garyb
New Helpee
Posts: 9
|
Post by garyb on Nov 13, 2014 10:23:32 GMT -8
Log attached.
Computer rebooted. Currently no dllhost.exe - COM Surrogate processes. Running much fast.
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Nov 21, 2014 18:52:39 GMT -8
On with step 4, Complete system check for any file and cleanup of items and tools used. Special attention to the different settings I have asked for below You can leave Norton Enabled even though ESET may warn about it. just makes the scan take longer. The pictures below showing what to click may be blue instead of green on the ESET website now, but the procedure is still the same Please read carefully and Slowly, Notice all the settings listed below to check before starting the scan. Take note of the NO tick in the Remove found threats setting below at it needs to have the tick removed.
Hold down Control and click on the following link to open ESET OnlineScan in a new window. ESET OnlineScan
Click the For alternate browsers only: (Microsoft Internet Explorer users can skip these steps) Click on Posted Image to download the ESET Smart Installer. Save it to your desktop. Double click on the icon on your desktop. Check Click the button. Accept any security warnings from your browser. Under scan settings, check DON'T (NO)</font></b> check Remove found threats (reason for this is we don't want something deleted and then Windows won't load).
Click Advanced settings and select the following: Scan potentially unwanted applications Scan for potentially unsafe applications Enable Anti-Stealth technology
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. Attach the resulting log in your next reply The scanner screen gives me the option of saving the results to a .txt file as part of the options after the scan has finished. Screenshot of part of the finished scan dialog box by ESET showing the options. List found threats and at the bottom of the listings is the options to save the list. Quads
|
|
garyb
New Helpee
Posts: 9
|
Post by garyb on Nov 24, 2014 7:46:47 GMT -8
I really appreciate all your help with this. ESET scan ran. Didn't find any threats, so there wasn't an option to list threats or see a resulting logfile. I've attached "screenprint.docx" to show the final ESET screen.
I have a few other questions to help me be sure I am safe from this or any other malware that might be on the system. Given the constraints on your time, I'll be thankful for any answers you can give.
1. The frst.exe file seems to have disappeared from my desktop. I see a version of it in a desktop folder called FRST-olderversion. If I need to run this again for you, should I download a fresh version, or can it be run from the olderversion folder?
2. Would the Poweliks virus have infected any MS Office files (Word, Excel, etc.)? I ask because I work with others and regularly attach files to emails shared with my collaborators. I want to be sure I am not passing the virus.
3. I run the Norton Internet Security with LiveUpdate. I see they put out a revision for Poweliks on Nov 16. Can I assume that I have that and it is accurately protecting my system against that threat now?
4. I see some other entries in the Norton history that concern me. Do you anticipate any problems with any of these? - Nov 24th - windows/system32/svchost.exe tried to set registry security key (blocked) - Nov 23rd - windows/system32/rundll32.exe tried to access protected data in a Norton file (blocked) - Nov 20th - windows/system32/svchost.exe tried to open a Norton file (blocked) - Nov 16th - bpdsoftware.cab (removed)
Again, thank you for all your unselfish help and support.
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Dec 12, 2014 17:30:55 GMT -8
Norton SONAR may have grabbed FRST "- Nov 24th - windows/system32/svchost.exe tried to set registry security key (blocked) - Nov 23rd - windows/system32/rundll32.exe tried to access protected data in a Norton file (blocked) - Nov 20th - windows/system32/svchost.exe tried to open a Norton file (blocked)" Sounds like Norton Anti- Tamper, when a Process brushes Norton, Norton Protects itself Uninstall ESET Online Scanner Then Tools and Quarantines we used to be removed Please download DelFix by Xplode to your Desktop. toolslib.net/downloads/viewdownload/2-delfix/Double-click to run the program; Note: Windows Vista/7/8 users right-click and choose Run as administrator Make sure the Remove Disinfection tools is ticked / selected in the list Click RunA log will be opened after the operation is finished Copy and Paste it in your next reply Quads
|
|
garyb
New Helpee
Posts: 9
|
Post by garyb on Dec 16, 2014 17:42:09 GMT -8
Log from Delfix below:
# DelFix v10.8 - Logfile created 16/12/2014 at 19:41:14 # Updated 29/07/2014 by Xplode # Username : Cheryl - THINKPAD # Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
~ Removing disinfection tools ...
Deleted : C:\FRST Deleted : C:\Users\Cheryl\Desktop\FRST-OlderVersion Deleted : C:\Users\Cheryl\Desktop\Addition.txt Deleted : C:\Users\Cheryl\Desktop\Fixlog.txt Deleted : C:\Users\Cheryl\Desktop\FRST.txt
########## - EOF - ##########
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Dec 16, 2014 17:49:43 GMT -8
You are free to go on your merry way. You are now fixed / Solved.
Quads
|
|
garyb
New Helpee
Posts: 9
|
Post by garyb on Dec 17, 2014 20:47:48 GMT -8
Bless you for your selfless giving.
|
|