|13 May 2013||#61|
Going back and reading the posts, please send link(s) to which ever program I should download for the next step. I have downloaded so much software, I forget what is what. lol
Currently I have on the infected PC:
PC scan and repair (re-image I guess)
PC Health Boos
If I have to purchase any of these software tools, no problem. Please advise on which one. I did download Microsoft Essential Tools but have not installed it. When the PC is clean, I can do that.
|My System Specs|
|13 May 2013||#63|
Let's press on...
Please open Notepad: (Start > All Programs > Accessories > Notepad)
Copy/paste the entire content inside the quote box below to Notepad (Do not copy the word 'Quote'):
C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mdatact.dll
C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mhtmlmu.dll
C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mieovr.dll
C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mPlugin.dll
C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mskin.dll
C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\T8HTML.DLL
C:\Users\Ferreira Family\AppData\Local\Google\Chrome\User Data\Default\Default\aadhddddgcdidgdbdedbdcdcdediddgf\background.js
C:\Users\Ferreira Family\AppData\Local\Google\Chrome\User Data\Default\Default\aadhddddgcdidgdbdedbdcdcdediddgf\ContentScript.js
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\iframe3CA3LH8DI.htm
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\iframe3CA9QNTCC.htm
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\iframe3CAAPZEWF.htm
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\impCA1B8V4P.js
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2LMNF8W4\foasgroup_com.htm
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\334KE5MZ\iframe3.htm
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RSD4GYOY\iframe3.htm
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\iframe3CA3LH8DI.htm
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\iframe3CA9QNTCC.htm
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\iframe3CAAPZEWF.htm
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\impCA1B8V4P.js
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2LMNF8W4\foasgroup_com.htms
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\334KE5MZ\iframe3.htm
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RSD4GYOY\iframe3.htm
In Notepad, click: File (upper left) > Save As...
Save the file to the Desktop
Name it: CFScript.txt
Both the CFScript.txt and the ComboFix program icon must be on the Desktop, or this will not work.
Make sure all AntiVirus and AntiMalware programscontinue to be disabled, so they do not interfere with the running of ComboFix.
Now, drag the CFScript.txt into ComboFix.exe as depicted below:
This action starts ComboFix again.
If the porgram asks to reboot, please do so.
When done, pease attach the new Combofix.txt in your reply.
Also, you can remove the following:
1. PC Scan and Repair:
Please go to: Start > Control Panel > Programs and Features, and in the list of installed programs, look for entries like:
PC Scan and Repair
Reimage PC Repair
Select the program, and click: Uninstall
Pay attention to the uninstall process, just in case Reimage attempts to prompt for additional nuisance software.
2. PC Health Boost
Uninstall: How To Uninstall PC HealthBoost™ | PCHealthBoost.com
Next, please download Malwarebytes' Anti-Malware:
Save to the Desktop.
MBAM may make changes to the Registry as part of its disinfection routine.
If using other security programs that detect Registry changes, they may interfere or alert you.
Temporarily disable such programs as shown, or permit them to allow the changes:
Right-click the MBAM file, and select: Run as Administrator
When the installation begins, follow the prompts.
Make sure you leave both of these checked:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware
MBAM automatically starts and you are asked to update the program.
If an update is found, the program will automatically update itself.
Press the OK button to close that box and continue.
On the Scanner tab:
Make sure the Perform Full Scan option is selected.
Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected.
Click on the Start Scan button.
The scan may take some time to complete, so please be patient.
When the scan is finished, a message box shows The scan completed successfully. Click 'Show Results' to display all objects found
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
Click on the Show Results button to see a list of any malware found.
Make sure everything is checked, and click: Remove Selected
When removal is completed, a report opens in Notepad.
The log is automatically saved and can be viewed by clicking the Logs tab.
Please copy/paste the entire contents of the MBAM report in your reply.
Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you are asked to reboot the computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately.
Failure to reboot normally (not into safe mode) prevents MBAM from removing all the malware.
|My System Specs|
|13 May 2013||#67|
On the ESET Online Scanner...
It is my undertanding that in order to remove the malware, there needs to be a check next to the Remove found threats option in the Computer Scan Settings prompt:
This option should be selected by default. Apparently, this was not the case, or the setting was unchecked, to see what ESET finds. This is not bad idea, since there are situations when a false positive is detected.
-->> Instead of running ESET for a long while once again, used ComboFix to cut to the chase. <<--
If anyone runs the ESET Smart Security or ESET NOD32 Antivirus, the situation is different.
In the Threatsense Engine Parameter Setup, click Cleaning on the left pane, and, on the right pane, move the slider to the left or right to set the cleaning level (see image).
The different cleaning levels are No cleaning, Standard cleaning or Strict cleaning (used by most).
These levels determine the behavior of the ESET Smart Security or ESET NOD32 Antivirus when cleaning infected files.
|My System Specs|
|14 May 2013||#69|
Thanks for the reports, GilV37.
There is some Reimage showing, so let's make sure it is out of the game...
Please go to: Downloading HijackThis
Save to the Desktop.
Right-click and select: Run as Administrator
Accept the License Agreement if you decide to run the program.
When the HijackThis console opens, press the following button: Do A system scan and save a logfile
When done scanning, a log opens in Notepad, and also appears on your Desktop.
>>Please post the HijackThis log in your reply.<<
Again in HijackThis, access the Uninstall Manager as follows:
At tne HijackThis console:
Click: Config button > Misc Tools button > Open Uninstall Manager
Now, click oo: Save list... button and save to the Desktop
A Notepad opens with the information needed.
Please provide the contents of Uninstall list in your reply.
|My System Specs|
|Thread Tools||Search this Thread|
|Similar help and support threads|
Need help logging into Windows 7
I have managed to lock myself out of my laptop and can't find a (free?) way around it. I've googled, searched videos, had my kids search (they are so much faster :) ), so now I'm desperate enough to post about it. Embarrassing, because after so many years on various Windows platforms I should...
BSOD when logging in Windows 7
hello! could you help me. I have BSOD immediately after logging in W7 x64 pro SP1 on my laptop Asus x54h but it's work fine in Safe Mode with Network thank you.
|BSOD Help and Support|
system hangs after logging off and logging back!
hi! I logged off and logged back in.My system displays a black screen and doesn't log back in.It freezes and doesn't log back in. Help would be appreciated. mahesh
|Performance & Maintenance|
Windows keeps logging me off!
I have no idea why but every now and then (pretty often) Windows will just randomly log me off and then i can just log in and keep going but it is very annoying.. It mostly happens when i am playing a full screen game (of any kind) and i press either the windows key to minimize it or i press...
|BSOD Help and Support|
See what windows does at startup and while logging off
to see what windows is doing before logging off navigate to 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System', in the registry, create a DWORD value called 'verbosestatus' and set it to 1 (u might want to try this if ur comp is taking too long to shutdown or start)
Windows 7 RC not logging in
I am facing a different kinda problem, i cant login to my windows. I get the login screen, but when i give in my credentials it goes to the welcome screen and doesnt change at all, no matter how long i wait. I went into safeboot(luckily i could get into my desktop) and restored the pc onto an...
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.
© Designer Media Ltd
All times are GMT -5. The time now is 00:27.