Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot remove Crypt gen 3 - windows vista (tried combo fix n everything)


  • This topic is locked This topic is locked
32 replies to this topic

#1 helpplease1

helpplease1

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:03:44 PM

Posted 18 June 2013 - 05:58 AM

Hello, first of all before posting here i have tried everything to remove this virus,

from

RKill

to tds killer (does not find virus)

 

the thing about this virus is , i think it activates on start up of my machine and is downloading some how , i have deleted everything in , startup scheduled tasks. So i'm not sure how its downloading itself.

 

It pops up with antivir saying Crypt, pack gen 3 , then i choose move to quarintine then it pops up again i choose that agian about twice then it dissapeears,

 

then a few minutes after things like 7549494949cc folders turn up in my c folder ,

 

now when i do combo fix , then reboot ( without internet connetcion on) these folders dissapear so it removes some form of the virus.

 

Its only when i turn on the computer with internet connection on i think this virus is starting up again,

 

please help in removing this virus

 

i have tried every scanner including eset and they find nothing,  OTL finds nothing,

 

everything finds nothing, i think this virus is inbedded itself deep somehow

.

 

 



BC AdBot (Login to Remove)

 


#2 helpplease1

helpplease1
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:03:44 PM

Posted 18 June 2013 - 06:04 AM

Also I followed everything in this thread and it still didsn't stop this virus on boot up

http://www.bleepingcomputer.com/forums/t/348257/trcryptxpackgen3-and-security-suite/

 

So tried everything to stop this virus have i got some form of super virus of something, nothing stops it  , tfc cleaner , hit man pro nothing stops it ?



#3 helpplease1

helpplease1
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:03:44 PM

Posted 20 June 2013 - 10:50 PM

Hello , the virus is still there , what it does is some how connected in my reboot i cleared the scheduled tasks (i'm using windows vista)

after reboot antivir pops up saying virus crypt pack gen 3  mrte.exe  , then even before i can choose send to quarantine the window disappears?

 

Is this a false virus?



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,215 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:44 PM

Posted 22 June 2013 - 10:09 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit

  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
  • ===

    Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

    Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
  • ===

    thisisujrt.gif Please download
    Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
  • ===

    Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

    Download DDS by sUBs from one of the following links, if you no longer have it available. Save it to your desktop.

    1: DDS.scr (Not recommended if you use Chrome to download this .scr file. Use the other options.)
    2: DDS.pif
    3: DDS.COM

    Double click on the DDS icon, allow it to run.
    A small box will open, with an explanation about the tool. No input is needed, the scan is running.
    Notepad will open with the results.
    Follow the instructions that pop up for posting the results.
    Please note: You may have to disable any script protection running if the scan fails to run.

    dds_scr.gif

    Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.
    ===

    Third party programs if not up to date can be the cause of infiltration an infection.

    Please run this security check for my review.

    Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  • ===

    Please paste the logs in your next reply, DO NOT ATTACH THEM
    Let me know what problem persists.


#5 helpplease1

helpplease1
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:03:44 PM

Posted 23 June 2013 - 06:43 PM

Okay Great thanks Nasdaq,

 

I will get onto it now and begin following your instructions , hopefully can get rid of this annoying virus that wont go away.

 

For your reference aswell I have adw cleaner  i tried  using that then using super anti spy ware (which found 2 adware or something plus a trojan called frost i chose remove , but after , (and it only seems to happen after power off and reboot) after a while the antivir message pops up cryptgen pack 3 .mrte virus.

 

I will start your steps now ,

 

also have saved your instructions to word ,



#6 helpplease1

helpplease1
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:03:44 PM

Posted 23 June 2013 - 08:46 PM

RogueKiller V8.6.1 [Jun 19 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : mark [Admin rights]
Mode : Remove -- Date : 06/24/2013 11:44:21
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 12 ¤¤¤
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowUser (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> REPLACED (1)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[WALLPAPER] HKCU\[...]\Desktop : WallPaper (C:\Windows\Web\Wallpaper\img29.jpg) -> REPLACED (C:\Users\Public\Pictures\Sample Pictures\Green Sea Turtle.jpg)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Address] SSDT[78] : NtCreateThread @ 0x822D1E14 -> HOOKED (Unknown @ 0xA7EAC6CC)
[Address] SSDT[194] : NtOpenProcess @ 0x8226113F -> HOOKED (Unknown @ 0xA7EAC6B8)
[Address] SSDT[201] : NtOpenThread @ 0x8225C63B -> HOOKED (Unknown @ 0xA7EAC6BD)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK1655GSX +++++
--- User ---
[MBR] 11a1228c68afe14b1864efc935eb20ab
[BSP] f82ad30a065cbf07d34d91341713a50c : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 141382 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 292624384 | Size: 9743 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_06242013_114421.txt >>
RKreport[0]_S_06242013_105534.txt


 



#7 helpplease1

helpplease1
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:03:44 PM

Posted 23 June 2013 - 09:00 PM

I searched for adware but nothing came up, maybe because i deleted it with super anti spyware yesterday?

 

heres the adw cleaner log

 

# AdwCleaner v2.303 - Logfile created 06/24/2013 at 11:51:22
# Updated 08/06/2013 by Xplode
# Operating system : Windows Vista ™ Home Basic Service Pack 2 (32 bits)
# User : mark - MARK-PC
# Boot Mode : Normal
# Running from : C:\Users\mark\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16490

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\2etydc6a.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v27.0.1453.116

File : C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [37685 octets] - [12/06/2013 12:17:34]
AdwCleaner[R2].txt - [1181 octets] - [14/06/2013 10:53:49]
AdwCleaner[R3].txt - [1181 octets] - [18/06/2013 13:03:32]
AdwCleaner[R4].txt - [1301 octets] - [18/06/2013 19:54:03]
AdwCleaner[S1].txt - [38020 octets] - [12/06/2013 12:18:07]
AdwCleaner[S2].txt - [1121 octets] - [14/06/2013 10:54:04]
AdwCleaner[S3].txt - [1242 octets] - [18/06/2013 13:03:52]
AdwCleaner[S4].txt - [1233 octets] - [24/06/2013 11:51:22]

########## EOF - C:\AdwCleaner[S4].txt - [1293 octets] ##########
 



#8 helpplease1

helpplease1
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:03:44 PM

Posted 23 June 2013 - 09:14 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows Vista ™ Home Basic x86
Ran by mark on Mon 24/06/2013 at 12:04:33.83
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\driverscanner



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\mark\AppData\Roaming\mozilla\firefox\profiles\2etydc6a.default\prefs.js

user_pref("extensions.seoquake.params.150.disable-baidu", true);
user_pref("extensions.seoquake.params.160.disable-baidu", true);
user_pref("extensions.seoquake.params.320.disable-baidu", false);



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 24/06/2013 at 12:06:11.84
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#9 helpplease1

helpplease1
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:03:44 PM

Posted 23 June 2013 - 09:48 PM

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume2
Install Date: 13/10/2009 5:25:36 PM
System Uptime: 24/06/2013 12:15:31 PM (0 hours ago)
.
Motherboard: TOSHIBA |  | Portable PC
Processor: Intel® Celeron® CPU          900  @ 2.20GHz | CPU | 2194/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 138 GiB total, 29.597 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Tun Miniport Adapter
Device ID: ROOT\*TUNMP\0001
Manufacturer: Microsoft
Name: Microsoft Tun Miniport Adapter #2
PNP Device ID: ROOT\*TUNMP\0001
Service: tunmp
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Realtek RTL8101 Family PCI-E Fast Ethernet NIC (NDIS 6.0)
Device ID: PCI\VEN_10EC&DEV_8136&SUBSYS_FF661179&REV_02\4&30B2CE1&0&00E0
Manufacturer: Realtek
Name: Realtek RTL8101 Family PCI-E Fast Ethernet NIC (NDIS 6.0)
PNP Device ID: PCI\VEN_10EC&DEV_8136&SUBSYS_FF661179&REV_02\4&30B2CE1&0&00E0
Service: RTL8169
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
7-Zip 9.20
Acrobat.com
Adobe After Effects 5.0
Adobe After Effects 6.0
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Dreamweaver CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop 7.0
Adobe Reader 9
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Shockwave Player 11.5
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe XMP Panels CS4
AGT Pro - Betfair
AliIM Plugins for Browser
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Avira AntiVir Personal - Free Antivirus
Belarc Advisor 8.2
Bet Angel - Professional
Bfexplorer PRO
Bonjour
CCleaner
CD/DVD Drive Acoustic Silencer
Celtx (2.9.1)
Compatibility Pack for the 2007 Office system
Connect
DivX Setup
doPDF 7.2 printer
DRPU Barcode Label Maker (Standard) Demo
eMule
ESET Online Scanner v3
Final Draft
Final Draft 7
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
HitmanPro 3.7
Horse Racing Fantasy 3
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
iTunes
Japanese Fonts Support For Adobe Reader 9
Kies
kuler
LightWave 7 Full Install
Macromedia Dreamweaver 4
Macromedia Extension Manager
Macromedia Flash MX 2004
Malwarebytes Anti-Malware version 1.61.0.1400
Marvell Miniport Driver
Maya 2010
Maya 2010 Documentation (en_US)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office XP Professional with FrontPage
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft XML Parser
Mozilla Firefox 21.0 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyFreeCodec
MySQL Workbench 5.2 CE
Netbet Pro
OGA Notifier 2.0.0048.0
OutlookAddInNet3Setup
Photoshop Camera Raw
Picasa 3
PokerStars
QuickTime
RacetextXml
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Realtek WiFi Protected Setup Library
Realtek WLAN Driver
Samsung Mobile phone USB driver Software
Samsung PC Studio 3
Samsung PC Studio 3 USB Driver Installer
SAMSUNG USB Driver for Mobile Phones
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
SharpReader 0.9.7.0
Skype Click to Call
Skype™ 6.0
Suite Shared Configuration CS4
SUPERAntiSpyware
Synaptics Pointing Device Driver
Telstra Turbo Connection Manager
Text To PDF v2.1.0
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Desktop Links
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Hardware Setup
TOSHIBA Recovery Disc Creator
Toshiba Registration
TOSHIBA Service Station
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
Uniblue DriverScanner
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
VC80CRTRedist - 8.0.50727.6195
WildTangent Games
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Encoder 9 Series
Windows Media Player Firefox Plugin
WinRAR archiver
WinZip
WinZip Self-Extractor
Yahoo! SiteBuilder
ZBrush 3.5 R3
.
==== End Of File ===========================
 



#10 helpplease1

helpplease1
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:03:44 PM

Posted 23 June 2013 - 10:12 PM

 Results of screen317's Security Check version 0.99.67  
 Windows Vista Service Pack 2 x86 (UAC is enabled)  
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
AntiVir Desktop   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 SUPERAntiSpyware     
 CCleaner     
 Adobe Flash Player 10 Flash Player out of Date!
 Adobe Flash Player     11.1.102.55  
 Adobe Reader 9 Adobe Reader out of Date!
 Mozilla Firefox (21.0)
 Google Chrome 27.0.1453.110  
 Google Chrome 27.0.1453.116  
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 18 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 



#11 helpplease1

helpplease1
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:03:44 PM

Posted 23 June 2013 - 10:18 PM

I will leave it tomorrow after doing a few reboots , because sometimes it would pop up 1 day after, after reboot it would pop up ,

So hopefully you got rid of this virus for me ,

 

thanks  a bunch nasdaq

 

cheers



#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,215 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:44 PM

Posted 24 June 2013 - 07:46 AM

Looking better. Let me know if the problem persists.

Critical vulnerabilities have been identified in old version of Adobe Flash Player please get the latest version.

Summary: Adobe has released security updates for Adobe Flash Player 11.6.602.180 and earlier versions for Windows and Macintosh, Adobe Flash Player 11.2.202.275 and earlier versions for Linux, Adobe Flash Player 11.1.115.48 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.44 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.

Get the latest Flash Player

On the top of the page you will be given an opportunity to download the version for your operating system.
Make sure you select appropriate version.

You will also have an option to install the Free! McAfee Security Scan Plus Un-check the box if you are NOT using McAfee's virus protection software.

For the users of Internet Explorer download version 11.
Flash Player 11 (64 bit)
Flash Player 11 (32 bit)
===


Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.

#13 helpplease1

helpplease1
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:03:44 PM

Posted 25 June 2013 - 04:17 AM

Thankyou so much Nasdaq yep its gone hasn't popped up after reboot alot of times now, your a genius ,

thankyou heaps

 

Yes i will do the updates

 

thanks a bunch :)



#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,215 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:44 PM

Posted 25 June 2013 - 08:15 AM

If all is well:

Time for some housekeeping
  • The following will implement some cleanup procedures as well as reset System Restore points:
  • Click Start > Run and copy/paste the following bold text into the Run box and click OK:
  • ComboFix /Uninstall
===

To remove AdwCleaner.

Please double click on AdwCleaner.exe to run the tool.
Click on Uninstall.
Confirm with Yes.

If you decide to keep the AdwCleaner tool make sure to delete your version and download the latest before running it.

Delete the other tools we used.
You can Keep the DDS tool as most forum will ask to see a log before suggesting a fix.

Surf Safely, and Think Prevention!
===

#15 nasdaq

nasdaq

  • Malware Response Team
  • 39,215 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:44 PM

Posted 25 June 2013 - 08:15 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users