Solved Virus Deletion Now Makes Internet Access Impossible

[Florida Rene]

FYI, ran new scans after the OTM freeze. AVG & MBAM reported no threats.

 

[cottonball]

Have a great New Year, Florida Rene!!

At this stage, I believe you are OK, however, prefer to know if OTM got swallowed by a crock in the Everglades, or, whether OTM may have taken out the Registry entries and files, etc., and then the crock locked its jaws.

So, let's confirm...

Please use SystemLook once again, and use the following criteria:

:folderfind
*Scorpion*
MovedFiles
:regfind
Scorpion

Click the Look button to start the scan.
:ar: Please post the new SystemLook.txt in your reply.

 

[Florida Rene]

Have a great New Year, Florida Rene!!

At this stage, I believe you are OK, however, prefer to know if OTM got swallowed by a crock in the Everglades, or, whether OTM may have taken out the Registry entries and files, etc., and then the crock locked its jaws.

So, let's confirm...

Please use SystemLook once again, and use the following criteria:

:folderfind
*Scorpion*
MovedFiles
:regfind
Scorpion

Click the Look button to start the scan.
:ar: Please post the new SystemLook.txt in your reply.

Gracias!

The new SystemLook.txt is attached. Computer seems to be performing as it did prior to this fracas. Should I run SAS again?

 

[cottonball]

No need for another SAS.

Got to go get some chow, and will provide some instructions on getting rid of those entries.

Hang in there...maybe you can have some cake in the meantime!

 

[Florida Rene]

Blue Bunny Bordeaux Cherry Chocolate ice cream! Simply fabulous!

 

[cottonball]

Geeesh...I'm diabetic!. However, I can almost taste it!


Let's give this a whirl...

Please use the Farbar Recovery Scan Tool (it is updated often)
Download > Farbar Recovery Scan Tool Download
Save it to the Desktop.

Now, open notepad (Start > All Programs > Accessories > Notepad)
Copy the entire contents of the code box below (Do not copy the word 'code') to Notepad.
Save it to the Desktop, and name it: fixlist.txt

start
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MATS\WindowsInstaller\{9B65F9A3-9D24-452A-B6EF-1457D65E4259}" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders" /v "c:\Program Files (x86)\ScorpionSaver\" /f
c:\Program Files (x86)\ScorpionSaver\
end

Now, run FRST, and press the Fix button, just once, and wait.

When done, the tool creates a report on the Desktop called: Fixlog.txt

>> Please post the Fixlog.txt in your reply.



>

 

[Florida Rene]

Me too, diabetic that is. But 'tis holiday time!

Followed your FRST instructions and the report should be attached.

 

[cottonball]

Looks as if the reports of the tools run do not show ScorpionSaver, Adpeak, or any malware.
If you are no longer having problems, and have no questions, you are good to go!!!

Let's wrap up and remove the tools used and their reports, since these tools are updated frequently, and it is best to have a new copy:

Tools and Reports:
-FRST, its folder in C:\FRST, and any fixlist or fixlog on the Desktop.
-Farbar Service Scanner, and its FSS report
-AdwCleaner > Run the tool, and press: Uninstall
-Junkware Removal Tool, and its JRT report
-Security Check, and its report
-SystemLook, and its report: SystemLook.txt
-RKill, and its report: RKill.txt
-Registry Backup
-OTM, if still on the Desktop

:ar: Also, if anyone else requested the downlod of a program that is no longer needed, please jump in and advise.

:info: This is a vulnerability pointed out by System Check that you cannot afford to have:
>> Java version out of date!

Please verify the version of Java you have installed.
If your version of Java is outdated, it needs to be updated.
When done, uninstall older versions.

:info: As far as suggetions for your consideration...
Would keep Malwarebytes Anti-Malware, and use it regularly...
If you have USB pendrives or SD cards, connect them to other computers, and then connect them back to your computer, the Perform Full Scan has the option of selecting which drives you want to scan, and includes removable drives.

Would also use the ESET Online Scanner as needed...

Also, make sure your security software is ALL enabled and running! However, use only one AntiVirus program.

Running more that one has no advantages, on the contrary, the programs compete with each other, and you end up with less protection, rather than more.


:info: Last, consider doing the following to prevent future infections...
Malware is normally installed through vulnerabilities found in out-dated and insecure programs on a computer.
You can use the Secunia Personal Software Inspector to scan for vulnerable programs:
Free Computer Security - Personal Software Inspector (PSI) - Secunia
A tutorial on how to use the program is found here:
How to detect vulnerable and out-dated programs using Secunia Personal Software Inspector (PSI)


Thanks for following all the instructions and providing the reports!!

Have a great new year, Florida Rene!!


.

 

[Florida Rene]

Cottonball...

What a TERRIFIC recap! I shall get to work on it and report back to you.

Meanwhile, just to give you some reading with your morning coffee, I found the OTM log and it is attached. Apparently, during the freeze, it saved the log anyway. Enjoy!

Talk with you later. You have been a great help!

 

[Florida Rene]

UPDATE for Cottonball...

INTERNET ACCESS...has worked perfectly for FF & IE ever since deleting Chrome and the infected files unearthed in the last 10 days. Much appreciation to forum posters who have been so supportive!
JAVA...installed updated version. Uninstalled previous.
TOOLS & REPORTS...deleted all per your instructions.
MALWAREBYTES...updated this morning, ran full scan, no threats.
AVG...updated this morning, ran full scan, no threats.
USB DRIVES & EXTERNAL HARD DRIVES...will purge them with ESET and check with MBAM & AVG.
SECUNIA...downloaded, will read tutorials and follow instructions this weekend.

Whew! I think this is all finally over! Thanks primarily to you and also to several other good spirits on this terrific forum.

Let me know your opinion on the OTM log, and then I think I can mark this episode SOLVED.

 

[cottonball]

Rene,

You have done a great job of performing all the instructions and following up!!

Good luck in your future endeavours. If you need us again, come back.

It has been a pleasure working with you...except you ate all the rum cake!!

 

[Florida Rene]

Rene,

You have done a great job of performing all the instructions and following up!!

Good luck in your future endeavours. If you need us again, come back.

It has been a pleasure working with you...except you ate all the rum cake!!

Many, many thanks for all your help! Maybe when my wife makes the rum cake again for the 2014 holidays, you'll fly in for a seat at the table. That would be splendid!

Until then, let me say that I admire your professionalism and the way you turn solving a vexing virus into an enjoyable challenge. There are a number of helpful pros on this forum and I appreciate the help of all. But you're the All-Pro. THANKS!

 

[cottonball]

Me pro? Oh no...just enjoy busting malware!!!



.

 

[Florida Rene]

Me pro? Oh no...just enjoy busting malware!!!



.

FYI, Cottonball...no more Internet Access problems and no more lurking malware (that I've been able to find) since our last go-round. Many, many thanks!

 

[cottonball]

Glad to help ya', Rene!

...and, I am sure, so are all the other teammates that comprise the WSF forum.