Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Panda keeps finding and cleanin malware that attempts to disable taskmanager


  • Please log in to reply
10 replies to this topic

#1 raymj49

raymj49

  • Members
  • 148 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:20 AM

Posted 01 June 2015 - 08:48 PM

Panda keeps  finding and cleanin malware that attempts to disable taskmanager, 

(bitdefender paid did not catch it at all)

 

 

Couls someone please help me make sure my system is clean? Thanks so much


Edited by computerxpds, 01 June 2015 - 09:10 PM.
Moved to AII from Windows 7


BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:20 PM

Posted 02 June 2015 - 06:57 AM

Hello raymj -

 

Please try these cleaning programs, and provide  bit more information...

 

Download Screen317 Security Check from Here or Here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt
  • Please Copy/Paste the contents of that document.

Note 1:: If any security program requests permission to access the Internet, allow it to

 

 

Next -

Please post a snapshot with Speccy for more system details -
How to Publish a snapshot with Speccy <<-- Full Directions Here (only Copy / Paste the link)

 

Next -

Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 3 different versions. If one of them won't run then download and try to run the other one.(only one is required)

Link 1
Link 2
Link 3

Copy and Paste the result text back here.

 

Do not reboot your computer until you complete the next step.

Now :

  • Download AdwCleaner by Xplode from Here or Here and save to your Desktop.
  • Double-click on AdwCleaner.exe to run the tool.
     * Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button only once
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button only once for accuracy.
  • A report (AdwCleaner[R0].txt) will open in Notepad for your review.
  • Check the listed removals and see if you are OK with them.
  • If you have questions, post the Report log back here.
     Next
  • Click on the Cleaning button only once for accuracy
  • Press OK > OK when asked to close all programs and follow the onscreen prompts.
  • Press OK finally to allow AdwCleaner to Restart the computer and complete the removal process.
  • After rebooting, a log report (AdwCleaner[S0].txt) will open automatically.
  • **Copy and Paste the contents of that log in your next reply.**

 

 

Sophos Virus Removal Tool

  • Please download Sophos Virus Removal Tool and save the file to your Desktop.
  • Temporarily Disable your Antivirus
  • Right-Click the icon and select, Run as administrator to run the program.
  • Click Next.
  • Select I accept the terms in this license agreement, then click Next twice.
  • Click Install.
  • Click Finish to launch the program
  • Once the virus database has been updated click Start scanning.
  • If threats are found click Details, followed by View log file.
  • ***Copy the contents of the log and paste in your next reply.***
  • Close the Notepad document, close the Threat Details screen, and click Start cleanup.
  • Click Exit to close the program.
  • Re-enable your anti-virus software.

Thank You -



#3 raymj49

raymj49
  • Topic Starter

  • Members
  • 148 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:20 AM

Posted 02 June 2015 - 09:08 PM

http://speccy.piriform.com/results/bcRr6cGof0Fkhhqr3Sblr7O



#4 raymj49

raymj49
  • Topic Starter

  • Members
  • 148 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:20 AM

Posted 02 June 2015 - 09:12 PM

Rkill 2.7.0 by Lawrence Abrams (Grinler)
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 06/02/2015 08:10:34 PM in x86 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
 * Windows Firewall Disabled
 
   [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
   "EnableFirewall" = dword:00000000
 
Checking Windows Service Integrity: 
 
 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Manual
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * Cannot edit the HOSTS file.
 * Permissions Fixed. Administrators can now edit the HOSTS file.
 
 * HOSTS file entries found: 
 
  127.0.0.1 www.007guard.com
  127.0.0.1 007guard.com
  127.0.0.1 008i.com
  127.0.0.1 www.008k.com
  127.0.0.1 008k.com
  127.0.0.1 www.00hq.com
  127.0.0.1 00hq.com
  127.0.0.1 010402.com
  127.0.0.1 www.032439.com
  127.0.0.1 032439.com
  127.0.0.1 www.0scan.com
  127.0.0.1 0scan.com
  127.0.0.1 1000gratisproben.com
  127.0.0.1 www.1000gratisproben.com
  127.0.0.1 1001namen.com
  127.0.0.1 www.1001namen.com
  127.0.0.1 100888290cs.com
  127.0.0.1 www.100888290cs.com
  127.0.0.1 www.100sexlinks.com
  127.0.0.1 100sexlinks.com
 
  20 out of 15492 HOSTS entries shown.
  Please review HOSTS file for further entries.
 
Program finished at: 06/02/2015 08:10:53 PM
Execution time: 0 hours(s), 0 minute(s), and 19 seconds(s)
 


#5 raymj49

raymj49
  • Topic Starter

  • Members
  • 148 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:20 AM

Posted 02 June 2015 - 09:15 PM

Forgot the security check for you, will paste below

Results of screen317's Security Check version 1.002  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Disabled!  
Bitdefender Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 MVPS Hosts File  
 Panda Cloud Cleaner   
 Java 8 Update 45  
 Adobe Flash Player 17.0.0.188  
 Google Chrome (42.0.2311.135) 
 Google Chrome (42.0.2311.152) 
````````Process Check: objlist.exe by Laurent````````  
 Bitdefender Bitdefender 2015 updatesrv.exe  
 Bitdefender Bitdefender 2015 bdagent.exe  
 Bitdefender Bitdefender 2015 bdwtxag.exe  
 Bitdefender Bitdefender 2015 bdwtxapps.exe  
 Bitdefender Bitdefender 2015 bdwtxcr.exe  
 Bitdefender Bitdefender 2015 vsserv.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 1% 
````````````````````End of Log`````````````````````` 


#6 raymj49

raymj49
  • Topic Starter

  • Members
  • 148 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:20 AM

Posted 02 June 2015 - 09:20 PM

 AdwCleaner v4.206 - Logfile created 02/06/2015 at 20:17:15
# Updated 01/06/2015 by Xplode
# Database : 2015-06-01.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x86)
# Username : User - USER-PC
# Running from : C:\Users\User\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
Service Found : MlPatch
 
***** [ Files / Folders ] *****
 
File Found : C:\Windows\system32\mlpatch.exe
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17689
 
 
-\\ Google Chrome v42.0.2311.152
 
 
*************************
 
AdwCleaner[R0].txt - [3304 bytes] - [25/04/2015 20:29:22]
AdwCleaner[R1].txt - [3411 bytes] - [26/04/2015 17:24:37]
AdwCleaner[R2].txt - [3897 bytes] - [26/04/2015 17:28:41]
AdwCleaner[R3].txt - [1097 bytes] - [26/04/2015 17:35:02]
AdwCleaner[R4].txt - [1106 bytes] - [01/05/2015 19:18:48]
AdwCleaner[R5].txt - [1293 bytes] - [20/05/2015 05:11:10]
AdwCleaner[R6].txt - [1406 bytes] - [01/06/2015 19:58:10]
AdwCleaner[R7].txt - [1407 bytes] - [01/06/2015 19:59:01]
AdwCleaner[R8].txt - [1150 bytes] - [02/06/2015 20:17:15]
AdwCleaner[S0].txt - [3520 bytes] - [25/04/2015 21:36:53]
AdwCleaner[S1].txt - [3811 bytes] - [26/04/2015 17:30:04]
AdwCleaner[S2].txt - [1171 bytes] - [01/05/2015 19:22:06]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R8].txt - [1386 bytes] ##########
 
 
 
ml patch is from MCT corp and has been vetted by a global moderator on bleeping computer previously and is supposedy inthe correct location


#7 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:20 PM

Posted 02 June 2015 - 09:48 PM

Hello -

RE : ml patch is from MCT corp

 

Any item found by AdwCleaner and removed can be reinstalled, as you have only Quarantined them and it is a Generic Scanner.

 

To restore an item that has been deleted by accident : Open the program again,
Go to Tools (top left) > Quarantine Manager > check what you want restored > now click on Restore.

Note: With most Adware / Junkware / PUPs it is strongly recommended to deal with it like a legitimate program and uninstall from Programs and Features or Add/Remove Programs in the Control Panel.

In many cases, using the uninstaller of the adware not only removes the adware more effectively, but it also restores any changed configuration.

After uninstallation, then you can run specialized tools like AdwCleaner so do mot Uninstall it if removed.

 

Once we finish here, I will ask you to Open AdwCleaner and press Uninstall to remove any quarantined items.

 

What do you believe Bitdefender (Bitdefender Bitdefender 2015 bdagent.exe)is on your system, or is this an old Antivirus install that you never removed ??

It still has  Bitdefender Bitdefender 2015 updatesrv.exe the Updater installed ??

 

Thanks -



#8 raymj49

raymj49
  • Topic Starter

  • Members
  • 148 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:20 AM

Posted 02 June 2015 - 10:04 PM

Total security 2015 is my current anti virus



#9 raymj49

raymj49
  • Topic Starter

  • Members
  • 148 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:20 AM

Posted 02 June 2015 - 10:06 PM

posted in a forum on bitdefender stil waiting for a response, sometimes they just kind of suck when it comes to helping make sure my sys is clean


Edited by raymj49, 02 June 2015 - 10:06 PM.


#10 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:20 PM

Posted 02 June 2015 - 10:22 PM

Sorry but I do not wish to tell you otherwise at the moment, but this may be your problem.

 

As of 1 hour ago, you can read from your @ post #5 above and the only items listed are Panda Cloud and these setup and updaters

 Bitdefender Bitdefender 2015 updatesrv.exe  
 Bitdefender Bitdefender 2015 bdagent.exe  
 Bitdefender Bitdefender 2015 bdwtxag.exe  
 Bitdefender Bitdefender 2015 bdwtxapps.exe  
 Bitdefender Bitdefender 2015 bdwtxcr.exe  

 Bitdefender Bitdefender 2015 vsserv.exe

 

It seems that you never installed "Total security 2015" unless you wish to run Security Check again or follow this -

 

Please download MiniToolBox  to desktop to run it.
 Checkmark the following boxes:

  • List content of Hosts
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
 Click Go and Copy / Paste the result. (result.txt)

 

 

 

Please post a snapshot with Speccy for more system details (this may help) -
How to Publish a snapshot with Speccy <<-- Full Directions Here (only Copy / Paste the link at the end)



#11 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:20 PM

Posted 02 June 2015 - 10:28 PM

I think that This is what you mean -

Total Security 2015 - BitDefender

Bitdefender have a version they call Total Security, and this is what you installed

 

Only keep Bitdefender, and only scan with that program for now -






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users