O.T. - Temporary firewall problem at boot up:

[magineer02]

Hello Bill,

I have thought about that but if I were
still infected with malware wouldn't I
notice something e.g. computer slowing down,
error messages etc?

I do have an external HD for the 8500:

http://www.newegg.com/Product/Product.aspx?Item=N82E16822178107

and I've made back-ups and system images but
I'm rather leery of doing a system image
on the 8500 if it isn't necessary.

I did a system restore on the 8200 which I
thought would reset everything but it didn't.
I realize that system restore and system images
aren't the same but still.

I've brought the 8200 up to SP3 and have left
it as is with no additional software. I plan
to use it as a back-up if I need it and only
run updates and scans.

Thoughts/Suggestions?
Robert

 

[magineer02]

I didn't know there was a difference or where
to download. I was working on my own on this
without the forums good advice.

Just so I don't make the mistake again I
would like to uninstall Microsoft Security
Essentials and reinstall malwarebytes from here:

http://www.malwarebytes.org/

Would you say this is OK?

Thanks,
Robert

 

[magineer02]

Hello Bill,

The only other computer I have or able to get
my hands on is the 8200 but unfortunately, that
also was infected with malware. So I obviously
can't use that to scan the 8500.

Could you please direct me to some disk software
that I can use to scan for malware.

Thanks,
Robert

 

[Nil]

I didn't know there was a difference or where
to download. I was working on my own on this
without the forums good advice.

Just so I don't make the mistake again I
would like to uninstall Microsoft Security
Essentials and reinstall malwarebytes from here:

http://www.malwarebytes.org/

Would you say this is OK?

As I already said, they are not substitutes for each other. They don't
conflict with each other. The can both be installed at the same time.

MS Security Essentials is an anti-virus, comparable to McAfee or
Symantec Norton Antivirus. Malwarebytes is an on-demand malware
scanner, comparable to MS Defender, SuperAntiSpyware, and the like.

 

[Ken Blake, MVP]

As I already said, they are not substitutes for each other. They don't
conflict with each other. The can both be installed at the same time.

MS Security Essentials is an anti-virus, comparable to McAfee or
Symantec Norton Antivirus.

I agree with everything you say in this message, except for that
sentence. Microsoft Security Essentials is not *comparable to Norton
or McAfee; it is *much* better than either.

 

[magineer02]

If Microsoft Security Essentials doesn't
address malware and especially if it isn't
supported any longer then I want to uninstall
it and install Malwarebytes instead and I asked
if the link I gave you was ok to download because
I apparently made a mistake with CcCleaner although
I thought I did download it from Piriform and it
was the add-on (Optimizer Pro) which contained the
Pup malware.

In any case, I just want to make sure this time.

I already have Avast for my anti-virus and Spywareblaster
for Spyware and Microsoft firewall. So I would like
to have Malwarebytes to address malware.

Thoughts/suggestions?

Thanks,
Robert

 

[BillW50]

Hello Bill,

I have thought about that but if I were
still infected with malware wouldn't I
notice something e.g. computer slowing down,
error messages etc?

No, that isn't normally that is the goal of malware. As most malware
wants to be totally unnoticeable to the user. Luckily most malware isn't
beta tested very well and thus flaws in the code often pop up.

I do have an external HD for the 8500:

http://www.newegg.com/Product/Product.aspx?Item=N82E16822178107

and I've made back-ups and system images but
I'm rather leery of doing a system image
on the 8500 if it isn't necessary.

I did a system restore on the 8200 which I
thought would reset everything but it didn't.
I realize that system restore and system images
aren't the same but still.

I've brought the 8200 up to SP3 and have left
it as is with no additional software. I plan
to use it as a back-up if I need it and only
run updates and scans.

Thoughts/Suggestions?

I have lots of computers here so I don't run into the need to scan for
malware on the same machine using CD/DVD, flash drive, etc. So I would
be the wrong guy to ask about such boot utilities.

 

[Nil]

I agree with everything you say in this message, except for that
sentence. Microsoft Security Essentials is not *comparable to
Norton or McAfee; it is *much* better than either.

Wellll... they are comarable in that you can compare them. It's just
that Norton and McAfee will roundly lose the comparison.

 

[Nil]

If Microsoft Security Essentials doesn't address malware and
especially if it isn't supported any longer then I want to
uninstall it and install Malwarebytes instead

No. You don't understand. Please read my previous message more
closely. As I already said twice, Malwarebytes is not a substitute
for MS Security Essentials.

Avast is a substitute for MS Security Essentials. You should not be
running both of those at the same time - they will conflict with each
other. If you are, that's could well be where your firewall problem
lies.

 

[magineer02]

I understand that Microsoft Security Essentials
is not a replacement for Malwarebytes.

I did not know Microsoft Security Essentials conflicted
with Avast so I will uninstall it.

My question was is this link ok to download
and install Malwarebtyes:

http://www.malwarebytes.org/

In addition, is there any third party disc software that
you could recommend to check for malware?

Thanks,
Robert

 

[Ken Blake, MVP]

Wellll... they are comarable in that you can compare them.

OK, if that's what you mean, but you use the word differently than I
do.

 

[Nil]

I understand that Microsoft Security Essentials
is not a replacement for Malwarebytes.

I did not know Microsoft Security Essentials conflicted
with Avast so I will uninstall it.

Whatever "it" is.

My question was is this link ok to download
and install Malwarebtyes:

http://www.malwarebytes.org/

Yes, indeed. You did ask that. You got a nice answer, too.

In addition, is there any third party disc software that
you could recommend to check for malware?

Dizzy, I'm so dizzy my head is spinning
Like a whirlpool it never ends
And it's you girl makin' it spin
You're making me dizzy

 

[Paul]

In addition, is there any third party disc software that
you could recommend to check for malware?

Thanks,
Robert

Kaspersky Rescue CD. (Boot the computer with it.)

http://support.kaspersky.com/8092

Adwcleaner. (Runs within Windows, for Adware/Toolbars)

http://www.bleepingcomputer.com/download/adwcleaner/

Malwarebytes Free One-Time Scanner (not the paid version)
(Runs within Windows - covers some of the same
stuff as Kaspersky)

http://www.malwarebytes.org/

Those are some examples.

If you run into any you're "interested" in, post
a link here for comments. Rather than randomly downloading
them from some malware site, and ending up in yet more trouble.

HTH,
Paul

 

[magineer02]

Hello Paul,

Here's what I've done; I uninstalled Microsoft Security Essentials and
installed the free version of Malwarebytes and when I ran it for the firsttime it came up with (1) Pup malware but I was able to delete it. However it set me to thinking that I'm still infected with malware.

I ran another scan afterwards and it came up clean.

I decided to try a System image restore but when I checked my external HD and expected to see several system images but there's only one dated 1-8-14.I know I've made system images at least once a month but I could not find them. In any case, I started the process which took me to a screen much like Safe Mode looks and decided to cancel it because I didn't want to make things worst than they already are and felt that if this is the latest version then it will be infected too. I still don't understand what happened to all the other system images I made unless it writes over them? That would bepretty useless if I needed an earlier version (which I do).

I downloaded/installed the Kapersky Rescue Disk 10 on a 32GB Cruzer Glide flash drive
however I was unable to bring up the Bios for some reason and I tried several times.

When I attemped to download and install Adwcleaner it installed Slow PC fighter, Arcade Palor (which is where I traced one of my infected Pup malware files previously), Yahoo Toolbar and changed my homepage from Firefox to Yahoo. Other programs that show today's date are 7-Zip, CWA Reminder by We-Care.com, File Association Manager, and Winferno Registry Power Cleaner and Adwcleaner never did install.

My computer is once again infected with malware with (30) objects found from Arcade Palor, 7-Zip, We Care Reminder, Registry Key HKCR. Just like I wasinfected from Optimizer Pro which came with CcCleaner

I deleted Arcade Palor, Yahoo Toolbar, and Slow PC Fighter but can I deletethe rest of these programs as well since they seem to be infected.


Here are the results of the scan:

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 401202
Time elapsed: 32 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 11
HKCR\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} (PUP.Optional.WeCare.A) -> Delete on reboot.
HKCR\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE} (PUP.Optional.WeCare.A)-> Delete on reboot.
HKCR\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3} (PUP.Optional.WeCare.A) -> Delete on reboot.
HKCR\IEHelperv250.WeCareReminder.1 (PUP.Optional.WeCare.A) -> Delete on reboot.
HKCR\IEHelperv250.WeCareReminder (PUP.Optional.WeCare.A) -> Delete on reboot.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} (PUP.Optional.WeCare.A) -> Delete on reboot.
HKCR\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3} (PUP.Optional.WeCare.A) -> Delete on reboot.
HKCR\CLSID\{6ED0A312-78F5-493C-A90C-5DAF321D0BF8} (PUP.Optional.WeCare.A) -> Delete on reboot.
HKCR\TypeLib\{B3201ABA-7CDE-4C8D-A28D-4316427BD6D1} (PUP.Optional.WeCare.A)-> Delete on reboot.
HKCR\Interface\{B60591CD-AA25-4261-B05A-77826471C0A3} (PUP.Optional.WeCare.A) -> Delete on reboot.
HKCR\CLSID\{B60591CD-AA25-4261-B05A-77826471C0A3} (PUP.Optional.WeCare.A) -> Delete on reboot.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 2
C:\ProgramData\WeCareReminder (PUP.Optional.WeCare.A) -> Delete on reboot.
C:\Users\Rob\AppData\Local\ArcadeParlor (PUP.Optional.ArcadeParlor.A) -> Quarantined and deleted successfully.

Files Detected: 17
C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (PUP.Optional.WeCare.A) ->Delete on reboot.
C:\ProgramData\WeCareReminder\ReminderHelper.exe (PUP.Optional.WeCare.A) ->Delete on reboot.
C:\ProgramData\WeCareReminder\WCAutoUpdate.exe (PUP.Optional.WeCare.A) -> Delete on reboot.
C:\Users\Rob\Downloads\7zip_bimo.exe (PUP.Optional.SecureInstaller.A) -> Quarantined and deleted successfully.
C:\Windows\Installer\23bed.msi (PUP.Optional.WeCare.A) -> Delete on reboot.
C:\ProgramData\WeCareReminder\MerchantHash.json (PUP.Optional.WeCare.A) -> Delete on reboot.
C:\ProgramData\WeCareReminder\cleanwateraction.bmp (PUP.Optional.WeCare.A) -> Delete on reboot.
C:\ProgramData\WeCareReminder\IEHelperv2.5.0PS.dll (PUP.Optional.WeCare.A) -> Delete on reboot.
C:\ProgramData\WeCareReminder\IEMenuItem.dll (PUP.Optional.WeCare.A) -> Delete on reboot.
C:\ProgramData\WeCareReminder\IEMenuItemPS.dll (PUP.Optional.WeCare.A) -> Delete on reboot.
C:\ProgramData\WeCareReminder\IEToolMenuDisable.exe (PUP.Optional.WeCare.A)-> Delete on reboot.
C:\ProgramData\WeCareReminder\wecarereminderro.crx (PUP.Optional.WeCare.A) -> Delete on reboot.
C:\Users\Rob\AppData\Local\ArcadeParlor\ap.config (PUP.Optional.ArcadeParlor.A) -> Quarantined and deleted successfully.
C:\Users\Rob\AppData\Local\ArcadeParlor\Arcadeparlor.dll (PUP.Optional.ArcadeParlor.A) -> Quarantined and deleted successfully.
C:\Users\Rob\AppData\Local\ArcadeParlor\broker.exe (PUP.Optional.ArcadeParlor.A) -> Quarantined and deleted successfully.
C:\Users\Rob\AppData\Local\ArcadeParlor\removal.exe (PUP.Optional.ArcadeParlor.A) -> Quarantined and deleted successfully.
C:\Users\Rob\AppData\Local\ArcadeParlor\versioncheck.exe (PUP.Optional.ArcadeParlor.A) -> Quarantined and deleted successfully.

(end)

I ran Malwarebytes again and it came up with (7) objects detected.

In passing, I also installed the free version of Malwarebytes on the 8200 and it remains clean as far as the scans are concerned.

I hope this doesn't prevent me from posting to this site again. That's whathappened last
time and it took 3 weeks before I could post again.

Thoughts/suggestions?
Robert

 

[magineer02]

Hello Paul,

Here's what I've done; I uninstalled Microsoft
Security Essentials and installed the free version
of Malwarebytes and when I ran it for the first
time it came up with (1) Pup malware but I was
able to delete it. However it set me to thinking
that I'm still infected with malware.

I ran another scan afterwards and it came up clean.

I decided to try a System image restore but when
I checked my external HD and expected to see
several system images but there's only one dated
1-8-14. I know I've made system images at least
once a month but I could not find them. In any
case, I started the process which took me to a
screen much like Safe Mode looks and decided to
cancel it because I didn't want to make things
worst than they already are and felt that if this is
the latest version then it will be infected too. I still
don't understand what happened to all the other
system images I made unless it writes over them?
That would be pretty useless if I needed an earlier
version (which I do).

I downloaded/installed the Kapersky Rescue Disk
10 on a 32GB Cruzer Glide flash drive however I
was unable to bring up the Bios for some reason and
I tried several times.

When I attemped to download and install Adwcleaner
it installed Slow PC fighter, Arcade Palor (which is
where I traced one of my infected Pup malware files
previously), Yahoo Toolbar and changed my homepage
from Firefox to Yahoo. Other programs that show today's
date are 7-Zip, CWA Reminder by We-Care.com, File
Association Manager, and Winferno Registry Power
Cleaner and Adwcleaner never did install.

My computer is once again infected with malware with
(30) objects found from Arcade Palor, 7-Zip, We Care
Reminder, Registry Key HKCR. Just like I was infected
from Optimizer Pro which came with CcCleaner

I deleted Arcade Palor, Yahoo Toolbar, and
Slow PC Fighter but can I delete the rest
of these programs as well since they seem
to be infected.

Here are the results of the scan:

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 401202
Time elapsed: 32 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 11
HKCR\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} (PUP.Optional.WeCare.A) -> Delete on reboot.
HKCR\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE} (PUP.Optional.WeCare.A) -> Delete on reboot.
HKCR\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3} (PUP.Optional.WeCare.A) -> Delete on reboot.
HKCR\IEHelperv250.WeCareReminder.1 (PUP.Optional.WeCare.A) -> Delete on reboot.
HKCR\IEHelperv250.WeCareReminder (PUP.Optional.WeCare.A) -> Delete on reboot.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} (PUP.Optional.WeCare.A) -> Delete on reboot.
HKCR\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3} (PUP.Optional.WeCare.A) -> Delete on reboot.
HKCR\CLSID\{6ED0A312-78F5-493C-A90C-5DAF321D0BF8} (PUP.Optional.WeCare.A) -> Delete on reboot.
HKCR\TypeLib\{B3201ABA-7CDE-4C8D-A28D-4316427BD6D1} (PUP.Optional.WeCare.A) -> Delete on reboot.
HKCR\Interface\{B60591CD-AA25-4261-B05A-77826471C0A3} (PUP.Optional.WeCare.A) -> Delete on reboot.
HKCR\CLSID\{B60591CD-AA25-4261-B05A-77826471C0A3} (PUP.Optional.WeCare.A) -> Delete on reboot.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 2
C:\ProgramData\WeCareReminder (PUP.Optional.WeCare.A) -> Delete on reboot.
C:\Users\Rob\AppData\Local\ArcadeParlor (PUP.Optional.ArcadeParlor.A) -> Quarantined and deleted successfully.

Files Detected: 17
C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (PUP.Optional.WeCare.A) -> Delete on reboot.
C:\ProgramData\WeCareReminder\ReminderHelper.exe (PUP.Optional.WeCare.A) -> Delete on reboot.
C:\ProgramData\WeCareReminder\WCAutoUpdate.exe (PUP.Optional.WeCare.A) -> Delete on reboot.
C:\Users\Rob\Downloads\7zip_bimo.exe (PUP.Optional.SecureInstaller.A) -> Quarantined and deleted successfully.
C:\Windows\Installer\23bed.msi (PUP.Optional.WeCare.A) -> Delete on reboot.
C:\ProgramData\WeCareReminder\MerchantHash.json (PUP.Optional.WeCare.A) -> Delete on reboot.
C:\ProgramData\WeCareReminder\cleanwateraction.bmp (PUP.Optional.WeCare.A) -> Delete on reboot.
C:\ProgramData\WeCareReminder\IEHelperv2.5.0PS.dll (PUP.Optional.WeCare.A) -> Delete on reboot.
C:\ProgramData\WeCareReminder\IEMenuItem.dll (PUP.Optional.WeCare.A) -> Delete on reboot.
C:\ProgramData\WeCareReminder\IEMenuItemPS.dll (PUP.Optional.WeCare.A) -> Delete on reboot.
C:\ProgramData\WeCareReminder\IEToolMenuDisable.exe (PUP.Optional.WeCare.A) -> Delete on reboot.
C:\ProgramData\WeCareReminder\wecarereminderro.crx (PUP.Optional.WeCare.A) -> Delete on reboot.
C:\Users\Rob\AppData\Local\ArcadeParlor\ap.config (PUP.Optional.ArcadeParlor.A) -> Quarantined and deleted successfully.
C:\Users\Rob\AppData\Local\ArcadeParlor\Arcadeparlor.dll (PUP.Optional.ArcadeParlor.A) -> Quarantined and deleted successfully.
C:\Users\Rob\AppData\Local\ArcadeParlor\broker.exe (PUP.Optional.ArcadeParlor.A) -> Quarantined and deleted successfully.
C:\Users\Rob\AppData\Local\ArcadeParlor\removal.exe (PUP.Optional.ArcadeParlor.A) -> Quarantined and deleted successfully.
C:\Users\Rob\AppData\Local\ArcadeParlor\versioncheck.exe (PUP.Optional.ArcadeParlor.A) -> Quarantined and deleted successfully.

(end)

I ran Malwarebytes again and it came up with (7)
objects detected.

In passing, I also installed the free version of
Malwarebytes on the 8200 and it remains clean as
far as the scans are concerned.

I hope this doesn't prevent me from posting to
this site again. That's what happened last time
and it took 3 weeks before I could post again.

Thoughts/suggestions?
Robert

 

[magineer02]

Hello Paul,

Here's what I've done; I uninstalled Microsoft
Security Essentials and installed the free version
of Malwarebytes and when I ran it for the first
time it came up with (1) Pup malware but I was
able to delete it. However it set me to thinking
that I'm still infected with malware.

I ran another scan afterwards and it came up clean.

I decided to try a System image restore but when
I checked my external HD and expected to see
several system images but there's only one dated
1-8-14. I know I've made system images at least
once a month but I could not find them. In any
case, I started the process which took me to a
screen much like Safe Mode looks and decided to
cancel it because I didn't want to make things
worst than they already are and felt that if this is
the latest version then it will be infected too. I still
don't understand what happened to all the other
system images I made unless it writes over them?
That would be pretty useless if I needed an earlier
version (which I do).

I downloaded/installed the Kapersky Rescue Disk
10 on a 32GB Cruzer Glide flash drive however I
was unable to bring up the Bios for some reason and
I tried several times.

When I attemped to download and install Adwcleaner
it installed Slow PC fighter, Arcade Palor (which is
where I traced one of my infected Pup malware files
previously), Yahoo Toolbar and changed my homepage
from Firefox to Yahoo. Other programs that show today's
date are 7-Zip, CWA Reminder by We-Care.com, File
Association Manager, and Winferno Registry Power
Cleaner and Adwcleaner never did install.

My computer is once again infected with malware with
(30) objects found from Arcade Palor, 7-Zip, We Care
Reminder, Registry Key HKCR. Just like I was infected
from Optimizer Pro which came with CcCleaner

I deleted Arcade Palor, Yahoo Toolbar, and
Slow PC Fighter but can I delete the rest
of these programs as well since they seem
to be infected.

Here are the results of the scan:

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 401202
Time elapsed: 32 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 11
HKCR\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} (PUP.Optional.WeCare.A) -> Delete on reboot.
HKCR\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE} (PUP.Optional.WeCare.A) -> Delete on reboot.
HKCR\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3} (PUP.Optional.WeCare.A) -> Delete on reboot.
HKCR\IEHelperv250.WeCareReminder.1 (PUP.Optional.WeCare.A) -> Delete on reboot.
HKCR\IEHelperv250.WeCareReminder (PUP.Optional.WeCare.A) -> Delete on reboot.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} (PUP.Optional.WeCare.A) -> Delete on reboot.
HKCR\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3} (PUP.Optional.WeCare.A) -> Delete on reboot.
HKCR\CLSID\{6ED0A312-78F5-493C-A90C-5DAF321D0BF8} (PUP.Optional.WeCare.A) -> Delete on reboot.
HKCR\TypeLib\{B3201ABA-7CDE-4C8D-A28D-4316427BD6D1} (PUP.Optional.WeCare.A) -> Delete on reboot.
HKCR\Interface\{B60591CD-AA25-4261-B05A-77826471C0A3} (PUP.Optional.WeCare.A) -> Delete on reboot.
HKCR\CLSID\{B60591CD-AA25-4261-B05A-77826471C0A3} (PUP.Optional.WeCare.A) -> Delete on reboot.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 2
C:\ProgramData\WeCareReminder (PUP.Optional.WeCare.A) -> Delete on reboot.
C:\Users\Rob\AppData\Local\ArcadeParlor (PUP.Optional.ArcadeParlor.A) -> Quarantined and deleted successfully.

Files Detected: 17
C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (PUP.Optional.WeCare.A) -> Delete on reboot.
C:\ProgramData\WeCareReminder\ReminderHelper.exe (PUP.Optional.WeCare.A) -> Delete on reboot.
C:\ProgramData\WeCareReminder\WCAutoUpdate.exe (PUP.Optional.WeCare.A) -> Delete on reboot.
C:\Users\Rob\Downloads\7zip_bimo.exe (PUP.Optional.SecureInstaller.A) -> Quarantined and deleted successfully.
C:\Windows\Installer\23bed.msi (PUP.Optional.WeCare.A) -> Delete on reboot.
C:\ProgramData\WeCareReminder\MerchantHash.json (PUP.Optional.WeCare.A) -> Delete on reboot.
C:\ProgramData\WeCareReminder\cleanwateraction.bmp (PUP.Optional.WeCare.A) -> Delete on reboot.
C:\ProgramData\WeCareReminder\IEHelperv2.5.0PS.dll (PUP.Optional.WeCare.A) -> Delete on reboot.
C:\ProgramData\WeCareReminder\IEMenuItem.dll (PUP.Optional.WeCare.A) -> Delete on reboot.
C:\ProgramData\WeCareReminder\IEMenuItemPS.dll (PUP.Optional.WeCare.A) -> Delete on reboot.
C:\ProgramData\WeCareReminder\IEToolMenuDisable.exe (PUP.Optional.WeCare.A) -> Delete on reboot.
C:\ProgramData\WeCareReminder\wecarereminderro.crx (PUP.Optional.WeCare.A) -> Delete on reboot.
C:\Users\Rob\AppData\Local\ArcadeParlor\ap.config (PUP.Optional.ArcadeParlor.A) -> Quarantined and deleted successfully.
C:\Users\Rob\AppData\Local\ArcadeParlor\Arcadeparlor.dll (PUP.Optional.ArcadeParlor.A) -> Quarantined and deleted successfully.
C:\Users\Rob\AppData\Local\ArcadeParlor\broker.exe (PUP.Optional.ArcadeParlor.A) -> Quarantined and deleted successfully.
C:\Users\Rob\AppData\Local\ArcadeParlor\removal.exe (PUP.Optional.ArcadeParlor.A) -> Quarantined and deleted successfully.
C:\Users\Rob\AppData\Local\ArcadeParlor\versioncheck.exe (PUP.Optional.ArcadeParlor.A) -> Quarantined and deleted successfully.

(end)

I ran Malwarebytes again and it came up with
7) objects detected.

In passing, I also installed the free version
of Malwarebytes on the 8200 and it remains
clean as far as the scans are concerned.

I hope this doesn't prevent me from posting to
this site again. That's what happened last time
and it took 3 weeks before I could post again.

Thoughts/suggestions?
Robert

 

[magineer02]

Actually, the scan wasn't totally finished
when I wrote my previous message. The
total number of objects found were (23).

Here's the results of the scan:

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 400929
Time elapsed: 35 minute(s), 50 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 11
HKCR\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} (PUP.Optional.WeCare.A) -> Delete on reboot.
HKCR\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE} (PUP.Optional.WeCare.A) -> Delete on reboot.
HKCR\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3} (PUP.Optional.WeCare.A) -> Delete on reboot.
HKCR\IEHelperv250.WeCareReminder.1 (PUP.Optional.WeCare.A) -> Delete on reboot.
HKCR\IEHelperv250.WeCareReminder (PUP.Optional.WeCare.A) -> Delete on reboot.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} (PUP.Optional.WeCare.A) -> Delete on reboot.
HKCR\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3} (PUP.Optional.WeCare.A) -> Delete on reboot.
HKCR\CLSID\{6ED0A312-78F5-493C-A90C-5DAF321D0BF8} (PUP.Optional.WeCare.A) -> Delete on reboot.
HKCR\TypeLib\{B3201ABA-7CDE-4C8D-A28D-4316427BD6D1} (PUP.Optional.WeCare.A) -> Delete on reboot.
HKCR\Interface\{B60591CD-AA25-4261-B05A-77826471C0A3} (PUP.Optional.WeCare.A) -> Delete on reboot.
HKCR\CLSID\{B60591CD-AA25-4261-B05A-77826471C0A3} (PUP.Optional.WeCare.A) -> Delete on reboot.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\ProgramData\WeCareReminder (PUP.Optional.WeCare.A) -> Delete on reboot.

Files Detected: 11
C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (PUP.Optional.WeCare.A) -> Delete on reboot.
C:\ProgramData\WeCareReminder\ReminderHelper.exe (PUP.Optional.WeCare.A) -> Delete on reboot.
C:\ProgramData\WeCareReminder\WCAutoUpdate.exe (PUP.Optional.WeCare.A) -> Delete on reboot.
C:\Windows\Installer\23bed.msi (PUP.Optional.WeCare.A) -> Delete on reboot.
C:\ProgramData\WeCareReminder\MerchantHash.json (PUP.Optional.WeCare.A) -> Delete on reboot.
C:\ProgramData\WeCareReminder\cleanwateraction.bmp (PUP.Optional.WeCare.A) -> Delete on reboot.
C:\ProgramData\WeCareReminder\IEHelperv2.5.0PS.dll (PUP.Optional.WeCare.A) -> Delete on reboot.
C:\ProgramData\WeCareReminder\IEMenuItem.dll (PUP.Optional.WeCare.A) -> Delete on reboot.
C:\ProgramData\WeCareReminder\IEMenuItemPS.dll (PUP.Optional.WeCare.A) -> Delete on reboot.
C:\ProgramData\WeCareReminder\IEToolMenuDisable.exe (PUP.Optional.WeCare.A) -> Delete on reboot.
C:\ProgramData\WeCareReminder\wecarereminderro.crx (PUP.Optional.WeCare.A) -> Delete on reboot.

(end)


I'll continue to run scans to see if I can
delete them all but I suspect I need to
delete the source programs.

Thoughts/suggestions?
Robert

 

[magineer02]

Hello Paul,

I've run numerous Malwarebytes scans and
keep coming up with (23) objects found and
seems to point to CWA Reminder as the culprit.
So I decided to uninstall it but when trying to
do so I received this message:

The installer has encountered an unexpected
error installing this package. This may indicate
a problem with this package. The error code is 2318.

I tried again and got the same message so I
clicked repair and this is what it gave me:

The Path

"C:\Users\Rpbert\AppData\Local\Temp\qs_f930d200W3iSliderCWAv4.1.24.3_20131003.msi" cannot be found. Verify you have access
to this location and try again, or try to find the
installation package. "W3iSliderCWAv4.1.24.3_20131003.msi"
in a folder from which you can install the product
CWA Reminder by We-Care.com v4.1.23.3


So how am I suppose to uninstall it when it
won't let me? Now my computer is worst off
than before.

Thoughts/suggestions?
Robert

 

[magineer02]

Ok Paul,

This has gotten really serious,

I decided to go into my Administrators account
to see if I could delete the CW Reminder from there
versus the User Account (the computer lets me type
in my Admin password so I don't have to go back
and forth). However, after clicking on the Administrator
Account and entering the password I got a black screen
with the exception of two Windferno Registry Power
Cleaner pop-ups that appeared.

I closed them and nothing. So I pushed the power button
to reset/restart the computer hoping it would take me
back here.

Now I can't even use my Administrator Account !! The
screen is totally blacked out!

I was able to remove Window Registry Cleaner on the User
Side. I tried removing CWA Reminder by We-Care.com
again but I got the same messages as before and could not
remove it.

What am I suppose to do now?

Thoughts/Suggestions?
Robert

 

[Paul]

Hello Paul,

I've run numerous Malwarebytes scans and
keep coming up with (23) objects found and
seems to point to CWA Reminder as the culprit.
So I decided to uninstall it but when trying to
do so I received this message:

The installer has encountered an unexpected
error installing this package. This may indicate
a problem with this package. The error code is 2318.

I tried again and got the same message so I
clicked repair and this is what it gave me:

The Path

"C:\Users\Rpbert\AppData\Local\Temp\qs_f930d200W3iSliderCWAv4.1.24.3_20131003.msi" cannot be found. Verify you have access
to this location and try again, or try to find the
installation package. "W3iSliderCWAv4.1.24.3_20131003.msi"
in a folder from which you can install the product
CWA Reminder by We-Care.com v4.1.23.3


So how am I suppose to uninstall it when it
won't let me? Now my computer is worst off
than before.

Thoughts/suggestions?
Robert

What's weird, is I can find a reference to that file on
Virustotal. But the analysis is clean.

https://www.virustotal.com/en/file/...77939b20875f9b3357d3bdc577a82d9710e/analysis/

The We-Care.com site tries to install stuff in your browser. I
don't see why a .msi would be involved directly.

There was one suggestion to try Revo Uninstaller. So
that's a possibility, if all that is left is bits and
pieces.

Maybe some AV software on your machine (like MBAM),
quarantined the .msi file.

Apparently the we-care stuff, allows other programs to download.
If the uninstaller worked, the piggy back programs
get removed too. So all the references I can find to that,
the Add/Remove or Programs and Features route to removal, worked.
If the uninstaller isn't working, I don't know, maybe
the Revo Uninstaller would work. Not really sure what
to try next.

The AdwCleaner might recognize it. Whatever is left of it.

Paul