blackled reddie svchost.exe mal problems

system · 2015-04-30T05:03:53.000Z

Everytime I boot up my PC avast gives me alerts with blackled, reddie, and a few other ones. It also happens every few hours. Thanks in advance for the help.

essexboy · 2015-04-30T13:49:30.000Z

Re-install Chrome

Unless you did this yourself, malware has changed your Chrome version into the Development Build. Among other things this allows malware to install any extension it wants. We need to resolve this.

If you have bookmarks, let’s save them by exporting them - Export Bookmarks
Then I need you to go Google Sync and sign into your account
Scroll down until you see the “Stop and Clear” button and click on the button. At the prompt click on “Ok”
Now we need to uninstall chrome.
Note: When asked about user data or settings you must remove this also so please check the box.
Restart the computer and reinstall chrome, You can download The latest version from here - Google Chrome
Import your bookmarks back into Chrome
Sign back in to your Chrome browser so that your bookmarks sync with your online account.

THEN

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-2689726006-3933415143-659271278-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION 2015-04-04 02:35 - 2015-04-04 03:13 - 00000000 ____D () C:\Program Files (x86)\9eb08200-8451-400f-a40b-8b18a34bc5a6 2015-04-04 02:33 - 2015-04-04 03:05 - 00000004 _____ () C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7 2015-04-04 02:25 - 2015-04-04 03:13 - 00000000 ____D () C:\Program Files (x86)\57fc5bd0-add7-485c-908c-b8dd6e5a3b37 2015-04-04 02:24 - 2015-04-04 03:13 - 00000000 ____D () C:\ProgramData\3a8c9699124a4506a71d46fb652dc7b1 2015-04-04 02:24 - 2015-04-04 02:24 - 00000000 ____D () C:\ProgramData\36ebbb131f884f3aa5b926d4db990ab9 2015-01-25 09:12 - 2015-04-04 14:05 - 0000365 _____ () C:\Users\B\AppData\Roaming\AUSAMRFZ 2015-03-26 12:14 - 2015-03-26 12:14 - 0004185 _____ () C:\Users\B\AppData\Roaming\CWR 2015-03-26 12:14 - 2015-04-04 14:05 - 0000385 _____ () C:\Users\B\AppData\Roaming\FTKEM 2015-03-26 12:14 - 2015-04-04 14:05 - 0000385 _____ () C:\Users\B\AppData\Roaming\KBHVDLCG 2015-03-26 12:14 - 2015-03-26 12:14 - 0004185 _____ () C:\Users\B\AppData\Roaming\VJJ Task: {0456C0FB-F043-47EA-90F4-B4A8423D5240} - System32\Tasks\TKKMJ => C:\ProgramData\3a8c9699124a4506a71d46fb652dc7b1\3a8c9699124a4506a71d46fb652dc7b1.exe 2015-04-15 13:17 - 2015-04-26 21:03 - 00000080 _____ () C:\Users\B\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦 Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f RemoveProxy: EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

system · 2015-05-01T05:23:19.000Z

It’s been a whole day and no alerts. Thank you so much!

essexboy · 2015-05-01T12:33:27.000Z

Subject to no further problems

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean

A good workman always cleans up after himself so…The following will implement some cleanup procedures as well as reset System Restore points:

Remove tools

Download and run Delfix
Select the options as shown

https://dl.dropboxusercontent.com/u/73555776/delfix.JPG

: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article

I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

If you do need to keep Java then download JavaRa
Run the programme and select Remove Java Runtime. Uninstall all versions of Java present
Once done then run it again and select Update Java runtime > Download and install Latest version

https://dl.dropboxusercontent.com/u/73555776/javara.JPG

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Malwarebytes.

Update and run weekly to keep your system clean

Unchecky

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe

Announcements