MajorGeeks Support Forums

Go Back   MajorGeeks Support Forums > ----------= PC, Desktop and Laptop Support =---------- > Malware Removal
Register FAQ Members List Calendar Casino Mark Forums Read

Malware Removal Malware removal forum. Please see the READ ME FIRST thread before you post. Forum is staffed by a small number of volunteers, please be patient.


Reply
 
Thread Tools Display Modes
  #1  
Old 03-10-12, 18:06
Joyfulsong11 Joyfulsong11 is offline
Private E-2
 
Join Date: May 2011
Posts: 27
Thanks: 5
Thanked 0 Times in 0 Posts
Default No flash video & Trojans

This computer was given to my father with an expired antivirus program (McAfee) and I believe some questionable websites were visited. I have since explained about the viruses and dangers of those websites, and I do not believe they will be an issue in the future.

The main symptom that tipped me off was that no flash videos would load on legitimate sites (local news clips mostly, but also youtube). I get notices that Adobe Flash needs to be installed and even after installing it is the same result. I installed Comodo Dragon thinking since it's based on Google Chrome and has flash built in it may work better. No luck, in fact it wouldn't load any websites at all, crashing instead. So, I began running scans, turning up multiple trojans. This is when dear ol' dad and I had a talk about his browsing practices. *sigh* Anyway . . . like your policies here, I figured I'd help him get the computer cleaned up once, and see if I can get his local news videos working. I've included the logs. Also, I just tested the video problem again and IE still acts the same with no flash videos, but Comodo Dragon is opperating fine, loading youtube videos, but not foxnews.com videos, so it may be a website issue. I don't know. As long as the viruses are off, and the computer is safe, I'm okay with no solving the video problem at the point. So, any help or observations would be greatly appreciated.

Also, I'm planning to install a free antivirus on here, as soon as I know it's clean. I was thinking about Avira, since it's pretty popular in your download section here. Something simple, effective, and not too confusing for Dad would be nice, so if anyone has suggestions of a better free antivirus that meets those requirements, I'm open to suggestions there too. Also, I am planning to install Comodo firewall, not the antivirus though. I prefer separate applications. In the past I've used F-Prot for antivirus, but it's not free.

Oh, one last thing, there are multiple Malwarebytes logs. I don't really know why, only thing I can think of is that the scans were interrupted and restarted (possibly to play solitaire) when I was not around. So, hopefully the info is still useful.

Thank you all for all the time you put into making the internet a safer world !
Attached Files
File Type: txt mbam-log-2012-03-08 (09-07-19).txt (4.0 KB, 2 views)
File Type: txt mbam-log-2012-03-08 (09-36-07).txt (2.4 KB, 2 views)
File Type: txt mbam-log-2012-03-08 (10-08-09).txt (1.8 KB, 1 views)
File Type: txt mbam-log-2012-03-08 (11-54-14).txt (1.8 KB, 1 views)
Reply With Quote
Sponsored links
  #2  
Old 03-10-12, 18:07
Joyfulsong11 Joyfulsong11 is offline
Private E-2
 
Join Date: May 2011
Posts: 27
Thanks: 5
Thanked 0 Times in 0 Posts
Default Re: No flash video & Trojans

logs continued
Attached Files
File Type: txt mbam-log-2012-03-09 (08-29-18).txt (1.8 KB, 1 views)
File Type: zip MGlogs.zip (129.0 KB, 1 views)
File Type: txt rootrepeallog.txt (690 Bytes, 1 views)
File Type: log SUPERAntiSpyware Scan Log - 03-07-2012 - 12-45-56.log (1.0 KB, 1 views)
Reply With Quote
  #3  
Old 03-10-12, 22:28
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,169
Thanks: 61
Thanked 7,582 Times in 4,080 Posts
Default Re: No flash video & Trojans

Since McAfee is expired, I suggest that you uninstall it right now. It is still loading some processes.

Please goto the below link and follow the instructions for running TDSSKiller from Kaspersky
  • Be sure to attach your log from TDSSKiller
Now please also download MBRCheck to your desktop.


See the download links under this icon
  • Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
  • It will show a Black screen with some information that will contain either the below line if no problem is found:
    • Done! Press ENTER to exit...
  • Or you will see more information like below if a problem is found:
    • Found non-standard or infected MBR.
    • Enter 'Y' and hit ENTER for more options, or 'N' to exit:
  • Either way, just choose to exit the program at this point since we want to see only the scan results to begin with.
  • MBRCheck will create a log named similar to MBRCheck_07.16.10_00.32.33.txt which is random based on date and time.
  • Attach this log to your next message. (See: HOW TO: Attach Items To Your Post )
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Reply With Quote
  #4  
Old 03-10-12, 22:32
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,169
Thanks: 61
Thanked 7,582 Times in 4,080 Posts
Default Re: No flash video & Trojans

Also I have a question about the below being loaded from the Start Menu. Do you know if this is legit?


O4 - Global Startup: run_startmenu.cmd

Now I notice that McAfee may have been uninstalled but it was not properly uninstalled. So to that end, run the below:

McAfee Consumer Product Removal Tool


Also uninstall the below as was instructed in the READ & RUN ME.

Java 2 Runtime Environment, SE v1.4.2
Java(TM) 6 Update 20
Viewpoint Media Player


Now download the current version of MGtools and save it to your root folder. Overwrite your previous MGtools.exe file with this one.

Your logs are looking pretty good. Seems the cleaning process took care of most problems. Let's see what the TDSSkiller and MBRcheck logs show.
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter

Last edited by chaslang; 03-10-12 at 23:11..
Reply With Quote
  #5  
Old 03-13-12, 14:43
Joyfulsong11 Joyfulsong11 is offline
Private E-2
 
Join Date: May 2011
Posts: 27
Thanks: 5
Thanked 0 Times in 0 Posts
Default Re: No flash video & Trojans

Thanks for the quick feedback !

Here are the logs for the scans you requested, and I have no idea what that Global Startup command is so I can't really say what it's for or if it is something that should be there or not. Sorry.

Oh, and it may be a completely separate problem, but flash is still not loading in Internet Explorer, but seems to be working sometimes in Comodo Dragon.

Thanks again !
Attached Files
File Type: txt TDSSKiller.2.7.20.0_12.03.2012_19.21.48_log.txt (56.1 KB, 2 views)
File Type: txt MBRCheck_03.12.12_20.20.42.txt (8.7 KB, 2 views)
File Type: zip MGlogs.zip (128.6 KB, 3 views)
Reply With Quote
Sponsored links
  #6  
Old 03-15-12, 21:56
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,169
Thanks: 61
Thanked 7,582 Times in 4,080 Posts
Default Re: No flash video & Trojans

Quote:
Originally Posted by Joyfulsong11 View Post
and I have no idea what that Global Startup command is so I can't really say what it's for or if it is something that should be there or not.
Click Start, Run and copy and paste below into the Run box and click OK.

notepad C:\Documents and Settings\All Users\Start Menu\Programs\Startup\run_startmenu.cmd

Notepad will open up showing the contents of the file. Copy what you see and paste it back here into your next message.

Quote:
Originally Posted by Joyfulsong11 View Post
Oh, and it may be a completely separate problem, but flash is still not loading in Internet Explorer, but seems to be working sometimes in Comodo Dragon.
You can post about this in the Software Forum.

Your logs are clean but you can fix the below left overs.

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista or Win 7, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - (no file)
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)

After clicking Fix, exit HJT.



If you are not having any other malware problems, it is time to do our final steps:
  1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
  2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
    • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
    • "%userprofile%\Desktop\combofix" /uninstall
      • Notes: The space between the combofix" and the /uninstall, it must be there.
      • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
  3. Go back to step 6 oof the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
  4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
  5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
  6. If running Vista or Win 7, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
  7. Go to add/remove programs and uninstall HijackThis.
  8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
    related to MGtools and some other items from our cleaning procedures.
  9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
    • Refer to the cleaning procedures pointed to by step 7 of the READ ME
      for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
    • Then reboot and Enable System Restore to create a new clean Restore Point.
  10. After doing the above, you should work thru the below link:
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Reply With Quote
  #7  
Old 03-16-12, 17:29
Joyfulsong11 Joyfulsong11 is offline
Private E-2
 
Join Date: May 2011
Posts: 27
Thanks: 5
Thanked 0 Times in 0 Posts
Default Re: No flash video & Trojans

Here are the contents of the file requested.


@echo off
c:\windows\i386\apps\startmenu.cmd


I have no idea what that means, but hopefully you will !

Thank you so much for all your help, the computer is already running much faster !

Also, any opinions on permanent anti-virus ? I downloaded Avira but haven't installed it.

Thank you again !
Reply With Quote
  #8  
Old 03-17-12, 12:27
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,169
Thanks: 61
Thanked 7,582 Times in 4,080 Posts
Default Re: No flash video & Trojans

Quote:
Originally Posted by Joyfulsong11 View Post
Here are the contents of the file requested.
Okay that just points to another file. What is in the
c:\windows\i386\apps\startmenu.cmd file.
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Reply With Quote
  #9  
Old 03-23-12, 12:09
Joyfulsong11 Joyfulsong11 is offline
Private E-2
 
Join Date: May 2011
Posts: 27
Thanks: 5
Thanked 0 Times in 0 Posts
Default Re: No flash video & Trojans

I tried to pull up the file you asked about, and the folder it was located in isn't there. I can get to c:\windows\i386 but there is no "apps" folder and I did check for hidden folders, and still nothing shows up. The only thing I can figure is that the folder may have been removed as part of the cleaning procedure. I'll let you guys figure out the rest !
Reply With Quote
  #10  
Old 03-23-12, 19:05
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,169
Thanks: 61
Thanked 7,582 Times in 4,080 Posts
Default Re: No flash video & Trojans

Okay then just delete the below file and this startup will be gone.


C:\Documents and Settings\All Users\Start Menu\Programs\Startup\run_startmenu.cmd
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Reply With Quote
Sponsored links
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
can't play flash video Abufareedah Software 2 08-09-11 07:03
flash video downloader spockisapimp Software 4 07-25-10 14:54
Converting Flash Video files to Video Files supported by Windows Movie Maker manilka835 Software 14 12-27-09 13:56
Adobe flash player 9 no video rabl Software 0 01-23-08 14:50
Flash Resume Video jonathan03 The Lounge 4 04-10-05 23:39


All times are GMT -5. The time now is 14:37.

MajorGeeks.Com Menu

MajorGeeks.Com \ All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ NEW! PC Games \ System Tools \ Macintosh \ Demonews.Com \ Top Downloads

MajorGeeks.Com \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds


Powered by vBulletin® Version 3.8.4
Copyright © 2009 vBulletin Solutions, Inc. All rights reserved.
Ad Management by RedTyger