I’m on Vista. came in somehow piggybacked on adobe flash player. File was really aggressive. Blocked from browsers, etc. Finally went to power switch on tower. Restarted in safe mode with networking. Went to spydoctor at first (sheesh!). Then, via a friend, downloaded Mbam. Ran scan. Thing supposedly found it, then I ran Avast, which now has the thing quarantined, and I’m having those infamous red pop-ups, which affect ram, computer work, and just about everything.
instances pretty similar to the ones in THIS log: http://forum.avast.com/index.php?topic=98472.0

I DID find Yontools, and uninstalled it.

I would LOVE to somehow get rid of these pop-ups, if at all possible. At this point am I still considered vulnerable?

Does this thing affect os’s differently?

Could someone help me, please?

Thanks so much in advance.

S.

Please attach your logs. (MBAM, OTL and aswMBR…!!)
Instructions: http://forum.avast.com/index.php?topic=53253.0

I can’t get around this. I’m trying to create attachments, and I’m getting the error message that the attachments are too large! How do I get around this? I’ve checked the bite size and the file sizes are easily under 192 kb. what am I doing incorrectly?

Strange, as I can see 2 files attached.
How about the MBAM log…??

Okay, second attempt for the second attachment. Hope it works. ???

okay, attachment 3 of four. Mbam.

Asyn, thanks for that quick reply. I’m having to do the attachments by paying attention to the volume of the file, and how many times I can work with the red squares coming up.

Last attachment coming up:

OTL extras.

Hooo. TGIF!

Thanks so much Asyn. blushes I seem to have added the second half of attachments in the previous post.
But, they’re up there. That’s the important thing.

It seems as if this is pretty aggressive. I wonder how many other people got this thing through an Adobe Flash Player download?

hmmm.

Something for hope:

http://www.butterflygenius.com/GeniusTherapy/mandala.gif

and thanks very much again.

Mods, if you don’t like the image, or if it violates the TOS, please detach.

Thanks again, Asyn

You’re welcome.
Now you’ve to wait a while.

No problem. I’ve been struggling with this computer for 8 hr periods since we got this thing. I would LOVE to rest my eyes for a bit.

I highly appreciate your working on this.

S.

Hi, just a quick question:

I’ve been having “ghosts” of icons appear on my desktop, along with a description of “desktop.ini.” Has either OTL or any of the other software I downloaded contributed to this? Or, is it something that’s happened in house?

Please respond when you can.

Thanks!

S.

Yes OTL has resurrected the Ghosts ;D we will exorcise them when done

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF

:OTL O3 - HKU\S-1-5-21-3222991852-3880959725-3339485959-1000\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No CLSID value found. O4 - HKLM..\Run: [] File not found [3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [2 C:\Windows\Installer\{96b652b2-0846-e36d-e368-a3a228fab0ad}\U\*.tmp files -> C:\Windows\Installer\{96b652b2-0846-e36d-e368-a3a228fab0ad}\U\*.tmp -> ] [2 C:\Users\Owner\Documents\*.tmp files -> C:\Users\Owner\Documents\*.tmp -> ] [2 C:\Users\Owner\Desktop\*.tmp files -> C:\Users\Owner\Desktop\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

:Reg
[HKEY_CLASSES_ROOT\CLSID{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32]
“”=“%systemroot%\system32\wbem\wbemess.dll”
[-HKCU\Software\Classes\clsid{12d0253a-7c96-815c-11e0-3034bbd97cc0}]

:Files
C:\Windows\Installer{96b652b2-0846-e36d-e368-a3a228fab0ad}
C:\Users\Owner\AppData\Local{96b652b2-0846-e36d-e368-a3a228fab0ad}
ipconfig /flushdns /c
netsh int ip reset c:\resetlog.txt /c
ipconfig /release /c
ipconfig /renew /c

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

• IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks

http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png

http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png

[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.

Notes:

1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

FINALLY

run farbar service scanner

https://dl.dropbox.com/u/73555776/FSS.GIF

Tick “All” options.
Press “Scan”.
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

Hi. Wow! What a detailed road map! But I think I can furnish everything requested.

Haven’t seen any red squares popping up!

Computer seems “quiet.”

How WONDERFUL that I don’t have to dread those darn pop-ups.

Asyn, essexboy et al of Avast Forum computer gurus get to look VERY smug!

The computer ghosts have been exorcised. I didn’t even need a bible! Or red ribbon, or white candle, or anything like that!

attaching:

otl quick scan Aug 13 2012
OTL Run Fix Aug 13

Now attaching:

Combo Fix text report and Farbar Service Scanner report.

Wow, you guys are GOOD!

Um, I DO have some stuff in Lockbox. I’m hoping that all of that stuff is still there.
But, it’s been six minutes, and that THING hasn’t reared its’ ugly head! Oh, wow… Thanks so much!

Do I need to uninstall OTL, ComboFix, FSS? Should I just leave them there, for a future occasion, if there is another one?

do you recommend that I run a scan either via Malware or Iobit or Avast?

Thanks so much again!

S.

Essexboy will remove the used tools and give you some further advice, when your system is clean.
Please be patient.

Thanks so much, Essexboy for looking at those logs.

I haven’t been troubled by the pop-ups in the last two hours.

What a WONDERFUL thing NOT to miss.

Much, much gratitude on this end!

dumb virulae

In regards of performance, something I noticed as I used this system.

Things seemed to be going pretty slowly. Adobe flash player crashed. Page was freezing.

But, I’m not getting the pop-ups, which is great.

Thanks!

OK lets fix windows updates next

Right click the following link and select “Save Target As…” and save to your desktop
https://dl.dropbox.com/u/73555776/bits_vista.reg
Double click the reg file and allow it to mmerge
Reboot the Computer and try windows updates

OTL cleared a little from your temp folders Total Files Cleaned = 507.00 mb, so once this is done I would recommend a defrag of the hard drive

How is the computer now, once you are happy I will remove my tools cleanly

Essexboy, thanks so much for your instructions, however I am a little puzzled.

When I double click on Vista Bits, I just see a file that contains all of the obvious work that you have done.

Should I copy and paste into OTL? Or, into another app?

I’m missing something obvious here, and I apologize that I do not know what.

Please advise when you can.

Thanks so much in advance! You’ve been a Godsend!

Shadow.

No its not you, it is just that some systems are set to only open reg files in notepad… But I have a cure for this

Download the zip file in the link below to your desktop
https://dl.dropbox.com/u/73555776/BITSVista.zip
Extract bits.reg
Double click it to run it then reboot and try windows updates

Ohhh, BOY!

IT WORKED!!

All ten windows updates installed successfully!

http://www.youtube.com/watch?v=e3rnNJGJuHo – Three Stooges vid echoing my happiness! SUCCESS!

http://t0.gstatic.com/images?q=tbn:ANd9GcQjdP2U4DP5WbUkZqqI03U-QjAo22uUdsmtHqEGfM_NnBNrnju2

http://2.bp.blogspot.com/-Ds_cZr-VIdY/T1-yiQ138hI/AAAAAAAAG9Y/DOWyZaJjMjY/s1600/success_key.jpg

Hey, I think I have a computer that is USEABLE!

Thanks so much again.