Solved General Security related to my computer.

September 24, 2013 at 23:57:02
Specs: Windows 7, 2.2 GHz / 2810 MB
Hello how are you? My question is related to the security of my computer. I wanted help on reviewing and determing what files, drivers, services (other admin tasks) need to be changed, removed and deleted. Do I have any virus infections? Specifically one example from last nite:
While using my internet explorer I had quite a few tabs opened while browsing the internet. Then my mouse arrow started bouncing around, therefore I had no control of useing my mouse. Then I received a pop-up (similar to the window that comes up after you enter to shutdown your computer. The window came up and said 'do you want to exit Windows now'. I quickly pressed a cancel option. Then it was like someone took control of my screen working on closing tabs in internet explorer, After all that was one I had access to internet explorer. Each time i went to
open up a toolbar or any of my dropdown menu items and command toolbar icons, the computer froze up. However, the arrow from my mousekey was taken over and started to fix everything? And later moved my pictures on my desktop into a folder, and then set-up a folder under my libraries section.
s

See More: General Security related to my computer.

Report •


#1
September 25, 2013 at 01:04:57
✔ Best Answer
Oh yeah, you've got some malware floating around there. You can start off by running something simple like malwarebytes:

http://www.filehippo.com/download_m...

and see what it picks up. If you're using a different computer now (instead of the infected one) copy the malwarebytes file to a cd or flash drive and run it that way on the other computer. If you have problems running things in normal mode then run it in safe mode.


Report •

#2
September 25, 2013 at 13:40:57
Hi DaveInCaps

I performed a quick scan with malwarebytes with no objects/items to report. I will run a full system scan this afternoon, and then get back with you.

Thank you for offering to help me with my computer security.

Jeff


Report •

#3
September 25, 2013 at 14:40:20
"I will run a full system scan this afternoon, and then get back with you"

Next step after that, is > Run ESET Online Scanner, Copy and Paste the contents of the log please. This scan may take a very long while, so please be patient. Maybe start it before going to work or bed.
http://www.eset.com/us/online-scann...
http://www.eset.com/home/products/o...
You may have to download ESET from a good computer, put it on a flash/thumb/pen drive & run it from there, if your comp is unbootable, or won't let you download.
Create a ESET SysRescue CD or USB drive
http://kb.eset.com/esetkb/index?pag...
How do I use my ESET SysRescue CD or USB flash drive to scan and clean my system?
http://kb.eset.com/esetkb/index?pag...
Configure ESET this way & disable your AV.
http://i.imgur.com/3U7YC.gif
How to Temporarily Disable your Anti-virus
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Which web browsers are compatible with ESET Online Scanner?
http://www.nod32.fi/eset-online-sca...
http://kb.eset.com/esetkb/index?pag...
Online Scanner not working
http://kb.eset.com/esetkb/index?pag...
Why Would I Ever Need an Online Virus Scanner?
I already have an antivirus program installed, isn't that enough?
http://www.squidoo.com/the-best-fre...
Once onto a machine, malware can disable antivirus programs, prevent antimalware programs from downloading updates, or prevent a user from running antivirus scans or installing new antivirus software or malware removal tools. At this point even though you are aware the computer is infected, removal is very difficult.
5: Why does the ESET Online Scanner run slowly on my computer?
If you have other antivirus, antispyware or anti-malware programs running on your computer, they may intercept the scan being performed by the ESET Online Scanner and hinder performance. You may wish to disable the real-time protection components of your other security software before running the ESET Online Scanner. Remember to turn them back on after you are finished.
17: How can I view the log file from ESET Online Scanner?
http://kb.eset.com/esetkb/index?pag...
http://www.eset.com/home/products/o...
The ESET Online Scanner saves a log file after running, which can be examined or sent in to ESET for further analysis. The path to the log file is "C:\Program Files\EsetOnlineScanner\log.txt". You can view this file by navigating to the directory and double-clicking on it in Windows Explorer, or by copying and pasting the path specification above (including the quotation marks) into the Start ? Run dialog box from the Start Menu on the desktop.
If no threats are found, you will simply see an information window that no threats were found.
http://www.trishtech.com/security/s...


Report •

Related Solutions

#4
September 25, 2013 at 15:49:54
Here are the results of the Malwarebytes Quick Scan:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.10.12

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Hockey Puck Matthew :: JEFFLAPTOP [limited]

9/25/2013 2:45:06 PM
mbam-log-2013-09-25 (14-45-06).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 191769
Time elapsed: 5 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
C:\Users\Hockey Puck Matthew\Desktop\

(end)


Report •

#5
September 25, 2013 at 15:52:47
Here are Malwarebytes log results from the FULL SCAN:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.25.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Hockey Puck Matthew :: JEFFLAPTOP [limited]

9/25/2013 3:43:51 PM
mbam-log-2013-09-25 (15-43-51).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 337659
Time elapsed: 1 hour(s), 50 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)


Report •

#6
September 25, 2013 at 18:15:50
I thought malwarebytes would have picked up something but go ahead and do the ESET scan John recommends. It'll dig deeper than malwarebytes.

Report •

#7
October 1, 2013 at 05:47:09
Hockeyguymatt
Anyway to run as administrator as the log shows you are a limited account.

message edited by thetechwizard112


Report •

#8
October 2, 2013 at 03:31:42
Hello:
Just wanted to let you know that the ESET program identified 4 items for removal.
1) I performed a system restore in 'safe mode'
2) Reviewed Norton Security History and found several activities where the IPS - Intrustion Prevention Services FAILED.
3) Norton performed an activity called Norton 'AUTO FIX'
4) Norton Security History Activities seemed to be able reconstruct/correct/trace/remove any and all activities related to the Intrusion which penetrated the firewall as a svchost ACTOR using csrss.exe.

My question: Do Norton Security Products have that type of capability to FLAG and clean up malware after the penetration? I every once in a while read Norton Security History Logs, and it seems as though the program records an activity for SUBMISSION. Then Intrusion Prevention Definitions are submitted, some seem to back date problems, and others seem to become active current.

Thank you sooo much for your help. Each suggestion you gave me, helped me to navigate to a next step solution.

message edited by hockeyguymatt


Report •

#9
October 2, 2013 at 03:39:19
"ust wanted to let you know that the ESET program identified 4 items for removal"
hockeyguymatt, can you Copy & Paste the contents of that log please.

" Do Norton Security Products have that type of capability to FLAG and clean up malware after the penetration?"
Norton's job like any AV is to warn you & stop the user clicking.
In today's environment, once that warning has been ignored, it's too late & special tools have to be used. Eset is probably just a 1st step.


Report •

#10
October 2, 2013 at 04:05:22
JohnW:

I am going to try and locate the Eset Log that was created -- and directed me to the recommended items for removal. I'm wondering if the log might be in the hidden app/localapp/roaming directories? I did a seach in the windows - start - search box for Eset but it didnt pull up a log file.


Report •

#11
October 2, 2013 at 04:13:53
As per my post #3

"The ESET Online Scanner saves a log file after running, which can be examined or sent in to ESET for further analysis. The path to the log file is "C:\Program Files\EsetOnlineScanner\log.txt". You can view this file by navigating to the directory and double-clicking on it in Windows Explorer, or by copying and pasting the path specification above (including the quotation marks) into the Start ? Run dialog box from the Start Menu on the desktop."


Report •

#12
October 2, 2013 at 04:21:26
JohnW:

I wrote a general note about the 4 items that were removed: The files/regkeys were all related to the AskToolbar...APN Install Manager.....that i never intentionally downloaded to my computer. I felt it was safe to remove since i never used or selected as a approved toolbar.
Re: Eset Is it possible that when i performed the system restore in 'safe mode' that the Eset Program and related files were removed since the system was going back to an earlier period. I just cant even remember coming across the program file or log since i completed the steps that i explained earlier. Sorry if i have another problem...i will just stick with your step by step instructions. i guess i am happy that the problem has been resolved. But again the instructions you gave me kind of led me to another resolution.

message edited by hockeyguymatt


Report •

#13
October 2, 2013 at 04:25:27
Ok, lets dig deeper & get the remnants.

1: Download & run Unhide
http://www.bleepingcomputer.com/for...
http://download.bleepingcomputer.co...
To run Unhide, simply download it to your desktop and then double-click on the Unhide icon. The program will open a black box and start making the files on your fixed disks visible again. Please note, that this program will not unhide removable drives like flash cards and usb drives as the FakeHDD rogues do not target these types of drives. Once it has finished, the program will display a Windows alert stating that your files have been restored. You should then reboot your computer for all of the settings to go into effect.
Copy & Paste the contents of the log. Let me know if it doesn't produce a log please.

2: Reboot

3: Run AdwCleaner
http://www.softpedia.com/get/Antivi...
http://www.softpedia.com/progScreen...
http://general-changelog-team.fr/en...
http://www.raymond.cc/blog/adwclean...
Please download AdwCleaner by Xplode onto your desktop.
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Delete.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please Copy & Paste the contents of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

4: Run Junkware Removal Tool
http://www.softpedia.com/get/Securi...
http://www.softpedia.com/progScreen...
http://www.bleepingcomputer.com/dow...
http://thisisudax.blogspot.com.au/2...
Download Junkware Removal Tool to your desktop.
Warning! Once the scan is complete JRT will shut down your browser with NO warning.
Shut down your protection software now to avoid potential conflicts.
Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Run the tool by double-clicking it. If you are using Windows Vista or Windows 7/8, right-click JRT and select Run as Administrator
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Copy and Paste the contents of the JRT.txt log please.


Report •

#14
October 2, 2013 at 04:38:37
Got it....Is it ok if i run these programs later this afternoon? I have an appointment this morning. Also, i wanted to let you know that i am able to run MalwareBytes without the limits (if related to running as an admin). Question,,,regarding the files that are unhidden and placed on my fixed disk.....will i be able to hide/delete them again? Also, does the system restore function have any relationship with unhiding files? I cleaned up my disk by deleting all prior system restore points except for the most current.

message edited by hockeyguymatt


Report •

#15
October 2, 2013 at 04:45:20
"Is it ok if i run these programs later this afternoon?"
Sure I will probably be in bed. I'm here.
http://www.timeanddate.com/worldclo...

"will i be able to hide/delete them again?"
We shall reset that if necessary when finished.

" Also, does the system restore function have any relationship with unhiding files?"
Nope.


Report •

#16
October 2, 2013 at 04:54:06
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.02.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Jeffrey WM Land :: JEFFLAPTOP [administrator]

10/2/2013 6:45:18 AM
mbam-log-2013-10-02 (06-45-18).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 233115
Time elapsed: 7 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Report •


Ask Question