SpyWare BeWare! ASAP
April 23, 2017, 04:36:06 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News:
 
   Home   Help Search Calendar Donations Login Register Chat  



Google It!
Pages: 1 [2]   Go Down
  Print  
Author Topic: Chitka and Ilivid popups  (Read 2751 times)
0 Members and 1 Guest are viewing this topic.
melboy
Moderator
Hero Member
*****
Offline Offline

Date Registered:April 02, 2009, 02:56:03 AM
Posts: 756



« Reply #15 on: March 23, 2013, 05:38:28 AM »

Now run the other.
Logged

cak07d
Newbie
*
Offline Offline

Date Registered:March 21, 2013, 04:50:20 PM
Posts: 16


« Reply #16 on: March 23, 2013, 06:05:15 AM »

It still comes up with the same error message.
Logged
melboy
Moderator
Hero Member
*****
Offline Offline

Date Registered:April 02, 2009, 02:56:03 AM
Posts: 756



« Reply #17 on: March 23, 2013, 06:16:48 AM »

Hi

We're not having much luck are we? We'll try a different approach.


OTM

Download OTM by Old Timer and save it to your Desktop.

  • Right click OTM.exe & choose "Run as Administrator" to run it.
  • Allow any UAC prompt.
  • Copy the following code. Do not include the word Code.
Code:
:Commands
[emptytemp]
[resethosts]
  • Return to OTM, right click in the area and choose Paste.
  • Push the large button.
  • OTM may ask to reboot the machine. Please allow it to do so if asked.
  • The report should appear in Notepad after the reboot. Copy/paste the contents of that report back here in your next reply.
Logged

cak07d
Newbie
*
Offline Offline

Date Registered:March 21, 2013, 04:50:20 PM
Posts: 16


« Reply #18 on: March 23, 2013, 06:27:49 AM »

Finally something worked Smiley

All processes killed
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
 
User: All Users
 
User: cskillman
->Temp folder emptied: 557581 bytes
->Temporary Internet Files folder emptied: 371900614 bytes
->Java cache emptied: 1320038 bytes
->Google Chrome cache emptied: 44201560 bytes
->Flash cache emptied: 776775 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56468 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1789799 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 41112 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 78039 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 401.00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTM by OldTimer - Version 3.1.21.0 log created on 03232013_071908

Files moved on Reboot...
File C:\Users\cskillman\AppData\Local\Temp\etilqs_hp9kJJRsPiAI34e not found!
File C:\Users\cskillman\AppData\Local\Temp\etilqs_qJAeTW5Jleo1uMi not found!
File C:\Users\cskillman\AppData\Local\Temp\etilqs_YTa7HO0tt0iNzNu not found!
C:\Users\cskillman\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\cskillman\AppData\Local\Temp\glog.log moved successfully.
C:\Users\cskillman\AppData\Local\Temp\MMDUtl.log moved successfully.
C:\Users\cskillman\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\LMutilps32.log scheduled to be moved on reboot.

Registry entries deleted on Reboot...
Logged
melboy
Moderator
Hero Member
*****
Offline Offline

Date Registered:April 02, 2009, 02:56:03 AM
Posts: 756



« Reply #19 on: March 23, 2013, 06:41:01 AM »

How are things running now?
Logged

cak07d
Newbie
*
Offline Offline

Date Registered:March 21, 2013, 04:50:20 PM
Posts: 16


« Reply #20 on: March 23, 2013, 07:11:57 AM »

So far they don't seem to be popping up anymore!
Logged
melboy
Moderator
Hero Member
*****
Offline Offline

Date Registered:April 02, 2009, 02:56:03 AM
Posts: 756



« Reply #21 on: March 23, 2013, 07:25:26 AM »

    Good.

    One last check as other than your hosts file everything seem ok. Let me know how things are running.


ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here to run the scan.
    Quote
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Click on Run ESET Online Scanner
  • Select the option   YES, I accept the Terms of Use then click on:
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
.
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
.
  • Now click on:
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at:
.
C:\Program Files (x86)\ESET\EsetOnlineScanner\log.txt
.
  • Copy and paste that log as a reply to this topic.
  • Now click on: (Selecting Uninstall application on close if you so wish)
  • Re-enable your anti-virus software.
Logged

cak07d
Newbie
*
Offline Offline

Date Registered:March 21, 2013, 04:50:20 PM
Posts: 16


« Reply #22 on: March 23, 2013, 10:55:20 AM »

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=6b389235e409294eb1fabbef930bd8f2
# engine=13469
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-03-23 03:52:23
# local_time=2013-03-23 11:52:23 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 72809132 115597393 0 0
# scanned=124383
# found=0
# cleaned=0
# scan_time=6606
Logged
melboy
Moderator
Hero Member
*****
Offline Offline

Date Registered:April 02, 2009, 02:56:03 AM
Posts: 756



« Reply #23 on: March 24, 2013, 01:30:19 PM »

Hi

Your log now appears to be clean. Congratulations!

This is my general post for when your logs show no more signs of malware Wink - Please let me know if you still are having problems with your computer and what these problems are.


Update Adobe Reader

Your Adobe Reader is out of date.
Older versions may have vulnerabilities that malware can use to infect your system.

  • Uninstall via Start > Control Panel  > Add/Remove Programs:
    Quote
    Adobe Reader X (10.1.0) MUI

    Please visit the Adobe Site & download & install Adobe Reader XI (11.0.02).
  • Then using the internal updater ensure the software is updated to the current increment 11.0.02
    • Open Adobe Reader go to > Help > Check for updates and allow the updater to check.
    • Click to download and install any necessary updates.
.


Uninstall Combofix

We Need to Remove ComboFix

  • Please go to Start -> Run
  • Enter "ComboFix /uninstall" (without quotes). Note the space between "ComboFix" and "/uninstall", it needs to be there.

  • Press OK (Or hit enter).
  • Allow ComboFix to remove itself.
.
Please let me know if combofix does not uninstall.



OTM by OldTimer

  • Double-click OTM.exe
  • Click the CleanUp! button
  • Select Yes when the Begin cleanup Process? Prompt appears
  • If you are prompted to Reboot during the cleanup, select Yes
  • The tool will delete itself once it finishes, if not delete it by yourself
.


General Security and Computer Health
Below are some steps to follow in order to dramatically lower the chances of reinfection. You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented.


  • Make sure that you keep your antivirus updated
    New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
    Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
    Uninstall Tools for Major Antivirus Products
  • Security Updates for Windows, Internet Explorer & Microsoft Office
    Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC.  Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.
    Note: The update process uses ActiveX, so you will need to use internet explorer for it and allow the ActiveX control to install.
  • Update Non-Microsoft Programs
    Microsoft isn't the only company whose products can contain security vulnerabilities.  To check whether other programs running on your PC are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month.
  • Make Internet Explorer More Secure
    Even if you do not use Internet Explorer as you Primary/Default browser it is important to keep it updated. Internet Explorer can be utilised by other programs and therefore must be kept updated to avoid exploitable vulnerabilities.
.

Recommended Programs

I would recommend the download and installation of some or all of the following programs (if not already present), and the updating of them on a regular basis.

  • WinPatrol
    As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission.  WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.  For more information, please visit HERE.
  • Malwarebytes' Anti-Malware
    As you already have Malwarebytes' Anti-Malware on board I would keep it regularly updated and run regular quick scans with it. Malwarebytes' Anti-Malware is an anti-malware application that can thoroughly remove even the most advanced malware. The Full version can be used as an addition to an anti-virus & includes a number of features, including a built in protection monitor that blocks malicious processes before they even start. It's IP Protection provides an additional layer of security for your computer, by preventing access to known malicious IP addresses and IP ranges. You can now trial the full versions features within the program. Click the Protection Tab to see.
  • Hosts File
    For added protection you may also like to add a host file.  A simple explanation of what a Hosts file does is HERE and for more information regarding host files read HERE.
.


Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs and other applications & programs up to date.

Also please read this great article by Tony Klein So How Did I Get Infected In First Place

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Happy surfing and stay clean!





Logged

cak07d
Newbie
*
Offline Offline

Date Registered:March 21, 2013, 04:50:20 PM
Posts: 16


« Reply #24 on: March 26, 2013, 04:04:26 AM »

Thank you so much for all your help Smiley
Logged
cak07d
Newbie
*
Offline Offline

Date Registered:March 21, 2013, 04:50:20 PM
Posts: 16


« Reply #25 on: March 26, 2013, 04:46:42 AM »

For some reason Adobe flash player will not install?
Logged
melboy
Moderator
Hero Member
*****
Offline Offline

Date Registered:April 02, 2009, 02:56:03 AM
Posts: 756



« Reply #26 on: March 26, 2013, 02:03:53 PM »

Hi cak07d

Work through the KB article here: http://helpx.adobe.com/flash-player/kb/installation-problems-flash-player-windows.html

Let me know if you require further help or whether the topic can be closed. Smiley
Logged

cak07d
Newbie
*
Offline Offline

Date Registered:March 21, 2013, 04:50:20 PM
Posts: 16


« Reply #27 on: March 28, 2013, 04:35:59 AM »

this was helpful thank you!
Logged
melboy
Moderator
Hero Member
*****
Offline Offline

Date Registered:April 02, 2009, 02:56:03 AM
Posts: 756



« Reply #28 on: March 28, 2013, 08:20:37 AM »

You're welcome Smiley
Logged

melboy
Moderator
Hero Member
*****
Offline Offline

Date Registered:April 02, 2009, 02:56:03 AM
Posts: 756



« Reply #29 on: March 28, 2013, 08:21:38 AM »


As this issue appears resolved this Topic is now closed.

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine.

Any other members requiring Malware Removal assistance, Please Start HERE!


If you have been helped and wish to donate to help with the costs of this volunteer site:
Please Help Support This Site and ASAPô


Thanks!
Logged

Pages: 1 [2]   Go Up
  Print  
 
Jump to:  


Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2013, Simple Machines Valid XHTML 1.0! Valid CSS!