Posts by jholland1964

Could you tell, were there errors found and fixed?

ummm, sorry, I read the disk check before it was edited and already did it, it took all morning, hope I didn't mess up... :(

Want me to go back and do the TDSS now? I'm waiting to see what you say since I got ahead of myself earlier.

That was my fault, added the TDSS after posting the disk check because I read through your other thread and saw that in there.

Yes, do the TDSS Killer and post back with the results. If it isn't there, it won't hurt anything and if it is there it should remove it.

Depends on the web page, if it is a public page then he would not be the only one who could listen. Unless it is a private, and maybe encrypted page, that only you own, that would require a special password to enter it in the first place, that only you could create and give to him, and nothing can be downloaded FROM that page without following specific multiple steps, then he could still save it on his computer at the same time he listened to it. In fact, depending on his computer configuration, his computer might require download of the file to his computer before he even could listen to it.
I would never chance it myself, especially something that there is no way I want others to see or hear. There is almost always a way to get around things in order to use them or keep them. That doesn't make it legal, it often isn't, but it is done probably millions of times daily on the internet.

As I said, once it is "out there", it is "out there" and you absolutely have no control on where it goes and who has it will have NO WAY to get it back, EVER, it is out there FOREVER.

You could even set something up like that so that only viewing or listening on the computer can be done by doing all the steps above, BUT that does not stop somebody from using a tape recorder, …

Not if you have sent it on to somebody else. Once it's on their computer, facebook, cellphone, whatever, then it is "out there" and even deleting it from your computer or phone makes no difference, somebody else has it and they can do whatever they want with it.
Number one rule about the internet...Don't say or send anything to anybody that you don't want the world to see or hear, because after you it send to another, then it is out of your hands for good.

That person can delete the file from his computer and it's gone from his, but you have absolutely no guarantee that person will do that, even if they say they will. Don't send it to somebody else.

These programs, especially Avira should not just stop working and Java should install without difficulty using all the steps you have tried. I think you have some key files damaged

On your previous thread you had the TDSS rootkit on there. That could have damaged key files or else some of it may remain on there.
Do this first:
Please read carefully and follow these steps.

* Download TDSSKiller and save it to your Desktop.
http://support.kaspersky.com/downloads/utils/tdsskiller.zip
* Extract its contents to your desktop.
* Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

* If an infected file is detected, the default action will be Cure, click on Continue.

* If a suspicious file is detected, the default action will be Skip, click on Continue.

* It may ask you to reboot the computer to complete the process. Click on Reboot Now.

* If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
* If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

I am going to want you to run check disk later, but don't do it now.
Have gone all the way through your previous thread …

Glad that Windows Firewall is off. I asked about the Comodo because I went through your other thread and I saw that the Java problems seemed to begin after the install of Comodo.At that time you were using Avira with it, which is top of the line but now instead you are using Comodo Sucurity Suite instead of just the firewall and of course that has your av program also.
Yes, Avira is gone. But I am leaning towards the Comodo program causing much of your difficulties, though I cannot say for certain, plus the Comodo av program isn't considered top of the line either.
In that last thread you were having multiple difficulties caused by a rootkit and the Java problems came along at the end after the install of Comodo Firewall

Are you required to use Comodo Security Suite for some reason? I know it is a paid program, how long before it expires? Have you ALWAYS used Comodo with this computer?

You never, ever use two firewalls at the same time on the computer. If you have a 3rd party firewall on the computer then the Windows firewall absolutely must be turned off and never turned back on, unless you Uninstall the other firewall.Same as you never have two anti-virus programs installed.
An anti-virus program can also block the install of some programs and occasionally the use of some programs.

I just wondered if maybe the router firewall was blocking. You DO have the Windows Firewall turned off don't you?
I have searched around and have found a lot of posts concerning the Comodo Internet Security causing problems with java installs, and other programs also. Have no idea if this has anything to do with all of this or not but that Belarc program should run easily too. Makes no sense to me at all.

I hate to say this but there appears to be a lot more going on there than you actually know. There is something blocking all of these things.For one thing you should easily be able to right click that Belarc and run as administrator.

OR in Internet Explorer you should, when you click that Download button get the option to Run, and it should install and run.

Are you connected directly to the internet or wirelessly via a router? If using a router, can you disconnect that and connect the internet cable directly to the laptop?

Here is the Java test page, click the download button, it will run the test and tell you if you need a different version. Current version is update 6 version 24

http://www.java.com/en/download/index.jsp

This is the driver download page I was viewing

http://downloadcenter.intel.com/SearchResult.aspx?lang=eng&ProductFamily=Internet+Devices&ProductLine=Netbooks&ProductProduct=Mobile+Intel%C2%AE+945GM+Express+Chipset+Family

If you are using IE you need the plugin, if you are using Firefox you shouldn't need it.

Do this, download this free computer audit and run it. It will give you, in the browser window a complete audit of your PC. It will tell you what your graphics card is and driver installed and when.

http://www.belarc.com/free_download.html

Is this a laptop?
The latest one I see on there is one dated 7/3/2008 and is driver number 15.​8.​3.​1504 and it's for Vista 32bit Laptop
don't know that is the correct one for you though.

I thought your Java was working in Firefox

It says I have the latest version.

What says that? Who is the manufacturer of your display card? What driver version do you have? When was it installed?

You can delete the extra IE icon, you would only need one. Here is the Adblock for IE
http://simple-adblock.com/

You might consider Firefox, it is a more secure browser, slightly different from IE but generally faster, easily configured. I have used it for years, rarely use IE anymore unless I have to use it. http://www.mozilla.com/en-US/firefox/new/

You do need to make certain you have proper security settings for IE. You want to be certain that 3rd party cookies are blocked, those are ones that are from ads on a web page and you don't want those, you only want the ones from the site you are visiting.
In IE go to Tools, Internet Options, Privacy, Advanced button. Make sure there is a dot in Allow 1st party cookies and a dot in the Don't Allow 3rd Party cookies and a check mark in allow session cookies.
Ok, your way out.

I don't use, and have never used the Comodo Firewall so I can't give directions for that since I don't know it at all. I use the built in Windows firewall.
If you have the Java working in Firefox then you have done it right. The elluminate website said, use the browser that it works in and not the others, so...that tells me they probably don't know either and they don't want to find out how to tell people to configure each browser. I can't say that for certain that is just my opinion.

Now as far as the Video Driver, you probably need to update it, but you need to know exactly what brand of video card you have on your computer because you need the driver made specifically for that card, another one for another brand wouldn't work or could cause problems.

The Windows, "check for new driver" is always going to say the most current driver is on there, if that is what you did, you have to check the manufacturer of the card to get the right one.

Right Click My Computer, Choose Properties. When that opens go to the Device Manager and look for the Display Adapter. click on that to open and then double click to see what driver is on there.
Then you should go to the display adapters manufacturers page and look for a more recent driver. Download it and then install it and see if you …

Good, got rid of that RegistryReviver and look at the files removed from System Restore.
Ok, let's remove combofix:
Uninstall Combofix:
Go Start > Run
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall"
Click OK.
Restart computer.
Your installed programs list doesn't show any Java installed, it shows a Java Updater, which is useless really but no Java.
You do need Java to view many websites correctly.
Go to this site and install the most recent version

http://www.java.com/en/download/index.jsp

Then;
You also need to set a new, clean Restore point.
To do this Right Click My computer.
Choose Properties
When System Properties opens choose the System Restore Tab.
Place a check mark in Shut down System Restore.
You will probably get a message telling you it will be shut down, click ok or yes.
Allow it to shut down.
Wait a moment. Then go back in and take that check mark Out so that System Restore will turn back on.
Also reduce the size to about 5% by moving the slider so that the size is reduced.

I would also recommend that you add this superb protection program
SpywareBlaster
from Javacool
SpywareBlaster doesn't scan for and clean spyware--it prevents it from being installed in the first place. SpywareBlaster prevents the installation of ActiveX-based spyware, adware, dialers, browser hijackers, and …

Wow - that's bizarre....

But, hey, I'm not going to question it! :) Just take it and mutter a quick thank you to the computer gods and go about my business!

Honestly speaking, experimenting with different browsers' online install was way down on my list of things to try from the beginning.
And, the fact that other versions installed with no problem really threw me for a loop.

-- I still doubt it's a Firefox "issue" - otherwise there'd be a lot of other documented instances. Could be something on your compy interacting with Firefox in a weird way...... But, there I go questioning the computer gods. I'll shut up now :)

PP

Oh I don't think it's a Firefox issue either PP. Honestly...think it "may" all go back to that Elluminate and how it is interacting with "whatever" in some way. It of course requires Java to operate and looking at their help site there are several things I see...
One being exactly what you did, try different browsers and if it works in a different browser then use only that browser.

If you have problems on one computer that is in a network then try exactly the same steps on a different computer in the same network, if you can replicate the problem on that computer then the problem is with the network, not the computer and not Java.

You must also configure the Firewall to Elluminate program AND Java Web Start, …

4.0 It seems faster. I am not loving the tabs; it's done like Opera, not my favorite, but hey, java works. I am however, back to having to turn off Comodo to load my lecture from elluminate then turn it back on after it's loaded. Otherwise java gives me an error. I can't figure out how to make it allow me to use it without having to do so. :-/

I have not yet installed Firefox 4 but here is a "tweaking" link that several people I know have used.

How to Make a Firefox 3 Theme for Firefox 4

>>>I am chastised and hanging my head in shame.

Hey, not really your fault and no need to be ashammed, happens to people all the time. I agree totally with what you say here...
>>>It makes me curious why the sites with the good stuff have the bad stuff so prominently at the top...It happens a lot to people. One way to avoid that is use AdBlock on the browser, then those ads like that, and that is what those things are, ads. Then they don't even show.
Now we go forward;
We wouldn't recommend something that would not be compatible with your system so no worries there, but Combofix is a one time only tool, it isn't something you keep on the system.
We will remove that shortly.

The Recovery Console offered by combofix is really optional and not required.
Recovery Console and system restore are not the same thing. If a Windows XP-based computer does not start correctly or if it does not start at all, you may be able to use the Windows Recovery Console to help you recover the system software. It really is very limited though.

System Restore is entirely different. System Restore actually operates only on a very few system files and settings. System Restore backs up your registry. System Restore does not backup your data. If you delete or damage a file, System Restore will not recover it.
System Restore will NOT uninstall a …

Well, the Registry Reviver is most definitely NOT a good program, in fact it is considered Rogue Software. You said it removed some files, it didn't happen to produce a log or do a backup did it?
At least you ran combofix AFTER installing it and not before, but it put itself into the registry when it installed so we're going to have to get rid of it also.

Go to Add/Remove and Uninstall it immediately.

Also I have another question, in the Combofix log Avanquest AntiVirus shows as being installed yesterday.

Why? You all ready had Avira, which is one of the top av programs available today why did you install another antivirus program and one which certainly is much lower ranked? While Avira, or most anti-virus programs, do not stop a rootkit, Avira is one, if configured correctly will at least FIND a rootkit. Most rootkits do require special tools for removal, anti-virus programs usually don't remove them but Avira would certainly scan for them if configured to do so and would then give notification if one was found. I honestly don't know much about Avanquest except I haven't seen it on the lists of Top Ten av programs and I don't believe it is free but a paid program only. The only listings I have found say Free to try, meaning this is temporarily free and after a certain amount of time the program will expire and cease to work unless it is …

So, I updated to the newest version of firefox today and java is now updated and working. So weird right? Why wouldn't it work in any other browser if it was a firefox issue? I always update firefox when it tells me to... Wow, :o maybe it won't stop again! fingers crossed

Have been watching this thread with great interest and glad it is working but I have a question, what version of Firefox do you now have?
Go up to Help, About Mozilla Firefox to see for sure. I am just curious.

Hi Cathy, since this forum is solely for the removal of infections from machines your post might receive more information in the Internet Marketing forum

http://www.daniweb.com/internet-marketing/25

Cathy, that only removed the rootkit, there likely are more infected files on there. Even though MBA-M had removed some the rootkit would likely have brought in more that it would not allow MBA-M to clean at that time or others which could not be found by MBA-M

Now do the following:
Please download ComboFix by sUBs from
http://www.bleepingcomputer.com/download/anti-virus/combofix

Please note that the BleepingComputer.com download link will expire in 10 minutes after you click it so if you don’t click within ten minutes after reaching the page you will need to refresh the page.

• You must download it to and run it from your Desktop
• Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
• Double click combofix.exe & follow the prompts.
• When ComboFix has finished running, you will see a screen stating that it is preparing the log report
• This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
• Re-enable all the programs that were disabled during the running of ComboFix..
• Then post back here with that log.
Note:
Do …

Hi and welcome to daniweb. You have a rootkit infection. You need to do the following:
Please read carefully and follow these steps.

* Download TDSSKiller and save it to your Desktop.
http://support.kaspersky.com/downloads/utils/tdsskiller.zip
* Extract its contents to your desktop.
* Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

* If an infected file is detected, the default action will be Cure, click on Continue.

* If a suspicious file is detected, the default action will be Skip, click on Continue.

* It may ask you to reboot the computer to complete the process. Click on Reboot Now.

* If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
* If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

The poster stated that he will get an external hard drive from his friend to backup his data, i am recommending him good external hard drive that will crash less.

That may be, however, he is going to borrow one from his friend which he plainly stated so he does not need to purchase one or maybe cannot afford at this time to purchase one. He does have access to one so telling him to purchase one is not necessary. You have all ready been told not to post in this forum, yet you continue to do so. I am telling you again, do not post in this forum.

I would recommend you use to seagate, buffalo hard disk. It is compatible with a lot of operating systems, try it. Buy a hard disk that have around 500 GB. After you get it go and back up your stuft and reformat your computer. Keep posting updates about the process

The poster is not purchasing a new hard drive, the poster is reformatting the computer, there is no need to purchase a new hard drive.

gunny:
That was a complete scan done with MBA-M.

If there IS a rootkit on the computer then the DDS log may show it Let's wait for all the logs requested in our sticky to be posted and then go from there.

Now to mazekx
Please do not post logs in Quotes, that makes them nearly unreadable. They must be copy/pasted.

Before running any other tools please post both of the logs produced by the DDS Scanner.

There are no instructions which say do not post the DDS logs, we wouldn't ask that you run them if we didn't want to see the logs.

Do not Attach either one, both must be copy/pasted and please don't quote them, post them.

Keep us posted somjit!

Using a registry cleaner is really unnecessary, it will not speed the machine. If there is infection in the registry then good tools like MBA-M will usually remove those files.
advanced system cleaner has a VERY poor reputation and has been known to actually damage machines.
IF something must be done to the registry you need to know exactly what you are doing, make a back up BEFORE doing anything and do it manually.

I have sent an SOS to gerbil, crunchie and PP. Hopefully one of them will look in here soon and maybe give us an answer.

so i know something more than an industrious poster at daniweb?? if this is true.. this just made my day!! lol :D ( just fooling around sir, hope u dont mind:) )

Hey I don't mind! I don't pretend to know anything like that! Hey I barely know enough to post right here! I depend on the experts like gerbil, crunchie and PP when I finally "hit the wall". :D
I'm not a sir by the way, my name is Judy. :)

for(i=0;i<100;i++)
{
printf(" THANK YOU!! :) ");
}

hope i got the code right.. been nearly one year since iv written any C at all..

Well I know absolutely nothing about writing any coding or reading it either so...?

u know.. just a few posts back, u said " just a nice guy, very rare!" ..

hey, u people here at daniweb are just that!! :) showing the patience u have showed to me and tons of others here who had asked for help!! u guys are just an awesome bunch of people!! :)

We try, that's the best we can do. We just want to keep everyone and their computers safe and clean.
Hopefully we can get yours cleaned up and safe for the future.

yeah.. got to know that AFTER the insatll was finished!! i knew then n there it wasnt a very smart thing on my part to just CASUALLY try something out just coz i was hearing abt it. especially when u know its risky stuff!

im finding it the hard way... though it could have been harder.. if u guys werent there, n if i had continued with my blissful ignorance of the mess iv gotten myself into!

i am gonna spread that message... maybe ill help out a few ignorant ones like me..

Good idea! Just tell others what you are going through right now. For the moment anyway, until gerbil can weigh in here, anything on your computer is at risk because of the possibility that you may have to resort to a reformat. I sincerely hope it will not come to that. I don't want to risk something here that may cause more damage so that is why I want him to take a look and advise before we go any farther.

please dont leave me because my original post was abt something else than whats happening now... i hope that u guys know that im hopeless without these instructions ur giving me :( so please dont leave !!

Never said we were leaving, I was just giving you this caution that this "could" be your only option and would likely involve all drives.

One thing you can and should do is go into all the drives and totally delete anything you have downloaded using any P2P program, you have no way of knowing which of these may be infected so you should get rid of all of them. The same would go for anything on a flash drive from one of these programs, and possibly something like an iPod. While an iPod usually can't get infected it can carry that infected file with the music. If you plug it into another computer it could then infect that computer. Same goes for a CD/DVD you may have burned with these files on them. They can't be infected but can carry the infected file with the music or movie. I have seen this happen. I cleaned two computers last year infected by transferring music from a CD to another computer that contained infected files in the music files. The CD played fine, but because the person downloaded them directly onto their hard drives they downloaded the infected files also.

i knew using a P2P program was dangerous... but i was hearing a lot abt file sharing, and wanted to see what all that was abt. heard that limewire was a popular tool for doing these sort of stuff.. so thought id give it a try ( if i dont like it .. would just uninstall it.. problm solved!! ) .. BAADD DECISION ! :(

How right you are! #1 Limewire is "no longer". It was ordered to stop distributing it's software October 26, 2010 by US Courts. Of course that is here in the US, don't know if that applies world wide. BUT that should be enough to tell you that if a US Court orders it's removal, then don't use it. Limewire is certainly NOT the only P2P program under a "cease and desist" order in the US to stop all business, there have been many.

The Court Order had nothing to do with the infections spread by P2P it was because it is a violation of US copyright law to TAKE copyrighted material. A copyright means the material must be PAID for in order to use it.
However, when using P2P you absolutely, positively have no way of knowing who or where that file came from and much of the time it is via a malware writer. Just common sense should make a person ask, WHY? Why is this unknown person willing to give away something that normally is required to be paid for? Occasionally, …

Your original question concerned installing an av program after a reformat.You now do realize that a reformat in this case, if you decide to go that route, could possibly include all of your drives since there is infection on all drives.

im sry, but i really have no idea what this program is. i dont remember installing anything like this, or using it. even the name sounds fishy...

Here are just two of the many listings for it:
c:\program files\common files\Spigot\
"c:\program files\common files\spigot\search settings\SearchSettings.exe"

Ok, did some more searching and here is what it is:
It runs automatically at start up. It is foistware, installed with something else. That Dealio toolbar for one thing.

One likely source would be something you downloaded using Limewire. So anything you got via that program or any other P2P program you have used would be highly suspicious.

but sality is not showing on the logs anymore.. does that mean sality has been deleted? i would do the sality killer run if i could get that page open.. but its not loading !

But it IS showing on the logs, at least it showed in the MBA-M log that you posted last night, meaning it was still there.
We can't say a computer is clean until all the logs find NOTHING, not just that they cleaned something.

One thing that constantly shows infection is some sort of program called Spigot, what is this program?

We are going to have to wait until gerbil can look at this because he may have something else that you can try, but for now your computer is still very infected and it appears you have been backing up those infections on all other drives so those also have to be cleaned of infections also. That is one of the problems doing backups without scanning them first before doing the backups. I have sent gerbil a message to ask that he take a look. Don't do any more downloading or backing up until he can take a good look at all of this.

Probably, and they likely are still there, especially since you didn't run all the programs requested by gerbil, namely the Salitykiller porgram

I ask this because each and every drive is still showing infection, except D of course. But all the others have infected files on them.
They don't have as many as they had before but they are still there.

When you say all those sites won't load, what happens when you try? Do you get an error message or something?

What do you have on all these additional drives?

do you have access to another computer?

When you say these sites won't load, what exactly happens?

Just noticed that you did not follow this portion of gerbils instructions:

download and run Salitykiller.zip and then Sality Regkeys.zip as per instructions here: http://support.kaspersky.com/viruses/solutions?qid=208279889
-turn System Restore off for all drives, then turn it on again and make a Restore Point.

I will wait for the logs. Hopefully all will be well and then we can proceed with setting this up more safely in hopes you can avoid all this in the future.

Looks pretty good! You aren't finished yet, by a long shot however.
You need to go to Add/Remove and Uninstall ALL of these, if you don't see them listed move onto the next one and then let me know which ones you didn't find.

Everything you find listed as AVG, it ALL must go.

Also these: They are out of date and we will update those shortly
Java Auto Updater
Java(TM) 6 Update 18

These below are total Junk and can damage your computer.
Advanced SystemCare 3
IObit Toolbar v4.1

This one is likely how you got infected in the first place. P2P, besides being ILLEGAL is the easiest way to get your computer infected.
LimeWire 5.5.14

These two are VERY questionable. Remove them.
SpeedBit Toolbar
SpeedBit Video Downloader

After you have done those Uninstalls then UPDATE MBA-M and do another Full Scan with it, have it remove everything found. Reboot the computer.
Then do the following:
Please Run the ESET Online Scanner

http://www.eset.com/onlinescan/scanner.php?i_agree=14
* You can use Internet Explorer or Firefox to complete this scan and you will need to allow an Active X to be installed
* You will need to temporarily Disable your current Anti-virus program.
* Be sure the option to Remove found threats is checked and the option to Scan unwanted applications is Checked.
* When you have completed that scan, a …

Please continue with combofix