Live security Platinum removed. Do More?

[Carlton]

Operating system: windows xp home
Architecture: 64 bit
Antivirus software and on-demand scanners on this system : malwarebytes

SuperAntiSpyware free edition

Last ran both 9/11/12
Date and how issue started: Started: 9/9/12

Just popped up on my machine.
Current issues and symptoms: None
Steps taken in order to remove the infection: I ran both anti virus programs mentioned above in safe mode.
Each time I rebooted the rogue was still on machine.

I then started machine in safe mode and ran System restore. Restored to 9/8/12.

Seems to have removed Live Platinum.
REQUESTED LOGS: OTL LOG
aswMBR LOG
As noted above the Live Platinum seems to be removed from my machine. Thus far everything is running normally. I have had no problems.

I am posting this info at the suggestion of another member.

If you feel I need to do something else I will re-post and add a OTL and aswMBR scan to my post if you feel that is required. I did not do so at this time.

Any help will be appreciated.

Carl

[Jack]

Hello Carlton,
If the issues start again, please follow this steps: http://malwaretips.com/Announcement-Mand...e-we-start
Stay safe and welcome to MalwareTips.com

[Carlton]

(09-12-2012 05:32 PM)Jack wrote:  Hello Carlton,
If the issues start again, please follow this steps: http://malwaretips.com/Announcement-Mand...e-we-start
Stay safe and welcome to MalwareTips.com

I'm amending from "sorry to be here" to "happy to be here". It is obvious that this is a friendly, responsive and helpful forum. I will be spreading the news.

I will follow your suggestions; hopefully the issue is truly resolved.

Regards,
Carlton

[Jack]

Carlton,
As an addition step,and for your peace of mind , you can run a scan with Kaspersky Virus Removal and ESET Online scanner.Also you can run a scan with HitmanPro.......


STEP 1: Run a scan with Kaspersky Virus Removal Tool

1. Download Kaspersky Virus Removal Tool from the below link and then double click on it to start this utility.
   KASPERSKY VIRUS REMOVAL TOOL (This link open an new webpage from where you can download Kaspersky Virus Removal Tool on your computer.)
2. Follow the onscreen prompts until it is installed
3. Click the Options button (the 'Gear' icon), then make sure only the following are ticked:
   
   • System Memory
   • Hidden startup objects
   • Disk boot sectors
   • Local Disk (C: )
   • Also any other drives (Removable that you may have)
4. Then click on Actions on the left hand side
5. Click Select Action, then make sure both Disinfect and Delete if disinfection fails are ticked
6. Click on Automatic Scan
7. Now click the Start Scanning button, to run the scan
8. After the scan is complete, click the reports button ('Paper icon', next to the 'Gear' icon) on the right hand side
9. Click Detected threats on the left
10. Now click the Save button, and save it as kaslog.txt to your Desktop
11. Please attach kaslog.txt in your next reply.

---

STEP 2: Run a scan with ESET Online Scanner

1. Download ESET Online Scanner utility from the below link
   ESET ONLINE SCANNER DOWNLOAD LINK (This link will automatically download ESET Online Scanner on your computer.)
2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
3. Check Yes, I accept the Terms of Use
4. Click the Start button.
5. Check Scan archives
6. Push the Start button.
7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
8. When the scan completes, push List of found threats
9. Push Export to Text file  and save the file to your desktop using a unique name, such as ESET Scan. Include the contents of this report in your next reply.Note - when ESET doesn't find any threats, no report will be created.
10. Push the back button.
11. Push Finish

---

STEP 3: Run a HitmanPro scan

1. Download the latest official version of HitmanPro.
   HITMANPRO DOWNLOAD LINK (This link will open a download page in a new window from where you can download HitmanPro)
2. Start HitmanPro  by double clicking on the previously downloaded file. and then following the prompts.
   
3. Once the scan is complete, a screen displaying all the malicious files that the program found will be shown as seen in the image below.After reviewing each malicious object click Next .
   
4. Click Activate free license to start the free 30 days trial and remove the malicious files.
   
5. HitmanPro will now start removing the infected objects, and in some instances, may suggest a reboot in order to completely remove the malware from your system. In this scenario, always confirm the reboot action to be on the safe side.
   

Add to your next reply, any log that HitmanPro might generate.

---

[Carlton]

OK. I have downloaded everything and will run it. I'll advise you as to what happens.

Thanks,
Carl

[Carlton]

Just ran Kapersky. Attached is log.

Will now run ESET.

Kapersky security products...do you recommend?

Carl

[Jack]

(09-12-2012 09:38 PM)Carlton wrote:  Kapersky security products...do you recommend?

Yes,Kaspersky Internet Security 2013 is a very decent security program but feel free to test it out... We have a thread with a 90 days trial for KIS 2013 which could give you a 'fair use' to try it out! - http://malwaretips.com/Thread-Kaspersky-...or-91-days
Anyway I do recommend that you start a thread in our Security Configuration Wizard , and we will help you build a layered security config.

Now,about the Kaspersky log... It surely looks like a Java exploit compromised your machine.. I strongly encourage you to either always check for Java updates or if you don't really need this program,just uninstall it.
Here is a recent article on Java : http://malwaretips.com/Thread-Disable-Ja...t-hits-web



STEP 1: Your JAVA is out of date ,so we need to updated it.

 UPDATE JAVA

Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older versions of Java components and update:

• Please download JavaRa to your desktop.
  
  • Click the Download button next to Windows Binary (.zip) Version 1.16 to download JavaRA and unzip it to its own folder.
• Run JavaRa.exe
• Pick the language of your choice and click Select. Then click Remove Older Versions. Accept any prompts.
  
• Open JavaRa.exe again and select Search For Updates.
• Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.
  

Waiting for the other logs now...

[Carlton]

How do I find out if I need to be running Java on my machine?

[HeffeD]

If you don't use any Java applications, you don't need to be running Java on your machine.

[Carlton]

New ballgame, Jack,
Got hit with Live Security Platinum again; let me explain:
I clicked on a link sent to me by one of the lists I subscribe to; I have been a member for years and have never had a problem. The link was in an email sending me to a video. Shortly after the video started LSP popped up. I immediately unplugged (literally) the computer.

I re-booted in safe mode; I started running all Anti Spyware programs.

1.Malwarebytes which found nothing.

Re-boot. Everything at this point was functioning OK. Ran the following:

2.Super Anti Spyware, free
3.Kaspersky
4.ESET
5.Hitman Pro

All reports are attached to this reply.

The computer seems to be functioning properly, no problems.

After you check this out and tell me what, if anything, I should do next I will follow your suggestion about getting set up with security program.

Thanks for your help.

Carl