BleepingComputer.com: Vista Antivirus 2011 back as Vista Total Security 2011

Hello,

Here is the results from the OTL fix. I will next run the Malwarebytes quick scan. Everything is running fine. No popups or errors. It seems to be running wonderfully. I'll have the quick scan for you soon.

Thanks.

Leenyd

========== OTL ==========
Prefs.js: "127.0.0.1" removed from network.proxy.http
Prefs.js: 54303 removed from network.proxy.http_port
Prefs.js: 1 removed from network.proxy.type
Registry value HKEY_USERS\S-1-5-21-233250180-1642091619-4122961794-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\S-1-5-21-233250180-1642091619-4122961794-1000\Software\Microsoft\Windows\CurrentVersion\Run\\conhost deleted successfully.
Registry key HKEY_USERS\S-1-5-21-233250180-1642091619-4122961794-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-233250180-1642091619-4122961794-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\GD\\http deleted successfully.
C:\Users\Jude\AppData\Roaming\6E7E.FA3 moved successfully.
C:\Users\Jude\AppData\Local\4m70c0v8j8c47425h2b46 moved successfully.
C:\Users\Jude\AppData\Local\sv24unw18034m5f8c31w3380qikks0ugb36 moved successfully.
C:\Users\Jude\AppData\Local\Vzabihocimafey.dat moved successfully.
C:\Users\Jude\AppData\Local\Usopodihod.bin moved successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.22.3 log created on 04122011_181803

Hello,

Here is the log from the Malwarebytes quick scan. It found 1 infected file. Also, I noticed that the Malwarebytes,Clean Access Agent, SystemLook, Defogger, and GMER icons on the desktop have the red, green, blue, and yellow shield on them that the virus was using. Is that normal?

Leenyd

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6346

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019

4/12/2011 6:43:50 PM
mbam-log-2011-04-12 (18-43-50).txt

Scan type: Quick scan
Objects scanned: 180125
Time elapsed: 15 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Hello leenyd,

Quote

I think you are confusing it with the Icon used by UAC.

Is that what you see:



However disabling UAC doesn't always solve the issue. (but by doing that you will decrease the computer security, so I not recommend it).



Regards,
Georgi

Hello,

Yes, it is the Vista shield. If it's not malicious, that's fine. Since this is my son's computer, I'm not used to what is normal for it.

Is there more for us to do?

Also I was wondering if the pay version of Malwarebytes would have prevented this problem form happening.

Thanks.

Leenyd

Hi leenyd,



The full version of Malwarebytes' Anti-Malware could have protected your computer against the most rogues threats like Vista Antivirus 2011.
MBAM use different ways of protecting your computer(s):

- Dynamically Blocks Malware Sites & Servers
- Malware Execution Prevention

So it's your call here.



I have some final words for you.



All Clean



Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it Clean



STEP 1 UPDATING TASKS





I suggest you to uninstall BitTorrent as well !

Your log(s) show that you are using so called peer-to-peer or file-sharing programmes (in your case BitTorrent). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."


Also, please take a look here:

How cyber criminals infect victims via P2P with pirated software





I have a question for you - Did you purposely install GoToAssist 8.0.0.514 ?
If not I suggest you to uninstall it VIA add or remove programs from the Control Panel as this is some king of Remote support service.





Your Adobe Reader is out of date.
Older versions may have vulnerabilities that malware can use to infect your system.
Please download Adobe Reader X to your PC's desktop.

* Uninstall Adobe Reader 8.2.6 and Adobe Acrobat 5.0 via Start => Control Panel > Add/Remove Programs
* Install the new downloaded updated software.


Note: Note that the McAfee Security scan is prechecked. You may wish to uncheck it before downloading.



Note: Adobe Reader X is a large program and if you prefer a smaller program you can get Foxit Reader 4 x instead.

Foxit Reader 4x offer 5 levels of security. Click Me for more information.

Note: When installing FoxitReader, be carefull not to install anything to do with AskBar.





Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:

• Download the latest version of Java SE Runtime Environment 6u24 and save it to your desktop.
  
• Select your Platform: "Windows".
  
• Select your Language: "Multi-language".
  
• Read the License Agreement, and then check the box that says: "Accept License Agreement".
  
• Click Continue and the page will refresh.
  
• Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  
• Close any programs you may have running - especially your web browser.

Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.

Java™ 6 Update 22

• Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  
• Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  
• Repeat as many times as necessary to remove each Java versions.
  
• Reboot your computer once all Java components are removed.
  
• Then from your desktop double-click on jre-6u24-windows-i586.exe to install the newest version.
  
• If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  
• When the Java Setup - Welcome window opens, click the Install > button.
  
• If offered to install a Toolbar, just uncheck the box before continuing unless you want it.

-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.

Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.





STEP 2 CLEANUP



To remove all of the tools we used and the files and folders they created, please do the following:


Please reopen on your desktop.

In the upper right click CleanUp



This will delete OTL and will clean up after it.


Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

You can uninstall now - Eset Online Scanner and Erunt.





To Clear the Java Runtime Environment (JRE) cache, do this:

• Click Start > Settings > Control Panel.
  
• Double-click the Java icon.
  -The Java Control Panel appears.
  
• Click "Settings" under Temporary Internet Files.
  -The Temporary Files Settings dialog box appears.
  
• Click "Delete Files".
  -The Delete Temporary Files dialog box appears.
  -There are three options on this window to clear the cache.
  • Delete Files
    
  • View Applications
    
  • View Applets
  
  
• Click "OK" on Delete Temporary Files window.
  -Note: This deletes all the Downloaded Applications and Applets from the cache.
  
• Click "OK" on Temporary Files Settings window.
  
• Close the Java Control Panel.

You can also view these instructions along with screenshots here.





Purging System Restore Points

• Go to Start > Programs > Accessories > System Tools and click "System Restore".
  
• Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  
• Then go to Start > Run and type: Cleanmgr
  
• Click "OK".
  
• Click the "More Options" Tab.
  
• Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.

Keep your antivirus software turned on and up-to-date

• Make sure your antivirus software is turned on and up-to-date.
  
• New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
  Note:
  
• You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.

Visit Microsoft's Windows Update Site Frequently


It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security

updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no

more critical updates.


It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you.

Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities.

You can check these by visiting Secunia Software Inspector and Calendar of Updates.





Practice Safe Internet


One of the main reasons people get infected in the first place is that they are not practicing Safe Internet. You practice Safe Internet when you educate yourself on how to

properly use the Internet through the use of security tools and good practice. Knowing how you can get infected and what types of files and sites to avoid will be the most

crucial step in keeping your computer malware free. The reality is that the majority of people who are infected with malware are ones who click on things they shouldn't be

clicking on. Whether these things are files or sites it doesn't really matter. If something is out to get you, and you click on it, it most likely will. Below are a list

of simple precautions to take to keep your computer clean and running securely:

• If you receive an attachment from someone you do not know, DO NOT OPEN IT! Simple as that. Opening attachments from people you do not know is a very common method
  
  for viruses or worms to infect your computer.
  
  
  
• If you receive an attachment and it ends with a .exe, .com, .bat, or .pif do not open the attachment unless you know for a fact that it
  
  is clean. For the casual computer user, you will almost never receive a valid attachment of this type.
  
  
  
• If you receive an attachment from someone you know, and it looks suspicious, then it probably is. The email could be from someone you know infected with a malware that
  
  is trying to infect everyone in their address book.
  
  
  
• If you are browsing the Internet and a popup appears saying that you are infected, ignore it!. These are, as far as I am concerned, scams that are being used to
  
  scare you into purchasing a piece of software. For an example of these types of popups, or Foistware, you should read this article:
  
  Foistware, And how to avoid it.
  
  There are also programs that disguise themselves as Anti-Spyware or security products but are instead scams. For a list of these types of programs we recommend you visit
  
  this link: Rogue/Suspect Anti-Spyware Products & Web Sites
  
  
  
• Another tactic to fool you on the web is when a site displays a popup that looks like a normal Windows message or alert. When you click on them, though, they instead
  
  bring you to another site that is trying to push a product on you. We suggest that you close these windows by clicking on the X instead of the OK button.
  
  Alternatively, you can check to see if it's a real alert by right-clicking on the window. If there is a menu that comes up saying Add to Favorites... you know it's a
  
  fake.
  
  
  
• Do not go to adult sites. I know this may bother some of you, but the fact is that a large amount of malware is pushed through these types of sites. I am not saying all
  
  adult sites do this, but a lot do.
  
  
  
• When using an Instant Messaging program be cautious about clicking on links people send to you. It is not uncommon for infections to send a message to everyone in the
  
  infected person's contact list that contains a link to an infection. Instead when you receive a message that contains a link, message back to the person asking if it is
  
  legit before you click on it.
  
  
  
• Stay away from Warez and Crack sites! In addition to the obvious copyright issues, the downloads from these sites are typically overrun with infections.
  
  
  
• Be careful of what you download off of web sites and Peer-2-Peer networks. Some sites disguise malware as legitimate software to trick you into installing them and
  
  Peer-2-Peer networks are crawling with it. If you want to download a piece of software a from a site, and are not sure if they are legitimate, you can use
  
  McAfee Siteadvisor to look up info on the site.
  
  
  
• DO NOT INSTALL any software without first reading the End User License Agreement, otherwise known as the EULA. A tactic that some developers use is to offer their
  
  software for free, but have spyware and other programs you do not want bundled with it. This is where they make their money. By reading the agreement there is a good chance
  
  you can spot this and not install the software.

Don't use pirated software !!!


Avoid using cracks and unknown programs from sources you don't trust. There are MANY alternative open-source applications.

Malware writers just love cracks and keygens, and will often attach malicious code into them. By using cracks and/or keygens, you are asking for problems.

So my advice is - stay away from them!





Create an image of your system


It is always a good idea to do a backup of all important files just in case something happens it.

Macrium Reflect is very good choice that enables you to create an image of your system drive which can be restored in case of problems.

The download link is here => http://www.macrium.com/reflectfree.asp

The tutorials can be found here => http://www.macrium.com/tutorial.asp

Be sure to read the tutorial first.



Follow this list and your potential for being infected again will reduce dramatically.





STEP 3 IMPROVE YOUR PC PERFORMANCE





Use Disk Cleanup to delete files you no longer need and reclaim storage space on your computer.





Open Disk Cleanup by clicking the Start button, clicking All Programs, clicking Accessories, clicking System Tools, and then clicking Disk Cleanup.

If the Disk Cleanup: Drive Selection dialog box appears, select the hard disk drive that you want to clean up, and then click OK.

Click the Disk Cleanup tab, and then select the check boxes for the files you want to delete.

When you finish selecting the files you want to delete, click OK, and then click Delete files to confirm the operation. Disk Cleanup proceeds to remove all unnecessary files from your computer.





Next please Open Disk Defragmenter by clicking the Start button, clicking All Programs, clicking Accessories, clicking System Tools, and then clicking Disk Defragmenter

Select the drive you want to Defragment (the drive where Windows is installed).

Click Defragment Now.





Finally please type msconfig in the start menu, then hit enter.

Go to the startup tab and then uncheck any programs that you don't need to load with Windows.

Click the "Apply" button and click "OK" to close the MSCONFIG window.

Restart your computer to save the changes you made to the Startup.

You might have a popup window when you log on. This is typical. Just click ok. You can also make the popup window not come up anymore by checking the box there.

The programs you removed will no longer automatically launch once Windows starts up.



Safe Surfing !



Regards,
Georgi

Hello Georgi,

Thank you so very much for your help!! I will do all of the suggested tasks you mentioned in your last reply.

It is a truly wonderful thing that you do--We very much appreciate the help!

Kindest regards,

Leenyd

Hi leenyd ,



You are more then welcome !

I will leave this topic open for a short time in case any issues develop.



Regards,
Georgi

Hello Georgi,

The computer is working great! Thank you! I can't find a donate button for you--Do you have one?

Thanks.

Leenyd

Hi leenyd,



Thanks for the wishes.

Donations are not needed but I appreciate the offer. Your gratitude is enough to make me smile.



It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.



Regards,
Georgi