Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

Oops! Cannot connect to google.com
Goto page Previous  1, 2
 
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Archived Spyware Removal Help Topics
View previous topic :: View next topic  
Author Message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 30 Jul 2014
Posts: 4578
Location: Land Of The Leprechauns

PostPosted: Fri Feb 17, 2012 11:20 am    Post subject: Reply with quote

Hi Rennix,
Quote:
There is that Catalyst Control Centre not responding error on start up

You might have to uninstall and reinstall the Catalyst Control Centre to resolve that.
When we are done here, i can direct you to a tech forum where they might be able to help you with it if you wish.

Ok lets reinstall AVG to see if it solves that problem.
Please follow the instructions Here to remove AVG 2012.
Then download and install a new copy from Here

Let me know how it goes.
_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
Rennix1957
Junior Member


Joined: 11 Feb 2012
Last Visit: 29 Feb 2012
Posts: 28

PostPosted: Fri Feb 17, 2012 12:06 pm    Post subject: Reply with quote

AVG 2012 is now installed, running and fully updated.
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 30 Jul 2014
Posts: 4578
Location: Land Of The Leprechauns

PostPosted: Sat Feb 18, 2012 2:41 am    Post subject: Reply with quote

Hi Rennix,
Quote:
AVG 2012 is now installed, running and fully updated.

Excellent and thank you for staying with me, i would like you to run one further scan for me.

Please download aswMBR and save it to your Desktop.
  • Right click aswMBR.exe & choose "Run as Administrator" to run it.
  • Click Yes to the prompt to download Avast! virus definitions.
    (Please be patient whilst the virus definitions download)
  • With the AVscan set to Quick Scan, click the Scan button.
    (Please be patient whilst your computer is scanned.)
  • After a while when the scan reports "Scan finished successfully", click Save log & save the log to your desktop.
  • Click OK > Exit.
  • Note: Do not attempt to fix anything at this stage!
  • Two files will be created, aswMBR.txt & a file named MBR.dat.
  • MBR.dat is a backup of the MBR(master boot record), do not delete it..
  • I strongly suggest you keep a copy of this backup stored on an external device.
  • Copy & Paste the contents of aswMBR.txt into your next reply.

_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
Rennix1957
Junior Member


Joined: 11 Feb 2012
Last Visit: 29 Feb 2012
Posts: 28

PostPosted: Sat Feb 18, 2012 10:30 am    Post subject: Reply with quote

Hello Cypher,

I may have made a mistake, I left Mom's computer connected to the internet since I last wrote you. AVG 2012 found 2 virus in it's scan this morning; BackDoor.Agent.11.BR and BackDoor.Generic15.IES.

Rennix


aswMBR version 0.9.9.1618 Copyright(c) 2011 AVAST Software
Run date: 2012-02-18 11:48:16
-----------------------------
11:48:16.527 OS Version: Windows x64 6.1.7601 Service Pack 1
11:48:16.527 Number of processors: 6 586 0xA00
11:48:16.528 ComputerName: COLLEEN-HP UserName: Colleen
11:48:19.360 Initialize success
11:51:27.885 AVAST engine defs: 12021800
11:51:59.497 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000053
11:51:59.502 Disk 0 Vendor: ST310005 HP35 Size: 953869MB BusType: 11
11:51:59.519 Disk 0 MBR read successfully
11:51:59.525 Disk 0 MBR scan
11:51:59.535 Disk 0 unknown MBR code
11:51:59.550 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
11:51:59.636 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 941365 MB offset 206848
11:51:59.720 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12402 MB offset 1928122368
11:51:59.733 Service scanning
11:52:15.422 Modules scanning
11:52:15.441 Disk 0 trace - called modules:
11:52:15.459 ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys storport.sys hal.dll amdsata.sys
11:52:15.468 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80071d8790]
11:52:15.847 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> [0xfffffa8006ad5040]
11:52:15.862 5 amdxata.sys[fffff88000e727a8] -> nt!IofCallDriver -> \Device\00000053[0xfffffa8006cf8880]
11:52:17.921 AVAST engine scan C:\Windows
11:52:22.238 AVAST engine scan C:\Windows\system32
11:55:32.043 AVAST engine scan C:\Windows\system32\drivers
11:55:55.507 AVAST engine scan C:\Users\Colleen
11:58:36.347 File: C:\Users\Colleen\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\links@rivalgaming.com\components\RivalGaming.dll **INFECTED** Win32:Adware-gen [Adw]
12:03:52.154 AVAST engine scan C:\ProgramData
12:08:20.259 Scan finished successfully
12:26:47.942 Disk 0 MBR has been saved successfully to "C:\Users\Colleen\Desktop\MBR.dat"
12:26:47.946 The log file has been saved successfully to "C:\Users\Colleen\Desktop\aswMBR.txt"
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 30 Jul 2014
Posts: 4578
Location: Land Of The Leprechauns

PostPosted: Sat Feb 18, 2012 10:43 am    Post subject: Reply with quote

Hi Rennix,
Can you tell me where AVG found these threats?
It's possible that it is detecting items that have been removed and quarantined during the course of this topic.
_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
Rennix1957
Junior Member


Joined: 11 Feb 2012
Last Visit: 29 Feb 2012
Posts: 28

PostPosted: Sat Feb 18, 2012 10:51 am    Post subject: Reply with quote

I sure can;

C:\_OTL\MovedFiles\02152012\C_Program Files (x86)\1E39D\lvvm.exe
C:\_OTL\MovedFiles\02152012\C_Windows\System32\config\systemprofile\AppData\Roaming\BCA1E\1A5E5.exe
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 30 Jul 2014
Posts: 4578
Location: Land Of The Leprechauns

PostPosted: Sat Feb 18, 2012 11:29 am    Post subject: Reply with quote

Hi Rennix,
Quote:
C:\_OTL\MovedFiles\02152012\C_Program Files (x86)\1E39D\lvvm.exe
C:\_OTL\MovedFiles\02152012\C_Windows\System32\config\systemprofile\AppData\Roaming\BCA1E\1A5E5.exe

Just as i thought, those are entries we removed when you ran OTL earlier Wink
They will be dealt with when we clean up the tools that have been used during this topic.
Your latest logs appear to be clean now, are you happy enough for me to give you final instructions?
_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
Rennix1957
Junior Member


Joined: 11 Feb 2012
Last Visit: 29 Feb 2012
Posts: 28

PostPosted: Sat Feb 18, 2012 12:06 pm    Post subject: Reply with quote

Sure, let's do it.
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 30 Jul 2014
Posts: 4578
Location: Land Of The Leprechauns

PostPosted: Sun Feb 19, 2012 2:56 am    Post subject: Reply with quote

Hi Rennix,

This is my general post for when your logs show no more signs of malware.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Time for some housekeeping

  • Click on Start > All programs > Accessories > Run.
  • Now type in ComboFix /Uninstall into the box and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.


The above procedure will reset your System Restore and clear out the backups and quarantines created during the course of this fix.

Next.

Clean up with OTL
  • Right-click OTL.exe and select " Run as administrator " to run it.
  • This will remove all the tools we used to clean your pc.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.

You can now delete any tools/logs we used if they remain on your Desktop.

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Microsoft Windows Update
Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Install the updates immediately if they are found.
To update Windows
Go to Start > All Programs > Windows Update > Check for updates.
To update Office
Open up any Office program.
Go to Help > Check for Updates

I would be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Safe surfing!
_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
Rennix1957
Junior Member


Joined: 11 Feb 2012
Last Visit: 29 Feb 2012
Posts: 28

PostPosted: Sun Feb 19, 2012 1:27 pm    Post subject: Reply with quote

Hello Cypher,

Here's the report I got out of F-Secure. Let's not close this topic just yet, I have a few more questions.

Rennix

Scanning Report
Sunday, February 19, 2012 14:22:04 - 14:59:43
Computer name: COLLEEN-HP
Scanning type: Quick scan
Target: System


--------------------------------------------------------------------------------

13 malware found
TrackingCookie.Questionmarket (spyware)
System (Disinfected)
TrackingCookie.Adinterax (spyware)
System (Disinfected)
TrackingCookie.2o7 (spyware)
System (Disinfected)
TrackingCookie.Advertising (spyware)
System (Disinfected)
TrackingCookie.Adtech (spyware)
System (Disinfected)
TrackingCookie.Doubleclick (spyware)
System (Disinfected)
TrackingCookie.Revsci (spyware)
System (Disinfected)
TrackingCookie.WebTrendsLive (spyware)
System (Disinfected)
TrackingCookie.Fastclick (spyware)
System (Disinfected)
TrackingCookie.Adbrite (spyware)
System (Disinfected)
TrackingCookie.Mediaplex (spyware)
System (Disinfected)
TrackingCookie.Atwola (spyware)
System (Disinfected)
TrackingCookie.Yieldmanager (spyware)
System (Disinfected)

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 5831
System: 5831
Not scanned: 0
Actions:
Disinfected: 13
Renamed: 0
Deleted: 0
Not cleaned: 0
Submitted: 0
Back to top
View user's profile Send private message
Rennix1957
Junior Member


Joined: 11 Feb 2012
Last Visit: 29 Feb 2012
Posts: 28

PostPosted: Sun Feb 19, 2012 1:41 pm    Post subject: Reply with quote

I've still got the 500GB Seagate FreeAgent GoFlex USB drive not connected to the computer, how do you want to handle that? I'm also still getting an error on start up out of Catalyst Control Center. I downloaded and installed the latest version of Catalyst Control Center and I'm still getting that error.

Rennix
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 30 Jul 2014
Posts: 4578
Location: Land Of The Leprechauns

PostPosted: Mon Feb 20, 2012 2:25 am    Post subject: Reply with quote

Hi Rennix,
What F-secure detected were Tracking Cookies, they are created all the time when using the internet and are not a problem.
Quote:
I've still got the 500GB Seagate FreeAgent GoFlex USB drive not connected to the computer, how do you want to handle that?

Plug it in and scan it with your installed version of AVG, let me know if it finds anything.
Quote:
I'm also still getting an error on start up out of Catalyst Control Center.

Here are some excellent Tech sites (in no particular order) that may be able to help with this problem:
My area of knowledge is in malware only unfortunately.

_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
Rennix1957
Junior Member


Joined: 11 Feb 2012
Last Visit: 29 Feb 2012
Posts: 28

PostPosted: Mon Feb 20, 2012 11:23 am    Post subject: Reply with quote

Hello Cypher,

AVG pronounced the external drive clean. That drive is only supposed to have user generated files on it, so it makes sense that it wouldn't be infected. But at the same time I don't trust AVG, since AVG was running when the computer became infected in the first place.

Catalyst Control Center I'll struggle with on my own, there may have been an uninstall feature on that massive download that I'll have to run again to find.

Just in case you close this topic before I get the chance...

Thank you SO much for your help. I couldn't have done this without you. If I am ever in "The Land of the Leprechauns" I'm going to meet you at the pub for a pint, I'm buyin'. Smile

Rennix

PS I love Guinness.
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 30 Jul 2014
Posts: 4578
Location: Land Of The Leprechauns

PostPosted: Tue Feb 21, 2012 2:00 am    Post subject: Reply with quote

Hi Rennix,
Quote:
Thank you SO much for your help

You're most welcome.
Quote:
I don't trust AVG, since AVG was running when the computer became infected in the first place.

No AV can protect you against every threat, but having an AV installed is better than none.
Im not a big fan of AVG myself but i can recommend either of these.
Note: You should run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and results in program conflicts and false virus alerts.
Quote:
If I am ever in "The Land of the Leprechauns" I'm going to meet you at the pub for a pint, I'm buyin'.

I will hold you to that Very Happy

Any other questions before i close this topic?
_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
Rennix1957
Junior Member


Joined: 11 Feb 2012
Last Visit: 29 Feb 2012
Posts: 28

PostPosted: Tue Feb 21, 2012 2:36 am    Post subject: Reply with quote

Hello Cypher,

No that's it, thanks again.

Rennix
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 30 Jul 2014
Posts: 4578
Location: Land Of The Leprechauns

PostPosted: Tue Feb 21, 2012 2:45 am    Post subject: Reply with quote

Hi Rennix,
I will close this topic as you have no further questions, good luck and stay safe.
Quote:
As your issues appear to be resolved, this topic is now closed.

If you have been helped and wish to donate to help with the costs of this volunteer site, please read Spyware Warrior Donations

_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
Display posts from previous:   
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Archived Spyware Removal Help Topics All times are GMT - 8 Hours
Goto page Previous  1, 2
Page 2 of 2

 
Jump to:  
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group