Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Web Cake / Synmantec Mal.pe / & Windows won't shut down


  • Please log in to reply
5 replies to this topic

#1 elena1

elena1

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:23 PM

Posted 02 August 2013 - 09:13 PM

Hi, I think I have serious malware and/or virus issues.

 

On start up, Microsoft Security Essentials notifies me that Adware:Win32/webcake has been detected. Symantec also continuously finds Bloodhound.MalPE risks for files with a .tmp extension and new files keep showing up even as old ones are cleaned.

 

I have thus far used Malwarebytes, Spybot Search and Destroy, Norton Power Eraser, FixTDSS, and other programs to no avail.

 

Also, when I attempt to power windows down it won't shut off unless I manually power it down. My computer gets to the "Windows Shutting Down" screen but it won't actually turn off.

 

I have tried to search for info on these topics for the last few days, but I have been unsucessful at fixing these problems. Any advice is appreciated. 

 

Thanks.

 

Mod Edit: Moved topic from Windows 7 to a more appropriate forum. ~bloopie


Edited by bloopie, 02 August 2013 - 09:42 PM.


BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:23 AM

Posted 02 August 2013 - 09:24 PM

Hello elena -

Please run these scans and checks in the order they are posted.

You can post the responses one at a time if this is easier for you -

 

Download Security Check by Screen317 from HERE
* Save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: If a security program requests permission to access the Internet, allow it to do so.

 

 

Download SUPERAntiSpyware Free (aka SAS)
* Double-click SAS -setup.exe and follow the prompts to install the program.
* At the end, be sure to Check for Updates to be sure it is current
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to reboot the computer after you post the log.

 

 

Please download AdwCleaner by Xplode onto your desktop.

*Close all open programs and internet browsers.
*Double click on adwcleaner.exe to run the tool.
*Click on Delete.
*Confirm each time with Ok.
* NOTE Your computer will be rebooted automatically. A text file will open after the restart.

*Please post the contents of that logfile with your next reply.
*You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

 

Please download TFC, or Temp File Cleaner by Old Timer.
Usage Instructions:

  • Download TFC from the download link above and save the file on your desktop.
  • Close ALL running applications as TFC will terminate them before attempting to clean up the temporary files.
  • Double-click on the TFC icon.
  • When the program opens, click on the Start button.  TFC will terminate the Explorer process and all running applications and then begin the process of cleaning out all of your temp folders.
  • When done, press OK to reboot your computer and finish the cleanup.

Note: Depending on how much data is currently stored in the Temp folders, this process can take quite a while to remove all of the files, so please be patient.

 

 

 

Thank You -



#3 elena1

elena1
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:23 PM

Posted 03 August 2013 - 01:08 PM

Thanks for your help! See logs below:

 

Results of screen317's Security Check version 0.99.71 

 Windows 7 Service Pack 1 x86 (UAC is disabled!) 

 Internet Explorer 10 

``````````````Antivirus/Firewall Check:``````````````

 Windows Firewall Enabled! 

Microsoft Security Essentials  

Symantec Endpoint Protection   

 Antivirus up to date! 

`````````Anti-malware/Other Utilities Check:`````````

 MVPS Hosts File 

 SpywareBlaster 5.0   

 Spybot - Search & Destroy

 Malwarebytes Anti-Malware version 1.75.0.1300 

 CCleaner    

 Java 7 Update 25 

 Adobe Flash Player 10 Flash Player out of Date!

 Mozilla Firefox (22.0)

 Google Chrome 28.0.1500.72 

 Google Chrome 28.0.1500.95 

````````Process Check: objlist.exe by Laurent```````` 

 Norton ccSvcHst.exe

 Microsoft Security Essentials MSMpEng.exe

 Microsoft Security Essentials msseces.exe

 Malwarebytes Anti-Malware mbamservice.exe 

 Malwarebytes Anti-Malware mbamgui.exe 

 Spybot Teatimer.exe is disabled!

 Malwarebytes' Anti-Malware mbamscheduler.exe  

`````````````````System Health check`````````````````

 Total Fragmentation on Drive C: 

````````````````````End of Log``````````````````````

 

 

 

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 08/03/2013 at 02:56 AM

 

Application Version : 5.6.1020

 

Core Rules Database Version : 10664

Trace Rules Database Version: 8476

 

Scan type       : Quick Scan

Total Scan Time : 00:13:38

 

Operating System Information

Windows 7 Professional 32-bit, Service Pack 1 (Build 6.01.7601)

UAC Off - Administrator

 

Memory items scanned      : 786

Memory threats detected   : 0

Registry items scanned    : 30450

Registry threats detected : 0

File items scanned        : 7735

File threats detected     : 0

 

 

 

# AdwCleaner v2.306 - Logfile created 08/03/2013 at 10:39:28

# Updated 19/07/2013 by Xplode

# Operating system : Windows 7 Professional Service Pack 1 (32 bits)

# User : elena - ELENA-PC

# Boot Mode : Normal

# Running from : C:\Users\elena\Downloads\adwcleaner.exe

# Option [Delete]

 

 

***** [Services] *****

 

 

***** [Files / Folders] *****

 

Folder Deleted : C:\Program Files\Common Files\AVG Secure Search

 

***** [Registry] *****

 

Key Deleted : HKCU\Software\AVG Secure Search

Key Deleted : HKLM\Software\AVG Secure Search

 

***** [Internet Browsers] *****

 

-\\ Internet Explorer v10.0.9200.16635

 

[OK] Registry is clean.

 

-\\ Mozilla Firefox v22.0 (en-US)

 

File : C:\Users\elena\AppData\Roaming\Mozilla\Firefox\Profiles\a802m829.default\prefs.js

 

[OK] File is clean.

 

-\\ Google Chrome v28.0.1500.95

 

File : C:\Users\elena\AppData\Local\Google\Chrome\User Data\Default\Preferences

 

[OK] File is clean.

 

*************************

 

AdwCleaner[R1].txt - [7043 octets] - [23/07/2013 17:33:52]

AdwCleaner[R2].txt - [7103 octets] - [23/07/2013 17:35:22]

AdwCleaner[R3].txt - [7163 octets] - [23/07/2013 18:17:04]

AdwCleaner[R4].txt - [1334 octets] - [03/08/2013 10:28:24]

AdwCleaner[R5].txt - [1394 octets] - [03/08/2013 10:38:21]

AdwCleaner[S1].txt - [7514 octets] - [23/07/2013 18:21:45]

AdwCleaner[S2].txt - [1331 octets] - [03/08/2013 10:39:28]

 

########## EOF - C:\AdwCleaner[S2].txt - [1391 octets] ##########



#4 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:23 AM

Posted 03 August 2013 - 05:20 PM

 Windows Firewall Enabled! 

Microsoft Security Essentials  

Symantec Endpoint Protection 

This may be one of your problems - 2 Active Antivirus programs detected.

Also I think Symantec Endpoint has its own inbuilt firewall -

 

Remove one of them fully, and try a rescan with only 1 Antivirus abd 1 Firewall in operation.

 

For what it is worth  Spybot - Search & Destroy can be removed with MBAM and SAS both installed now -

 

Thanks -



#5 elena1

elena1
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:23 PM

Posted 04 August 2013 - 01:15 PM

Hi noknojon,

 

Thanks for taking the time to help me.

 

I updated UAC, flash, etc and am disabling the redunant programs you mentioned. I noticed this morning that the .temp bloohound.MalPE files are back. Symantec wasn't notifying me of problems yesterday after cleaning the temp directory so I was kinda of surprised to see them this morning. Also, Microsoft Security essentials is again warning of Adware:Win32/webcake. The computer does turn off now, and doesn't hang on reboot or shutdown.



#6 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:23 AM

Posted 04 August 2013 - 05:04 PM

Symantec wasn't notifying me of problems yesterday after cleaning the temp directory so I was kinda of surprised to see them this morning. Also, Microsoft Security essentials is again warning of Adware:Win32/webcake. The computer does turn off now, and doesn't hang on reboot or shutdown.

Hello -

Please note ln POST #4 that I asked you to Remove one of your Antivirus programs .......

You are still telling me that you have 2 Antivirus programs installed - This can cause False Positives when they fight against each other -

More is NOT better in this case - Please Uninstall one now - Ask for help if you want Removal Tools for these programs -

 

Thank You -






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users