All done.
Takes quite a while to run, as I learned, but certainly a worthwhile part of the "protection recipe".The ESET Online Scan is a program you may want to use every so often.
Definitely.Also, make sure security software is ALL enabled and running!
And to you to. Couldn't have gotten this completely conquered without your help.Thanks for following all the instructions and providing the reports!!
Have a great week, dsperber!!
Your part of the country had been making the nightly news for the past week, what with the ongoing efforts of your power companies to get things repaired.
Indeed! In complete contrast to what went on over at the Malwarebytes HELP forum, which apparently has a whole different intent and approach.First, I want to say that this was a great example of team effort - thanks go out to everyone.
It's hard to control AOL users (and the wife is an addicted online shopper), but with MBAM now installed and operational at least there's one more hopefully effective safeguard.Second, make sure your friend keeps the machine protected with an up-to-date real time A/V program and that they practice safe surfing / messaging. Malware can get past even the best protection, so run a on-demand scanner once a month (ESET is good, but slow... Mbam and AdwCleaner are good quick checks) pick a few and run them periodically (those are the three that I use to see if anything got past Avast! be free)
Yes, I rebooted whenever prompted either by the program's completion or because it was clearly appropriate.I learned a few things (as usual here on SF) -
SFCfix will be new and improved!
FRST can kill off winsxs files.. although one of the pending deletes required a restart - has that already been done?
These two $$DELETEME files did finally truly disappear following that final run of FRST and the reboot, as shown in my final screenshot above.From the FRST fixlog:
Could not move "C:\Windows\winsxs\Temp\PendingDeletes\$$DeleteMe.rpcss.dll.01cf2163f246e720.0000" => Scheduled to move on reboot.
C:\Windows\winsxs\Temp\PendingDeletes\$$DeleteMe.rpcss.dll.01cf2373a53dd39a.0000 => Moved successfully.
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-02-07 19:40:56)<=
C:\Windows\winsxs\Temp\PendingDeletes\$$DeleteMe.rpcss.dll.01cf2163f246e720.0000 => Is moved successfully.
Yes! Very coincidental and surprising. I had no idea this had happened as I'd lost my RealVNC connectivity a few months back after trying to make some Verizon modem/router port-forwarding changes. Only after now installing TeamViewer was I once again able to get into his machine and see the awful state of things which had developed.So now you're helping your cousin in NY - did I read that correctly?
Looks like this one has been successfully "cured" using straightforward application of the Malwaretips "recipe", i.e. cocktail of assorted tools. I'm sure all the products contributed (as they each found something even after others had already previously been run), but again I noticed the most significant machine performance improvement after HitmanPro got run and deleted what it deleted, and the related re-boot.Good luck with that project - open a new thread if you think you need help on that.
It does not appear that any further outside assistance from the experts here at SF will be needed for this one. I guess he was lucky, being another AOL user, that the nature of his infection(s) were not as severe (as the infected RPCSS.DLL problem was on my friend's machine in this thread).
Many thanks again.
I don't want to derail this thread, but your comment on the "cocktail of assorted tools" speaks to my rants in this thread: https://www.sevenforums.com/system-se...ml#post2685626
I understand that Kaspersky's root kit scanner might find a new rootkit that MSE does not know to look for, but there is no excuse* for MSE (and every other AV app) not finding old/known root kits that can be detected via online** scans.
*unless we are dealing with copyrighted detection methods. If that is the case, then playing the copyright card for root kit detection is just wrong too.
**while the OS is running. As opposed to offline scanners like WDO.
Quote