Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Jul 28, 2014 13:51:34 GMT -8
Tools and Quarantines we used to be removed Please download DelFix by Xplode to your Desktop. toolslib.net/downloads/viewdownload/2-delfix/Double-click to run the program; Note: Windows Vista/7/8 users right-click and choose Run as administrator Make sure the Remove Disinfection tools is ticked / selected in the list Click RUNA log will be opened after the operation is finished Copy and Paste it in your next reply Quads
|
|
|
Post by avidtr on Jul 29, 2014 11:13:39 GMT -8
Hi Quads.
When I right-click on delfix_10.8.exe and run as administrator Norton File Insight appears saying “Program behaving suspiciously on your computer. This program was removed”. It mentions Threat Name: SONAR.Heuristic.120
delfix screen did not appear. Program was removed.
I wonder can I remove the various disinfection programs manually from the relevant c: drive folders ?
Thanks.
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Jul 29, 2014 14:54:52 GMT -8
Just disable Norton for a short time
Quads
|
|
|
Post by avidtr on Jul 30, 2014 7:51:04 GMT -8
Thank you Quads for your continuing time on this. I appreciate it.
I will do as you advise, and also disable broadband for the duration. Before proceeding can I please ask your opinion on whether the Norton occurrence with delfix is likely a true positive or a false positive, Either way I'm somewhat puzzled and concerned. I wonder is there a reasonable explanation ?
It's just that after all our efforts and being this close to the objective, I certainly don't want to add to the issue!
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Jul 30, 2014 10:24:56 GMT -8
A true positive would mean that it is correctly detected. No I would say it is a False Positive by SONAR, I can't see it as any other, Possibly a piece of malware somewhere is now detected (correctly) but delfix is now detected as a close match to something bad. I am use to that happening with OTL and Combofix, not Delfix oh well. See the bottom few posts of this page qmalwareremoval.freeforums.net/thread/192?page=3 the user used it and gave the log after for Delfix. Quads
|
|
|
Post by avidtr on Jul 30, 2014 11:52:36 GMT -8
Thanks for the reassurance Quads !
Please see log at end.
Can I please briefly ask you about a pdf reader. The PC came with Adobe Acrobat Reader, but as part of the removals etc, it seems to have disappeared. Is it best to avoid Adobe Reader ? If so can you recommend a good and safe alternative ?
I now it's a big question (!), but would you recommend avoiding any other commonly used/available utilities etc that might act as a carrier for these nasties?
Thanks again for all your assistance.
# DelFix v10.8 - Logfile created 30/07/2014 at 20:41:15
# Updated 29/07/2014 by Xplode
# Username : owner - MICHAEL
# Operating System : Windows 8.1 (64 bits)
~ Removing disinfection tools ...
Deleted : C:\_OTL
Deleted : C:\Users\owner\Desktop\Addition.txt
Deleted : C:\Users\owner\Desktop\AdwCleaner .zip
Deleted : C:\Users\owner\Desktop\Extras.Txt
Deleted : C:\Users\owner\Desktop\Fixlog.txt
Deleted : C:\Users\owner\Desktop\FRST.txt
Deleted : C:\Users\owner\Desktop\OTL.Txt
Deleted : C:\Users\owner\Desktop\OTL.exe
Deleted : C:\Users\owner\Downloads\AdwCleaner.exe
Deleted : C:\Users\owner\Downloads\esetsmartinstaller_enu.exe
Deleted : C:\Users\owner\Downloads\FRST64.exe
Deleted : C:\Users\owner\Downloads\OTL.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner
########## - EOF - ##########
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Jul 30, 2014 16:22:31 GMT -8
Adobe download site is here get.adobe.com/reader/ the software does get updates all the time. UNTICK the optional offer on that site for Mcafee as you have NortonQuads
|
|
|
Post by avidtr on Aug 1, 2014 9:24:24 GMT -8
Thank you Quads for your superb assistance over the last few weeks. I really appreciate it.
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Aug 1, 2014 10:10:46 GMT -8
You are free to go on your merry way. You are now fixed / Solved.
Quads
|
|
|
Post by avidtr on Aug 1, 2014 10:22:09 GMT -8
Wonderful news !! Thanks again.
|
|