UKASH (Cheshire Police) virus help needed

[Fiery]

Please download Malwarebytes' Anti-Malware from here to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to
  • Update Malwarebytes' Anti-Malware
  • and Launch Malwarebytes' Anti-Malware
• then click Finish.
• If an update is found, it will download and install the latest version.
• When it prompts you to try their 30-day trail, click decline
• Once the program has loaded, select Perform quick scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
• When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidently close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Run Eset NOD32 Online AntiVirus

Note: You will need to use Internet Explorer for this scan.
Vista / 7 users: You will need to to right-click on the Internet Explorer icon and select Run as Administrator

• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to install
• Disable your current antivirus software. You can usually do this with its Notfication Tray icon near the clock.
• Click Start
• Make sure that the option "Remove found threats" is Un-checked, and the following Advance Settings are Checked
  • Scan unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
• Click Scan
• Wait for the scan to finish
• When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
• Save that text file on your desktop. Copy and paste the contents of that log in your next reply to this topic.
• The log can also be found in logfile located at C:\Program Files\ESET\Eset Online Scanner\log.txt

 

[nukeboy]

Missed your post as I kept refreshing pge 2 and hadnt noticed we were now on pg 3. Thought you were having a couple of days off... You genuinely deserve it fella!

i've just done thedelete partition override and the notification is 'DiskPart successfully deleted the selected partition'

so far so good!

 

[nukeboy]

MBAM's results (Ihope this is good news!):

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.03.03.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
The Harris PC :: THEHARRISPC [administrator]

03/03/2013 20:39:46
mbam-log-2013-03-03 (20-39-46).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 205012
Time elapsed: 8 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

[nukeboy]

ESET Nod32 results... My out of date McAfee jumped in and deleted 4 of the trojans... I couldnt disable something that I thought had already self disabled. It didnt say which ones though sorry.

C:\FRST\Quarantine\1606203.js JS/Agent.NIG trojan
C:\FRST\Quarantine\3026061.dll a variant of Win32/Kryptik.AVLG trojan
C:\FRST\Quarantine\caufy.dll a variant of Win32/Medfos.KF trojan
C:\FRST\Quarantine\csmsr.dll a variant of Win32/Medfos.KB trojan
C:\FRST\Quarantine\f89y12auti75-3259.exe a variant of Win64/Kryptik.AE trojan
C:\FRST\Quarantine\insri.dll a variant of Win32/Medfos.LE trojan
C:\_OTL\MovedFiles\03012013_181246\C_Users\The Harris PC\AppData\Roaming\dosfp.dll a variant of Win32/Medfos.KE trojan

 

[Fiery]

I come here when I'm on my break so I don't take days off

Those files are already in the FRST and OTL quarantine folders so those are OK. How is your PC running?

Download Security Check by screen317 from here or here.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A notepad document should open automatically called checkup.txt.
• Please post the contents of that document in your next reply. Please do not attach it!

 

[nukeboy]

PC is OK, alittle slower on loadup than a pristine exampe, but much faster than it has been,,, think there may have been one or two issues before UkaSH hit...

 

[nukeboy]

Here we go!

Results of screen317's Security Check version 0.99.60
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.70.0.1100
Java(TM) 6 Update 30
Java 7 Update 9
Java version out of Date!
Adobe Flash Player 11.6.602.171
Adobe Reader 10.1.6 Adobe Reader out of Date!
Mozilla Firefox 17.0.1 Firefox out of Date!
Google Chrome 24.0.1312.57
Google Chrome 25.0.1364.97
````````Process Check: objlist.exe by Laurent````````
mcafee VIRUSS~1 mcvsshld.exe
TOSHIBA TOSHIBA Online Product Information TOPI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

 

[Fiery]

Download Windows Repair (all in one) from this site

Install the program then run it.

Go to start repairs tab and click start.

Note: If it prompts you to make a system restore point and backup your registries, allow it to do so.

Check all the boxes on the list

Check the box besides Restart System When Finished then click Start

---

After that if you are no longer experiencing any other issues, your PC is now clean!

Double click on OTL to run it

• Click on the Cleanup button at the top.
• You will be asked to reboot the machine to finish the Cleanup process. Choose Yes
• This will remove itself and other tools we may have used.

Also, open adwCleaner and click Uninstall

---

Now that your PC is clean, I recommend you to create a new System Restore point then purge the old ones after.

For XP
How to create a Restore Point in XP
Delete all restore points except the most recent one

For Vista
Create a restore point
Delete all but the most recent restore point

For Windows 7
Create a restore point
Delete all but the most recent restore point - Click the Delete all but the most recent restore point link

---

Keep your system updated
Currently, the following programs on your PC are outdated:

• Java - Update Java here
• Adobe reader - Update Adobe Reader here
• Firefox

Keeping your programs (especially Adobe and Java products) updated is essential. Outdated programs make your PC more vulnerable to future malware threats. To help you:

• Download and install Update Checker. It will notify you if any of your programs require an update.
• Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office product bugs and vulnerabilities.
• Please ensure you update your system regularly and have automatic updates on. You can learn how to turn Automatic Updates on here

---

I also recommend you to switch your antivirus program to a better one. Here are some suggestions:

• avast! 8 Free Antivirus - Don't use it with Online Armor
• Avira AntiVir Personal
• BitDefender Antivirus Free Edition
• Microsoft Security Essentials

In addition to your antivirus, you need additional protection such as a firewall and behavioural blocker.

• Online Armor
• Comodo Firewall - If you are an advance user
• ZoneAlarm Free Firewall
• PC Tool Firewall Plus

Other steps that you may want to do to further protect your system/files:

• Sandboxie - "Quarantines" your browser so anything that you do in it will be isolated from your system.
• Backup important files regulary to an external hard-drive or USB

Here are only a few suggestions that will improve your system security. Should you wish to allow us to make full recommendations and set your PC up with maximum security, please start a thread here. Our community of PC enthusiasts and experts will give you feedback and help you secure your system from future malware infections.

Should you want to try a product but don't know how it performs, here is a list of current reviews to help you decide.

---

Internet Explorer may be the most popular browser but it's definitely not the most secure browser. Consider using other browsers with addition add-ons to safeguard your system while browsing the internet.

Firefox is a more secure, faster browser than Internet Explorer. Firefox contains less vulnerabilities, reducing the risk of drive-by downloads. In addition, you can add the following add-ons to increase security.

• KeyScramber - Encrypts your keystrokes to protect you against keyloggers that steals personal & banking information
• AdBlock - Disable/blocks advertisements on websites so you won't accidentally click on a malicious ad.
• NoScript - Disables Flash & Java contents to avoid exploits or drive-by attacks
• Web of Trust - Shows the website rating by other users and blocks dangerous and poor-rated sites

Google Chrome is another good browser that is faster and more secure than Internet Explorer by having a sandbox feature. Additionally, you can add the following add-on to Chrome to heighten security.

• AdBlock

---

Lastly, it is important to perform system maintenance on a regular basis. Here are a few tools and on-demand scanners that you should keep & use every 1-2 weeks to keep your system healthy.

• CCleaner
• Malwarebytes Anti-Malware

Other than that, stay safe out there! If you have any other questions or concerns, feel free to ask

My virus removal help is always free. Should you wish to show your appreciation via a donation, it will be much appreciated.
​

 

[nukeboy]

I've encountered a problem after using windows repair. Windows will not restart (have waited more than 40 mins). Please advise. thanks!

 

[Fiery]

Do you get any error messages?

Go to system recovery and perform a system restore.

 

[nukeboy]

Hi Fiery,
It took startup repair four goes at sorting itself out, but I'm back in now. I won't use that pc til its got some uber protection as per your instructions.
I'd like to offer you a few 'working credits' a la UKASH via paypal if possible. Man you deserve a beer or whatever you're poison is after sorting that all out for me.

The work you guys do in helping out the common man is not enough recognised. I'd like to do my bit to redress that.

Great work and may you prosper from it in this life or the next!

Tim (nukeboy)

 

[Fiery]

Good to hear

My paypal button is here, I'm not sure I can accept ukash :huh:. If you post a thread here we will help you setup your PC against future malware threats



Cheers