malware issue - part II

[magineer02]

I have a Dell XPS 8500, with Windows 7 Professional, SP1,
with Spywareblaster, SuperAntiSpyware, Avast, and Windows
firewall.

(1) TB HD
Intel (R) Core (TM) i7-33-3770 CPU @ 3.40 GHz 3.40 GHz
Ram 12.0 GB
System type : 64-bit operating system


I also have a Dell Dimension 8200(Seagate Barracuda 7200 HD 160Gb)
with XP, SP3, with Spywareblaster, Avast, and Windows firewall.

I contracted malware (Pup.Optional) when trying to download
AdwCleaner and selected the big green arrow instead of the
small blue print(Bleeping computer). Since I also did this on
the 8200 both computers are infected.

Initially I couldn't post to this group at all for 3 weeks until I
downloaded/installed Mozilla Thunderbird.

At present this is the situation on the 8500:

I ran a SuperAntiSpyware full system scan and it gave this:

I thought I had deleted both of these previously. I've tried
searching for them to delete them but cannot find them.

I then continued with the scan which found this:

I removed the threats:

I then ran malwarebytes which gave me this:

I've tried to create a Kaspersky rescue disk following
these instructions:

I checked the USB Key and this is what it has on it:

Rescue folder
liveusb
syslinux cfg

I opened the Rescue USB folder and this is what
it has:

Help folder
grub
rescue
rescueusb

I ran an AdwCleaner scan and this is what it gave me:

At present on the 8200:

The icons on the desktop which I setup for single click do
not respond and I have to open them by right clicking.

I downloaded (8) updates and now every time I logon it
says my computer is at risk and the firewall is turned off
then it resets itself.

I tried downloading/installing SuperAntiSpware and it
gave me this:

Install Error- Error creating shorcuts, aborting installation.
The only thing I did was deselect Google Crome as my
default browser and search engine.

I then tried to install malwarebytes (www.malwarebytes.org/mwb-download/
by uninstalling it first; after I uninstalled it on the
add/remove programs it asked to restart the computer
then it gave me this:

Run-time error '339':
component 'vbalsgrid6.ocx' or one of its dependencies not
correctly registed: a file is missing or invalid.

After trying to install it gave me this:

CoCreateInstance failed, code0x80040154.
Class not registered. I click ok and I can see the Creating shortuts URL
change each time I click ok (5 times). Then it goes to the finish box.

When I try and update Spywareblaster it gives me this:

Error: Access violation at 0x73483F5A (tried to read from 0x00000014),
program terminated. Last CP is 'RF'.

I ran a Avast full system scan which came up clean.

I want to remove the Sever Weather Alerts and Great Arcade Hits.

Thoughts/suggestions?
Robert

 

[Paul]

I have a Dell XPS 8500, with Windows 7 Professional, SP1,
with Spywareblaster, SuperAntiSpyware, Avast, and Windows
firewall.

(1) TB HD
Intel (R) Core (TM) i7-33-3770 CPU @ 3.40 GHz 3.40 GHz
Ram 12.0 GB
System type : 64-bit operating system


I also have a Dell Dimension 8200(Seagate Barracuda 7200 HD 160Gb)
with XP, SP3, with Spywareblaster, Avast, and Windows firewall.

I contracted malware (Pup.Optional) when trying to download
AdwCleaner and selected the big green arrow instead of the
small blue print(Bleeping computer). Since I also did this on
the 8200 both computers are infected.

Initially I couldn't post to this group at all for 3 weeks until I
downloaded/installed Mozilla Thunderbird.

At present this is the situation on the 8500:

I ran a SuperAntiSpyware full system scan and it gave this:

I thought I had deleted both of these previously. I've tried
searching for them to delete them but cannot find them.

I then continued with the scan which found this:

I removed the threats:

I then ran malwarebytes which gave me this:

I've tried to create a Kaspersky rescue disk following
these instructions:

I checked the USB Key and this is what it has on it:

Rescue folder
liveusb
syslinux cfg

I opened the Rescue USB folder and this is what
it has:

Help folder
grub
rescue
rescueusb

I ran an AdwCleaner scan and this is what it gave me:

At present on the 8200:

The icons on the desktop which I setup for single click do
not respond and I have to open them by right clicking.

I downloaded (8) updates and now every time I logon it
says my computer is at risk and the firewall is turned off
then it resets itself.

I tried downloading/installing SuperAntiSpware and it
gave me this:

Install Error- Error creating shorcuts, aborting installation.
The only thing I did was deselect Google Crome as my
default browser and search engine.

I then tried to install malwarebytes (www.malwarebytes.org/mwb-download/
by uninstalling it first; after I uninstalled it on the
add/remove programs it asked to restart the computer
then it gave me this:

Run-time error '339':
component 'vbalsgrid6.ocx' or one of its dependencies not
correctly registed: a file is missing or invalid.

After trying to install it gave me this:

CoCreateInstance failed, code0x80040154.
Class not registered. I click ok and I can see the Creating shortuts URL
change each time I click ok (5 times). Then it goes to the finish box.

When I try and update Spywareblaster it gives me this:

Error: Access violation at 0x73483F5A (tried to read from 0x00000014),
program terminated. Last CP is 'RF'.

I ran a Avast full system scan which came up clean.

I want to remove the Sever Weather Alerts and Great Arcade Hits.

Thoughts/suggestions?
Robert

This is the picture that interests me. Your Malwarebytes scan.

http://oi58.tinypic.com/2n8msya.jpg

ROB :: DRAGON [limited] <----

Does that mean the user account in question, is a Limited User,
rather than a member of the Administrators group ?

That may be restricting your ability to install things.

And a question would be, how did it get that way. Perhaps
you created an account on your own at some point ? In
addition to the account set up initially (which is likely
a member of the Administrators group).

When I run Malwarebytes in my Windows 7 test VM, it says:

IEUser :: IE10WIN7 [administrator]

And that means, the account I was logged in with, was
an account belonging to the administrator group. You can
see in my VM, I've made some other accounts for test purposes,
and they're all members of the administrators group.

http://i57.tinypic.com/55j6g4.gif

I'm hoping some of your symptoms will change, once
you have a look at that. It's even possible, being logged
in with a Limited account, you won't even be able to get
the accounts control panel open. You would need to be logged into
an account with administrator privileges, to mess around there.

*******

You're already doing some of these, so it's unclear why it is still there.

http://malwaretips.com/blogs/severe-weather-alerts-removal/

STEP 1: Uninstall Severe Weather Alerts program from your computer
STEP 2: Remove Severe Weather Alerts adware with AdwCleaner
STEP 3: Remove Severe Weather Alerts browser hijackers with Junkware Removal Tool
STEP 4: Remove Severe Weather Alerts virus with Malwarebytes Anti-Malware Free
STEP 5: Double-check for the Severe Weather Alerts infection with HitmanPro

The Step 1, is done with the "Programs and Features" control panel.
You would look to see if Severe Weather Alerts program is still
installed, and remove it.

I wouldn't bother with the other steps, until you verify your
account belongs to the administrators group. As for HitmanPro,
it's eventual payware, so I don't know if I'd bother with that
step or not. Between Adwcleaner and Junkware Removal Tool, you'd
think they would catch it.

I took a look for GreatArcadeHits, and it uses AdwCleaner and JRT,
as two possible solutions.

Paul

 

[David H. Lipman]

I have a Dell XPS 8500, with Windows 7 Professional, SP1,
with Spywareblaster, SuperAntiSpyware, Avast, and Windows
firewall.

(1) TB HD
Intel (R) Core (TM) i7-33-3770 CPU @ 3.40 GHz 3.40 GHz
Ram 12.0 GB
System type : 64-bit operating system


I also have a Dell Dimension 8200(Seagate Barracuda 7200 HD 160Gb)
with XP, SP3, with Spywareblaster, Avast, and Windows firewall.

I contracted malware (Pup.Optional) when trying to download
AdwCleaner and selected the big green arrow instead of the
small blue print(Bleeping computer). Since I also did this on
the 8200 both computers are infected.

Initially I couldn't post to this group at all for 3 weeks until I
downloaded/installed Mozilla Thunderbird.

At present this is the situation on the 8500:

I ran a SuperAntiSpyware full system scan and it gave this:

I thought I had deleted both of these previously. I've tried
searching for them to delete them but cannot find them.

I then continued with the scan which found this:

I removed the threats:

I then ran malwarebytes which gave me this:

I've tried to create a Kaspersky rescue disk following
these instructions:

I checked the USB Key and this is what it has on it:

Rescue folder
liveusb
syslinux cfg

I opened the Rescue USB folder and this is what
it has:

Help folder
grub
rescue
rescueusb

I ran an AdwCleaner scan and this is what it gave me:

At present on the 8200:

The icons on the desktop which I setup for single click do
not respond and I have to open them by right clicking.

I downloaded (8) updates and now every time I logon it
says my computer is at risk and the firewall is turned off
then it resets itself.

I tried downloading/installing SuperAntiSpware and it
gave me this:

Install Error- Error creating shorcuts, aborting installation.
The only thing I did was deselect Google Crome as my
default browser and search engine.

I then tried to install malwarebytes (www.malwarebytes.org/mwb-download/
by uninstalling it first; after I uninstalled it on the
add/remove programs it asked to restart the computer
then it gave me this:

Run-time error '339':
component 'vbalsgrid6.ocx' or one of its dependencies not
correctly registed: a file is missing or invalid.

After trying to install it gave me this:

CoCreateInstance failed, code0x80040154.
Class not registered. I click ok and I can see the Creating shortuts URL
change each time I click ok (5 times). Then it goes to the finish box.

When I try and update Spywareblaster it gives me this:

Error: Access violation at 0x73483F5A (tried to read from 0x00000014),
program terminated. Last CP is 'RF'.

I ran a Avast full system scan which came up clean.

I want to remove the Sever Weather Alerts and Great Arcade Hits.

Thoughts/suggestions?
Robert

Potentially Unwanted Programs (PUPs) are not neccessarily malware. Malwarebytes has
included PUPs by request to be remnoved by their signature software MBAM but having many
PUPs should NOT be equated to a Malware Infection.

'vbalsgrid6.ocx' is a Visual Basic construct and I indicated early on that you have a
Visual Basic issue. You have ignored me and my advice and have WASTED time when you
should have posted in the Malwarebytes' Forum and this could have been resolved already.
Time to acquiesce and get support for a product from the product's support personnel.

Additionally there is a Malwarebytes' removal utility that should be used.

Please... Stop using the WinXP news group and go to the Malwarebytes' product support
forum !

https://forums.malwarebytes.org/index.php?s=372ce2624baea61b42e53e9069f2cd4c&showforum=41

 

[magineer02]

Hello Paul,

yes, it does, I normally do not go to the
administrators account because the 8500 has
a feature where I can type my administrators
password on the User Account and gain access if
needed.

I only have two accounts that I use. The Administator's
Account and the User Account and I believe there is a Guest
Account but I never use it.


I have already gone into the Add/remove programs and
done all the steps 1through 4 but it still shows up
with my SuperAntispyware scans.

Robert

 

[magineer02]

Hello David,

As I said, I have posted to other forums
and got no reply and if you look at the
forum there were very few replies.

The last time I did that it was 2 weeks
before I got an answer and they basically
told me they couldn't help.

I mean no offense, but you don't own this
site and I will continue to post.

R

 

[magineer02]

P.s. I am using the Administrators Account
on the 8200

R

 

[magineer02]

Hello Paul,

I was thinking, since as I said I have done 1-4 is
there some software that you know of that would help
me locate where the Great Arcade Hits and Sever Weather
Alert files reside so that I can delete them because
they aren't on the Add/Remove list but may be imbedded
in other programs.


I forgot to mention that another issue is the slight 'bump'
sound whenever I connect online. It never was there before.
I was infected.

I also need to address the issues with the 8200


Thoughts/Suggestions
Robert

 

[Paul]

Hello Paul,

I was thinking, since as I said I have done 1-4 is
there some software that you know of that would help
me locate where the Great Arcade Hits and Sever Weather
Alert files reside so that I can delete them because
they aren't on the Add/Remove list but may be imbedded
in other programs.


I forgot to mention that another issue is the slight 'bump'
sound whenever I connect online. It never was there before.
I was infected.

I also need to address the issues with the 8200


Thoughts/Suggestions
Robert

The procedure for Great Arcade Hits is here. It's not the
best guide, but it's a start.

http://malwaretips.com/blogs/greatarcadehits-virus-removal/

Your first step is running as a member of the Administrator
group, so that maybe MBAM and AdwCleaner will work OK.

That procedure uses both of them.

They use the Junkware Removal Tool (JRT). That one looks
pretty straight forward, and is hosted on BleepingComputer.

Having to "Reset" the browsers isn't the best. I would
probably want to visit the Bookmark Manager and do an
"Export" in order to save the bookmarks. I expect there
are more focused steps you could take (editing in Options,
deleting prefs.js and so on). AdwCleaner should already be looking
through the prefs.js anyway.

The only question I have about that procedure, is the best order
to execute the steps. Myself, I'd probably save the browser Reset
step for last. And run the malware or adware removal tools first.
The thing is, you want to remove the "active" part of the
infection, before cleaning up the "side effects". The browser part
probably won't "put itself back". So once the active code is
removed that keeps messing up things, then you'd clean up the
side effects last.

It's always possible, that while doing the procedure
for the Great Arcade Hits, the Severe Weather Alerts
will disappear at the same time. Because the removal
tools would be the same.

Paul

 

[magineer02]

Hello Paul,

Here's what I've done:

I went into my Administrators Account and
ran a full system scan with malwarebytes
which came up clean. I then ran a full scan
with Avast which also came up clean.

I updated my Spywareblaster

I then ran a full scan with SuperAntispyware
which gave me this:

Browser extensions (3)

We-Care.com Reminder
Great Arcade Hits
Tidy Network

Applications (1)

Severe Weather Alerts

Threats found

memory 0
registry 0
file items 3

cdn.tremormedia.com
objects.tremormedia.com
www.naiadsystems.com

I checked the add/remove programs again and
I couldn't find any of them. As I said, I deleted
Sever Weather Alerts previously and also Great
Arcade Hits so why are they still showing up?


I ran a full system scan with AdwCleaner which
came up clean.

I tried running Junk Removal Tool but as soon as
I started it, it disappeared.

Tried to create a Kaspersky Rescue disk but it
gave me the same results as before. I tried to use
it but it would not start after pressing F12 and
selecting the I drive and pressing enter. I saw
no message but pressed enter right afterwards
anyway but it loaded as normal.

Also, today for some reason (maybe I hit some key)
my hotmail sign-in page is so small I can't
even read it. I tried restarting the computer
to see if it would reset it but it didn't. Any
thoughts on restoring it to its normal size?

I followed your instructions for removing Great
Arcade Hits and reset Firefox since I had already
done steps 1-5 but not HitmanPro.

I'll also posted my problem on the malwarebytes
forum as soon as they confirm my membership
which I'm still waiting on.

Thoughts/suggestions?
Robert

 

[Paul]

Hello Paul,

Here's what I've done:

I went into my Administrators Account and
ran a full system scan with malwarebytes
which came up clean. I then ran a full scan
with Avast which also came up clean.

I updated my Spywareblaster

I then ran a full scan with SuperAntispyware
which gave me this:

Browser extensions (3)

We-Care.com Reminder
Great Arcade Hits
Tidy Network

Applications (1)

Severe Weather Alerts

Threats found

memory 0
registry 0
file items 3

cdn.tremormedia.com
objects.tremormedia.com
www.naiadsystems.com

I checked the add/remove programs again and
I couldn't find any of them. As I said, I deleted
Sever Weather Alerts previously and also Great
Arcade Hits so why are they still showing up?


I ran a full system scan with AdwCleaner which
came up clean.

I tried running Junk Removal Tool but as soon as
I started it, it disappeared.

Tried to create a Kaspersky Rescue disk but it
gave me the same results as before. I tried to use
it but it would not start after pressing F12 and
selecting the I drive and pressing enter. I saw
no message but pressed enter right afterwards
anyway but it loaded as normal.

Also, today for some reason (maybe I hit some key)
my hotmail sign-in page is so small I can't
even read it. I tried restarting the computer
to see if it would reset it but it didn't. Any
thoughts on restoring it to its normal size?

I followed your instructions for removing Great
Arcade Hits and reset Firefox since I had already
done steps 1-5 but not HitmanPro.

I'll also posted my problem on the malwarebytes
forum as soon as they confirm my membership
which I'm still waiting on.

Thoughts/suggestions?
Robert

On my browser here, pressing the control key down, then
using the scroll wheel, changes browser magnification. And
the other important one for this, is control-zero, which
resets the scale to 100% in the browser window. Press and
hold control, then press the "zero" above the "P" key. That
should set the scale back again. The browser remembers
the scale setting, for each domain. So each time you go
back to Hotmail, the window should be the same size. Once
you reset it with control-zero, it should be at 100% from
now on.

I don't understand what's going on with your USB key. You listed
the files content for it, and it appears to be correct. At least
the names of the files are correct. It should have gone much farther
along in the boot sequence, before it gets to a point that anything
on your machine could affect it. Like, eventually, it'll attempt
to find all the partitions, and there will be an animation on
the screen while it does that initial hardware scan. But you haven't
had to enter any other prompts. I don't think your USB key really
cares about the BIOS VT-X setting (which affects some Linux OSes
because they had buggy code). I have VT-X enabled here, and my
Kaspersky boots fine. The Kaspersky guys do a good job of
configuring the Linux on that USB key. There's no "fluff" in there.
Lots of tools I'd like to see in there, aren't on the stick. So
it's a relatively minimal environment. It looks to me like it's
a Gentoo derivative of some sort.

So I don't know how I can help you there. If you were to burn a CD,
converting the ISO9660 to a bootable CD, chances are whatever is wrong,
will repeat itself, and it'll disappear again. The advantage of making
the CD, is that rescueusb program would not be used (i.e. if there
was a bug in the program). But I really don't see it, as the
file list for the key, looks like the key preparation is working.
Maybe the files are being copied, but a GRUB (boot loader) step
at the end is failing during preparation. If you're seeing the
"Press any key" type prompt during boot, I assume at least some of the
data on the USB key is being read out.

As for the scan results, remember, I'm not a malware removal expert.
There are experts like that on Bleepingcomputer.com who remove
malware. The results suggest that something is putting
the browser helper objects back, after the other tools remove them.
It means some portion remains, which is re-infecting things. It's
either that, or something is defeating all the tools while they
are running. With malware, new variants are created all the time.

Now, if I'd spent days and days working on a problem like that here,
sooner or later, I'd be considering reinstalling the OS. The above
symptoms you describe are just "pests" and not real malware. So
there would not be a strong incentive to do that just yet. It all
depends on your level of patience. At least a few posters to the
malware forums, they get frustrated after a while, reinstall their
OS and report such to the malware removal expert. But way more people
stick with it, follow the instructions they're given, and get a
resolution to their problems. Since I'm not trained for this,
I don't know all of the steps that could lead to fixing it.
And even an expert, if a machine is messed up bad enough
(key files quarantined during the cleanup process), may
eventually conclude that only a re-installation will fix
things. You're not even remotely close to being that
messed up.

So at this point, I don't know what else to try. You can
try burning the Kaspersky CD. You'll need a blank CD and
a burner program. *Do not* do a drag and drop of the
ISO9660 file, to the CD. The burning tool has to convert
the ISO9660 file into a bootable CD. For example, if you
open the CD in Windows later, there should be more than
just a single file ending in .iso showing in File Explorer.

As for the "Programs and Features" or "Add/Remove" entries,
the program that installed "We-Care.com Reminder" will not
necessarily have We-Care in the name. Apparently, the sponsors who
We-Care spams, their name is attached to the program
used to do the installation. Have a look in Programs
and Features again, It might be "ASPCA Reminder" which is
a we-care sponsor. When I looked at the we-care.com main web page,
I couldn't immediately tell who all their sponsors are, to give
you more names to check for in Programs and Features.

I found one little program, which was supposed to be a BHO
remover (a manual tool). But when I tested it here, it
didn't work. I expect Microsoft put a security feature
in place, which conflicts with it :-( So I'm not going
to point you to that one, because it likely won't work for
you either. My thinking was, the adware would never expect
an old tool like that. But it is apparently too old to
have taken the settings in WinXP into account.

Paul

 

[Ben Myers]

Hello Paul,
Here's what I've done:
I went into my Administrators Account and
ran a full system scan with malwarebytes
which came up clean. I then ran a full scan
with Avast which also came up clean.
I updated my Spywareblaster
I then ran a full scan with SuperAntispyware
which gave me this:
Browser extensions (3)
We-Care.com Reminder
Great Arcade Hits
Tidy Network
Applications (1)
Severe Weather Alerts
Threats found
memory 0
registry 0
file items 3
cdn.tremormedia.com
objects.tremormedia.com
www.naiadsystems.com
I checked the add/remove programs again and
I couldn't find any of them. As I said, I deleted
Sever Weather Alerts previously and also Great
Arcade Hits so why are they still showing up?

<snip>

This can happen when you simply delete the files without uninstalling. You may have
to reinstall these and remove them correctly.

Ben

 

[magineer02]

Hello Paul,

This is what the malwarebytes forum gave me
to do and also gives me a time limit of 3 days
to complete it or they'll terminate my post,
jeeeez.

Posted Today, 06:07 AM
Welcome to the forum. This is for the first
computer.

Please run a Quick Scan with Malwarebytes
and post the log:
Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.
Please Update and run a Quick Scan with
Malwarebytes Anti-Malware, post the report.
Make sure that everything is checked, and
click Remove Selected.

---------------------

Then please start HERE
Post back the 2 logs here.....DDS.txt and Attach.txt (DDS won't run on W8)
(please don't put logs in code or quotes and use the default font)

(Please don't forget to run the RogueKiller scan below)

General Forum P2P/Piracy Warning:
Quote
1. If you're using Peer 2 Peer software such
uTorrent, BitTorrent or similar you must either
fully uninstall it or completely disable it from
running while being assisted here.
Failure to remove or disable such software will
result in your topic being closed and no further
assistance being provided.
2. If you have illegal/cracked software, cracks,
keygens, custom (Adobe) host file, etc. on the system,
please remove or uninstall them now and read the
policy on Piracy.
Failure to remove such software will result in
your topic being closed and no further assistance being provided.

<====><====><====><====><====><====><====><====>

Next................

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7-8, do a right-click on
the program, select Run as Administrator to start,
& when prompted Allow to run.

Click Scan to scan the system.
When the scan completes > Close out the program

Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on
your desktop.(please don't put logs in code or
quotes and use the default font)
MrC

Note:
Please read all of my instructions completely
including these.

Make sure system restore is turned on and
running, please create a new restore point

Make sure you're subscribed to this topic:
Click on the Follow This Topic Button (at
the top right of this page), make sure that
the Receive notification box is checked and
that it is set to Instantly

Removing malware can be unpredictable...
unlikely but things can go very wrong!
Backup any files that cannot be replaced.
You can copy them to a CD/DVD, external
drive or a pen drive

<+>Please don't run any other scans,
download, install or uninstall any programs
while I'm working with you.

<+>The removal of malware isn't instantaneous,
please be patient.

<+>When we are done, I'll give to instructions
on how to cleanup all the tools and logs

<+>Please stick with me until I give you the
"all clear" and Please don't waste my time by
leaving before that.

------->Your topic will be closed if you haven't
replied within 3 days!<--------


He sure has given me allot to do!

I'm also leery of reinstalling the OS since Dell
only gave me two disks with the 8500 (drivers and
utilities and drivers and documentation). Also my
disk image hasn't been creating a new image each time
but incrementally so that I only have one and it
would be infected as well, correct?

I do appreciate all your time and effort trying
to help me resolve this. The 8200 of course has a
more serious problem in that I can't even download
/install the programs I've mentioned.

@ Ben Myers - are you seriously suggesting to let
my computer get infected all over again?

Robert

 

[Paul]

Hello Paul,

This is what the malwarebytes forum gave me
to do and also gives me a time limit of 3 days
to complete it or they'll terminate my post,
jeeeez.

Posted Today, 06:07 AM
Welcome to the forum. This is for the first
computer.

Please run a Quick Scan with Malwarebytes
Post back the 2 logs here.....DDS.txt and Attach.txt (DDS won't run on W8)
(please don't put logs in code or quotes and use the default font)


Next................

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Open the System control panel. The Windows Edition is
printed in the middle of the screen. If it makes reference
to x64 or 64 bit, then you have a 64 bit system. If it
does not elaborate on the number of bits, it's a 32 bit system.
x86 means 32 bits, while x64 means 64 bits.

While there are other programs that report the system version,
this is the only one I can seem to remember

Quit all running programs.

RogueKiller -- Run as Administrator to start,
Post back the report which should be located on
your desktop.
------->Your topic will be closed if you haven't replied within 3 days!<--------

He sure has given me allot to do!

Just don't screw up the posting of the results.
Remember, they have to deal with all kinds of users,
and can develop a "short fuse" as a result.

I'm also leery of reinstalling the OS since Dell
only gave me two disks with the 8500 (drivers and
utilities and drivers and documentation). Also my
disk image hasn't been creating a new image each time
but incrementally so that I only have one and it
would be infected as well, correct?

When I got my Acer laptop, within the first two days
of usage, a dialog appeared on the screen, telling
me to burn my recovery DVDs. A total of five DVDs
were needed. 3 DVDs contained an image of Windows 7
(i.e. not a regular installer disc, just an image).
1 DVD was drivers. 1 DVD was the rescue DVD, for booting
to Command Prompt or restoring a System Image.

It sounds like you missed the prompt to burn the 3 DVD set.
Check the manual, which should have a chapter on getting
those DVDs done.

I do appreciate all your time and effort trying
to help me resolve this. The 8200 of course has a
more serious problem in that I can't even download
/install the programs I've mentioned.

You can bring the programs over on a USB key. Malwarebytes
needs to update its definitions, and a broken network
connection will prevent that. A Kaspersky scan would be
nice to do, if the machine is so infected you don't know
where to start. But we still aren't there yet, in terms
of having a working Kaspersky rescue CD working.

@ Ben Myers - are you seriously suggesting to let
my computer get infected all over again?

Robert

His suggestion is perfectly reasonable, and here is why.

Say you had installed a regular program. And as a bad boy,
you decided to delete a few files from the Program Files
folder. Maybe as a result, you deleted "uninst.exe", which
could be the uninstaller for the program.

Now, the uninstall system is damaged.

If you re-install the program in question, that repairs all
the damage. Now you go to Programs and Features, or Add/Remove,
and you can proceed to run the uninstaller. The uninstaller
then removes practically everything. Only the stupid Microsoft
idea of registry keys, are not handled in an adequate way. But
for the most part, the uninstaller does a relatively good
job of cleaning out the Program Files folder, or perhaps
removing other low level files from a System32 folder or
similar.

Now, how does your PUP problem differ ? Well, our assumption
is your PUP is "not too evil". The assumption would be, it
doesn't cause a lot of collateral damage. You can re-install it,
it will be a nuisance, but then you can go to the Programs
and Features, and again try to remove it. That's better
than just deleting the files, which could leave you in
an undesirable half-installed state.

Now, if you had a "really bad malware", then you would *not*
do this. A "really bad malware", there's no upside or advantage
to re-installing it. It could commence to download more bad
stuff. Or generally do things faster than you could respond to
them. It's "virulent". The PUP on the other hand, treads
lightly, in the hope that the AV companies will not target
it. So it's a "slightly bad program", and not as big
a danger.

There are some PUPS which are a gateway for a whole bunch of
other stuff. And if that is the case, they should be re-designated
as malware, and appear on the radar of the 50+ malware
companies.

I expect the hardest part of carrying out Ben's suggestion,
is you no longer have the installer file for those.

Paul

 

[magineer02]

Hello Paul,

I've completed all the tasks asked by the
person(Mr. C) helping me in the malwarebytes
forum.

When running the Rogue Killer it did find (3)
pum files but he told me not to do anything except
give him the report which I did.


I understand your reasoning for Ben's suggestion
and the installer file for how I got infected
is simply clicking on the green arrow when trying
to install AdwCleaner versus the small blue print
from bleeping computer. That's how I got infected.

Once I did that my computer was flooded with 7-Zip,
Severe Weather Alerts, Arcades Greatest Hits etc.
They installed so fast I couldn't tell you all that
were loaded.

Robert

 

[magineer02]

Hello Paul,

A quick reply,

The issue with my hotmail resolved itself
when I reset Firefox so all is normal there.

As to Bens suggestion, remember the 8200
still can't install malwarebytes or
SuperAntiSpyweware and I'm afraid if I
follow his suggestion the 8500 may end up
the same way.

Robert

 

[Player]

Hello Paul,

Here's what I've done:

I went into my Administrators Account and
ran a full system scan with malwarebytes
which came up clean. I then ran a full scan
with Avast which also came up clean.

According to malwarebytes support, you can run it from any log in with
the same results.

Jeff Barnett

 

[magineer02]

Hello Paul,

The latest instructions call for me to disabled all my anti- virus
and anti-,aware programs programs before running Combo fix.

Avast
malwarebytes
SuperAntivirus
Spywareblaster

I think thats all I have;
would this also include Windows firewall?

Just how do I disabled them short of uninstalling?
If I have to uninstall then could you please give
me a secure link to re-install Avast. I would appreciate
the link in any case.

Thanks,
Robert

 

[Paul]

Hello Paul,

The latest instructions call for me to disabled all my anti- virus
and anti-,aware programs programs before running Combo fix.

Avast
malwarebytes
SuperAntivirus
Spywareblaster

I think thats all I have;
would this also include Windows firewall?

Just how do I disabled them short of uninstalling?
If I have to uninstall then could you please give
me a secure link to re-install Avast. I would appreciate
the link in any case.

Thanks,
Robert

That would depend on whether Combo Fix does things just
after a reboot.

The free AV I use here, has a disable for protections, but
it re-enables on a reboot. So the computer boots up with the
protections turned on again.

*******

Bleepingcomputer has a tutorial.

"How to Temporarily Disable your Anti-virus"

http://www.bleepingcomputer.com/for...nti-virus-firewall-and-anti-malware-programs/

"AVAST

Right-click on the avast! icon in system tray.
Select avast! shields control and there will be options
to disable avast for 10 minutes, 1 hour, until the computer
is restarted, or permanently.
"

MalwareBytes comes in two versions. The free version (one
time scanner) should not need to be disabled. Malwarebytes
also makes a commercial version, with real time protection.
I assume this is the procedure for the real-time one (paid).

http://www.bleepingcomputer.com/for...firewall-and-anti-malware-programs/?p=1102203

"There are several ways to disable MBAM's real-time
protection (registered version only).

* Right-click on the MBAM icon in the systray
and uncheck Enable Protection.
* When asked, "Are you sure you want to disable the
MBAM Protection Module?", click Yes.
* Right-click on the MBAM icon again and then uncheck Start with Windows.
* The Protection Module is now disabled and will not restart.

This one is for SuperAntiSpyware (I assume your spelling
above is a mis-quote).

http://www.superantispyware.com/supportfaqdisplay.html?faq=49

"SUPERAntiSpyware FREE Edition does not have
real-time anti-spyware protection

SUPERAntiSpyware Professional has real-time protection.

To exit SUPERAntiSpyware, right-click the SUPERAntiSpyware
system tray icon, and select "Exit" from the menu.

*******

SypwareBlaster isn't on that tutorial page. I start
with Wikipedia, for some hints.

http://en.wikipedia.org/wiki/Spywareblaster

http://www.brightfort.com/spywareblaster.html#FAQ

"SpywareBlaster is passive protection. It plugs the holes that
spyware and other potentially unwanted software use to get in
to your system. As such, there is no running process - and no
CPU and memory usage either. All you have to do is remember to
update SpywareBlaster once a week, and enable the latest protection."

Still not being happy with that answer, I did find this.

"Enabling and disabling SpywareBlaster protection"

https://www.brightfort.com/support/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=42&nav=0,4

"To disable protection for all database items (remove all protection):

* Open SpywareBlaster program

* Click on the "Disable All Protection" link under Quick Tasks

* Exit the program
"

HTH,
Paul



Paul

 

[Paul]

Hello Paul,

The latest instructions call for me to disabled all my anti- virus
and anti-,aware programs programs before running Combo fix.

Avast
malwarebytes
SuperAntivirus
Spywareblaster

I think thats all I have;
would this also include Windows firewall?

Just how do I disabled them short of uninstalling?
If I have to uninstall then could you please give
me a secure link to re-install Avast. I would appreciate
the link in any case.

Thanks,
Robert

Regarding your question about reinstalling Avast for some reason.

There are at least four versions.

http://en.wikipedia.org/wiki/Avast

* Avast! Free Antivirus 9.0 — freeware for personal, non-commercial use only
* Avast! Pro Antivirus 9.0 — shareware for both personal and commercial use
* Avast! Internet Security 9.0 — shareware for both personal and commercial use
* Avast! Premier 9.0 — shareware for both personal and commercial use

The download page is here:

http://www.avast.com/download-software

avast! Free Antivirus <---- I tried clicking this one

And this is the file that downloaded. It is 84.6MB.

http://files.avast.com/iavs9x/avast_free_antivirus_setup.exe

If you purchased some other version of Avast, then you
would download a different file than that one.

Paul

 

[Paul]

Regarding your question about reinstalling Avast for some reason.

There are at least four versions.

http://en.wikipedia.org/wiki/Avast

Also, when you run the installer, you may be offered Google
Chrome. Since the installer does not click the radio buttons
by default. it'll require you to select either the yes or no button.
A picture of the Google Chrome offer is shown here.

http://download.cnet.com/8301-2007_4-10409905-12.html

Paul