Emails scanned???

system · January 8, 2012, 6:49pm

I like Malwarebytes PRO and I do like IP block that I refer to many times.

I have two licenses.
One for each system I own.

essexboy · January 8, 2012, 6:56pm

Are you still having problems with the system ?

If so what areas

system · January 8, 2012, 7:36pm

My system is clean now (I had the virus professionally removed) but I still have lost those functions that I mentioned. I do have a complete system backup on an external drive that I could run but that would entail one heck of a lot of work to get all my programs, changes, and functions restored to what I have now. The experts who cleaned and fixed my system installed and used SuperAntiSpyware. I downloaded and tried Malwarebites, but decided to stay with the SAS that they installed. I don’t run it real time so as to not conflict with Avast. The Norton DNS is a cloud service and causes no problems. That virus is so quick, it installs in the blink of an eye. From what I’ve read via Google, it’s running out of control. This was the very first virus I’ve been hit with in over 15 years of computing.

Pondus · January 8, 2012, 7:44pm

The Norton DNS is a cloud service and causes no problems.

I use openDNS

I downloaded and tried Malwarebites, but decided to stay with the SAS that they installed. I don't run it real time so as to not conflict with Avast.

It does not conflict with avast......but Malwarebytes is better ;)

My system is clean now (I had the virus professionally removed) but I still have lost those functions that I mentioned.

Strange....if it was a pro doing it?

see Essexboys guide here http://forum.avast.com/index.php?topic=53253.0
to avoid multiple post with copy and paste, attach the OTL log so Essexboy can have a look inside

system · January 8, 2012, 8:18pm

Thank you Pondus, I’m going to take a long look at Malwarebytes per your suggestion. I wasn’t sure if it could be run in real time and not conflict with Avast. I thought the same with SAS. I took a look at that information link for sending a log to Essexboy but believe me it is way too complicated for this guy! Funny but when you first mentioned essexboy, the first thing that popped into my head was “I’ve never heard of that program before, maybe I should Google and take a look at it?” I think I’ll just keep running as is. I believe my system is one heck of a lot safer now than it was before. Comodo seems to be a better firewall than the windows built in version. The only thing I really miss is the windows security icon in the systray that alerted me to windows updates and other notifications such as turning off my antivirus program. It is grayed out now and I can’t get it to turn on. That virus destroyed the system security center. When I had it, I could do nothing, not even open notepad. Since you have inferred running Malwarebytes in real time would not conflict with Avast, I will more than likely give it a try. Thanks so much!

Pondus · January 8, 2012, 8:23pm

I took a look at that information link for sending a log to Essexboy but believe me it is way too complicated for this guy

not complicated...you click the red OTL in the guide and download the program, save to desktop and scan then attach the log here....just follow the instructions

how to attach, se lower left corner - additional options > attach

The only thing I really miss is the windows security icon in the systray that alerted me to windows updates and other notifications such as turning off my antivirus program.

This is bc the malware turned that off....

system · January 8, 2012, 8:24pm

I know you are talking about something else now, but just to be clear I’d like to point out that you say:

now email client is not configured to use SSL;
now avast says it is scanning emails.

What you didn’t mention (but I guess you did anyway) is that you actually configured avast with SSL now (which was not configured as such before).

Sorry for the interruption. Please continue.

system · January 8, 2012, 8:41pm

Sorry Ady4um, I guess I’m almost as confused as your are! My Thunderbird mail program downloads my ISP Gmail account. All my Thunderbird settings were SSL. That is why Avast wasn’t scanning my emails and I showed no email activity. Now that I’ve changed those setting to None, Avast is now showing email activity. What bothers me still is that when I go into the Avast mail shield/expert settings/SSL accounts, it lists about 20 different email servers including gmail with SSL turned on. Guess I’m scared to touch any of those accounts listed. I never built them, I’m guessing Avast built them in there when I installed the program?

system · January 8, 2012, 8:52pm

OK, now that you actually wrote it, it is clear to me that avast is indeed configured for SSL with your gmail account and that your email is working correctly, together with avast scanning it. Please continue with your logs for Pondus and Essexboy.

essexboy · January 8, 2012, 9:01pm

Hi there lets take it one stage at a time then

Download OTL to your Desktop

[*]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
[*]Select All Users
[*]Under the Custom Scan box paste this in
.
netsvcs
%SYSTEMDRIVE%*.exe
/md5start
consrv.dll
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\bfe /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\mpssvc /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\mscsvc /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
C:\Windows\assembly\tmp\U*.* /s
%Temp%\smtmp\1*.*
%Temp%\smtmp\2*.*
%Temp%\smtmp\3*.*
%Temp%\smtmp\4*.*
CREATERESTOREPOINT
.
[*]Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
[*]Post both logs

system · January 8, 2012, 9:05pm

Well, I think I’m done. I’ve read and reread that link and it is still way too confusing for me. It’s not just download and run a scan and attach a log file. There are about 10 black screens that make absolutely no sense. Plus whatever to type in before the scan out of 20 or so lines?? I know very well that virus turned off my windows notification icon. Microsoft can’t even tell me how to turn it back on. All they say is to do a complete system restore.

Pondus · January 8, 2012, 9:23pm

sounds like you are still infected ???

when you have downloaded OTL to your desktop, you click the OTL icon to run it, and this it what you see…click the attached screen shot to enlarge

at the lower section you see a green line where it say “Custom Scan/Fix” belowe that line you copy and paste in this

COPY AND PASTE WHT YOU SEE BELOW____________

netsvcs
%SYSTEMDRIVE%*.exe
/md5start
consrv.dll
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\bfe /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\mpssvc /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\mscsvc /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
C:\Windows\assembly\tmp\U*.* /s
%Temp%\smtmp\1*.*
%Temp%\smtmp\2*.*
%Temp%\smtmp\3*.*
%Temp%\smtmp\4*.*
CREATERESTOREPOINT

COPY AND PASE WHAT YOU SEE ABOVE_____________

Then you click the pink quick scan button you see at the top

system · January 8, 2012, 9:24pm

Ok, I tried exactly what your said in your step by step instructions. I have the two logs and will post them here. Hope this is what you wanted to look at? Thank you for being so patient with me.

Pondus · January 8, 2012, 9:29pm

Perfect no Essexboy will do the rest

system · January 8, 2012, 9:33pm

Oh no, don’t say I might be still infested??? I’ve run avast many times, I’ve run Superantispyware and I’ve also ran Malwarebytes. All show no infestations. Plus all my programs work now, where not one worked before. I have both my browsers taking me where I want to go, not where the virus wanted me to go. It seems all I might have are some bad registry entries left behind. I also run CCleaner and keep everything cleaned up. Please don’t say I’m still infected. Now I won’t sleep tonight!!!

bob3160 · January 8, 2012, 9:39pm

Semper fidelis. Rest easy.
If there is a problem, you’re now at least in good hands an,
these hands really care and don’t cost anything.

system · January 8, 2012, 9:41pm

Pardon me but I have to say a couple of things. For Pondus, I live in a part of the US that has very large Scandinavian roots, especially with that of Norway. In fact your King and Queen were here visiting just a short time ago. My wife is also a quarter Norwegian. During Christmas we always enjoy Norwegian holiday favorites and don’t even ask me to try and spell their names here! And for Essexboy, “Long Live Oasis!” I love English rock and have all the way back to the early 60’s. I’m starting to feel better now!

essexboy · January 8, 2012, 10:34pm

Hi OK as suspected the 3 registry keys that control that part of your system are missing

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\bfe /s >
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\mpssvc /s >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\mscsvc /s >

I will remove the remaining malware and construct some registry fixes

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL O3 - HKU\S-1-5-21-1328042321-976296846-4080170246-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found. O3 - HKU\S-1-5-21-1328042321-976296846-4080170246-1000\..\Toolbar\WebBrowser: (no name) - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - No CLSID value found. [2011/12/27 10:11:26 | 000,010,036 | -HS- | M] () -- C:\Users\Chunker\AppData\Local\06xp1102x88ndgc76kybh54u05b74u2o [2011/12/27 10:11:26 | 000,010,036 | -HS- | M] () -- C:\ProgramData\06xp1102x88ndgc76kybh54u05b74u2o [2011/12/26 15:32:49 | 000,010,036 | -HS- | C] () -- C:\Users\Chunker\AppData\Local\06xp1102x88ndgc76kybh54u05b74u2o [2011/12/26 15:32:49 | 000,010,036 | -HS- | C] () -- C:\ProgramData\06xp1102x88ndgc76kybh54u05b74u2o [2011/07/11 07:49:34 | 000,004,930 | ---- | C] () -- C:\ProgramData\ojobkspa.ako
:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Once you have done this I will then give you the registry fixes… As I have a 64bit win 7 I will export them from my registry

system · January 8, 2012, 10:59pm

Sorry Essexboy but I don’t think your instructions worked for me? I mean things didn’t go as you had laid out. It seemed that everything hung up and I ended up powering down my pc to get anything to work. I did as you said, pasted your entries in and hit the fix button. It ran about a minute then just seized up. I now have two shortcut to desktop.ini files on my desktop. I also have a desktop.ini a cmd.txt and a cmd.bat file where the OTL is located. Kind of lost what to do now? Don’t know what file you want me to post here and if they are good files or not?

system · January 8, 2012, 11:02pm

I rechecked and the two on the desktop are not shortcuts but actually .ini files but look to be grayed out? Plus they are off two different sizes.

Emails scanned???

Announcements