i cant delete, move, rename folder !!!
missing security information
hello
Download here: http://oldtimer.geekstogo.com/OTL.exe
Register OTL on your Office(Desk).
If you have XP = > double click
If you have Vista or Windows 7 / 8 = > right click “as administrator”
On OTL.exe to Launch it.
Click here to configure it : http://www.archive-host.com/files/1897388/ecd939269bcc7cdfed2d2e726c22709a32db3067/OTL.PNG
Copy and Paste the contents of what follows in bold face in the bottom of OTL “Customization”(“Personalization”)
HKCU\Software
HKLM\Software
HKCU\Software\Microsoft\Command Processor /s
%Homedrive%*
%Homedrive%*.
%Userprofile%*
%Userprofile%*.
%Allusersprofile%*
%Allusersprofile%*.
%LocalAppData%*
%LocalAppData%*.
%Userprofile%\Local Settings\Application Data*
%Userprofile%\Local Settings\Application Data*.
%programFiles%*
%programFiles%*.
%Systemroot%\Installer*.
%Systemroot%\Temp*.exe /s
%systemroot%\system32*.dll /lockedfiles
%systemroot%\system32*.exe /lockedfiles
%systemroot%\system32*.in*
%systemroot%\Tasks*
%systemroot%\Tasks*.
%systemroot%\system32\Tasks*
%systemroot%\system32\Tasks*.
%systemroot%\system32\drivers*.sy* /lockedfiles
%systemroot%\system32\config*.exe /s
%Systemroot%\ServiceProfiles*.exe /s
%systemroot%\system32*.sys
msconfig
activex
/md5start
explorer.exe
winlogon.exe
wininit.exe
volsnap.sys
atapi.sys
ndisuio.sys
ndis.sys
cdrom.sys
i8042prt.sys
iastor.sys
tdx.sys
netbt.sys
afd.sys
/md5stop
netsvcs
safebootminimal
safebootnetwork
CREATERESTOREPOINT
Click on “Analyse”
At the end of the scan, the Pad is going to open with the reports (OTL.txt) and (Extras.txt).
These files are on your Desktop.
Give the links of both files onto cjoint.com http://cjoint.com
let’s disinfect…
Download and register ( direct link) http://www.bleepingcomputer.com/download/adwcleaner/dl/125/ ADWCleaner on your office(desk):
Wait that the window of confirmation of download arrives
launch it, (For vista / 7 / 8 = > right click " executer as administrator(director) ")
Click abolition(deletion) and post C:\Adwcleaner [ Sx].txt
scan or delete??
http://cjoint.com/13au/CHmvWWSRTKk.htm
Hi 1997rob,
Follow g3n-h@ckm@n’s instructions, he will help you towards the disinfection.
For the malcode, see: https://www.virustotal.com/nl/url/39549e6884831e98ae995627e72c8322d028c70e1c66bb0118f20965f9872b39/analysis/1376336719/
iFrame malware redirection…http://urlquery.net/report.php?id=4525602
polonus
i click delete and here is this after reboot
AdwCleaner v2.306 - Logfile created 08/12/2013 at 23:53:25
Updated 19/07/2013 by Xplode
Operating system : Windows 7 Enterprise Service Pack 1 (64 bits)
User : ROB - PROBOOK
Boot Mode : Normal
Running from : C:\Users\ROB\Desktop\AdwCleaner.exe
Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\user.js
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mail.Ru
Folder Deleted : C:\ProgramData\Ticno
Folder Deleted : C:\Users\ROB\AppData\Local\APN
Folder Deleted : C:\Users\ROB\AppData\Local\PackageAware
Folder Deleted : C:\Users\ROB\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\ROB\AppData\LocalLow\blekko
***** [Registry] *****
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\BI
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\Ticno Multibar
Key Deleted : HKCU\Software\90dfdabc6ebf44
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID{1005247F-A178-490A-8DC3-6BAF09EA427B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID{1973277F-87B0-4EA3-9ED2-470A91D284CF}
Key Deleted : HKLM\SOFTWARE\Classes\AppID{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\blekko_1311013_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\blekko_1311013_RASMANCS
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\Software\Ticno Multibar
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
Key Deleted : HKLM\SOFTWARE\Classes\Interface{1231839B-064E-4788-B865-465A1B5266FD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface{2DAC2231-CC35-482B-97C5-CED1D4185080}
Key Deleted : HKLM\SOFTWARE\Classes\Interface{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Key Deleted : HKLM\SOFTWARE\Classes\Interface{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface{57C91446-8D81-4156-A70E-624551442DE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface{706D4A4B-184A-4434-B331-296B07493D2D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Key Deleted : HKLM\SOFTWARE\Classes\Interface{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Deleted : HKLM\SOFTWARE\Classes\Interface{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Key Deleted : HKLM\SOFTWARE\Classes\Interface{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKLM\SOFTWARE\Classes\Interface{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Deleted : HKLM\SOFTWARE\Classes\Interface{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Deleted : HKLM\SOFTWARE\Classes\Interface{B177446D-54A4-4869-BABC-8566110B4BE0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Deleted : HKLM\SOFTWARE\Classes\Interface{BFE569F7-646C-4512-969B-9BE3E580D393}
Key Deleted : HKLM\SOFTWARE\Classes\Interface{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Deleted : HKLM\SOFTWARE\Classes\Interface{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Deleted : HKLM\SOFTWARE\Classes\Interface{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Deleted : HKLM\SOFTWARE\Classes\Interface{F05B12E1-ADE8-4485-B45B-898748B53C37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface{FE0273D1-99DF-4AC0-87D5-1371C6271785}
***** [Internet Browsers] *****
-\ Internet Explorer v10.0.9200.16635
[OK] Registry is clean.
-\ Google Chrome v28.0.1500.95
File : C:\Users\ROB\AppData\Local\Google\Chrome\User Data\Default\Preferences
Deleted [l.2643] : homepage = “hxxp://www.search.ask.com/?l=dis&o=102876cr&gct=hp”,
-\ Opera v12.16.1860.0
File : C:\Users\ROB\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] File is clean.
AdwCleaner[S1].txt - [5711 octets] - [12/08/2013 23:53:25]
########## EOF - C:\AdwCleaner[S1].txt - [5771 octets] ##########
This was the IDS alert found there on 07-26-2013 → ET MALWARE Possible Windows executable sent when remote host claims to send a Text File
Site gives various errors on test pages → http://evuln.com/tools/malware-scanner/cjoint.com/
Excessive Headers will give out to the world and attackers too much info on webserver and software details so apparent attacks can be sought against these…
Re: https://asafaweb.com/Scan?Url=cjoint.com%2F11ju and see what I mean here: http://www.cvedetails.com/vulnerability-list/vendor_id-217/product_id-383/version_id-26306/Openssl-Openssl-0.9.8.html
polonus
ok do that now : (choose English of course ^^ )
Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org
Database version: v2013.08.12.06
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
ROB :: PROBOOK [administrator]
Protection: Disabled
8/13/2013 1:55:58 AM
mbam-log-2013-08-13 (01-55-58).txt
Scan type: Full scan (C:|D:|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 256634
Time elapsed: 1 hour(s), 15 minute(s), 6 second(s) [aborted]
Memory Processes Detected: 1
C:\Windows\KMService.exe (RiskWare.Tool.CK) → 2340 → Delete on reboot.
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 2
C:\Windows\KMService.exe (RiskWare.Tool.CK) → Delete on reboot.
D:\Games\Need For Speed. Hot Pursuit\NFSHP_Activator.exe (RiskWare.Tool.CK) → Quarantined and deleted successfully.
(end)
i cant delete only this folder not all
hello
I understood but I prefered disinfect before
give me the adress of the folder you want to delete , and do again what you have done with OTL before with the same settings and Attach with cjoint.com
folder on my desktop
i don’t think that this is a malware
I FOUND HOW TO SOLVE THIS PROBLEM JUST DOWNLOAD UNLOCKER, SHOW THE FOLDER LOCATION, CHOOSE DELETE AND CLICK OK THATS ALL
ok that’s a good thing
we have to finish to disinfect your computer…i’m waiting for the new OTL ’ s reports
i solved my problem
thanks for helping
CLOSED
If the disinfection is not ended, it is not good I indicate you that you were infected and that there are still certainly rests.
Too bad, good continuation and see you soon
bye
Hi 1997rob,
g3n-h@ckm@n is right, there are still remainders of executable malware and it is vital for your computer security to cleanse this.
Follow his instructions and continue with the proposed cleansing routine.
The man assisting you is an anti-malware coder, he knows exactly what he does. and so you are in the best of hands during this cleansing routine,
polonus