1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Malware- Jpew- 2017-05-10

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by manilka835, May 9, 2017.

  1. manilka835

    manilka835 Private First Class

    When the Computer is turned on, it freezes after the appearance of the desktop background before the appearance of the desktop ions. The Computer functioned in the SafeMode.


    Thereafter, I ran READ & RUN ME FIRST Malware Removal Guide Procedure in Safe Mode, to check whether there were any threats.

    The logs are attached herewith. The Hitman Pro Log could not be obtained due to the closure of the programme upon obtaining the log. However, no threat was detected by it.

    Dr. K.D.J.H. Manilka Jayawardena,
    Medical Officer,
    National Tuberculosis Reference Laboratory (NTRL/Central Laboratory of NPTCCD),
    Chest Hospital Premises,
    Welisara.
    Proud to be a Sri Lankan!
     

    Attached Files:

  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    This is more than likely not a malware problem. This PC is running a very old, out of date, and unsupported operating system (Win XP SP3 ). In addition, it has too little memory to even run it properly. Logs show:
    Code:
    Total Physical Memory 512.00 MB 
    Available Physical Memory 262.42 MB
    And to make things worse there are too many protection programs installed and running. I see all of the below:
    • Bitdefender Antivirus Free Edition
    • Client Security Solution
    • COMODO Internet Security
    • Internet Security Essentials
    • Malwarebytes Anti-Malware version 2.2.1.1043
    • Spybot - Search & Destroy
    • SpywareBlaster 5.5
    • SUPERAntiSpyware

    I would start by uninstalling all of the above and see if your situation changes. It is possible that you may have a problem uninstalling some of them while in safe boot mode.
     
  3. manilka835

    manilka835 Private First Class

    The following were uninstalled in Safe Mode:
    • Bitdefender Antivirus Free Edition
    • Client Security Solution
    • Internet Security Essentials
    • Malwarebytes Anti-Malware version 2.2.1.1043
    • Spybot - Search & Destroy
    • SpywareBlaster 5.5
    • SUPERAntiSpyware
    The Computer Re-started in Normal Mode. However the problem occurs when restarted. When restarted after entering the Safe Mode, it sometimes boots in the Normal Mode. When it freezes, Files could be opened using "Run" Command. Only the desktop Icons do not appear.

    After managing to boot ii Normal Mode, I installed Clamwin Free Antivirus Scan and ran a full system scan. As the relevant log could not be attached, the details are given here below.



    Scan Started Tue May 16 14:02:48 2017

    -------------------------------------------------------------------------------



    WARNING: Can't open file C:\Documents and Settings\Administrator\ntuser.ini: Permission denied

    C:\Documents and Settings\All Users\Application Data\Autorun Eater\Autorun Backup\autorun5.inf: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\autorun5.inf.infected'

    C:\Documents and Settings\All Users\Application Data\Oracle\Java\installcache\baseimagefam8: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\baseimagefam8.infected'

    C:\Documents and Settings\IBM\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2301728993-4250914820-3689261683-1005\4bd07e1ba952c6aa9bf83a8d98c08949_44300431-581c-43dc-895b-dffb501105a4: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\4bd07e1ba952c6aa9bf83a8d98c08949_44300431-581c-43dc-895b-dffb501105a4.infected'

    C:\Documents and Settings\IBM\Application Data\Sun\Java\jre1.6.0_18\Data1.cab: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\Data1.cab.infected'

    WARNING: Can't open file C:\Documents and Settings\IBM\Local Settings\Temp\~DF18FF.tmp: Permission denied

    WARNING: Can't open file C:\Documents and Settings\IBM\Local Settings\Temp\~DF8EC9.tmp: Permission denied

    WARNING: Can't open file C:\Documents and Settings\IBM\Local Settings\Temp\~DF9CFA.tmp: Permission denied

    WARNING: Can't open file C:\Documents and Settings\IBM\Local Settings\Temp\~WRS0002.tmp: Permission denied

    WARNING: Can't open file C:\hiberfil.sys: Permission denied

    WARNING: Can't open file C:\pagefile.sys: Permission denied

    C:\Program Files\Adobe\Reader 11.0\Reader\AcroBroker.exe: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\AcroBroker.exe.infected'

    C:\Program Files\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\AdobeCollabSync.exe.infected'

    C:\Program Files\Common Files\Ahead\Lib\libxml2.dll: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\libxml2.dll.infected'

    C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\rrservice.exe.infected'

    C:\Program Files\Nero\Nero 7\Nero Vision\libxml2.dll: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\libxml2.dll.infected.000'

    C:\Program Files\RealNetworks\RealDownloader\Common\hxmedpltfm.dll: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\hxmedpltfm.dll.infected'

    C:\Programme Files\Comodo\COMODO Internet Security\scanners\mach32.dll: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\mach32.dll.infected'

    WARNING: Can't open file C:\System Volume Information\EfaData\SYMEFA.DB: Permission denied

    WARNING: Can't open file C:\System Volume Information\LightningSand.CFD: Permission denied

    C:\System Volume Information\_restoreA8393674-085C-4723-B63E-39928C5F4C89\RP112\A0028999.exe: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\A0028999.exe.infected'

    C:\System Volume Information\_restoreA8393674-085C-4723-B63E-39928C5F4C89\RP114\A0031333.exe: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\A0031333.exe.infected'

    C:\System Volume Information\_restoreA8393674-085C-4723-B63E-39928C5F4C89\RP115\A0037716.exe: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\A0037716.exe.infected'

    C:\System Volume Information\_restoreA8393674-085C-4723-B63E-39928C5F4C89\RP116\A0040734.exe: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\A0040734.exe.infected'

    C:\System Volume Information\_restoreA8393674-085C-4723-B63E-39928C5F4C89\RP117\A0052947.exe: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\A0052947.exe.infected'

    C:\System Volume Information\_restoreA8393674-085C-4723-B63E-39928C5F4C89\RP117\A0053042.exe: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\A0053042.exe.infected'

    C:\System Volume Information\_restoreA8393674-085C-4723-B63E-39928C5F4C89\RP119\A0057202.inf: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\A0057202.inf.infected'

    C:\System Volume Information\_restoreA8393674-085C-4723-B63E-39928C5F4C89\RP119\A0057203.exe: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\A0057203.exe.infected'

    C:\System Volume Information\_restoreA8393674-085C-4723-B63E-39928C5F4C89\RP119\A0057204.exe: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\A0057204.exe.infected'

    C:\System Volume Information\_restoreA8393674-085C-4723-B63E-39928C5F4C89\RP119\A0057205.dll: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\A0057205.dll.infected'

    C:\System Volume Information\_restoreA8393674-085C-4723-B63E-39928C5F4C89\RP119\A0057206.exe: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\A0057206.exe.infected'

    C:\System Volume Information\_restoreA8393674-085C-4723-B63E-39928C5F4C89\RP119\A0057207.dll: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\A0057207.dll.infected'

    C:\System Volume Information\_restoreA8393674-085C-4723-B63E-39928C5F4C89\RP119\A0057208.dll: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\A0057208.dll.infected'

    C:\System Volume Information\_restoreA8393674-085C-4723-B63E-39928C5F4C89\RP119\A0057209.dll: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\A0057209.dll.infected'

    C:\System Volume Information\_restoreA8393674-085C-4723-B63E-39928C5F4C89\RP73\A0019305.exe: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\A0019305.exe.infected'

    C:\System Volume Information\_restoreA8393674-085C-4723-B63E-39928C5F4C89\RP77\A0020506.exe: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\A0020506.exe.infected'

    C:\System Volume Information\_restoreA8393674-085C-4723-B63E-39928C5F4C89\RP79\A0021628.exe: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\A0021628.exe.infected'

    C:\System Volume Information\_restoreA8393674-085C-4723-B63E-39928C5F4C89\RP83\A0023739.exe: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\A0023739.exe.infected'

    C:\System Volume Information\_restoreA8393674-085C-4723-B63E-39928C5F4C89\RP85\A0024826.exe: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\A0024826.exe.infected'

    C:\System Volume Information\_restoreA8393674-085C-4723-B63E-39928C5F4C89\RP89\A0025043.exe: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\A0025043.exe.infected'

    WARNING: Can't open file C:\WINDOWS\system32\CatRoot2\tmp.edb: Permission denied

    WARNING: Can't open file C:\WINDOWS\system32\config\default: Permission denied

    WARNING: Can't open file C:\WINDOWS\system32\config\SAM: Permission denied

    WARNING: Can't open file C:\WINDOWS\system32\config\SECURITY: Permission denied

    WARNING: Can't open file C:\WINDOWS\system32\config\software: Permission denied

    WARNING: Can't open file C:\WINDOWS\system32\config\system: Permission denied



    C:\Documents and Settings\All Users\Application Data\Autorun Eater\Autorun Backup\autorun5.inf: Win.Worm.Autorun-456 FOUND

    C:\Documents and Settings\All Users\Application Data\Oracle\Java\installcache\baseimagefam8: Php.Exploit.CVE_2015_2331-1 FOUND

    C:\Documents and Settings\IBM\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2301728993-4250914820-3689261683-1005\4bd07e1ba952c6aa9bf83a8d98c08949_44300431-581c-43dc-895b-dffb501105a4: Win.Trojan.Agent-5497009-0 FOUND

    C:\Documents and Settings\IBM\Application Data\Sun\Java\jre1.6.0_18\Data1.cab: Win.Trojan.Ramnit-7017 FOUND

    C:\Program Files\Adobe\Reader 11.0\Reader\AcroBroker.exe: Win.Trojan.Agent-1364155 FOUND

    C:\Program Files\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe: Win.Trojan.Agent-1364064 FOUND

    C:\Program Files\Common Files\Ahead\Lib\libxml2.dll: Win.Trojan.Ramnit-7066 FOUND

    C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe: Win.Trojan.Agent-1364970 FOUND

    C:\Program Files\Nero\Nero 7\Nero Vision\libxml2.dll: Win.Trojan.Ramnit-7066 FOUND

    C:\Program Files\RealNetworks\RealDownloader\Common\hxmedpltfm.dll: Win.Trojan.Ramnit-6995 FOUND

    C:\Programme Files\Comodo\COMODO Internet Security\scanners\mach32.dll: Win.Downloader.Upatre-5744088-0 FOUND

    C:\System Volume Information\_restoreA8393674-085C-4723-B63E-39928C5F4C89\RP112\A0028999.exe: Eicar-Test-Signature FOUND

    C:\System Volume Information\_restoreA8393674-085C-4723-B63E-39928C5F4C89\RP114\A0031333.exe: Eicar-Test-Signature FOUND

    C:\System Volume Information\_restoreA8393674-085C-4723-B63E-39928C5F4C89\RP115\A0037716.exe: Eicar-Test-Signature FOUND

    C:\System Volume Information\_restoreA8393674-085C-4723-B63E-39928C5F4C89\RP116\A0040734.exe: Eicar-Test-Signature FOUND

    C:\System Volume Information\_restoreA8393674-085C-4723-B63E-39928C5F4C89\RP117\A0052947.exe: Eicar-Test-Signature FOUND

    C:\System Volume Information\_restoreA8393674-085C-4723-B63E-39928C5F4C89\RP117\A0053042.exe: Eicar-Test-Signature FOUND

    C:\System Volume Information\_restoreA8393674-085C-4723-B63E-39928C5F4C89\RP119\A0057202.inf: Win.Worm.Autorun-456 FOUND

    C:\System Volume Information\_restoreA8393674-085C-4723-B63E-39928C5F4C89\RP119\A0057203.exe: Win.Trojan.Agent-1364155 FOUND

    C:\System Volume Information\_restoreA8393674-085C-4723-B63E-39928C5F4C89\RP119\A0057204.exe: Win.Trojan.Agent-1364064 FOUND

    C:\System Volume Information\_restoreA8393674-085C-4723-B63E-39928C5F4C89\RP119\A0057205.dll: Win.Trojan.Ramnit-7066 FOUND

    C:\System Volume Information\_restoreA8393674-085C-4723-B63E-39928C5F4C89\RP119\A0057206.exe: Win.Trojan.Agent-1364970 FOUND

    C:\System Volume Information\_restoreA8393674-085C-4723-B63E-39928C5F4C89\RP119\A0057207.dll: Win.Trojan.Ramnit-7066 FOUND

    C:\System Volume Information\_restoreA8393674-085C-4723-B63E-39928C5F4C89\RP119\A0057208.dll: Win.Trojan.Ramnit-6995 FOUND

    C:\System Volume Information\_restoreA8393674-085C-4723-B63E-39928C5F4C89\RP119\A0057209.dll: Win.Downloader.Upatre-5744088-0 FOUND

    C:\System Volume Information\_restoreA8393674-085C-4723-B63E-39928C5F4C89\RP73\A0019305.exe: Eicar-Test-Signature FOUND

    C:\System Volume Information\_restoreA8393674-085C-4723-B63E-39928C5F4C89\RP77\A0020506.exe: Eicar-Test-Signature FOUND

    C:\System Volume Information\_restoreA8393674-085C-4723-B63E-39928C5F4C89\RP79\A0021628.exe: Eicar-Test-Signature FOUND

    C:\System Volume Information\_restoreA8393674-085C-4723-B63E-39928C5F4C89\RP83\A0023739.exe: Eicar-Test-Signature FOUND

    C:\System Volume Information\_restoreA8393674-085C-4723-B63E-39928C5F4C89\RP85\A0024826.exe: Eicar-Test-Signature FOUND

    C:\System Volume Information\_restoreA8393674-085C-4723-B63E-39928C5F4C89\RP89\A0025043.exe: Eicar-Test-Signature FOUND

    ----------- SCAN SUMMARY -----------

    Known viruses: 6284808

    Engine version: 0.99.1

    Scanned directories: 8039

    Scanned files: 72843

    Infected files: 31



    Data scanned: 34484.34 MB

    Data read: 28321.22 MB (ratio 1.22:1)

    Time: 19036.484 sec (317 m 16 s)



    --------------------------------------

    Completed

    --------------------------------------
     
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    There are a lot of false detections in that info. Clam is noted for false positives. I recommend uninstalling it too. But I'm am a little concerned as to whether the Ramnit indications are real or not. We may have to run a different scan later to find out. But we have other things to do first.

    Also try to get Comodo uninstalled.

    Also I recommend that you disable System Restore and then reboot the PC. After reboot, re-enable System Restore. The try to get me a new log from MGtools by doing the below preferable in normal boot mode if possible. Otherwise run it in safe boot mode.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, Win7, Win8 or Win10, don't double click, use right click and select Run As Administrator).
    Then attach the below log:
    • C:\MGlogs.zip
     
  5. manilka835

    manilka835 Private First Class

    MGlogs.zip is sent herewith.
     

    Attached Files:

  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You still have Comodo installed. As I stated earlier, this PC does not have enough memory to run Windows XP SP3 let alone having an antivirus program installed. You have only 57MB of free memory. This PC will crawl!!!!! If you really must use this PC ( not recommended on Win XP ) then you need to install another 2.5 GB of memory to have any hopes of using this PC in a reasonable fashion.

    And additional programs like Skype, IoBit SmartDefrag, USB Disk Security, and Autorun Eater are also adding to your issues since again, the PC does not have enough memory and also it is an old style processor.
     
  7. manilka835

    manilka835 Private First Class

    Comodo Firewall does not appear on the list of Programmes indicated in Add or Remove Programmes and in the Comodo Folder indicates no components installed for removal. However the icons on System Tray & Desktop appear along with Firewall Messages.

    I will increase its memory when funds become available.

    It used to function all right once the programmes were loaded which took quite some time. This desktop freeze cameup most recently and still persists.

    Are there any Malware problems and if not shall I proceed with its normal function?
     
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Okay then I will try to help you remove it manually because it is likely the source of your slow downs since it requires a significant amount of resources.

    There are no malware issues.

    Let's try forcing Comodo to be uninstalled and cleanup a couple other items that will impact performance.

    Please download OTM by Old Timer and save it to your Desktop.
    • Run OTM.exe by double clicking on it (Note: if using Vista, Win7 or Win8, don't double click, use right click and select Run As Administrator).
    • Copy the lines from the below codebox to the clipboard by highlighting ALL of them and pressing CTRL + C
      (or, after highlighting, right-click and choose Copy): Do not include the word Code: which is just a title line of the code box
    • Make sure that you scroll all the way to the bottom of the code box to get the whole fix!
    Code:
    :services
    cmdAgent
    cmdvirth
    gupdate1ca612ac4ed974a
    gupdatem
    
    :Processes
    explorer.exe
    
     
    :Files
    C:\WINDOWS\Tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job
    C:\WINDOWS\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job
    C:\WINDOWS\Tasks\COMODO CMC {06A09C0F-DD9C-4191-A670-71115CD78627}.job
    C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1410931989.job
    C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2301728993-4250914820-3689261683-1005.job
    C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2301728993-4250914820-3689261683-1005.job
    C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2301728993-4250914820-3689261683-1005.job
    C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2301728993-4250914820-3689261683-1005.job
    C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2301728993-4250914820-3689261683-1005.job
    C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-2301728993-4250914820-3689261683-1005.job
    C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-2301728993-4250914820-3689261683-1005.job
    C:\WINDOWS\Tasks\SmartDefrag.job
    C:\WINDOWS\Tasks\SmartDefrag_Startup.job
    C:\WINDOWS\Tasks\SmartDefrag3_Update.job
    C:\WINDOWS\Tasks\SmartDefrag3_Startup.job
    C:\Programme Files\COMODO
    C:\Documents and Settings\IBM\Desktop\COMODO Firewall.lnk
    C:\Documents and Settings\All Users\Start Menu\Programs\COMODO
    C:\138b1e7f59884556922d027a
    C:\17609fb5841c2fa05801d39db2e48ad3
    C:\4f682c84d83543ca509de6be5f50efe8
    C:\4f7d96d6bad2092d4628012fa21bc366
    C:\5908b47b131609bc824c
    C:\6d66a4a0e6c56eaf2d7681835982
    C:\aa0dd5d6aebc15618a2a20
    C:\WINDOWS\temp\*.*
    C:\Documents and Settings\IBM\Local Settings\Temp\*.*
    
    
    :Reg
    [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
    [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "CCleaner Monitoring"=-
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\Run]
    "COMODO Internet Security"=-
    "Adobe ARM"=-
    "IseUI"=-
    :Commands
    [purity]
    [EmptyTemp]
    [start explorer]
    [Reboot]
    • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
    • Now click the large [​IMG] button.
    • If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
    • Close OTM.
    Now navigate to the C:\_OTM\MovedFiles folder ( assuming your Windows drive is C). This is where your log will be
    saved in the form of Date and Time mmddyyyy_hhmmss.log. Just look for the most recent .log file. Attach
    this log file to your next message.

    Now please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, Win7, 8 or 10, right-mouse click it and select Run as Administrator.
    • The tool will open and start scanning your system.
    • Note: That JRT may reset your home page to a google default so you will need to restore your home page setting if this happens.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Attach JRT.txt to your next message.
    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, Win7, Win8 or Win10, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:
    • the C:\_OTM\MovedFiles log
    • the JRT.TXT log
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
  9. manilka835

    manilka835 Private First Class

    When the OTM.exe was run, after pasting and clicking "Move it" Button, the system froze and the C:\_OTM\MovedFiles log could not be obtained.

    the JRT.TXT log was saved when the log appeared on screen. On completion, a log (JRT.txt) was not saved to the desktop.

    C:\MGlogs.zip
    was available as stated.

    The Computer restarted without the desktop freezing, but I beleive, Comodo Firewall is still installed.

    • Bitdefender Antivirus Free Edition- Antivirus
    • COMODO Internet Security- Firewall
    • Malwarebytes Anti-Malware version 2.2.1.1043
    • SpywareBlaster 5.5
    • SUPERAntiSpyware were installed as instructed in
      "How to Protect yourself from malware!"
      thread. What shall I do if they are not to be re-installed?

     

    Attached Files:

  10. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Yes Comodo is still installed because OTM did not run properly. Please try booting in safe boot mode and running the steps with OTM. If it runs properly then boot back into normal bootmode and get a new log from running GetLogs.bat again.

    Don't worry about How to Protect yet until we get all of the current items off the PC to see how it works. In reality, you are probably not going to be able to install any current versions of protection software on this PC due to insufficient memory and due to it being an old PC that cannot run modern protection software without dramatically impact PC performance.
     

Share This Page

MajorGeeks.Com Menu

MajorGeeks.Com \ All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ NEW! PC Games \ System Tools \ Macintosh \ Demonews.Com \ Top Downloads

MajorGeeks.Com \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds