Possible virus after clicking on Malwarebytes program update popup

system · 2015-03-26T22:08:18.000Z

OK! should I use:
Rufus 2.1 (788 KB) or
Rufus 2.1 Portable (788 KB)

system · 2015-03-26T22:14:17.000Z

when I inseted the USB on my laptop, MCShield run and said it was infected, but stopped it. This is what the note pad showed in case it helps:

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2015.3.23.1 / Windows 7 <<<

3/26/2015 3:10:30 PM > Drive E: - scan started (KINGSTON ~15262 MB, FAT32 flash drive )…

E:\autorun.inf > Legitimate file.

Resetting attributes: E:\urDrive < Successful.

=> Hidden folders : 1/1 unhidden.

::::: Scan duration: 15sec :::::::::::::::::

system · 2015-03-26T22:23:25.000Z

I used the Rufus Portable, as the other did not work…

system · 2015-03-26T22:49:32.000Z

Hi, I used the Rufus portable download and pressed start and this is what showed up - attached file for Rufus screen shot and warning screenshot. Even thou I made sure it looks like the screnn shot you sent me…
Should I uncheck : Create a bootable disk…
and press start again?
I am confused…

I do not see : Select the ISO file on the desktop via the ISO icon.
As I do not see any ISO on my desktop… where will it be…?

So I guess I am stuck on the warning showed in attachment Rufus 5, as I have no idea of what to do next…
So sorry that I am so inexperienced with this stuff… it is probably simple. but…

essexboy · 2015-03-27T12:35:23.000Z

Insert the USB stick Then run Rufus

https://dl.dropboxusercontent.com/u/73555776/RufusISO.JPG

Select the ISO file on the desktop via the ISO icon.

Click the ISO image button and select the Vista RC that you downloaded to your desktop then press burn

system · 2015-03-28T00:22:55.000Z

Hi!

system · 2015-03-28T02:36:37.000Z

Hi Essexboy!
here is the log
Thanks fo ryour help…

essexboy · 2015-03-28T11:35:18.000Z

Nothing really jumps out at me there, so I will remove a few entries that are possible causes and reset the network

Download the attached Fixlist.txt to the same location as FRST (USB)
Start FRST as before and press fix
Once it has completed reboot to normal windows and try a download again

system · 2015-03-28T17:39:27.000Z

Hi Essexboy, I followed your instructions and the computer is now working great! Better than in a very long time ;D
I am very grateful once more for your help…
I will like to ask you a favor, if you could please look at the attached log from my laptop after running the Farbar Recovery Tool program, as this laptop is not working very well and stalling a lot for a while now. I have tried other tools but nothing seems to help. I was wondering in the Frst tool will show something I can improve it.
I am sorry if it is too much to ask after how busy you must be…
Thank you so much for all the help you give to all of us here…
Wishing you the best to you and your family…

essexboy · 2015-03-28T17:46:43.000Z

Glad the main computer is now OK

Let me know if this helps the laptop
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION CHR HKU\S-1-5-21-1442282352-1916392805-3601698020-1001\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File BHO-x32: No Name -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Toolbar: HKU\S-1-5-21-1442282352-1916392805-3601698020-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File 2015-03-03 14:44 - 2015-03-03 14:44 - 00000000 __SHD () C:\Users\Anjana\AppData\Local\EmieBrowserModeList 2011-06-21 15:03 - 2011-06-21 15:03 - 0000000 _____ () C:\Users\Anjana\AppData\Local\{1D3BE3F2-AAFE-4F6E-A363-7778C8B0B62D} 2011-07-06 21:23 - 2011-07-06 21:23 - 0000000 _____ () C:\Users\Anjana\AppData\Local\{B9D37718-0FD9-47E0-8C12-943635DCCFEF} Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f RemoveProxy: EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

system · 2015-03-28T18:28:18.000Z

Thanks !
Here is the log…

essexboy · 2015-03-28T18:59:49.000Z

How is the laptop now ?

system · 2015-03-28T19:49:13.000Z

It looks better, I will wait and see in the next 24 hours how it goes, as it usually the issues happen when is on for awhile…
I wanted to thank you once again for your help…
I wish I could do something for you in return…

essexboy · 2015-03-28T21:39:41.000Z

Let me know when you are happy and I will tidy up

system · 2015-03-29T22:20:46.000Z

Thanks Essexboy, my laptop is definetely working much better, none of the issues I had before…
The only thing still happening in my laptop, and there may be no fix for it as it may be normal computer running, as I had it for 3-4 years, is that the vent starts running on and off frequently, soon after I turn it on…as it is heating up fast, is this common?
If it is then everything is fine now, thanks to you, with both my computers!!!
I am a happy camper
Thank you!

essexboy · 2015-03-30T13:59:26.000Z

Sounds like old age to me

Use the following on each system as applicable

Subject to no further problems

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean

A good workman always cleans up after himself so…The following will implement some cleanup procedures as well as reset System Restore points:

Remove tools

Download and run Delfix
Select the options as shown

https://dl.dropboxusercontent.com/u/73555776/delfix.JPG

: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article

I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

If you do need to keep Java then download JavaRa
Run the programme and select Remove Java Runtime. Uninstall all versions of Java present
Once done then run it again and select Update Java runtime > Download and install Latest version

https://dl.dropboxusercontent.com/u/73555776/javara.JPG

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware

https://dl.dropboxusercontent.com/u/73555776/CryptoPrevent.JPG

Malwarebytes.

Update and run weekly to keep your system clean

Unchecky

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe

system · 2015-03-30T19:46:10.000Z

Thanks!
I followed all your instructions. Below are the logs that came up after running Delfix.
I installed Cryptoprevent in my 2 computers , I paid for the Premium as it was only $15 and I like to support these companies if I can…
This window came up after installing Crytoprevent, attached also below and I do not know if to respond yes or no… I imagine I should pick Yes?
It’s also asking me to give them my gmail address and password in order for them to send me notifications. I imagine is safe, but if you could please confirm if I should do that. thanks!
My 2 computers keep running fine, better than in a long time, so a big, huge thanks again!!!

essexboy · 2015-03-30T19:54:38.000Z

Yes whitelist the current data. They are a secure company But I think they mean for you to make a password, not give them the Gmail one

system · 2015-03-30T22:03:30.000Z

OK! I clicked on yes, thanks for clarifying…
Re: CryptoPrevent, they do actually want my Gmail email address password, but if it is a safe company, I guess I’ll do it, as it is the only way I will receive emails from them regarding problematic issues
This is what some of they say in the page link:
http://www.foolishit.com/vb6-projects/cryptoprevent/cryptoprevent-auto-update/cryptoprevent-email-setup-faq/
"Why does CryptoPrevent need my email password?’
While CryptoPrevent can send email TO your specified address, it also sends that email FROM your address, and in order to send email from your email address on your behalf, it needs your password. This is because CryptoPrevent (or any program that sends email for that matter) needs an email (SMTP) server in order to send email, and it is expecting to use YOUR server, NOT MINE. For this reason, CryptoPrevent needs both your email address (which is your server login) and your email password (again, also required to login to your server.) By YOUR server I mean the server provided to you by your email host, e.g. Gmail, Yahoo, Hotmail, your ISP, or whoever provides your ‘domain’ (the @whatever.com part of your address.)
Thanks Essexboy!!!

essexboy · 2015-03-31T14:15:24.000Z

Intriguing that but the write up on why and how is logical

Announcements