"Live Security Platinum" (?) virus zapped but problem remains

roge46

New Member
Thread author
Verified
Feb 16, 2013
15
QUESTION (1)…should I perform all of the steps in that link…or start at some other point in the corrective steps because the only issue appears to be the missing ACTION CENTER icon ??

The real question...how do I proceed in order to restore proper function and re-activate the taskbar icon for "ACTION CENTER" that is "greyed out" ?
 

Attachments

  • OTL Scan 2013-02-18.Txt
    239.6 KB · Views: 109
  • OTL Extras 2013-02-18.Txt
    65.4 KB · Views: 103
  • aswMBR scan 2013-02-18.txt
    1.7 KB · Views: 94

Fiery

Level 1
Jan 11, 2011
2,007
Hi and welcome to MalwareTips! :)

I'n Fiery and I would gladly assist you in removing the malware on your computer.

Before we start:
  • Note that the removal process is not immediate. Depending on the severity of your infection, it could take a long time.
  • Malware removal can be dangerous. I cannot guarantee the safety of your system as malware can be unpredictable. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system. Therefore, I would advise you to backup all your important files before we start.
  • Please be patient and stay with me until I give you the green lights and inform you that your PC is clean.
  • Some tools may be flagged by your antivirus as harmful. Rest assure that ALL the tools we use are safe, the detections are false positives.
  • The absence of symptoms does not mean your PC is fully disinfected.
  • If you are unclear about the instructions, please stop and ask. Following the steps in the order that I post them in is vital.
  • Lastly, if you have requested help on other sites, that will delay and hinder the removal process. Please only stick to one site.

<hr>
You still have a very nasty rootkit on your computer, let's get rid of it before we fix your other issues. We will start the process with the instruction below.

Open OTL. Under custom scan/fixes, copy and paste the following:

:Files
ipconfig /flushdns /c

:Commands
[EMPTYTEMP]
[RESETHOSTS]

Then click Run Fix. Let your PC reboot to normal mode. A new log will be created automatically, post the content in the next reply.




Download Farbar Recovery Scan Tool from the below link:
<ul><li>For 32 bit systems download <a title="External link" href="http://download.bleepingcomputer.com/farbar/FRST.exe" rel="nofollow external"><>Farbar Recovery Scan Tool</></a> and save it to a USB/flash drive.
For 64 bit systems download <a title="External link" href="http://download.bleepingcomputer.com/farbar/FRST64.exe" rel="nofollow external"><>Farbar Recovery Scan Tool x64</></a> and save it to a USB/flash drive.</li>

Also download List Parts 32bit or Listparts 64 bit and save it to the USB/flash drive also.

<li>Plug the flashdrive into the infected PC.</li>

<li>Enter <>System Recovery Options</>.</li>

<>To enter System Recovery Options from the Advanced Boot Options:</>
<ul>
<li>Restart the computer.</li>
<li>As soon as the BIOS is loaded begin tapping the<> F8</> key until Advanced Boot Options appears.</li>
<li>Use the arrow keys to select the <>Repair your computer</> menu item.</li>
<li>Select <>US</> as the keyboard language settings, and then click <>Next</>.</li>
<li>Select the operating system you want to repair, and then click <>Next</>.</li>
<li>Select your user account an click <>Next</>.</li>
</ul>

<li>On the System Recovery Options menu you will get the following options:</span>
<pre>Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt</pre>
<ol>
<li>Select <>Command Prompt</></li>
<li>In the command window type in <>notepad</> and press <>Enter</>.</li>
<li>The notepad opens. Under File menu select <>Open</>.</li>
<li>Select "Computer" and find your flash drive letter and close the notepad.</li>
<li>In the command window type <><span style="color: #ff0000;">e</span>:\frst.exe</> (for x64 bit version type <><span style="color: #ff0000;">e</span>:\frst64</>) and press <>Enter</>
<>Note:</><span style="color: #ff0000;"> Replace letter <>e</> with the drive letter of your flash drive.</span></li>
<li>The tool will start to run.</li>
<li>When the tool opens click <>Yes</> to disclaimer.</li>
<li>Press <>Scan</> button.</li>
<li><>FRST</> will let you know when the scan is complete and has written the <>FRST.txt</> to file, close the message.
<li>Back in the command prompt, type <><span style="color: #ff0000;">e</span>:\listparts.exe</> (for x64 bit version type <><span style="color: #ff0000;">e</span>:\listparts64.exe</>) and press <>Enter</>
<li>ListParts will start to run. Check the box beside List BCD and click Scan
<li>When finished scanning it will make a log Result.txt on the flash drive
<li>Type exit</li>
<li>Please copy and paste both FRST.txt and Result.txt logs in your next reply</li></li>
</ol>
</ul>
 
Last edited by a moderator:

roge46

New Member
Thread author
Verified
Feb 16, 2013
15
Fiery... message received & I will work thru the steps as described.
Thanks for your interest & assistance; will post status.
 

roge46

New Member
Thread author
Verified
Feb 16, 2013
15
'Fiery' ...
Regarding your earlier instructions...sorry for a very, very basic clarification...

I am running Win-7, 64-bit, but when I went into the command prompt it disdlays "x:\windows\system 32\

Does system 32 mean I should use Farbar Recovery Scan for 32-bit or do I use the 64-bit version?
Same question for regarding Listparts32bit or Listparts 64bit ?

Sorry for what may sound as a "newby" question (even though it is).

roge46 "Florida Grey Beard"
 

roge46

New Member
Thread author
Verified
Feb 16, 2013
15
Fiery,
The (2) requested logs/files are attached.

Thanks, again, for your interest & support.

Florida Grey Beard
 

Attachments

  • FRST 2013-02-18.txt
    26.9 KB · Views: 95
  • Result 2013-02-18.txt
    6.9 KB · Views: 139

Fiery

Level 1
Jan 11, 2011
2,007
Hi,

Let's "zap" the remaining bad guys.

Open notepad and copy & paste the following:

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$3b99f81f31d5dbab1bcf87d0107a285a
C:\$Recycle.Bin\S-1-5-18\$3b99f81f31d5dbab1bcf87d0107a285a\@
C:\$Recycle.Bin\S-1-5-18\$3b99f81f31d5dbab1bcf87d0107a285a\L
C:\$Recycle.Bin\S-1-5-18\$3b99f81f31d5dbab1bcf87d0107a285a\U
ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-2939166945-126976082-3548986228-1000\$3b99f81f31d5dbab1bcf87d0107a285a
C:\$Recycle.Bin\S-1-5-21-2939166945-126976082-3548986228-1000\$3b99f81f31d5dbab1bcf87d0107a285a\@
C:\$Recycle.Bin\S-1-5-21-2939166945-126976082-3548986228-1000\$3b99f81f31d5dbab1bcf87d0107a285a\L
C:\$Recycle.Bin\S-1-5-21-2939166945-126976082-3548986228-1000\$3b99f81f31d5dbab1bcf87d0107a285a\U
ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$3b99f81f31d5dbab1bcf87d0107a285a

and save it as fixlist.txt onto your flash drive.

Then, boot to system recovery, plug in your flash drive, open FRST and click fix. Post the generated log.
 

roge46

New Member
Thread author
Verified
Feb 16, 2013
15
Fiery,
The log is attached,
Thank you.

Regards - Florida Grey Beard
 

Attachments

  • Fixlog 2013-02-18.txt
    229 bytes · Views: 92

Fiery

Level 1
Jan 11, 2011
2,007
Was the fixlist.txt on the same USB as FRST? I don't think the fix worked as the log is empty.

Download the .txt file that I have attached. Right-click it and select Save link as and save the file to your USB that has FRST on it.

Then head to system recovery again and click fix again. Afterwards, do a new FRST scan so I can make sure the infection is gone.
 

Attachments

  • fixlist.txt
    737 bytes · Views: 93

roge46

New Member
Thread author
Verified
Feb 16, 2013
15
Fiery,
OK...here is Version 2.0. Sorry...I forgot to shift from "neutral" into "drive" for that last message. Thanks for your patience.

Two files attached.

Regards - Florida Gray Beard
 

Attachments

  • FRST scan 2013-02-18 Ver_2.txt
    26.3 KB · Views: 109
  • Fixlog 2013-02-18 Ver_2.txt
    1 KB · Views: 86

Fiery

Level 1
Jan 11, 2011
2,007
Apologies but please make another fixlist.txt, open FRST and click fix again. Then do a new FRST scan. I have attached the content of the fixlist.

This entry escaped my eyes earlier, I have been starring at the computer screen all day.




Afterwards, run Eset NOD32 Online AntiVirus scan in normal mode.

Note: You will need to use Internet Explorer for this scan.
Vista / 7 users: You will need to to right-click on the Internet Explorer icon and select Run as Administrator
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Disable your current antivirus software. You can usually do this with its Notfication Tray icon near the clock.
  • Click Start
  • Make sure that the option "Remove found threats" is Un-checked, and the following Advance Settings are Checked
    • Scan unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log in your next reply to this topic.
  • The log can also be found in logfile located at C:\Program Files\ESET\Eset Online Scanner\log.txt
 

Attachments

  • fixlist.txt
    84 bytes · Views: 83

roge46

New Member
Thread author
Verified
Feb 16, 2013
15
Fiery,
I do not know if there is a problem with Eset NOD32 Online AntiVirus website, or if it is my laptop settings.

When I go to the website...the ActiveX pop-up window is "empty" except for a tiny icon in the uppen left corner and there is not an option for allow the activex control to install. I shut down M-soft Security Essentials and Spybot... set IE optios to the lowest security setting...allowed pop-ups... still nothing.

I will attach the FRST scan Ver_3 and Fixlog Ver_3.

Not sure where you are physically located, but it is 10PM here...got to get sleep and head out for an off-site meeting tomorrow.

I will check the Eset NOD32 Online AntiVirus website in the morning before I leave. If I am successful, I send you that logfile.

Once again, thanks for your interest and support.

Regards - Florida Gray Beard
 

Attachments

  • FRST scan 2013-02-18 Ver_3.txt
    26.3 KB · Views: 146
  • Fixlog 2013-02-18 Ver_3.txt
    499 bytes · Views: 94

Fiery

Level 1
Jan 11, 2011
2,007
We are in the same time zone :) Goodnight! Perform the following when you have time tomorrow.

Did you right-click internet explorer and select Run as Administrator to start IE? If so, let's try a different tool.

Download Kaspersky Virus Removal Tool <a title="External link" href="http://www.kaspersky.com/antivirus-removal-tool?form=1" rel="nofollow">from here</a></> <em>(Download Version 11. You'll have to enter your email address and name)</em>
<ol>
<li>Double-click the file and follow the on-screen prompts until it is installed</li>
<li>Click the Options button (the 'Gear' icon), then make sure only the following are ticked:
<ul>
<li><span style="color: #ff0000;">System Memory</span></li>
<li><span style="color: #ff0000;">Hidden startup objects</span></li>
<li><span style="color: #ff0000;">Disk boot sectors</span></li>
<li><span style="color: #ff0000;">Computer</span></li>
<li><span style="color: #ff0000;">Local Disk (C: )</span></li>
</ul>
</li>
<li>Click on <>Automatic Scan</></li>
<li>Now click the <>Start Scanning</> button, to run the scan</li>
<li>After the scan is complete, click the reports button ('Paper icon', next to the 'Gear' icon) on the right hand side</li>
<li>Click <>Detected threats</> on the left</li>
<li>Now click the <>Save</> button, and save it as <>kaslog.txt</> to your <>Desktop</></li>
<li>Please attach kaslog.txt in your next reply.</li>
</ol>
 
Last edited by a moderator:

roge46

New Member
Thread author
Verified
Feb 16, 2013
15
Fiery,
OK...tried ESET again this morning...just clicked on "Yes...accept Terms of use"....and waited and waited. After about 12-14 seconds, I finally had the "permission to run the ActiveX" displayed.

Took about 45 minutes, with (qty 3) threats.

The 3rd listed threat is in a file that I accidently downloaded 4-days previously but did not actually open...should I just delete ?

The ESET logfile is attached.

I have to get ready for my offsite meeting; return around 2:30PM for further instructions.
Regards - Florida Gray Beard
 

Attachments

  • ESET posssible threats 2013-02-19.txt
    347 bytes · Views: 154

Fiery

Level 1
Jan 11, 2011
2,007
Yes, you can just delete the 3rd file. The first 2 are Dell files so don't delete those.

So are you still experiencing the issues you listed in the first post?
 

roge46

New Member
Thread author
Verified
Feb 16, 2013
15
Fiery,
Unfortunately...yes.
The problem still remains as described...
I click on the bottom toolbar icon (regardless of which USB thumb drive is installed), I never have a pop-up menu with EJECT option ….so that toolbar icon is essentially useless as I never know if it is "safe" to remove….because the taskbar icon for "ACTION CENTER" cannot be turned "on"…it is "greyed out". The "eject" option only works inside of "My Computer" on the desktop.
My wife has a netbook, also with Win-7 Home Premium, and her bottom toolbar icon (Action Center) always yields a pop-up when she or I want to eject a USB thumb drive.

I guess that my error was that I assumed that lack of Action Center notification was associated with the Live security Platinum virus... simply because other chat rooms indicated that lack of notice was due to this virus. I know that I had that virus (or similar) in early November.

The steps at http://malwaretips.com/blogs/live-security-platinum-virus/ refer to "Fix IconStreams and PastIconsStream Registry Subkeys Corruption" corrective action..... Do you have any experience and/or knowledge about those "steps"?

Any other thoughts, or suggestions would be greatly appreciated.

My sincere apology if I have wasted your time & effort on my behalf.

Regards - Florida Gray Beard
 

Fiery

Level 1
Jan 11, 2011
2,007
Let's give this a try :)

Download Windows Repair (all in one) from this site

Install the program then run it.

Go to step 3 and allow it to run SFC by clicking do it

Afterwards, go to start repairs tab and click start.

Note: If it prompts you to make a system restore point and backup your registries, allow it to do so.

Check all the boxes on the list

Check the box besides Restart System When Finished then click Start
 

roge46

New Member
Thread author
Verified
Feb 16, 2013
15
Fiery,
Guess what ? I ran the "Windows Repair"... and it WORKED ! ! !

Absolutely perfect. You are AWESOME !!!

Thank you, Thank you, THANK YOU ! ! !

Regards - Florida Gray Beard
 

Fiery

Level 1
Jan 11, 2011
2,007
You are very welcome :)

Is there anything else you need help with? If not, we will clean up here.

Double click on OTL to run it
  • Click on the Cleanup button at the top.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes
  • This will remove itself and other tools we may have used.




Now that your PC is clean, I recommend you to create a new System Restore point then purge the old ones after.

For XP
How to create a Restore Point in XP
Delete all restore points except the most recent one

For Vista
Create a restore point
Delete all but the most recent restore point

For Windows 7
Create a restore point
Delete all but the most recent restore point - Click the Delete all but the most recent restore point link




Keep your system updated
  • Keeping your programs (especially Adobe and Java products) updated is essential. Update Checker will notify you if any of your programs require an update.
  • Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office product bugs and vulnerabilities.
  • Please ensure you update your system regularly and have automatic updates on. You can learn how to turn Automatic Updates on here


In addition to your antivirus, you need additional protection such as a firewall and behavioural blocker.


Other steps that you may want to do to further protect your system/files:
  • Sandboxie - "Quarantines" your browser so anything that you do in it will be isolated from your system.
  • Backup important files regulary to an external hard-drive or USB

Here are only a few suggestions that will improve your system security. Should you wish to allow us to make full recommendations and set your PC up with maximum security, please start a thread here. Our community of PC enthusiasts and experts will give you feedback and help you secure your system from future malware infections.

Should you want to try a product but don't know how it performs, here is a list of current reviews to help you decide.


Internet Explorer may be the most popular browser but it's definitely not the most secure browser. Consider using other browsers with addition add-ons to safeguard your system while browsing the internet.

Firefox is a more secure, faster browser than Internet Explorer. Firefox contains less vulnerabilities, reducing the risk of drive-by downloads. In addition, you can add the following add-ons to increase security.
  • KeyScramber - Encrypts your keystrokes to protect you against keyloggers that steals personal & banking information
  • AdBlock - Disable/blocks advertisements on websites so you won't accidentally click on a malicious ad.
  • NoScript - Disables Flash & Java contents to avoid exploits or drive-by attacks
  • Web of Trust - Shows the website rating by other users and blocks dangerous and poor-rated sites

Google Chrome is another good browser that is faster and more secure than Internet Explorer by having a sandbox feature. Additionally, you can add the following add-on to Chrome to heighten security.


Lastly, it is important to perform system maintenance on a regular basis. Here are a few tools and on-demand scanners that you should keep & use every 1-2 weeks to keep your system healthy.

Other than that, stay safe out there! If you have any other questions or concerns, feel free to ask :)

My virus removal help is always free. Should you wish to show your appreciation via a donation, it will be much appreciated.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top