Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected by Ads by EnormouSales


  • This topic is locked This topic is locked
19 replies to this topic

#1 moldymold

moldymold

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:41 AM

Posted 04 May 2015 - 11:56 PM

I've tried every trick in the book and scans out the wazzoo to no avail. My Google searches are being redirected and often a pop up with "Ads by EnormouSales" will show up, vanish, then the page reloads to a completely unrelated page. I also notice random text in my browser is bolded with a green box to the top right of it which shows bogus Adware removal averts when I hover my mouse over them. I am currently using Chrome as my browser, and I've noticed my Internet Explorer has not been affected (.....yet). Attached are my FRST logs.

Attached Files



BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:04:41 PM

Posted 05 May 2015 - 04:21 AM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

Please download the latest version of Farbar Recovery Scan Tool and save it to your desktop. Don't kill any malicious processes at your own.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure that Addition.txt is checked before you press the Scan button.
  • Press Scan button.
  • It will make 2 logs (FRST.txt and Addition.txt) in the same directory the tool is run. Please copy and paste them to your reply.

 

 

Regards,

Georgi


cXfZ4wS.png


#3 moldymold

moldymold
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:41 AM

Posted 05 May 2015 - 10:19 PM

Here they are.

Attached Files



#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:04:41 PM

Posted 06 May 2015 - 03:30 AM

STEP 1

 

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION

 

We need to downgrade Google Chrome to the latest stable release. The adware has updated your browser to the developer version where Chrome internal checks are disabled and the adware will reinstall the malicious extensions periodically again if not downgraded...

Make sure that you export your passwords and favorites/bookmarks if you have any before you proceed with the steps below.

Check the links below for more information:

How to Export Bookmarks from Chrome

How To Backup Saved Passwords In Google Chrome Browse

 

Create a new Restore Point before you proceed just in case.

Now please download and install Revo Uninstaller 1.95.
Then please run Revo Uninstaller and select Google Chrome.
Please click Uninstall icon to uninstall the selected program.
Please choose Advanced.
Then click Next and follow the prompts.
Please click Select All and Delete to delete all registry items, folders and files listed by Revo.
If asked to restart the computer, please do so.

 

 

 

STEP 2

 

 

Please download the following file => and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

 

STEP 3

 

 

Now you can reinstall Google Chrome to the latest stable build Google Chrome 42.0.2311.135 Stable and let me know are things now.

 

 

 

Regards,

Georgi


Edited by B-boy/StyLe/, 06 May 2015 - 03:30 AM.

cXfZ4wS.png


#5 moldymold

moldymold
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:41 AM

Posted 06 May 2015 - 04:27 PM

Here ya go.

 

My new Chrome seems to be spick and span so far. Thanks!

Attached Files



#6 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:04:41 PM

Posted 06 May 2015 - 04:59 PM

Hi,

 

 

Let's check for PUPs leftovers:

 

 

STEP 1

 

 

Please download Malwarebytes Anti-Malware 2.1.6.1022 Final to your desktop.
 

  • Double-click mbam-setup-2.1.6.1022.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Settings tab > Detection and Protection subtab, Detection Options, tick the box 'Scan for rootkits'.
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • With some infections, you may see this message box.
    • 'Could not load DDA driver'
  • Click 'Yes' to this message, to allow the driver to load after a restart.
  • Allow the computer to restart. Continue with the rest of these instructions.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

 

STEP 2

 

 

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

 

STEP 3

 

 

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

That's it for now. :)

 

 

Regards,

Georgi


cXfZ4wS.png


#7 moldymold

moldymold
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:41 AM

Posted 06 May 2015 - 05:28 PM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 5/6/2015
Scan Time: 5:04:45 PM
Logfile: 
Administrator: Yes
 
Version: 2.01.6.1022
Malware Database: v2015.05.06.05
Rootkit Database: v2015.04.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Thom
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 429722
Time Elapsed: 16 min, 39 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 1
PUP.Optional.Spigot.A, HKU\S-1-5-21-1071416686-1465175340-3038554051-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{5CEF807E-6D31-4F2E-8E69-842D118F3347}|URL, http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=293224&p={searchTerms}, Quarantined, [8ae3177996f441f51963329de81b916f]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#8 moldymold

moldymold
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:41 AM

Posted 06 May 2015 - 05:34 PM

# AdwCleaner v4.203 - Logfile created 06/05/2015 at 17:32:49
# Updated 30/04/2015 by Xplode
# Database : 2015-05-05.1 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : Thom - THOM-PC
# Running from : C:\Users\Thom\Downloads\adwcleaner_4.203.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17728
 
 
-\\ Google Chrome v42.0.2311.135
 
 
-\\ Chromium v
 
 
*************************
 
AdwCleaner[R0].txt - [3668 bytes] - [04/05/2015 22:32:07]
AdwCleaner[R1].txt - [885 bytes] - [06/05/2015 17:30:36]
AdwCleaner[S0].txt - [3741 bytes] - [04/05/2015 22:35:43]
AdwCleaner[S1].txt - [811 bytes] - [06/05/2015 17:32:49]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [869  bytes] ##########


#9 moldymold

moldymold
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:41 AM

Posted 06 May 2015 - 05:39 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.6.8 (05.06.2015:1)
OS: Windows 7 Ultimate x64
Ran by Thom on Wed 05/06/2015 at 17:35:54.97
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] C:\Windows\syswow64\ai_recyclebin
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 05/06/2015 at 17:39:14.19
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#10 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:04:41 PM

Posted 07 May 2015 - 04:38 AM

Hi,

 

 

Here are the last set of steps just to make sure nothing is lurking in the dark corners. smile.png

 

 

 

STEP 1

 

 

icon_zps423a0d9f.jpg Please download ZHPCleaner (by NicolasCoolman) to your desktop.

  • Double click on ZHPCleaner to run the tool. (Vista/Windows 7/8 users right-click and select Run As Administrator).
  • Please click the Ashampoo_Snap_20140819_13h09m50s_001__zp button.
  • Then press the y3pI4LR.png button.
  • During the scan any open instances of the browsers will be closed automatically.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.

 

 

STEP 2

 

 

 

1.Please download HitmanPro.

  • For 32-bit Operating System - dEMD6.gif.
  • This is the mirror - dEMD6.gif
  • For 64-bit Operating System - dEMD6.gif
  • This is the mirror - dEMD6.gif

2.Launch the program by double clicking on the 5vo5F.jpg icon. (Windows Vista/7 users right click on the HitmanPro icon and select run as administrator).

Note: If the program won't run please then open the program while holding down the left CTRL key until the program is loaded.

3.Click on the next button. You must agree with the terms of EULA. (if asked)

4.Check the box beside "No, I only want to perform a one-time scan to check this computer".

5.Click on the next button.

6.The program will start to scan the computer. The scan will typically take no more than 2-3 minutes.

7.When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore <= IMPORTANT!!!

 

6-scanfin-choose.jpg
 
8.Click on the next button.

9.Click on the "Save Log" button.

10.Save that file to your desktop and post the content of that file in your next reply.
 
Note: if there isn't a dropdown menu when the scan is done then please don't delete anything and close HitmanPro

Navigate to C:\ProgramData\HitmanPro\Logs open the report and copy and paste it to your next reply.

 

Note: Programdata is hidden by default. Please make sure that you can view all hidden files. Instructions on how to do this can be found here:
How to see hidden files in Windows

 

 

 

STEP 3

 

 

emsisoft_emergency_kit.pnglogo.png

  • Download EmsisoftEmergencyKit, run the exe and extract the content in a folder of your choice like (C:\EEK) by clicking the Extract button.
  • Double-click the desktop-shortcut called Start Emsisoft Emergency Kit to start the tool.
  • Click on the "Yes" button when asked to obtain the latest malware definitions.
  • Once the update is complete click "Scan".
  • Click on the "Yes" button when asked to enable the scan for Potentially Unwanted Applications.
  • Next click on the Full Scan. When the scan complete, click on the View Report button (don't delete or quarantine anything).
  • Please copy and paste the content of the report in your next reply.

 

 

 

STEP 4

 

 

Also let's check for outdated and vulnerable software on your pc

 

 

Download Security Check by screen317 from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

and then if there aren't any issues left I'll give you my final recommendations.

Let me know for any remaining issues.

 

 

Regards,

Georgi


cXfZ4wS.png


#11 moldymold

moldymold
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:41 AM

Posted 07 May 2015 - 09:41 PM

~ ZHPCleaner v2015.5.7.217 by Nicolas Coolman (07/05/2015)
~ Run by Thom (Administrator)  (07/05/2015 21:28:23)
~ State version : Version OK
~ Type : Scan
~ Report : C:\Users\Thom\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Thom\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
~ Windows 7, 64-bit Service Pack 1 (Build 7601)
 
 
---\\  Services (0)
~ No malicious items found.
 
 
---\\  Browser internet (0)
~ No malicious items found.
 
 
---\\  Hosts file (1)
~ The hosts file is legitimate (1)
 
 
---\\  Scheduled automatic tasks. (0)
~ No malicious items found.
 
 
---\\  Explorer ( File, Folder) (1)
FOUND file: C:\Users\Thom\AppData\Roaming\appdataFr3.bin  (PUP.Optional) [79FA712A696B4BA400628DD1020EEE1C]
 
 
---\\  Registry ( Key, Value, Data) (0)
~ No malicious items found.
 
 
---\\ Result of repair
~ Any repair made
~ Browser not found (Mozilla Firefox)
~ Browser not found (Opera Software)
 
 
---\\ Statistics
~ Items scanned : 68921
~ Items found : 1
~ Items cancelled : 0
~ Items repaired : 0
 
 
End of clean at 21:40:01
===================
ZHPCleaner-[S]-07052015-21_40_01.txt


#12 moldymold

moldymold
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:41 AM

Posted 07 May 2015 - 09:42 PM

HitmanPro 3.7.9.241
www.hitmanpro.com
 
   Computer name . . . . : THOM-PC
   Windows . . . . . . . : 6.1.1.7601.X64/4
   User name . . . . . . : Thom-PC\Thom
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Trial (28 days left)
 
   Scan date . . . . . . : 2015-05-07 21:28:06
   Scan mode . . . . . . : Quick
   Scan duration . . . . : 2m 22s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
 
   Threats . . . . . . . : 0
   Traces  . . . . . . . : 2
 
   Objects scanned . . . : 3,885
   Files scanned . . . . : 3,885
   Remnants scanned  . . : 0 files / 0 keys
 
Suspicious files ____________________________________________________________
 
   C:\Users\Thom\Downloads\ZHPCleaner.exe
      Size . . . . . . . : 1,818,112 bytes
      Age  . . . . . . . : 0.0 days (2015-05-07 21:27:15)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 74E6400DE26F4150FDB8BA2B258EEC0098B8636451D31C3A485D1EED552BDA5E
      Parent Name  . . . : C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      Running processes  : 5308
      Fuzzy  . . . . . . : 22.0
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Program is running but currently exposes no human-computer interface (GUI).
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
         The file is in use by one or more active processes.
 
 
 


#13 moldymold

moldymold
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:41 AM

Posted 07 May 2015 - 11:27 PM

Emsisoft Emergency Kit - Version 9.0
Last update: 5/7/2015 9:49:54 PM
User account: Thom-PC\Thom
 
Scan settings:
 
Scan type: Full Scan
Objects: Rootkits, Memory, Traces, C:\, Q:\
 
Detect PUPs: On
Scan archives: On
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off
 
Scan start: 5/7/2015 10:06:05 PM
Value: HKEY_USERS\S-1-5-21-1071416686-1465175340-3038554051-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-21-1071416686-1465175340-3038554051-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A)
 
Scanned 318752
Found 2
 
Scan end: 5/7/2015 11:26:39 PM
Scan time: 1:20:34


#14 moldymold

moldymold
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:41 AM

Posted 07 May 2015 - 11:36 PM

 Results of screen317's Security Check version 1.001  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Norton Internet Security   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Spybot - Search & Destroy 
 AML Free Registry Cleaner 4.25 
 Java 8 Update 31  
 Java version 32-bit out of Date! 
 Adobe Reader 9 Adobe Reader out of Date! 
 Google Chrome (42.0.2311.135) 
````````Process Check: objlist.exe by Laurent````````  
 Norton ccSvcHst.exe 
 Spybot Teatimer.exe is disabled! 
 Intel Intel® Small Business Advantage UI IntelSmallBusinessAdvantage.exe 
 Intel Intel® Small Business Advantage Service Intel.SmallBusinessAdvantage.WindowsService.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log`````````````````````` 


#15 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:04:41 PM

Posted 08 May 2015 - 11:38 AM

Hi,

 

 

Registry Editor / Cleaner Warning !!

The following is referring to AML Free Registry Cleaner 4.25
.
Please be aware that bleepingcomputer staff do not recommend the usage of registry cleaners / tools due to the following facts:

  • Registry tools can cause irreparable damage to your Operating System
  • Registry tools can, as a result of the above, render your pc to be inoperable.

This is done, assuming that the major audience here at this board might be inexperienced users and thus a suggested safeguard from our side.
If you feel you have the need for a registry cleaner, then you are just as welcome to keep it. This is what we refer to an "optional fix" and is up to the user, so just take this as a recommendation from my side.

For more information about why you should avoid using a such programs please take a look here => Registry Cleaners and System Tweaking Tools

 

 

 

I have a few updating tasks for you:

 

 

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application.
  • Download the latest version of Java SE 8.
  • Click the Java SE 8u45 "Download JRE" button to the right.
  • Select your Platform, Register and check the box that says: "I agree to the Java SE Runtime Environment 8 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-8u45-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel > Programs, click on Uninstall a program and remove all older versions of Java:
     Java 8 Update 31
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version. (Vista/Windows 7 users, right click on the jre-8u40-windows-i586.exe and select "Run as an Administrator.")

 

Next please run JavaRa.

  • Please download JavaRa 2.6 and unzip it to your desktop.
  • Double-click on JavaRa.exe to start the program.
  • Choose Remove JRE and since you already uninstalled JAVA skip step 1 and click on the next button.
  • Now click on Perform Removal Routine to remove the older versions of Java installed on your computer.
  • When that's successfully done, please click OK to close the message.
  • Click on Next and skip the downloading process. Click Next and now click on Close this wizard and click Finish.
  • From the main menu please choose Additional tasks
  • Place a checkmark beside Remove startup entry, Remove Outdated JRE Firefox Extentions and Clean JRE Temp Files and click Run. The browsers should be closed before running this task.
  • When that's succesfully done you will see a message at the top saying: "Selected tasks completed successfully".
  • A log file should be created in the same directory as JavaRa.
  • Please attach the log to your next reply.
  • Close JavaRa by clicking the red cross button.

 

You can choose between 2 variants:

 

1. If you have applications that require Java to be installed on the computer then uninstall the old version of Java and then run JavaRa to remove all remnants and then go ahead and download & install the latest version of Java (Java SE 8).

 

2. If you want to be on the safe side then go ahead and uninstall the old version of Java, then run JavaRa to remove all remnants and then remove all applications that require Java (time to learn to live without Java and find alternatives to the applications that require Java)... Check this article.

 

 

 

Be sure that you have the latest version of Adobe Reader as well:
Older versions may have vulnerabilities that malware can use to infect your system.
Please uninstall Adobe Reader 9 and then download and install the latest version of Adobe Reader 11.0.10.

Note that the McAfee Security scan is prechecked. You may wish to uncheck it before downloading.

 

 

 

  • The securitycheck log shows that the rest of your critical programs are up to date but It is possible for other programs on your computer to have security vulnerability that can allow malware to infect you.
  • Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities.
  • You can check these by visiting Secunia Software Inspector or you can use the following application for this purpose PatchMyPC

 

 
Visit Microsoft's Windows Update Site Frequently

 

  • It is important that you visit Windows Update regularly.
  • This will ensure your computer has always the latest security updates available installed on your computer.
  • If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

 

Finally please post a new log from SecurityCheck.

 

 

Also please go ahead and delete the following file => C:\Users\Thom\AppData\Roaming\appdataFr3.bin <= this file

 

Note: Appdata is hidden by default. Please make sure that you can view all hidden files. Instructions on how to do this can be found here:
How to see hidden files in Windows

 

 

Let me know how are things now. :)

 

 

Regards,

Georgi


cXfZ4wS.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users