Posts by jholland1964

but, most guys here, and all of my friends included, get a pirated windows for FREE from the person they hire to assemble their machines. compared to that,35 dollars seemed a better option at that time. zero experience has its toll... and I'm feeling it now!! :( :(

Look, I have no idea how the laws work in your country, the majority of countries do have laws against piracy of software, especially operating systems. Piracy is piracy whether you get for free or pay $35 for it, it is piracy. Your particular "pirate" was just "more clever" than others you mentioned, he figured out a way to make money doing it. But you still have a pirated operating system and there is no way it can be updated. You will just have to do your best to watch what you do and where you go, keep everything else updated and that's all you can do.

this just keeps getting worse.... i'm not going to jail am I?? this whole year, i'v only gotten into more and more trouble with my computer!!! i just want some peace really....

Lord no, you aren't going to jail. HE cheated YOU. HE could go to jail if reported I am fairly certain but you are just an innocent buyer. You didn't ASK for a stolen operating system did you? Did you KNOW it was a pirated system when he put it on there?

Did this person actually build the computer for you?

that's what i paid for, 35 dollars for a copy of the original, that "works just like the original" as i was told...
This is something you need to remember...$35 for something that is normally around $200 and it works just like the original...sounds too good to be true..

If it Sounds too good to be true then, 99.999% of the time, it IS too good to be true.

The only way to check if it is a legal copy of Windows XP is go here and validate it

http://windows.microsoft.com/en-US/windows/help/genuine/what-is-validation?os=winxp

If it is NOT a legal, valid copy of Windows XP then you will not be able to get any system updates. Sorry but that is just the way it works.

If that validation page finds that it is legal then the ONLY place to get those LEGAL updates is directly from Micorsoft Update pages, no place else. Anywhere else will likely infect the computer.

i was referring to this copy that you mentioned in one of the earlier posts.
do you mean the original copy from which this guy made other copies? yes that was legitimate. you just said so in your previuos post that he has one or two original copies, from which he sold to us.

I mean the actual Windows XP that is presently installed on your computer. Is THIS legitimate? I am not talking about that one on the F drive. I mean Windows XP that is presently installed on your "C" Drive.

Where did that come from? Did it come with the computer or did this "pirate" install it on there?

Are you saying the entire system is pirated? I thought it was just some copy he gave you but the original was legitimate.

Of course you can buy a "hand built" computer. Just make sure that the copy of windows IS a licensed product AND you get the actual disks for it. OR better yet, purchase your own and take it with you when you hirer somebody to build you a computer. OR, you can purchase excellent, high quality computers directly from manufacturers and these DO contain legitimate copies of the operating systems and you get the PAPER proof that they are if fact legitimate.
You can order a computer directly from any legitimate well known manufacturer and they WILL build it to your specifications. I have always done that and have always had very good luck with them. I also always purchased an extended warranty and they have truly been worth it for me with each and every computer I have owned.

If you don't want to format that F:\ drive then you need to fully scan that drive only, with multiple scanners, MBA-M, Kaspersky, ESET online scanner to be 100% certain there are no remaining infection "crumbs" on there.

You DO need to update Windows XP to SP3 and you do need to update the Java to version 6 update 26. Otherwise your system IS at risk.

I deleted that copy of win xp that i had,which showed the infections, and ran a scan again, and mbam showed no infections.
Not sure what you actually mean by that. You can't "delete" an operating system without a reformat of that drive. Meaning the drive is wiped clean. You have not had the time to reformat that drive since your last post. If you didn't format that "F" disk, then you do need to do that because the infection can still be contained in any other files on there.

i would get a genuine COPY of windows for $35 dollars
Copy can mean just the general term like a "copy" of a book. Nobody, except the author and the printing company, has the original of a book so each printed book is a LEGAL copy of the original. Your legitimately purchased Kaspersky program is a COPY of the original but it was packaged by the Kaspersky company so it is a legitimate genuine copy of the original. What HE did was copy the one HE purchased and sold THAT copy to you and likely others. If he paid $200 for it FROM Microsoft and then made copies and sold those to 6 people he got his money back and "ripped off" everyone he sold that to, plus also stole from Microsoft because THEY own the legal licensing rights to it.

the guy who assembled my computer gave me the xp that i have. he even took what would be equivalent to 35 dollars for that..

I hate to tell you but in US dollars $35 is not even close to the cost of a legitimate, legal copy of Windows XP. The cost of a new, legal copy of XP is generally will average around $200 in US Dollars. Price depends on the version you purchase and also the store where it is purchased. Some will be higher than $200 and some will be a little lower than $200 but certainly never only $35.

So I would say, as we say in the US, the guy "ripped you off". He has likely sold you a stolen operating system, also called a "pirated" copy of XP.
This is shown by the files found and removed by MBA-M, notice what they say they were:
xp keygen\keygen.exe
xp keygen\update_xp_cd_key.exe
xp keygen\windowsxp product key viewer.exe

A keygen is a computer program that generates a false product licensing key, serial number, or some other registration information needed to activate a software application. In most countries, the use of keygens to activate software without purchasing a license is fraudulent. When you purchase the software, IN THE BOX, as you said you did with Kaspersky, you are purchasing that license. Each and every copy of the Windows Operating System, no matter what version you have, is issued it's own registration or license number, …

Your Windows is not up to date, you show only SP2 on there. Your Java is not up to date. Those two things alone will keep your computer at risk.

There would be absolutely no reason a newly formatted computer should have infections, unless either the reformat was done incorrectly in the first place, or backed up infected files have been placed back onto the reformatted computer, which of course is a possibility, or you are continuing to use the computer unsafely and using illegal files on it.

It appears that your copy of Windows may not be legal, judging by the infected files found by MBA-M.

If I recall correctly the original problem causing the reformat was related to the use of P2P file sharing. It appears that you still are not following safe, legal practices when using the computer. Until you do the computer will continue to become infected.

Did you pay for the Kaspersky program?

Please go here and then post back with the results.

http://www.microsoft.com/genuine/validate/DownloadValidationSupport.aspx?displaylang=en

somjit, you certainly can post the logs here so we can be sure all is clean.
Your new kaspersky 2011 internet security suite is an excellent program and it contains an antivirus program, and a two way firewall so you certainly don't need another firewall. The absolute rule is ONE firewall should be running on a system.
You need to make sure the operating system is full updated, inluding all service packs and most recently offered updates.
Your Java should be fully up to date. Current version is update 6 version 26.
You need to be sure you have correct settings in your browser. I am not certain yet which one you are using but for Internet Explorer go to Tools, Internet Options.
On the General Tab click the Browsing History Settings Tab. Be sure there is a dot in Everytime I visit the web page. Set the disk space to use to around 250 MB. Choose the number of days you wish to keep in History. The number of days is of course your choice. I have mine set to 7.
Hit Ok on that and then go to the Privacy Tab.
Hit the Advanced Button. Make sure there is a dot in Accept 1st Party Cookies, BLOCK 3rd Party cookies and a check mark in Accept Session Cookies.
Hit Ok. and then close out Internet Options.

I strongly recommend that you download, install, update, enable all protection in

Isn't this new "Google paradigm" sweet? You are now actually able to clock up some sleep, Jude.

What what??:D

You are still showing tracking cookies being found. You need to change your browser settings on all of your browsers to block all 3rd party cookies which include tracking cookies.

Now you said the chrome browser had been renamed. That isn't showing in the logs.
Look at my attachments do you mean that where google normally shows, as in my first attachment that it now shows "what what" similar my second attachment? I don't have the chrome browser so I just had to create these from web pictures so they may not be what you are talking about. If you can could you post a print screen to make it clearer?

Where is the new SAS scan with the updated program?

You SAS program is out of date. One absolute rule when doing any scan, update the program before doing the scan. You posted two scans and the program had not been updated for either one. On the 22nd the database was 7304 and the Trace # was 5116.
Please update the program and do another Full Scan. Post back with the log.
You cookie setting is incorrect for Google Chrome because these are all 3rd party tracking cookies. I don't use Chrome so I am not sure where you would find that setting in the program but it should be changed to block 3rd party cookies and accept only 1st party cookies.

LimeWire 5.4.6 must absolutely be removed. P2P is the easiest way to get an infection and to have your computer hijacked.

Open SAS, click the Preferences button. There you will see a lot of tabs. Click the Statistics/Logs tab. The log will be in there.

Hate to say this but since it has been 8 days since your last reply there is no way I can say what could have caused this.
Have you been using the computer in the last 8 days rather than completing the requested steps? SAS was the other request, it hasn't been completed.
Run DDS scanner again and post back with both logs.

:D Sorry about that! Yes I did read that, then the "java thing" came up and I completely forgot.
Now a couple things you need to do. One is to remove the tools used here as they won't be needed anymore.
To do this follow these instructions:

Please download OTC by OldTimer: http://oldtimer.geekstogo.com/OTC.exe
Save it to your Desktop.
Double click OTC.exe.
Click the CleanUp! button.
If you are prompted to Reboot during the cleanup, select Yes. The tool will delete itself once it finishes.

Next add this protection program:
SpywareBlaster by Javacool. I wouldn't run a computer without it.
Prevents the installation of ActiveX-based spyware, adware, dialers, browser hijackers, and other potentially unwanted programs. It can also block spyware/tracking cookies in IE, Mozilla Firefox, Netscape, and many other browsers, and restrict the actions of spyware/ad/tracking sites.
Simply download, install, update, enable all protection and close the program. Doesn't run in the background to there is no interference with any other security programs. Manually check for updates every couple weeks.When there are updates simply download, install, enable all protection and close it out.

Keep MBA-M on there, update at least once a week and run a Quick Scan. If the Quick Scan finds something then remove of course, immediately update again and run a Full Scan just to be safe.

You also should look into replacing the Power Supply as Rik noted earlier. …

Installed and updated. :)

All of the Windows Updates including SP3? How could you get all that downloaded and installed in this short of time? SP3 alone would take a very long time to download. It has only been 35 minutes since you got the Java installed.

Very good! Now you DO need to update the system. Especially now when you know it is clean. That is a key requirement before doing major system updates and right now today you can be pretty certain that is the case.
An out of date system is a very easy way to end up with major infections. You of course have been running, even though you say you don't use it, IE6, current version is IE8 and I would also advise that you do take that also.
You need to use IE to go to Windows Updates.

Try this JavaMSIFix.exe

Reason I asked is that the error you got can happen when old java remains.

A JavaRa log? Honestly have never seen one, sure post it.

Did you Uninstall all the old java first? using the tool that Crunchie gave you?

I am sure things will go just fine.

Jen, you can go here to get your java update. Much easier page.You evidently chose the 64bit version of the program and you are running a 32bit, that's why you got that message.
http://www.java.com/en/download/index.jsp

You DID do the right thing by updating IE. Even though you don't use it, you always need to keep it updated and there still ARE some websites that require that you use IE.
The KEY thing you need to update is the actual operating system. You do need SP3. Without SP3 your system is no longer supported and IS at great security risk.By updating to SP3 your system can receive critical updates until it's lifecycle expires which will be April of 2014. So it is to your advantage to do the update. Keep you a WHOLE lot safer too!

Thank you, too, for your help. I updated MBAM last night, but after two attempts to run a full scan, I think I might try downloading a version or two earlier. Both times, I left the program to run the scan on its own and didn't touch anything, and both times when I checked, MBAM has "encountered a problem and needs to close."

I'll be sure to post the log when I get it. :)

Jen, a version or two earlier will not remove anything because the database will not contain the proper definitions. With any scanner, no matter what program you must have a new version for removal.
Boot the computer to safe mode and run the scan with the newest version, have it remove everything found and post back with the logs.

Hi Jen, Crunchie isn't here at the moment. The TDSKiller DID remove a rootkit. It is highly likely that you do still have infection on the computer.
Your version of MBA-M is a year out of date. Current version is 1.51.0.1200 and current database is at least database version 6897. So your database is over 2800 updates behind.

You need to update your MBA-M program to the latest version and latest database and run another Full Scan with it. Have it Remove Everything found and then Reboot the computer>>>this is VERY important as some of the removals may not be completed until the computer is rebooting.
Once you have done this then post back here with that new log and we will give you additional steps.

ClickPotato was removed by MBA-M so that is gone. I still see uTorrent running on the computer.
You have a HUGE number of processes running when the DDS scans have been done. Key thing about removing infections is that only NECESSARY programs should be running while doing this and many of those running here are not necessary for the running of the computer.
You need to change your Start Page from facemoods. Try going to a safe page, like the plain google home page and setting that as the start page and see if that makes a difference. Then you can certainly choose another but make sure it is a SAFE page and not something like facemoods. You also need to go into Addons in both browsers and disable and then delete if possible delete the facemoods tool bars.

Update MBA-M and run another Full Scan. Also download and install the FREE version of SUPERAntispyware and run a full scan with it also. Have it rmeove everything it finds.http://www.superantispyware.com/download.html
Post back with both of those logs.

Your MBA-M program is nearly 18 months old. Current version is version 1.51.0.1200 and the latest database version is 6851 so your database is 3000 behind.

The absolute rule is to always update MBA-M before each and every scan. They issue updates multiple times daily so even if you run multiple scans in one day the program should always be updated before each scan.
You absolutely must update this program and do another Full Scan with it and have it Remove Everything found and then Reboot the computer, this is very important since some of the removals often are not complete until the computer has been rebooted.

You need to Uninstall these programs as they are likely part of the cause for your infections:
µTorrent
ClickPotato
StreamTorrent 1.0
facemoods

After you have run MBA-M and posted the new log then please do the following:

Please Run the ESET Online Scanner

http://www.eset.com/us/online-scanner?i_agree=14

* You can use Internet Explorer or you may use Firefox to complete this scan and you will need to allow an Active X to be installed
* You will need to temporarily Disable your current Anti-virus program.
* Be sure the option to Remove found threats is checked and the option to Scan unwanted applications is Checked.

* When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt.

Reboot the computer …

Good enough. Thanks for posting back to let us know.

Yes, it very likely is, at least you must go on that supposition until proven otherwise. I wouldn't take the chance myself. Too much to lose. Personal info, email addresses, etc.
There really are NO simple viruses today. Especially when these redirects are one of the symptoms.

Anytime he is online then he is at risk. Outlook Express has to go online to get the mail. You don't need a browser to go online, you just need a connection. HiJackers don't use the browser, they use the connection itself.

And everytime he goes online with this computer it is very likely that "somebody" else is also using the computer. The longer he waits the more infected it will become.

Do as jholland says, but did you check the setting's I told you to check?

We need feedback to say yes or no sometimes.

What we really need is for all the steps in the Read Me sticky to be completed until those are done even a yes or a no is nothing.

A friend has suggested that the problem is 'google redirect'.
Is there a specific fix for this ?

No, there is not without running the tools noted on the Read Me sticky as previously indicated. This is a strong indication of infection on the computer and the longer you wait to begin cleaning the more infected it will become making it that much harder to clean.

Please also check this

http://www.daniweb.com/hardware-and-software/microsoft-windows/windows-vista-and-windows-7/threads/366094/1570095#post1570095

It will be you have Spyware/Malware but need to check that setting first.

Good catch and good advice. Malware will reset this setting so check that and then proceed with steps in the Read Me Sticky.

Don't delay, the longer you wait, the worse things will be.

Please follow all the instructions on our Read Me Sticky and post back with all the requested logs. We can't help without complete information.

http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/threads/134865

since this doesn't appear to be an infection problem I am moving this thread.

Hi All!

I'm new to the List but I was wondering what would be the best Dell Lap Top computer to buy? I would apprecate any recommendations.

GreenHornet2002;
This is not the place to post this question. We are working on a computer clean up here. I suggest that you post this in the PC Hardware forum

We actually know nothing here since no logs have been posted, other than the fact that the computer is probably 7 years out of date based on the service pack and You are running a 10 year old copy of Internet Explorer. IE7 was released nearly 5 years ago and IE 8 was released 2 years ago.

Cleaning the registry would certainly NOT be one of the recommended steps, expecially 300 entries. IF there were infected registry entries then Avast and MBA-M would have found those and removed them. Any other items would simply be dead entries and need not be worried about, they take up very little room and certainly shouldn't slow the computer.

Is the Avast program fully up to date? Is CCleaner fully up to date, is MBA-M fully up to date?

None of your scans will be done correctly or fully if those programs are as out of date as the system.

One of the easiest ways to end up with severe infections is to run a computer that is so many years of date. Security patches are released all the time to plug various holes in system security and you are missing probably too of them to even count or list by not having your system up to date. Regular programs also often have security updates added so you probably are missing those also again adding risk to the computer.

Please follow all the steps given in our Read Me …

You don't want to do a back up image of the damaged system because that is what you would get when you used it...a damaged system. It only can create or copy what it sees and if what it sees is damaged then that is what you are going to get.
I would suggest going to the HP Support website and find instructions for using the recovery disks.
Sorry we couldn't have had a better out come but in the end your computer should run like new.

Does windows hide folders on its own if a threat appears? I'm thinking the virus did this to intensify the perceived "risk". Have to say I honestly don't know. It's very possible. I am certainly glad that you found all of them.
My advice now is still the same, reformat and reload. Back all the files up, pictures, etc. to an outside source so that you don't lose them with the reformat. But because of all of the problems you experienced your best bet is get this back to "like new" with the reformat, reload, full Windows Updates, new security programs, install all your programs, with updates to those, etc.
I think you will be better set that way rather than try to keep fighting this damaged system.

You can do a search on the computer for .jpg files or whatever type of image extensions you use. Do the same for Word files, you may be able to find them all if you want to try. If you saved all in specific folders then you possibly could find the entire folders.

The only program you need to keep is Malwarebytes' Anti-Malware. the others are only for use on an infected machine and shouldn't be used again. Malwarebytes' should be updated and a scan run at least once a week, following the same procedure used here.
The other FREE program I would recommend is SpywareBlaster by Javacool Just click right there and you will get the install file.
Download, save it, double click to install. Then Update it and Enable all protection and close the program. That's it. Manually check for updates every couple weeks and follow the same procedure if there is an update and then close it again.
SpywareBlaster doesn't scan for and clean spyware--it prevents it from being installed in the first place. SpywareBlaster prevents the installation of ActiveX-based spyware, adware, dialers, browser hijackers, and other potentially unwanted programs. It can also block spyware/tracking cookies in IE, Mozilla Firefox, Netscape, and many other browsers, and restrict the actions of spyware/ad/tracking sites.
I would never run a computer without it.

Happy to help!

So . . . am I safe to attempt a (another) restore? Still looking for the "lost" documents.

System Restore actually operates only on a very few system files and settings. System Restore backs up your registry. System Restore does not backup your data. If you delete or damage a file, System Restore will not recover it. System Restore does not keep old copies of your files or documents. If the documents are gone then likely they are gone.

That is not a full TDSSKiller log. It is only the beginning of the log which gives system information. Each and every log would show pretty much the same thing because the scan had not yet even Initialized or begun to scan. The next line would read; Initialize success and then followed by Scan started Mode: Manual; with the date and times noted, followed by a long list of files scanned. Ending with Scan finished and then a listing of what was found.

You should have mentioned in your very first post about this Windows Registry Recovery message. This message shows there has been registry damage at sometime in the past.

Since we know now that there was a problem with the registry prior to your making a post and beginning these steps I think your best bet to get a good working computer is to reformat and reload the system.

Uninstall Combofix:
Go Start > Run [Vista users, go Start>"Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall"
Click OK (Vista users - press Enter).
Restart computer.

You also need to set a new, clean Restore point.
To do this Right Click My computer.
Choose Properties
When System Properties opens choose the System Restore Tab.
Place a check mark in Shut down System Restore.
You will probably get a message telling you it will be shut down, click ok or yes.
Allow it to shut down.
Wait a moment. Then go back in and take that check mark Out so that System Restore will turn back on.