Computing Staff
  • 0

System Virus? Need Some Help

  • 0

While on my other computer, running AOL and on Facebook, I received a box on the screen titled JavaScript –

Windows has detected some suspicious activity from your IP address. Some Spyware may have caused a security breach at your network location.

Then it says it found 36 threats. And my personal and financial information might be at risk and to call a 1-866 number for security check. do not try to remove the virus manually.

My other computer is Win 7 Home, relatively new. I just ran AVG free and it found nothing. I can’t click out of anything on the screen and can’t close out of anything on the screen. or shut it down the conventional way.

Need some advice please.


1 Answer

  1. “hope this is right”
    Yep, we are getting there.

    Copy & Paste the text in Blue below & save it into Notepad on your Desktop & name it fixlist.txt
    NOTE: It is important that Notepad is used. The fix will not work if Word or some other program is used.
    NOTE: It is important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

    GroupPolicy: Restriction – Chrome <======= ATTENTION
    GroupPolicyScripts: Restriction <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-2277337054-3082054672-1405126948-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://;=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://;=msnhome
    HKU\S-1-5-21-2277337054-3082054672-1405126948-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://;=iesearch
    HKU\S-1-5-21-2277337054-3082054672-1405126948-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://
    SearchScopes: HKLM-x32 -> {FCD0B440-9668-4F0C-A3B9-F057CE450973} URL = hxxp://{searchTerms}&s;_it=clireset-ie
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-2277337054-3082054672-1405126948-1000 -> DefaultScope {F463C197-90EE-448D-83A4-474AECACDBAD} URL = hxxp://{searchTerms}&s;_it=clireset-ie
    SearchScopes: HKU\S-1-5-21-2277337054-3082054672-1405126948-1000 -> {F463C197-90EE-448D-83A4-474AECACDBAD} URL = hxxp://{searchTerms}&s;_it=clireset-ie
    FF Keyword.URL: hxxp://;=
    FF Extension: AOL Toolbar – C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\xhdl6odd.default-1408823845695\Extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1} [2016-01-02] [not signed]
    FF HKU\S-1-5-21-2277337054-3082054672-1405126948-1000\…\Firefox\Extensions: [] – C:\Program Files (x86)\Ninja Loader\FireFox => not found
    S3 InnovativeSolutions_monitor; C:\Program Files (x86)\Common Files\Innovative Solutions\Advanced Uninstaller\InnovativeSolutions_monitor_Svr.exe [X]
    S3 MozillaMaintenance; “C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe” [X]
    S2 NinjaLoaderService; no ImagePath
    S2 TuneUp.UtilitiesSvc; no ImagePath
    S3 TuneUpUtilitiesDrv; no ImagePath
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S3 cpuz134; \??\C:\Users\user\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
    Download Updater (AOL Inc.) (HKLM-x32\…\SoftwareUpdUtility) (Version: – AOL Inc.) <==== ATTENTION
    Task: {F4AACBBA-9B0E-47E6-9178-3BFFEE072D70} – \Uninstaller_SkipUac_Administrator -> No File <==== ATTENTION

    Open FRST/FRST64 and press the Fix button just once and wait.
    If for some reason the tool needs a restart, please make sure you let the system restart normally. After that, let the tool complete its run.
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please Copy & Paste the contents into your reply.

    • 0