Jacee - Help!
OK out of desperation I have now attemped to install the Microsoft patches. Windows did install some of them but keeps failing to install the last 7 patches.
What should I do now. But Jacee now seems to have gone cold... Can anyone else please help??
Oooo, sorry I'm late
If you're trying to install more than one or two patchs at a time ... don't. Just stick with a couple.
Tell what won't install and for which computer.
On your WinXP ... Combofix was running from this location:
c:\documents and settings\alec\Desktop\ComboFix.exe
Jacee - my saviour! Welcome back :)
On my Window 7 home PC the following wont install:
- Cumulative Security Update for Internet Explorer 9 for Windows 7 for x64-based Systems (KB2761451)
- Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2729452)
- Security Update for Windows 7 for x64-based Systems (KB2727528)
- Update for User-Mode Driver Framework version 1.11 for Windows 7 for x64-based Systems (KB2685813)
- Update for Windows 7 for x64-based Systems (KB2750841)
- Update for Windows 7 for x64-based Systems (KB2761217)
- Update for Windows 7 for x64-based Systems (KB2763523)
What should I do on my laptop? Should I run ComboFix again?
P.S. I seem to have deleted ComboFix.exe (I cant find on either machine) - should I download it again?
J
No, don't download Combofix again.
This patch (KB2761451) is most likely the only one you need right now. Also read here: KB2761451 — Krebs on Security
What I DO want to see right now is a scan with ESET from both XP and Win7 computers. Instructions, once again:
- Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan- Click the
button.
- For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on
to download the ESET Smart Installer. Save it to your desktop.
- Double click on the
icon on your desktop.
- Check
- Click the
button.
- Accept any security warnings from your browser.
- Check
- Push the Start button.
- ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
- When the scan completes, push
- Push
, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
- Push the
button.
- Push
I just panicked and re-ran Malwarebytes AntiMalware (Free) on My Windows 7 computer.
And it found something:
Item: C:\Users\Alec\AppData\Local\Google\Chrome\Application\21.0.1180.83\chrome_frame_helper.exe
Vendor: Trojan.Agent
Result: "Quarantined and deleted successfully."
YIKES!
And my WinXP laptop has got the same problem!
I just ran Malwarebytes on it
C:\Documents and Settings\alec\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.83\chrome_frame_helper.exe (Trojan.Agent) -> Quarantined and deleted successfully.
Should I uninstall Google Chrome on both computers?
J
PS On my both my Win7 PC and my WinXP laptop it says: "No threats found" - (although I have to tell you that the WinXP scan too over 5 hours!)
PPS Please excuse me for jumping ahead but I need to push ahead as my livelihood cant wait.
So I have just run CCleaner and then SUPERAntiSpyware.
Bizarrely SuperAntiSpyware seems to have found a cookie (despite me asking it to delete cookies in all 3 of my browsers) called
> Adware.Tracking Cookie
> C:\Users\Alec\AppData\Roaming\Microsft\Windows\Cookies\5YC1YS3L.txt [/accounts.google.com]
Also it found:
> (x86) HKML\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EHSHELL.EXE
> (x86) HKML\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EHSHELL.EXE#Debugger
More news as I get it...
Last edited by shiphen; 14 Nov 2012 at 12:14.
Yes, go ahead and uninstall Google Chrome. Once everything is cleaned up, you can reinstall it again. At that point you will want to set a Clean System Restore point!
1. Okay I have uninstalled Google Chrome from all 3 PCs (Home -Win7, Work - Win7, and laptop).
2. I just ran SUPERantispyware all 3 computers. The others where clean but my Home PC found this:
>>>
SUPERAntiSpyware Scan Log
SUPERAntiSpyware | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!
Generated 11/14/2012 at 06:00 PM
Application Version : 5.6.1014
Core Rules Database Version : 9582
Trace Rules Database Version: 7394
Scan type : Complete Scan
Total Scan Time : 00:13:50
Operating System Information
Windows 7 Professional 64-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Administrator
Memory items scanned : 842
Memory threats detected : 0
Registry items scanned : 73123
Registry threats detected : 2
File items scanned : 84553
File threats detected : 0
Security.HiJack[ImageFileExecutionOptions]
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EHSHELL.EXE
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EHSHELL.EXE#Debugger
>>>
I asked it to (delete?) the items and have just rebooted it.
Unless you stop me I shall get it to run SUPERAntispyware.
Btw, please can you give my more instructions to do at once. Sorry but all this is simply taking too
long. e.g. please can you give me a number of scans to run in sequence or WHATEVER IT TAKES !
Which reminds me - do I need to change my windows password in case I had a trojan that could use the old one to get in???
Or so I need to cut my losses and format some or all of the disks of my PCs?
And if so how the heck can I make sure that my data is clean?
Many thanks
J
I believe this is a false/positive on SAS's part ... These items have something to do with Log Me In. See this article: SAS False Positive with LogMeIn :: KW Support & Consulting LLC
Security.HiJack[ImageFileExecutionOptions]
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EHSHELL.EXE
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EHSHELL.EXE#Debugger
The only thing you haven't done for me is a scan and report from ESET!! I need to see this from both XP and Win7, before I have you set a clean restore point.
Eset produced no errors on any of my computers. But I'll run it again just to make sure. :)
UPDATE: On my Home PC (Win7) I was getting an error saying "Can not get update. Is proxy configured?" I dont really understand proxy's... I am using an ordinary ADSL from home. I dont think I'm using a Proxy. But I turned off the VPN that I use to pick up work emails from msExchange, and it seemed to download the virus definitions no problem. Scan is now running...
Many thanks
J
Last edited by shiphen; 14 Nov 2012 at 21:34.
Quote
