Hello Paul,
I thought you said I was ok and wasn't infected?
In any case, I do have the same issue with both
computers so both are infected. So what am I to
do now?
Robert
OK, let's back up a bit.
What have you done since AdwCleaner was run ?
Remember that AdwCleaner, removes *adware*. Adware are
potentially unwanted programs, such as Toolbars,
browser hijacks, that sort of thing. Adware is fairly
benign - what usually happens, is they try to show
you advertisements, and in the process, the adware company
makes money from the advertisements.
Malware, on the other hand, generally is a more
serious pest. And different tools are used
to both detect and treat them. Malware can be used
to control the computer, make it part of a botnet,
use the computer to attack other computers, and so on.
AdwCleaner has nothing to do with that stuff.
MBAM free edition, is a scanner that runs while the OS
is still running. And tries to detect popular forms
of malware (the malwares that many people experience).
When you have a resident antivirus program (AV), that
attempts to prevent the problem in the first place. You
use MBAM free version, if something gets through. Even MBAM
won't remove everything. Some commercial AV programs,
where a subscription is charged per year, have a relatively
well rounded feature set, and detect a good mix. But
most of the commercial tools, do not overlap with AdwCleaner.
AdwCleaner and Hitman Pro, are examples of tools intended
for PUPS/Adware, instead of the more serious malware.
AdwCleaner, - Adware/Nuisance Toolbars/PUPS
Hitman Pro
Avast! - Used to prevent malware (while Windows is running)
MBAM free - Used to clean malware if any gets through
TDSSKiller - Example of a free rootkit removal tool
RootkitRevealer - Class of tool, used to detect rootkits,
a special kind of malware
Kaspersky Rescue CD - Scans for malware while Windows is not running.
For cases where MBAM won't run perhaps. It's not
clear to me, how good it is at removing problems.
It uses signature based detection (can't use
heuristics, as Windows is not running). BitDefender
and FSecure have made discs like that in the past
as well.
Depending on the situation, you could still make a Kaspersky Rescue CD.
Now, if your browser cannot visit the link, that would be another
hint that you have a significant problem on the machine. A malware
that blocks access to anti-malware sites. If the browser still works,
and the download still works, chances are the CD will work. You
need a CD burning program, to convert the ISO9660 file, into
a bootable CD. Imgburn can do that, but computers from Dell likely
have their own CD burner software. You don't just "drag and drop" the
375MB .iso file onto the optical drive. The burner program opens
the .iso file, and converts it into a boot CD. So don't drag and drop.
Chances are good, that your browser still works, and you can get here.
http://support.kaspersky.com/8092
And if you see any additional "weird" symptoms, please post
them, as they may hint at how serious your situation is.
*******
I can find a match for the .ocx problem here. And the links at the
end of the article, don't really shine any light on what
actually broke. The four links at the end, are relatively
generic instructions on what to do. They may not actually
match what has happened to you. The person who posted those
links, obviously didn't want to go into details, which is
unfortunate. It would be nice to know, what the real reason
for the problem is.
https://forums.malwarebytes.org/index.php?showtopic=6207
In this example, it appears AVG quarantined the .ocx file in question.
A false positive. But this happened on an installation of the
commercial resident version of MBAM. Not for someone attempting
to install MBAM free one-shot scanner.
https://forums.malwarebytes.org/index.php?showtopic=90976
Since both computers do it, my guess is both machines use
the same AV product, both AV products did a definitions
update, and they've done something that has created
the problem. You'd open the AV program log file, and
find out what significant things have happened in the
last few days (i.e. the time after your last successful
MBAM run), to get more hints about what happened. Maybe
it isn't the named .ocx file in particular, but some
other file that got quarantined. I can't study the MBAM
installer very well, because I don't have lots of unpacker/hacker
tools for examining it. It uses INNO setup apparently.
We live in a complex world. You can run a computer without
any protection, but then you have to be a genius, to not
click the wrong "Download" button or fall into a trap. And
even large, business-oriented web sites, have been hacked and
used to deliver malware. So being a genius isn't enough,
and eventually you'll get infected.
The alternative, is to load up on protection tools. One
resident AV program. A variety of one-shot scanners for
cleanup. That sort of thing. And then, when your tools
get into a fight, and one tool shoots the other tool
in the foot, you again have to be a "genius", look
at the logs, use your Googling skills, to narrow down
what happened. If this was a false positive, normally
one of the antimalware company forums would be
filled with pissed-off customers. And Google would
help you find the thread discussing the details.
That's how I'd do it, "use the Google".
*******
If you want to restore from a backup, that's certainly
your choice. I can't really guess from here, how many
steps it's going to take, to fix it the regular way.
Of course, to restore from backup, you still require
some skills. Nothing you're about to do, is completely
without risk.
With backup/restore software, the weakest link, is not
having tested that restorations work. To test backup/restore,
requires one known-working backup solution (that you know works).
Plus the new and untested backup solution. You test the new
tool, and if it can't restore the computer, you then go
back to your tried-and-tested backup/restore solution. That's
about the lowest risk way to proceed.
I can give a concrete and funny example of backup/restore.
I worked in a "miniature computer company". We made all our
own utilities. One of our departments wrote the backup/restore
utility for our computer product. So the software guys have
finished the software, and they're pretty proud of themselves.
They immediately start using the software, and have maybe thirty
daily backups made (i.e. have been doing backups for a month,
without really looking at them). Then, our main server goes down.
The backup utility guys go to restore the main server from tape
and... it doesn't work
Just the look on their faces was
priceless. *Always* test that the restore works properly,
*before* you really need it. That is something they neglected to
do, and they taught me a valuable lesson.
If worse comes to worse, the Dell can be restored to factory
conditions. That's your final option. But that really shouldn't
be necessary for this minor problem. If the computer was
completely frozen and locked up, the screen was full of
popup windows from a malware attack, then, I might be
tempted to "restore to factory"
Paul
