Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help me cleaning this..


  • This topic is locked This topic is locked
7 replies to this topic

#1 Akshah

Akshah

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:33 PM

Posted 24 February 2017 - 08:28 AM

Hi,

 

This topic originally originated from my post(here). My pc was infected and has been cleaned now. Thanks to bleeping expert. There are no suspiciuos activity within the PC. As you can see I posted the hijackthis log in my post which shows "file missing" in multiple lines. since it was off the topic, I was asked to make a new one so this is it.

 

I just want to make sure everything is fine. My query is should be worried for "file missing" error in hijackthis log. For further assistance by expert.. I have attached the log files. (FRST & addition)

 

 

 

 

Attached Files


Edited by Akshah, 24 February 2017 - 08:33 AM.


BC AdBot (Login to Remove)

 


#2 Jo*

Jo*

  • Malware Response Team
  • 3,319 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:03 PM

Posted 24 February 2017 - 08:50 AM

:welcome: to BleepingComputer.

Hi there,

my name is Jo and I will help you with your computer problems.


Please follow these guidelines:
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / music / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


:step1: Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


:step2: Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


hijackthis is outdated and does not work correct on 64 bit Systems.
This is the reason for the "file missing" in hijackthis logs.
 

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 Akshah

Akshah
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:33 PM

Posted 24 February 2017 - 09:50 AM

Hi,

Thanks for the reply.

 

Run security scan: log is pasted below

 

Run Malwarebytes Antirootkit: No threat found

 

 Results of screen317's Security Check version 1.014 --- 12/23/15 
   x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Windows Defender  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Zemana AntiMalware   
 Java 8 Update 121 
 Java version 32-bit out of Date!
 Adobe Flash Player  24.0.0.221 
 Mozilla Firefox (52.0)
````````Process Check: objlist.exe by Laurent```````` 
 Windows Defender MSMpEng.exe
 Malwarebytes Anti-Malware mbamservice.exe 
 ZAM.exe   
 Anti-Malware mbamtray.exe  
 ZAM.exe   
 Windows Defender MpCmdRun.exe  
 Windows Defender MSASCuiL.exe  
 Kaspersky Lab Kaspersky Security Scan kss.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
 



#4 Jo*

Jo*

  • Malware Response Team
  • 3,319 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:03 PM

Posted 24 February 2017 - 10:50 AM

Hello,

your logs are clean, there are only some orphans which we remove with a script:
 

***


Copy FRST / FSRT64.exe to your desktop!

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it in the same location as / FSRT / FSRT64 (usually your desktop) as fixlist.txt




Start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-3868707374-3178057066-4083776533-1000\...\MountPoints2: {b0314b41-8872-11e6-9c05-7824afbf180a} - "G:\OnePlus_setup.exe" /s
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> E:\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> E:\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [No File]
S3 cpuz137; \??\C:\Users\MayPra\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X] <==== ATTENTION
S3 cpuz137; C:\Users\MayPra\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X] <==== ATTENTION
U3 idsvc; no ImagePath
Task: {1B6E6918-C35B-44B0-92C1-D12B3C729FC5} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {26039551-9889-4F45-BCDD-B1EE9BA8DC0E} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {2D203D1C-06DE-46FA-B2DF-64D91B815405} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {2D73A1FE-8B39-41A6-84E9-CA9E3D768233} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {3EFE8BA4-30C4-4735-BBDF-39CC5CE8DEF3} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {84005CB7-44D4-4BEE-8A50-1D12562E7D17} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {8DFAB44D-B332-4C9F-86B1-C3A939F61A06} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {A9E03516-F4ED-4B5B-BED7-DA61B510B46B} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {CBFDCA2F-C7E9-4FA4-858C-785C3DE68FCE} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {D0E70066-26AB-4962-A344-911DF8C626F4} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {D67A7A82-AF11-4B42-BFBC-90ED023E8C89} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {FD1025DE-315A-48AC-B9DE-28909AA71925} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
EmptyTemp:
End

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Run FRST / FSRT64 again as Administrator like we did before but this time press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

---

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#5 Akshah

Akshah
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:33 PM

Posted 24 February 2017 - 11:34 AM

Hi, Thanks for the help. :)

 

Run FRST again, Done.

 

Here is the fixlog:

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 23-02-2017 01
Ran by MayPra (24-02-2017 21:59:55) Run:1
Running from C:\Users\MayPra\Desktop
Loaded Profiles: MayPra (Available Profiles: MayPra & DefaultAppPool)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-3868707374-3178057066-4083776533-1000\...\MountPoints2: {b0314b41-8872-11e6-9c05-7824afbf180a} - "G:\OnePlus_setup.exe" /s
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> E:\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> E:\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [No File]
S3 cpuz137; \??\C:\Users\MayPra\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X] <==== ATTENTION
S3 cpuz137; C:\Users\MayPra\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X] <==== ATTENTION
U3 idsvc; no ImagePath
Task: {1B6E6918-C35B-44B0-92C1-D12B3C729FC5} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {26039551-9889-4F45-BCDD-B1EE9BA8DC0E} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {2D203D1C-06DE-46FA-B2DF-64D91B815405} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {2D73A1FE-8B39-41A6-84E9-CA9E3D768233} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {3EFE8BA4-30C4-4735-BBDF-39CC5CE8DEF3} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {84005CB7-44D4-4BEE-8A50-1D12562E7D17} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {8DFAB44D-B332-4C9F-86B1-C3A939F61A06} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {A9E03516-F4ED-4B5B-BED7-DA61B510B46B} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {CBFDCA2F-C7E9-4FA4-858C-785C3DE68FCE} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {D0E70066-26AB-4962-A344-911DF8C626F4} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {D67A7A82-AF11-4B42-BFBC-90ED023E8C89} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {FD1025DE-315A-48AC-B9DE-28909AA71925} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
EmptyTemp:
End
*****************
Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-3868707374-3178057066-4083776533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b0314b41-8872-11e6-9c05-7824afbf180a} => key removed successfully
HKCR\CLSID\{b0314b41-8872-11e6-9c05-7824afbf180a} => key not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3 => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9 => key removed successfully
HKLM\System\CurrentControlSet\Services\cpuz137 => key removed successfully
cpuz137 => service removed successfully
cpuz137 => service not found.
HKLM\System\CurrentControlSet\Services\idsvc => key removed successfully
idsvc => service removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1B6E6918-C35B-44B0-92C1-D12B3C729FC5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1B6E6918-C35B-44B0-92C1-D12B3C729FC5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{26039551-9889-4F45-BCDD-B1EE9BA8DC0E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{26039551-9889-4F45-BCDD-B1EE9BA8DC0E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2D203D1C-06DE-46FA-B2DF-64D91B815405} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2D203D1C-06DE-46FA-B2DF-64D91B815405} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2D73A1FE-8B39-41A6-84E9-CA9E3D768233} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2D73A1FE-8B39-41A6-84E9-CA9E3D768233} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3EFE8BA4-30C4-4735-BBDF-39CC5CE8DEF3} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3EFE8BA4-30C4-4735-BBDF-39CC5CE8DEF3} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{84005CB7-44D4-4BEE-8A50-1D12562E7D17} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{84005CB7-44D4-4BEE-8A50-1D12562E7D17} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8DFAB44D-B332-4C9F-86B1-C3A939F61A06} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8DFAB44D-B332-4C9F-86B1-C3A939F61A06} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A9E03516-F4ED-4B5B-BED7-DA61B510B46B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A9E03516-F4ED-4B5B-BED7-DA61B510B46B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CBFDCA2F-C7E9-4FA4-858C-785C3DE68FCE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CBFDCA2F-C7E9-4FA4-858C-785C3DE68FCE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D0E70066-26AB-4962-A344-911DF8C626F4} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D0E70066-26AB-4962-A344-911DF8C626F4} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D67A7A82-AF11-4B42-BFBC-90ED023E8C89} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D67A7A82-AF11-4B42-BFBC-90ED023E8C89} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FD1025DE-315A-48AC-B9DE-28909AA71925} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FD1025DE-315A-48AC-B9DE-28909AA71925} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key removed successfully
=========== EmptyTemp: ==========
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 69082815 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 2349974 B
Edge => 55704669 B
Chrome => 0 B
Firefox => 7659861 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 72372 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 66016 B
NetworkService => 10553742 B
MayPra => 26148556 B
DefaultAppPool => 33058 B
RecycleBin => 0 B
EmptyTemp: => 163.7 MB temporary data Removed.
================================

The system needed a reboot.
==== End of Fixlog 22:01:16 ====


#6 Jo*

Jo*

  • Malware Response Team
  • 3,319 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:03 PM

Posted 24 February 2017 - 12:05 PM

***


It Appears That Your Pc Is Clean!


***


Clean up:


***


Clean up with delfix:
  • please download delfix to your desktop.
  • Close all other programms and start delfix.
  • Please check all the boxes and run the tool.
  • delfix will now delete all found traces of our removal process

***


Delete the log files our tools created; they are located at your desktop or at the
"c:\users\{.......}\Downloads" folder.
Highlight them, and press the del or delete key on the keyboard.
You can browse to the location of the file or folder using either My Computer or Windows Explorer.

===================================

Here are some Preventive tips to reduce the potential for spyware infection in the future

:step1: Make sure you keep your Windows OS current.
  • Windows XP users can visit Windows update regularly to download and install any critical updates and service packs.
  • Windows Vista / 7 / 8 users can update via
    Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane).
:step2: Avoid P2P
  • If you think you're using a "safe" P2P program, only the program is safe, not the data.
  • You will share files from unsafe sources, and these may be infected.
  • Some bad guys use P2P filesharing as an important chanel to spread their wares.
:step3: Use only one anti-virus software and keep it up-to-date.

:step4: Firewall
Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

:step5: Backup regularly
You never know when your PC will become unstable or become so infected that you can't recover it.

:step6: Use Strong passwords!

:step7: Email attachments
Do not open any unknown email attachments, which you received without asking for it!


Extra note:
Keep your Browser, Java, pdf Reader and Adobe Flash Up to Date.
And you could install Malwarebytes Anti-Exploit to run alongside your traditional anti-virus or anti-malware products.

Make sure your programs are up to date - because older versions may contain Security Leaks.


***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#7 Akshah

Akshah
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:33 PM

Posted 25 February 2017 - 12:28 AM

Thanks for the response to fix the issue & preventive tips.  :) The PC is clean now. No suspicious activity seen. :bananas: I have removed the disinfection tools using delfix.  

​Thanks for your time and assistance :D :clapping: 


Cheers!

The issue has been fixed, you may close the topic.



#8 Jo*

Jo*

  • Malware Response Team
  • 3,319 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:03 PM

Posted 25 February 2017 - 01:59 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users