System Progressive Protection Virus

[Fiery]

Hi,

Do you know what file/ the virus name that MSE detected?

Windows defender is automatically disabled if you are using MSE since they use a similar engine so nothing to worry

If you wish, we can check your system again. You'll need a usb for this one. Also, does malwarebytes turn orange everytime you boot up?

Download Farbar Recovery Scan Tool from the below link:
<ul><li>For x32 (x86) bit systems download <a title="External link" href="http://download.bleepingcomputer.com/farbar/FRST.exe" rel="nofollow external"><>Farbar Recovery Scan Tool</></a> and save it to a flash drive.
For x64 bit systems download <a title="External link" href="http://download.bleepingcomputer.com/farbar/FRST64.exe" rel="nofollow external"><>Farbar Recovery Scan Tool x64</></a> and save it to a flash drive.</li>

<li>Plug the flashdrive into the infected PC.</li>

<li>Enter <>System Recovery Options</>.</li>

<>To enter System Recovery Options from the Advanced Boot Options:</>
<ul>
<li>Restart the computer.</li>
<li>As soon as the BIOS is loaded begin tapping the<> F8</> key until Advanced Boot Options appears.</li>
<li>Use the arrow keys to select the <>Repair your computer</> menu item.</li>
<li>Select <>US</> as the keyboard language settings, and then click <>Next</>.</li>
<li>Select the operating system you want to repair, and then click <>Next</>.</li>
<li>Select your user account an click <>Next</>.</li>
</ul>
<>To enter System Recovery Options by using Windows installation disc:</>
<ul>
<li>Insert the installation disc.</li>
<li>Restart your computer.</li>
<li>If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.</li>
<li>Click <>Repair your computer</>.</li>
<li>Select <>US</> as the keyboard language settings, and then click <>Next</>.</li>
<li>Select the operating system you want to repair, and then click <>Next</>.</li>
<li>Select your user account and click <>Next</>.</li>
</ul>
<li>On the System Recovery Options menu you will get the following options:</span>
<pre>Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt</pre>
<ol>
<li>Select <>Command Prompt</></li>
<li>In the command window type in <>notepad</> and press <>Enter</>.</li>
<li>The notepad opens. Under File menu select <>Open</>.</li>
<li>Select "Computer" and find your flash drive letter and close the notepad.</li>
<li>In the command window type <><span style="color: #ff0000;">e</span>:\frst.exe</> (for x64 bit version type <><span style="color: #ff0000;">e</span>:\frst64</>) and press <>Enter</>
<>Note:</><span style="color: #ff0000;"> Replace letter <>e</> with the drive letter of your flash drive.</span></li>
<li>The tool will start to run.</li>
<li>When the tool opens click <>Yes</> to disclaimer.</li>
<li>Press <>Scan</> button.</li>
<li><>FRST</> will let you know when the scan is complete and has written the <>FRST.txt</> to file, close out this message, then type the following into the search box:
<>services.exe</></li>
<li>Now press the <>Search</> button</li>
<li>When the search is complete, search.txt will also be written to your USB</li>
<li>Type <>exit</> and reboot the computer normally</li>
<li>Please copy and paste both logs in your reply.(FRST.txt and Search.txt)</li></li>
</ol>
</ul>

 

[chaswr]

Hi there!

Thank you so much for responding!

I just printed out the instructions, reformatted a flash drive, copied the 64 bit file to it, and am ready to reboot. Looks like I am on my own once I do the reboot but your instructions look quite clear and easy to follow.

I thought windows defender may be disabled once MSE was installed, I just wanted to make sure. Thanks!

As for Malwarebytes being orange on a boot up, I am not sure. I will have to make sure I notice that from now on.

Okay, ready for this check. Will be back here when done! ..... Let's hope! Lol!

 

[chaswr]

Okay, I'm back. I forgot to let you know what virus MSE found, it was "Trojan:JS/Medfos.B".

I did the FRST64 scan and I am attaching both log files.

Did you happen to get the donation from paypal or at least get notified about it?

On this boot up, Malwarebytes was green.

 

[chaswr]

This whole virus thing gets me upset because I am very careful about my pc and what sites I visit. I know not to visit anything questionable and the sites that I was browsing the other day have been the same sites that I have browsing for years. All reputable sites. And no, I don't open emails from unknown people or get cd/dvd/usb things from anyone. I am baffled about this one. Oh well....

 

[Fiery]

Hi, i have received the donation, thank you, i really appreciated it . I'm currently in a lecture( late class i know ) i will analyze your log and give you a reply when I get home

 

[chaswr]

Ok, Hate to bother you, but do you have a time estimate? If it is late, we can continue tomorrow.... please let me know.

 

[Fiery]

No problem, it's break time at the moment. I can most likely give you a reply before 8:30, i have one more hour then i head home

 

[chaswr]

That sounds good. I will log back on here about 8:40ish and see what you have to say about those logs.

Thanks!

 

[Fiery]

Back home

I realized I didn't address a few of your questions, sorry about that.

I use keyscramber with firefox whenever I need to enter banking information. KeyScrambler works only for firefox, not Seamonkey. There is a plugin for Opera I believe.

If you want keystroke protection outside of Firefox, you can download Zemana AntiLogger. I'm still currently trying this myself and it is still in BETA (Not a full release so there may still be bugs. That's why I'm not recommending it yet but once it's released, I will be). So keep an eye on that.

Reputable sites can get hacked and may distribute viruses for a short period of time until the site administrator takes it down. This danger applies to all sites. The Massachusetts Institute of Technology's website got hacked a few days ago and the hacker replaced the site with a page of their own.

I have gone through your logs, everything looks good, nothing suspicious

Let me know if you have further concerns or questions though

 

[chaswr]

No worries about not answering my questions. You said you were in class and that takes priority. I do understand.

Is the keyscrambler for firefox a plug-in I find on the firefox/mozilla site? Or is it a seperate program from somewhere? Once you do start recommending "Zemana" would you be kind enough to email me letting me know where I can download it?

Do you remember your comment about me having McAfee (anti virus) installed? I said I didn't have that and was using AVG Free (now MSE) and I figured it was from trying to do an online scan at McAfee? I realized that I have a McAfee plug-in for firefox that is a site advisor. If you browse to a questionable site, it intercepts and asks if you are sure you want to go there because it may be unsafe. Is this a good plug-in to use?

Thank you very much for looking at those logs again. Maybe I am just being way to paranoid right now and noticing things that really are fine. I do appreciate the time you have spent with me here.

 

[Fiery]

You can download KeyScrambler here. Make sure the KeyScrambler icon is green when you are in Firefox. That's when you know you are protected.

I don't use McAfee Site Advisor, I use Web of Trust for Firefox. http://www.mywot.com/ It serves the same purpose, I'm just not a big McAfee fan.

Is there a preferred email address that you would like me to email you? You can private message me, rather than post your email on the forum.