Solved ZA is poping up with suspicious behavior boxes

[reble]

I got up to go to the kitchen for a snack and when I got back to my computer there was a Zone Alarm "suspicious behavior" box in the lower right hand corner of the screen with the following in the box "jnsp 15f8.tmp is trying to communicate with C:\Windows\system32\services.exe by opening it's process". I have clicked the deny button meny times and the box keeps popping up. Also I keep getting rotating box's (same box, different file names). The other file names are "nsqfb75.tmp and nsw47ec.tmp. Also it has taken a long time to type this message. When I type a word it takes anywhere from 3 to 6 seconds before the word to show up on the screen. I am getting a random Windows box popping up saying during typing "a script on this page has stopped responding, do I want to let the script go on or stop it". I am also getting random pages popping up that have nothing to do with what I am doing. This all started about an half hour ago. Before I went to the kitchen everything was fine. The laptop was running as smooth as silk. I tried a cold reboot, I tried emptying the temporary dir and the internet temporary dir. Neather the cold reboot or emptying the temp dir's did any good. I am 85% sure the laptop is infected. It is just a question of what to do. Try to clean the infection out or just wipe the partition clean and reinstall everything new. By the way I went looking for info on this files and I can't find a thing on the internet about the following files. jnsp15f8.tmp, nsqfb75.tmp and nsw47ec.tmp. I was looking for info on how to clean them out.

Steve

 

[Jacee]

Please download (free version) Malwarebytes' Anti-Malware to your desktop
Malwarebytes | Free Anti-Malware Detection & Removal Software
* Double-click mbam-setup.exe and follow the prompts to install the program.Right click to run as Administrator, using Windows 7 or Vista.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location. Copy and Paste that log into your next reply.

 

[reble]

ZA is poping up withsuspicious behavior boxs

The log from Malwarebytes isn't opening up in Notepad. There is 2 logs that open in Internet Explorer. The log names are "mbam-log-2015-10-26 (22-52-39).xml" and "protection-log-2015-10-26.xml". Also after the laptop sat turned off over night with the ac power pack plug pulled from the laptop and the laptop's battery also pulled. The laptop is acting a bit more normal. There is no lag time between typing the word and it showing up on the screen. There is still unwanted popup pages and the ZA warning box's are still there but not as much after running Malwarebytes.

Steve

Please download (free version) Malwarebytes' Anti-Malware to your desktop
Malwarebytes | Free Anti-Malware Detection & Removal Software
* Double-click mbam-setup.exe and follow the prompts to install the program.Right click to run as Administrator, using Windows 7 or Vista.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location. Copy and Paste that log into your next reply.

 

[derekimo]

You can export the log as a .txt file from the history tab,



Click on the scan log,



Export text file.

 

[reble]

ZA is poping up withsuspicious behavior boxs

I keep getting the following error message "The text that you have entered is too long (29025 characters). Please shorten it to 20000 characters long." when I past the scan log in. So I added the scan log as an attachment.

Please download (free version) Malwarebytes' Anti-Malware to your desktop
Malwarebytes | Free Anti-Malware Detection & Removal Software
* Double-click mbam-setup.exe and follow the prompts to install the program.Right click to run as Administrator, using Windows 7 or Vista.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location. Copy and Paste that log into your next reply.

 

[Jacee]

Wow!

Let's flush the DNS cache and restore MS's Hosts file:
Copy and paste these lines in Note pad.

@Echo on
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0

Save as flush.bat to your desktop.
Right click on the flush.bat file to run it as Administrator. Your computer will reboot itself.

Next, download TFC by Old Timer TFC - Temp File Cleaner by OldTimer Download - Geeks to Go Forum and save it to your desktop.

Save any unsaved work. TFC will close ALL open programs including your browser! This will also remove all desktop shortcuts, so just be aware! They will come back after rebooting.

Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.

Important! Manually reboot the machine to ensure a complete clean.

Tell me if you're still getting pop-ups.

 

[reble]

ZA is poping up withsuspicious behavior boxs

Everything is back to normal on the laptop Jacee. And I saved that bat file bellow as well as the TFC prog to my util's cd for use down the road when I mite need it again. I have a cd marked util's prog's backup. Some of my install prog's plus various other util progs like TFC.

Wow!

Let's flush the DNS cache and restore MS's Hosts file:
Copy and paste these lines in Note pad.

@Echo on
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0

Save as flush.bat to your desktop.
Right click on the flush.bat file to run it as Administrator. Your computer will reboot itself.

Next, download TFC by Old Timer TFC - Temp File Cleaner by OldTimer Download - Geeks to Go Forum and save it to your desktop.

Save any unsaved work. TFC will close ALL open programs including your browser! This will also remove all desktop shortcuts, so just be aware! They will come back after rebooting.

Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.

Important! Manually reboot the machine to ensure a complete clean.

Tell me if you're still getting pop-ups.

 

[Jacee]

TFC is good to keep!

 

[Jacee]

Make sure your Java is up to date... Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.


Updating Java:

• Download the latest version (for your computer) of Java SE Runtime Environment 8 - Downloads Java Runtime Environment (JRE) 8.
• Scroll down to where it says "Java Runtime Environment (JRE) 8u66 allows end-users to run Java applications".
• Click the "Download" button to the right.
• Check the box that says: "Accept License Agreement".
• The page will refresh.
• Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel double-click on Programs and Features and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java versions.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-8u66-windows-i586-p.exe to install the newest version.