Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Nov 26, 2014 21:01:16 GMT -8
You may want to read carefully all of this message first before starting the steps.
NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Download the script attached, needs to be the same file name as well (fixlist.txt), have it on the Desktop, so that fixlist.txt is next to FRST64.exe,
DO NOT DRAG AND DROP to download the script, it won't work for FRST (Right click on the attachment link (not the normal left click) and from the menu choose Save As or Save Link as.)
The script tells FRST what to do.
Start FRST that is on the desktop When the tool opens click Yes to disclaimer. (if it still does)
Press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) please post it to your reply (attach or paste)
Quads
|
|
|
Post by shanon on Nov 27, 2014 7:16:53 GMT -8
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Dec 16, 2014 20:59:30 GMT -8
Your system should be running a lot better now??
Quads
|
|
|
Post by shanon on Dec 18, 2014 15:41:55 GMT -8
It's running much better now. Anything else I need to do?
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Dec 18, 2014 16:05:56 GMT -8
On with step 4, Complete system check for any file and cleanup of items and tools used. Special attention to the different settings I have asked for below You can leave Norton Enabled even though ESET may warn about it. just makes the scan take longer. The pictures below showing what to click may be blue instead of green on the ESET website now, but the procedure is still the same Please read carefully and Slowly, Notice all the settings listed below to check before starting the scan. Take note of the NO tick in the Remove found threats setting below at it needs to have the tick removed.
Hold down Control and click on the following link to open ESET OnlineScan in a new window. ESET OnlineScan
Click the For alternate browsers only: (Microsoft Internet Explorer users can skip these steps) Click on Posted Image to download the ESET Smart Installer. Save it to your desktop. Double click on the icon on your desktop. Check Click the button. Accept any security warnings from your browser. Under scan settings, check DON'T (NO)</font></b> check Remove found threats (reason for this is we don't want something deleted and then Windows won't load).
Click Advanced settings and select the following: Scan potentially unwanted applications Scan for potentially unsafe applications Enable Anti-Stealth technology
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. Attach the resulting log in your next reply The scanner screen gives me the option of saving the results to a .txt file as part of the options after the scan has finished. Screenshot of part of the finished scan dialog box by ESET showing the options. List found threats and at the bottom of the listings is the options to save the list. Quads
|
|
|
Post by shanon on Dec 20, 2014 17:42:34 GMT -8
When trying to run the ESET online scanner, the pop up box doesn't have a start button. It looks cut off. I tried the various fixes on the ESET site such as uninstalling and trying it in safe mode etc., with the same results.
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Dec 20, 2014 18:04:25 GMT -8
Try Firefox or Chrome instead of IE
|
|
|
Post by shanon on Dec 21, 2014 12:33:57 GMT -8
Here's the output from the log file.
ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=f0a174814f77af48bacdf5305ef94fe1 # engine=21656 # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2014-12-21 06:29:03 # local_time=2014-12-21 01:29:03 (-0500, Eastern Standard Time) # country="United States" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='Norton 360' # compatibility_mode=3598 16777213 87 100 1168203 169762639 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776574 100 94 3463688 170729993 0 0 # scanned=153481 # found=3 # cleaned=0 # scan_time=3324 sh=BD62B505062FF636AA163EDD221AAC433C58AB02 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Documents and Settings\Salessp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\1e08ebda-4dc30249" sh=6FD0B7F0BA3B58F93BEF785401006A7668778F4C ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.Agent.RLF trojan" ac=I fn="C:\Documents and Settings\Salessp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\1e2272a-36c66b5e" sh=DBEF6A0953E7BD2BD487E5AB3EF6D2C40E9AB2B6 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Documents and Settings\Salessp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\1e6d85b3-2605691f" ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=f0a174814f77af48bacdf5305ef94fe1 # engine=21656 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2014-12-21 08:20:42 # local_time=2014-12-21 03:20:42 (-0500, Eastern Standard Time) # country="United States" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='Norton 360' # compatibility_mode=3598 16777213 87 100 1174902 169769338 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776574 100 94 3470387 170736692 0 0 # scanned=353447 # found=6 # cleaned=0 # scan_time=6603 sh=BD62B505062FF636AA163EDD221AAC433C58AB02 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Documents and Settings\Salessp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\1e08ebda-4dc30249" sh=6FD0B7F0BA3B58F93BEF785401006A7668778F4C ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.Agent.RLF trojan" ac=I fn="C:\Documents and Settings\Salessp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\1e2272a-36c66b5e" sh=DBEF6A0953E7BD2BD487E5AB3EF6D2C40E9AB2B6 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Documents and Settings\Salessp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\1e6d85b3-2605691f" sh=BD62B505062FF636AA163EDD221AAC433C58AB02 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Salessp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\1e08ebda-4dc30249" sh=6FD0B7F0BA3B58F93BEF785401006A7668778F4C ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.Agent.RLF trojan" ac=I fn="C:\Users\Salessp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\1e2272a-36c66b5e" sh=DBEF6A0953E7BD2BD487E5AB3EF6D2C40E9AB2B6 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Salessp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\1e6d85b3-2605691f"
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Dec 21, 2014 13:52:30 GMT -8
You may want to read carefully all of this message first before starting the steps.
NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Download the script attached, needs to be the same file name as well (fixlist.txt), have it on the Desktop, so that fixlist.txt is next to FRST64.exe,
DO NOT DRAG AND DROP to download the script, it won't work for FRST (Right click on the attachment link (not the normal left click) and from the menu choose Save As or Save Link as.)
The script tells FRST what to do.
Start FRST that is on the desktop When the tool opens click Yes to disclaimer. (if it still does)
Press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) please post it to your reply (attach or paste)
Quads
|
|
|
Post by shanon on Dec 21, 2014 14:24:57 GMT -8
When running FRST and pressing the Fix button, I get the below error.
Line 9878 (file"C:\user\salessp\desktop\FRST64.exe. Error: Error in expression
|
|