If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#46
|
|||
|
|||
malware issue - part II
Hello Paul,
The AdwCeaner found nothing... and generated the automatic report. Ran the JRT scan but it didn't display a log it opened My Documents. Tried installing Malwarebytes and during installation it gave me this: Setup CoCreateInstance failed; code 0x80040154 Class not registered Ran HitmanPro and found 22 traces but no threats. deleted traces. Robert |
Ads |
#47
|
|||
|
|||
malware issue - part II
|
#48
|
|||
|
|||
malware issue - part II
wrote:
Hello Paul, The AdwCeaner found nothing... and generated the automatic report. Ran the JRT scan but it didn't display a log it opened My Documents. Tried installing Malwarebytes and during installation it gave me this: Setup CoCreateInstance failed; code 0x80040154 Class not registered Ran HitmanPro and found 22 traces but no threats. deleted traces. Robert http://www.bleepingcomputer.com/foru...stalling-mbam/ CoCreateInstance failed; code 0x800401154. Class not Registered. This means that a COM object or an ActiveX object could not be instantiated because it is not registered. Since you are mentioning other problems, it could be that this missing class is related to this. It sometimes happens when an uninstall removes too much. There is a way to find out which class, but it's technical. How good are you at using ProcMon? Now, what that person is suggesting, is watching something with Process Monitor from sysinternals.com (owned by Microsoft). That is as close as I got, to someone suggesting a way to debug. I tried a few more searches, and there doesn't seem to be a common theme to responses to that. Yes, there is Malwarebytes Chameleon, as a way to fool the malware that you're not trying to run MBAM. But the symptoms suggest that something underneath is broken enough, it probably wouldn't work. I would take the 8200 over to Bleepingcomputer and start another thread, citing the symptoms. As me suggesting dumb things to do here, would be of no help to you at all. Paul |
#49
|
|||
|
|||
malware issue - part II
"Paul" wrote in message ...
wrote: Hello Paul, Here's what I've done: On the 8500: I ran a full system scan with Avast, it gave me this: http://i62.tinypic.com/66i4o8.png I selected fix automatically and clicked apply. http://i57.tinypic.com/6y1edd.png I checked Avast for any updates and said I was current. I went back and tried to do what you suggested and I think I did it. http://i57.tinypic.com/mhso6w.png 8200: When I log on, the Firewall turns off and says my computer is at risk and the virus protection was out of date: tried to update Firefox via Avast. Updated Adobe Flash Player, Adobe plug-in. I also tried to check for Windows updates but it wouldn't open. Now it just says my computer is at risk and clears itself after about a minute. Ran an Avast scan - found (9) infected files C:\...Insis.hdr NSIS:NextLive-A[Adw] C:\AdwCleaner\...\nengine.dll.vir Win32:NewxtLive-A[Adw] C:\...\A0014394.dll Win32:NewxtLive-A[Adw] C:\...\A0014395.dll Win32:NewxtLive-A[Adw] C:\...\A0017566.dll Win32:NewxtLive-A[Adw] C:\...\A0014393.dll Win32:NewxtLive-A[Adw] C:\...Insis.hdr Win32:NewxtLive-A[Adw] * The first and last isn't really a capital ' I ' but a black bar but I didn't know how to make one. Ran a boot scan and it gave me this at 21% File c:\Program Files\Uninstaller\Uninstall.exe is infected by win32:Installer-U [Pup} I selected number 2 (fix all automatically) and it was moved to the quarantine chest. later it gave me File C:\ System Volume Information\_restore {E25274F5-321C-4C3D-A322-8F6F5F7F5B9F}\RP38\A0013223.exe is infected by win32:Mobogenie-B [PUP] File C:\ System Volume Information\_restore {E25274F5-321C-4C3D-A322-8F6F5F7F5B9F}\RP38\A0013239.exe is infected by win32:Mobogenie-C [PUP] File C:\ System Volume Information\_restore {E25274F5-321C-4C3D-A322-8F6F5F7F5B9F}\RP43\A0014373.exe is infected by win32:Installer-U [PUP] File C:\ System Volume Information\_restore {E25274F5-321C-4C3D-A322-8F6F5F7F5B9F}\RP67\A0020850.exe is infected by win32:Instaler-U [PUP] the scan didn't stop but moved them all into the quarantine chest. I ran a full system scan with Avast afterwards and came up clean. Tried to open Spywareblaster to update it and it gave me this: Error: Access violation at 0x73483F5A (tried to read from 0x00000014), program terminated. Last CP is 'RF'. Thoughts, suggestions? Robert On the 8500, that was a copy of CCleaner from Piriform (cc_setup), which has Google Chrome and some toolbar inside it. Avast has "moved it to the chest". So that was adware, rather than malware. And hopefully, something you could decline (using tick boxes), when installing CCleaner, so you don't get a toolbar. ******* On the 8200, have your run this machine through Bleepingcomputer ? Have you ever had these results checked by a professional malware fighter ? The NextLive is covered here, and it's just another PUP. AdwCleaner and friends are the suggested solution. You've been through this routine before. http://malwaretips.com/blogs/win32-nextlive-a-removal/ If the computer saves a System Restore point, while you're infected with something, then a scan is going to find the infection in the System Restore. So that would be normal, if you had something nasty on the machine. Malware is pretty good at making sure it's in the Restore points, one way or another. It's possible, in your file list there, that AdwCleaner has a quarantine folder, and another tool is picking up that quarantine folder during a scan. But the other symptoms bother me. The Spywareblaster getting an Access Violation, it's probably been tampered with. And your firewall, sometimes that can be explained by other things (like, a .NET problem), but that's probably not it in this case. Maybe these symptoms aren't consistent with just a PUP being present. If you look at this thread, Spywareblaster seems to be sensitive to interference from other protection programs. That's all I can figure. And reinstalling it, doesn't necessarily help. http://www.wilderssecurity.com/showthread.php?t=229348 Paul AdwCleaner probably messed up his SpyWareBlaster. When I ran AdwCleaner on my Win7 HE 64bit PC, it wanted to do something to SWB. If he wants to keep SWB I would suggest he tries to uninstall SWB and reinstall SWB, or just leave it uninstalled until he gets his other problems corrected. -- Buffalo |
#50
|
|||
|
|||
malware issue - part II
Where is a safe download for SpyWareBlaster
and how is one to know a safe site from one that isn't? Thanks, Robert |
#51
|
|||
|
|||
malware issue - part II
Hello Paul,
If you mean following a persons instructions while you watch, I've done a little of that. So I'll give it a try. I'll start a post on the other forum but If I have questions regarding the 8200 I'll create another post here. Once again, I want to thank you for all your good help and staying with me through all this. I appreciate your time and patience, expertise, excellent instructions and taking the time to educate me in the process which I appreciate. Thanks, Robert |
#52
|
|||
|
|||
malware issue - part II
wrote in message
... Where is a safe download for SpyWareBlaster and how is one to know a safe site from one that isn't? Thanks, Robert Download it from the author's site. Always save the dl'd file rather than choosing to run it. After it is dl'd and before you use it, let your Anti-virus program and your Anti-Malware program scan it. That should help the odds. ALSO, when you do install (execute) the program, look at EVERY screen during the install to see what else it may want to install. -- Buffalo |
#53
|
|||
|
|||
malware issue - part II
wrote in message
... Where is a safe download for SpyWareBlaster and how is one to know a safe site from one that isn't? Thanks, To answer your question, go to : http://www.brightfort.com/ -- Buffalo PS: I missed doing that in my just previous post. |
#54
|
|||
|
|||
malware issue - part II
wrote:
Where is a safe download for SpyWareBlaster and how is one to know a safe site from one that isn't? Thanks, Robert This doesn't work in every instance, but I use Wikipedia to get the "authoritative" web site information. I go to wikipedia.org and search for Spywareblaster, and it takes me here. http://en.wikipedia.org/wiki/Spywareblaster http://www.brightfort.com/spywareblaster.html SpywareBlaster works by blacklisting the CLSID of known malware programs, effectively preventing them from infecting a protected computer. So as Buffalo says, brightfort.com is the developer site. HTH, Paul |
Thread Tools | |
Display Modes | |
|
|