Not sure if this is the category for this or not but how do I get rid of these two messages (see attached). I had installed a program (big mistake) and unchecked installing conduit & whatever else the install was offering but alas they installed anyway. So I uninstalled the program, ran adwcleaner and it cleaned the bad toolbars out but I am left with these two messages whenever I start the computer. I’m quite sure this is not a virus just a remnant of conduit but it is definitely very annoying!

Cheers,
Janice

Hi Nana first we will try JRT and if that fails we will then see if it is hiding in the tasks folder

Please download Junkware Removal Tool to your desktop.

[]Right-mouse click JRT.exe and select “Run as Administrator” the tool will open and start scanning your system
[]please be patient as this can take a while to complete depending on your system’s specifications
[]On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
[]post the contents of JRT.txt into your next message.

Hi essexboy,

Attached is jrt txt.

Cheers,
Janice

OK looks like that did not kill it… Could you confirm that

Could you run Autoruns from this page http://technet.microsoft.com/en-gb/sysinternals/bb963902.aspx
Select scheduled tasks tab
Locate one called conduit
Remove the tick from it
Reboot and it should be gone

okay I’ll reboot and confirm that it is still there or not. Also what about Suspicious HKCU..\Run entries found. Trojan:JS/Medfos.B? in the jrt text? Is this a concern?
Cheers,
Janice

Hi essexboy,

Okay I ran Autoruns & couldn’t find Conduit but did find background container and unticked box (see 1st attached file background container.), rebooted and one message still came up so I ran Autoruns again and left it at the default page and checked for same. I found background container and unticked box (see 2nd attached file background container2) and rebooted and finally no messages coming up!!!

Thanks sooo much for your help. Always nice to know that there is someone I can count on to help me at this forum. Again heartfelt thanks.

Cheers,
Janice

OK that answers your question as one was a run key and the other a task… Do you wish me to look a bit deeper with OTL ?

Hi essexboy,

Well I’m still wondering about Suspicious HKCU..\Run entries found. Trojan:JS/Medfos.B? in the jrt text? Is this a concern? Maybe we should continue with OTL just to be on the safe side.

Cheers,
Janice

Okey dokey… lets have a shufti

Download OTL to your Desktop
Secondary link

[*]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

https://dl.dropboxusercontent.com/u/73555776/OTL_Main_Tutorial.gif

[*]Select All Users
[]Select LOP and Purity
[]Under the Custom Scan box paste this in

netsvcs
BASESERVICES
%SYSTEMDRIVE%*.exe
c:\program files (x86)\Google\Desktop
c:\program files\Google\Desktop
dir “%systemdrive%*” /S /A:L /C
CREATERESTOREPOINT

[*]Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
[*]Attach both logs

Hi essexboy,

I only see the otl.txt not extra so have attached it.

Cheers,
Janice

Just a few odds and sods left

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF

:Commands
[CREATERESTOREPOINT]

:OTL
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe /McCoreSvc -- (mcbootdelaystartsvc)
SRV - [2013-11-15 09:26:39 | 002,151,744 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc)
O2 - BHO: (OfferMosquito) - {82B16A3D-F03E-4565-A532-666B219C9A53} - C:\Users\Janice\AppData\Local\ext_offermosquito\OfferMosquitoIEPlaceholder.dll (Bebo Media Ltd)
[2013-11-15 09:26:42 | 000,000,000 | ---D | C] -- C:\Users\Janice\AppData\Roaming\IObit
[2013-11-15 09:26:42 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2013-11-15 09:26:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
[2013-11-15 09:26:40 | 000,000,000 | ---D | C] -- C:\ProgramData\ProductData
[2013-11-15 09:26:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2013-10-29 14:34:08 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess

:Files
C:\Users\Janice\AppData\Local\ext_offermosquito

:Commands
[resethosts]
[emptytemp]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Hi essexboy,

Okay ran OTL as suggested and attached is the quick scan log.

Cheers,
Janice

Looks good, any further problems ?

Hi essexboy,

Everything seems good now, nothing jumping out at me. So once again thanks!

Cheers,
Janice

OK lets now give you my new clean up spiel… I have added a security feature to block crypto malware

Subject to no further problems

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean

A good workman always cleans up after himself so…The following will implement some cleanup procedures as well as reset System Restore points:

Delete JRT from the desktop

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

Clear Restore Points

Go Start > All Programmes > Accessories > System tools
Right click Disc Cleanup and select run as administrator
When it pops up at the first prompt select OK after it has done some calculations the tabs will appear
Select More Options tab
Press Sytem Restore and Shadow Copies Cleanup button

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware

https://dl.dropboxusercontent.com/u/73555776/CryptoPrevent.JPG

Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe

HI essexboy,

Okay I have done all the above but I’m not sure about CryptoPrevent. I have installed it so now what do I do. I have hit apply and test and now do I leave it to do its job of preventing ransomware or am I supposed to do something further. I did read the info but not sure I understand it. I get what it is doing but not sure what’s expected of me. I hope this makes sense!

Cheers,
Janice

That small programme blocks known crypto malware from running and changing permissions on specific registry keys. As at the moment once this particular beasty bites you have lost all your data, unless you are prepared to pay the ransom…

There is a description of the malware here http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information

The programme is set and forget

Great, and thanks!

Cheers,
Janice

I have added a security feature to block crypto malware

There is a description of the malware here http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information

Holy smokes that’s a lot of info to absorb but I’m thinking everyone should be reading this & downloading this program CryptoPrevent on their computer. I know I’m going to pass the word around.

Cheers,
Janice