fred
New Helpee
Posts: 7
|
Post by fred on Dec 11, 2013 9:38:49 GMT -8
Hi. Our computer is a 32 bit Compaq-Presario Dual CPU E2160 @ 1.80GHz with 4GB ram and running Vista Ultimate. A recent scan with Malwarebytes found an infection called PUP.Optional.Hao123.A which Malwarebytes removed. However, prior to and following the Malwarebytes scan we were experiencing significant system slowdown (particularly when online), the computer started hanging a lot and we are now getting a large number of alerts informing that Shockwave has stopped working (with the options of wait for it Shockwave to restart or cancel the software).
Any ideas.
Regards Fred.
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Dec 11, 2013 9:56:49 GMT -8
Malware removal can be difficult over a forum as it is, without a user doing their own actions, the tools used are more advanced and thus have added danger that comes with that. This board is protected so that only Malware removers, Admin and Mods can reply to a users thread but all members can create a thread asking for removal of Infection(s)
Make changes to your computer only when the Malware Expert specifically states it. The Malware Experts request specific steps to be followed, as some malware removal requires multiple steps and evaluations along the way. When you take other advice or make other changes, this often negates the work done by the expert, and can sometimes result in an inoperable system. This also includes any tools or steps other than those the from the Malware Expert. We need to be certain about the state of your system to see what actually is going on, and what is required to fix the system while not harming the rest of the system. Most often, well-intentioned independent efforts can make things much worse. The malware remediation tools are more advanced than othe tools, and can often create bigger problems when used without expert guidance.
Follow all the directions in order, and to the end. Please perform all steps in the order they are listed in each set of instructions. As you might imagine, some steps are a bit complicated. If things are not clear, be sure to stop and let the Malware Expert know the problem. We don't mind clarifying a situation, as others might have the same question. If a tool does not run as expected, don't force it. Stop the steps, and update the forum topic with the current situation. It is better stop and let us know, than to force a tool to run and cause bigger problems. Also, when your computer is clean and we are finished, the Expert will tell you we are finished. Malware removal is a process that requires verification, and we want to be sure your system is completely clean before we're done.
When describing your problem, provide as much information as possible, as soon as possible. Explain as best you can what happens with your computer, e.g. it beeps three times, black screen with cursor then goes no further, system gets stuck at the Windows startup logo, etc. This helps the expert to understand what is happening to the system and what may be wrong. If your computer cannot start up successfully please provide details about your installed Windows Operating System, including the Version, Edition and if it is a 32bit or a 64bit system. (e.g. Windows Vista Home Premium 32-bit)
When the user follow instructions and things still go a little haywire, and it does happen, it is up to us to sort the extra problem out.
Reply stating you have read the post fully.
Quads
|
|
fred
New Helpee
Posts: 7
|
Post by fred on Dec 12, 2013 20:45:09 GMT -8
Ok got it :-) Am I correct that once the process is underway things like windows/security updates are ok? Regards Fred
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Dec 12, 2013 20:52:50 GMT -8
Am I correct that once the process is underway things like windows/security updates are ok? Yes as that is Windows doing it's thing especially if automatically. Open Malwarebytes and go to the logs tab. Open the log that has the detection's listed and post (copy and paste etc) what the log says. so I can see what it dealt with. Quads
|
|
fred
New Helpee
Posts: 7
|
Post by fred on Dec 13, 2013 19:04:25 GMT -8
Ok Here is the log, It is a bit puzzling, I notice that at the end it says that no action was taken, I followed the C drive path and the file is not there anymore. Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.orgDatabase version: v2013.12.09.01 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Siggi :: A-PROBLEM [administrator] 09.12.2013 06:45:01 mbam-log-2013-12-09 (06-45-01).txt Scan type: Full scan (C:\|D:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 352733 Time elapsed: 2 hour(s), 23 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Program Files\FreeTime\FormatFactory\FFModules\Package\BaiDu\hao123inst-saudi-forf.exe (PUP.Optional.Hao123.A) -> No action taken. (end)
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Dec 13, 2013 19:16:52 GMT -8
Read Slowly and all of it.Please download www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ You need to download the 32 bit version.Place FRST.exe onto your desktop from where ever it downloaded to. Start FRST that is on your DesktopThe tool will start to run.When the tool opens click Yes to disclaimer. (if it does) Press Scan button. It will make a logs ( FRST.txt and addition.txt) on your Desktop Please attach the log in your reply back. Or open the logs in notepad and copy the logs and paste back in a message as a reply. Quads
|
|
fred
New Helpee
Posts: 7
|
Post by fred on Dec 14, 2013 5:27:14 GMT -8
The two logs are attached. I don't know if this is important but I had to have two goes at using the FRST tool, the first time it stopped working and had to be restarted.
Regards Fred
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Dec 14, 2013 9:14:09 GMT -8
What do you think happens, when you use Adwcleaner without really knowing if there were any False Positives?
Then you have Spybot S&D with Norton, left overs of 2 Firewalls, and leftovers of looks like another AV (Possibly Adaware AV) which could mean that settings is still there for any firewall.
System Instability anyone.
Quads
Edit: Thread moved to do with other Security products, leftovers and instability
|
|
dbrisen
Malware Removalists
Posts: 3,688
|
Post by dbrisen on Dec 14, 2013 11:04:43 GMT -8
Evidence of two firewalls running at present, third and fourth firewall removed but still have parts left here. Webroot Secure Anywhere was here; Norton Power Eraser was here; AwdCleaner was here. Turn one of the two firewalls off and run with only one; does your system respond better?
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Dec 14, 2013 13:51:44 GMT -8
Also Spybot S&D running, but this is tricky
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41584 2013-04-11] (ThreatTrack Security) R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [13560 2013-07-15] (GFI Software)
Is either Ad-ware AV or VIPRE and if not removed properly the system becomes unstable at times and even No internet connection due to the Firewall and NDIS filters.
I can't even find the removal tool at the moment.
Like from Lavasoft
"Yes, that's left-overs from the uninstallation of Ad-Aware 10.
Right-click My Computer and select Manage.
Find the Device Manager in the left column.
Select View menu - Show hidden devices.
Expand Non-Plug and Play Drivers in the middle column.
Find the gfibto driver.
Right-click it and select Uninstall.
Repeat for the gfiark driver (if listed).
Restart the computer.
Check if the drivers still are listed. If they are, please repeat the uninstallation and restart the computer."
Quads
|
|