Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help with my computer


  • Please log in to reply
8 replies to this topic

#1 tigersmoondiva

tigersmoondiva

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:01:55 PM

Posted 12 November 2014 - 11:13 PM

I am a volunteer at my church - and our computer was a big mess.  After 2 days of fighting with it - I managed to get the viruses and the malware off (I think - but)  it's still trying to use a proxy to get on the internet!  I am at my wits end!  What do you need me to run so I can get some help cleaning up this mess!  Thanks in advance!

 

Katrina



BC AdBot (Login to Remove)

 


m

#2 xAnti_HerOx

xAnti_HerOx

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Los Angeles
  • Local time:11:55 AM

Posted 12 November 2014 - 11:37 PM

Do you have multiple Browsers on the computer. 

If so are you getting the same issue on all of them or just one? 


4mKMIUp.jpg

 

"The human spirit must prevail over technology". -Albert Einstein 


#3 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:55 AM

Posted 12 November 2014 - 11:55 PM

Hello Katrina -

First step -

Open Internet Explorer (it must be Internet Explorer) -> Click Tools at the top (press ALT if you do not see Tools) -> Near the bottom click Internet Options -> Along the top of the new menu select Connections -> Near the bottom select LAN Settings -> In that area make sure the only box ticked is Automatically Detect Settings and nothing else is ticked -

 

Tell me if this was correct or you needed to alter it.

 

Thank You



#4 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:55 AM

Posted 13 November 2014 - 12:11 AM

EDIT - I forgot to add, Please ask if you do not understand or if you have problems with these instructions -

 

Second step -

Please download and run RKill by Grinler.
 A black DOS box will appear for a short time and then disappear.
 This is normal and indicates the tool ran successfully.
 At most the tool will usually run for about 2 minutes
 Please Copy and Paste the small log back here.


Do not reboot your computer until you complete the next step.


 NOW :

  • Download AdwCleaner by Xplode and save to your Desktop.
  • Double-click on AdwCleaner.exe to run the tool.
     * Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button (only once)
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button only once for accuracy.
  • A report (AdwCleaner[R0].txt) will open in Notepad for your review.
  • Check the listed removals and see if you are OK with them.
  • If you have questions, post the Report log back here.

 Next

  • Click on the Clean button only once for accuracy
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK finally to allow AdwCleaner to Restart the computer and complete the removal process.
  • After rebooting, a log report (AdwCleaner[S0].txt) will open automatically.
    Copy and Paste the contents of that log in your next reply.

Note: With most Adware / Junkware / PUPs it is strongly recommended to deal with it like a legitimate program and uninstall from Programs and Features or Add/Remove Programs in the Control Panel. In many cases, using the uninstaller of the adware not only removes the adware more effectively, but it also restores any changed configuration. After uninstallation, then you can run specialized tools like AdwCleaner and JRT to fix any remaining entries they may find.

 

 

Thank You -


Edited by noknojon, 13 November 2014 - 12:17 AM.


#5 tigersmoondiva

tigersmoondiva
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:01:55 PM

Posted 13 November 2014 - 01:16 AM

Hello Katrina -

First step -

Open Internet Explorer (it must be Internet Explorer) -> Click Tools at the top (press ALT if you do not see Tools) -> Near the bottom click Internet Options -> Along the top of the new menu select Connections -> Near the bottom select LAN Settings -> In that area make sure the only box ticked is Automatically Detect Settings and nothing else is ticked -

 

Tell me if this was correct or you needed to alter it.

 

Thank You

 

 

I have done this more times than I can count - it keeps reticking the box - which tells me we are still infected.

 

I will do the 2 above steps as soon as I can get up to the church in the morning!  

 

Thank you!



#6 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:55 AM

Posted 13 November 2014 - 02:00 AM

I have done this more times than I can count - it keeps reticking the box - which tells me we are still infected.

Hi -

Were you instructed by others to do this action ??

 

I will not be here tomorrow (personal reasons) but others may pick this up and follow your reports .......

 

Thank You -



#7 tigersmoondiva

tigersmoondiva
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:01:55 PM

Posted 13 November 2014 - 01:00 PM

No - I tried doing it myself.  It said there was a proxy error - we are not using a proxy so I unchecked it - saved.  Then when I go back in I find it rechecked again.

 

Notepad

 

Rkill 2.6.8 by Lawrence Abrams (Grinler)
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 11/13/2014 11:45:38 AM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Reparse Point/Junctions Found (Most likely legitimate)!
 
     * C:\Windows\AppPatch\spbin => C:\PROGRA~2\SearchProtect\SearchProtect\bin [Dir]
 
Checking Windows Service Integrity: 
 
 * No issues found.
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 11/13/2014 11:46:57 AM
Execution time: 0 hours(s), 1 minute(s), and 19 seconds(s)
 
AdwCleaner
 
# AdwCleaner v4.101 - Report created 13/11/2014 at 11:48:49
# Updated 09/11/2014 by Xplode
# Database : 2014-11-07.1 [Local]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Justin - JUSTIN-HP
# Running from : J:\AdwCleaner (3).exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17420
 
 
*************************
 
AdwCleaner[R0].txt - [9363 octets] - [12/11/2014 16:35:39]
AdwCleaner[R1].txt - [814 octets] - [13/11/2014 11:36:52]
AdwCleaner[R2].txt - [675 octets] - [13/11/2014 11:48:49]
AdwCleaner[S0].txt - [8655 octets] - [12/11/2014 16:41:59]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [794 octets] ##########
 


#8 xAnti_HerOx

xAnti_HerOx

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Los Angeles
  • Local time:11:55 AM

Posted 13 November 2014 - 03:33 PM

Okay well I have had a few proxies hide in the registry as well. Sometimes if the computer was infected, malware removal programs wont do very much on the proxy end in the registry. I have only had a hand full ever go there.
But we can go ahead and try to manually check to see if any Registry Keys were set for this.
 

BEFORE doing any registry edit, please back up your registry. If something goes wrong you will be able to restore the registry from the back up.

  • Click here to open the download page for ERUNT
  • Scroll down to the Download ERUNT: section and choose a download server for erunt-setup.exe
  • Save the file to your desktop
  • Run erunt-setup.exe to install the application on your computer
  • Click Next on each screen accepting the defaults, click Install
  • Choose whether or not to run ERUNT at startup (recommended)
  • Untick Show Documentation and click Finish to launch ERUNT
    (it can also be run from Start > Program Files > ERUNT > ERUNT)
  • Click Ok on the dialog box, select the folder for ERUNT to backup to (default recommended)
    (a warning might appear if the folder does not exist, click yes to create it)
  • ERUNT will run and a message will notify that you that the backup is complete
Once we have covered our backing up in case of any accidents.
Go ahead and Open your Run Box Again (Win Key + R ) 
  • Type In : "Regedit" 
Your Registry Editor Will Now Open. You will notice two boxes, one on the left and one on the right. 
On the left side. 
Expand the folders and Navigate to 
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings:
DELETE Keys marked with *Local , Override, or Loopback
 
Also,You will see Other Keys :
-ProxyEnable - Right Click the Key, Select Modify, and Set Value to 0
-ProxyHTTP - Right Click the Key, Select Modify, and Set Value to 0
 
Then Also Navigate to :
 
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings:
 
DELETE Keys marked with *Local , Override, or Loopback
 
Also,You will see Other Keys :
-ProxyEnable - Right Click the Key, Select Modify, and Set Value to 0
-ProxyHTTP - Right Click the Key, Select Modify, and Set Value to 0
 
Your Screen Should Look Something Like What is Attached Below
 
ProxyOverride.png
 
Now Check the Internet Settings and See if they are still Locked on the Proxy.
Please note anything you do find. And anything you do not find. As both are just as important. 

Edited by xAnti_HerOx, 13 November 2014 - 03:34 PM.

4mKMIUp.jpg

 

"The human spirit must prevail over technology". -Albert Einstein 


#9 tigersmoondiva

tigersmoondiva
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:01:55 PM

Posted 13 November 2014 - 08:37 PM

Ok!  I will print and get on this first thing Monday morning - as I am headed out of town for a couple of days! 

 

You guys are wonderful and I'll get back with you when I'm home.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users