubleshoot in the search box, choose Settings, and then choose Troubleshooting.

3.
Tap or click Run programs made for previous versions of Windows.

4.
Follow the steps provided.

Apply a compatibility mode

If you know the compatibility mode that your app needs to run, here is how to apply it:
1.
From Start, enter the name of the app you want to run in compatibility mode, and in the search results list, swipe down or right-click to select the app, and choose Open file location.

2.
In File Explorer, swipe down on the app or right-click it, and choose Properties.

3.
In the Properties dialog, choose the Compatibility tab.

4.
Select the compatibility mode and other options you want to apply, and then click OK.

In addition to different operating system compatibility modes, you can also run apps in reduced color modes or with administrator permissions. You can apply the settings for everyone who uses the computer or only for you.

descriptionScammed-need to clear computer of contamination! - Page 2 EmptyRe: Scammed-need to clear computer of contamination!

more_horiz
OK…..I have been messing with this all evening and feel that I am spinning my wheels, banging my head against the wall and dead in the water! Here’s what I did:

First I disabled McAfee.
Since 8.1 does not have a Start button (at least like win7), the closest thing that I can do is press the WIN-logo-key + X >an options window opens in lower left corner on Desktop>
Clicked control panel > under System and Security clicked Find and Fix problems>
“Troubleshooting” window opens>
Under Programs, I chose “Run programs made for previous version of Windows”>
“Program Compatibility Troubleshooter” opens>
Click NEXT> “detecting issues” scans and generates a list of programs (are these all my programs or just specific programs that have issues?-some 64+ programs….must be everything on the computer)
“Select the program you’re having problems with”
Click on “ComboFix NSIS Installer” to highlight>
Click NEXT
“Select Troublshooting option:”

Option 1) Try recommended settings –select this option to test run program using recommended compatibility settings

Option 2) Troubleshoot program – select this option to choose compatibility settings based on problems you notice

I chose to click option 1, try recommended settings.
“Test Compatibility settings for the program” opens :
It states: Settings applied to ComboFix NSIS Installer: Windows compatibility mode: Windows 7”
“You need to test the program to make sure these new settings fixed the problem before you can click NEXT to continue.” So I clicked on the button that says “Test the program…”
ComboFix window opens: “ComboFix is not meant to run in ‘Compatibility Mode’.  The program shall now exit.”……!!!!!! Sad tearing

Click OK and instead of choosing NEXT, I chose CANCEL.
Back to Program Compatibility Troubleshooter, re-choose ComboFix, troubleshoot program, and this time chose option 2 listed above, “Troubleshoot Program” window opens>
“What problems do you notice?” with 4 choice boxes to check off.
-The program worked in earlier versions of windows but won’t install or run now (hovering over the box pops up “Example: the setup program won’t begin”)

-The program opens but doesn’t display correctly

-The program requires additional permissions (Example: Access denial errors appear, or the program requests administrative permissions to run.”)

-I don’t see my problem listed

NEXT     or      CANCEL……I chose cancel….because I really didn’t know what I was getting into.

Up to this point, this would all follow YOUR instructions and the first set of steps 1-4 “Trouble shoot for app compatibility” that you posted.

"APPLY a Compatibiliity Mode" follows (the next 4 steps that you posted):
Step 1-since I don’t have a start button, I pulled up search, which came from the Charms area-the right>
Typed ComboFix and first listed was the Combo icon.  I figured that was the application, but I could not right click on it. …and so could not Open File Location as a result!
Step 2- Win-logo-ket+X>
Chose File Explorer> clicked the desktop>scrolled to find ComboFix (not a shortcut but the actual application-and btw, it has one of those MS blue & yellow shields on it)>
Right clicked on it>properties>
Step 3-click Compatibility tab
Step 4-“Run this program in Compatibility mode for:” It had a drop-down menu and had selected Win7. I checked the box next to it and it allowed me to make another choice. Win7 had already not worked so I chose Win8.  There was not 8.1 option. There was NO option it run it in NORMAL mode, either.
I clicked APPLY and then OK.  The window closed.

Double clicked ComboFix and got that old familiar song:
“ComboFix is not meant to run in ‘Compatibility Mode’.  The program shall now exit.”……!!!!!! Sad tearing

Closed everything out. Turned McAfee back on, and did some reading up on ComboFix at Bleeping Computer.
At http://www.bleepingcomputer.com/forums/t/511930/how-do-i-get-combofix-to-run-on-windows-81/ on April 18, 2014, they say "This program does not work on Windows 8.1 at this time!"
At http://www.bleepingcomputer.com/forums/t/533021/combofix-for-windows-81/ one week ago, someone asked Is there COMBO FIX software being developed to be compatible in a Windows 8.1 OS? And amongst their answers is
“sUBs (the creator of ComboFix-who seems to have a connection with BC) has advised that he is holding off releasing any working version of his tools for Windows 8.1 which includes both ComboFix and DDS. Meaning he is fully aware of the compatibility issue but needs time for thorough testing to ensure they work safely on that OS.”
I have not asked them for help over there at BC, it’s just that every question involving ComboFix that I google leads me back to their site.
 I think we are barking up the wrong tree at this point involving the use of ComboFix for 8.1.

I never scanned with Security Check…do you still want me to do that?

What should I do next? :/

Last edited by macmanetz on 10th May 2014, 5:25 am; edited 1 time in total (Reason for editing : clarity)

descriptionScammed-need to clear computer of contamination! - Page 2 EmptyRe: Scammed-need to clear computer of contamination!

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum