Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Nov 14, 2014 19:02:32 GMT -8
I will get back to you, I am trying to keep up will the amount of systems needing FRST scripts.
Quads
|
|
johnr
New Helpee
Posts: 12
|
Post by johnr on Nov 24, 2014 19:43:52 GMT -8
Quads, I know there are a lot of people who you are trying to help. You are very kind to try to help us all.
Since I don't see any symptoms on my daughter's computer now, I think I will give it back to her and ask her not to connect it to a home network with other computers in use. That is in case it is not completely clean yet. She needs it to complete some projects for her sons.
She had an SD card from her camera in the computer when she gave it to me, and a CD Rom disc. I removed them before following your instructions. Do you think it is safe to use either of those in the computer again, or might it reinfect it?
Thanks again, John
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Nov 24, 2014 20:11:05 GMT -8
a) Click the Scan Button and wait for the scan to finish,. (already done if Adwcleaner is left pending) b) Make sure all of the items under each TAB are to be ticked. c) Click the Clean Button and Adwcleaner will process all the items ticked / checked and then may ask for the system to be restarted.[/span] d) It should create a new log afterwards (with S0 in the name). Here is a Screenshot example Quads
|
|
johnr
New Helpee
Posts: 12
|
Post by johnr on Nov 25, 2014 6:57:07 GMT -8
Thanks for the quick reply. Ran it twice and it found nothing on the second run. The S0 file is attached. Do you think we are done?
I looked up how this adware propagates by Word attachments in emails, so I told my daughter not to open any attachments without checking with me. I will try to find a way to scan them that works better than Norton. Thanks, John
Attachment Deleted
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Nov 25, 2014 9:43:43 GMT -8
The likes of Poweliks was comming from it looks like a Fake Update for something along the lines of Flash Player / java etc. On with step 4, Complete system check for any file and cleanup of items and tools used. Special attention to the different settings I have asked for below You can leave Norton Enabled even though ESET may warn about it. just makes the scan take longer. The pictures below showing what to click may be blue instead of green on the ESET website now, but the procedure is still the same Please read carefully and Slowly, Notice all the settings listed below to check before starting the scan. Take note of the NO tick in the Remove found threats setting below at it needs to have the tick removed.
Hold down Control and click on the following link to open ESET OnlineScan in a new window. ESET OnlineScan
Click the For alternate browsers only: (Microsoft Internet Explorer users can skip these steps) Click on Posted Image to download the ESET Smart Installer. Save it to your desktop. Double click on the icon on your desktop. Check Click the button. Accept any security warnings from your browser. Under scan settings, check DON'T (NO)</font></b> check Remove found threats (reason for this is we don't want something deleted and then Windows won't load).
Click Advanced settings and select the following: Scan potentially unwanted applications Scan for potentially unsafe applications Enable Anti-Stealth technology
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. Attach the resulting log in your next reply The scanner screen gives me the option of saving the results to a .txt file as part of the options after the scan has finished. Screenshot of part of the finished scan dialog box by ESET showing the options. List found threats and at the bottom of the listings is the options to save the list. Quads
|
|
johnr
New Helpee
Posts: 12
|
Post by johnr on Nov 25, 2014 16:42:41 GMT -8
I tried to run ESET with IE and got 2 web page errors Line: 837 Error: 'jQuery' is undefined and then Line: 539 Error: Unable to get property 'get' of undefined or null reference
Then after I agreed to the EULA it said: "An addon for this website failed to run." and it stopped.
Reruns gave the same result.
I will try firefox.
|
|
johnr
New Helpee
Posts: 12
|
Post by johnr on Nov 26, 2014 7:27:27 GMT -8
Eset ran under firefox, and it took a very long time as you said. Here's the log file:
Attachment Deleted
It looks like it only found a couple of things that the other programs had not already quarantined. What's next? Thanks, John
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Nov 26, 2014 10:03:32 GMT -8
You may want to read carefully all of this message first before starting the steps.
NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Download the script attached, needs to be the same file name as well (fixlist.txt), have it on the Desktop, so that fixlist.txt is next to FRST64.exe,
DO NOT DRAG AND DROP to download the script, it won't work for FRST (Right click on the attachment link (not the normal left click) and from the menu choose Save As or Save Link as.)
The script tells FRST what to do.
Start FRST that is on the desktop When the tool opens click Yes to disclaimer. (if it still does)
Press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) please post it to your reply (attach or paste)
Quads
|
|
johnr
New Helpee
Posts: 12
|
Post by johnr on Nov 28, 2014 18:10:39 GMT -8
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Nov 28, 2014 18:40:50 GMT -8
You can uninstall ESET Online scanner Then Tools and Quarantines we used to be removed Please download DelFix by Xplode to your Desktop. toolslib.net/downloads/viewdownload/2-delfix/Double-click to run the program; Note: Windows Vista/7/8 users right-click and choose Run as administrator Make sure the Remove Disinfection tools is ticked / selected in the list Click RunA log will be opened after the operation is finished Copy and Paste it in your next reply Quads
|
|