MajorGeeks Support Forums

Go Back   MajorGeeks Support Forums > ----------= PC, Desktop and Laptop Support =---------- > Malware Removal
Register FAQ Members List Calendar Casino Mark Forums Read

Malware Removal Malware removal forum. Please see the READ ME FIRST thread before you post. Forum is staffed by a small number of volunteers, please be patient.


Closed Thread
 
Thread Tools Display Modes
  #21  
Old 04-30-13, 23:43
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,771
Thanks: 62
Thanked 7,836 Times in 4,254 Posts
Default Re: Malware problem?: problems with windows7 starter

You're welcome.
Quote:
Originally Posted by ChemMD View Post
I failed to right-click to Run As Administrator, so I closed the popup window. When I checked the desktop and the C:\ folder MGTools-related folders are no longer there. Hope I did not mess anything up?
Should be okay.

Quote:
Originally Posted by ChemMD View Post
I have posted on the Networking forum as you suggested. Waiting for a reply.
Okay! Hope all goes well.
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Sponsored links
  #22  
Old 05-01-13, 03:55
ChemMD ChemMD is offline
Private First Class
 
Join Date: May 2009
Posts: 38
Thanks: 19
Thanked 0 Times in 0 Posts
Default Re: Malware problem?: problems with windows7 starter

Just an update. Microsoft Security Essentials found Worm:Win32/Gamarue.O on my notebook computer. Went ahead and installed one while waiting for help in a separate forum here on my networking problem. I proceeded to remove it using MSE, and also ran a quick scan using Malwarebytes' Anti-Malware. That turned out no new threats. I am running a full MSE scan now on recommendation of the Microsoft site. Will update you later if any threat is found.
  #23  
Old 05-01-13, 11:26
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,771
Thanks: 62
Thanked 7,836 Times in 4,254 Posts
Default Re: Malware problem?: problems with windows7 starter

Since you had not fully completed my final instructions, this may have just been left overs from what we already cleaned up. It may have been in quarantines or system restore ( yet to be toggled ).

Tell me exactly where it found this. Like what folder/file names. What registry key..etc.
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
The Following User Says Thank You to chaslang For This Useful Post:
ChemMD (05-01-13)
  #24  
Old 05-01-13, 11:57
ChemMD ChemMD is offline
Private First Class
 
Join Date: May 2009
Posts: 38
Thanks: 19
Thanked 0 Times in 0 Posts
Default Re: Malware problem?: problems with windows7 starter

Hi, thanks for your reply. I do not have the details you ask. These were not available when Microsoft Security Essentials when it "found" the Worm, neither do I find it now in History tab for MSE.

MSE did NOT find any new problems on full scan. I guess I don't have to look further for malware problems, do I?

Still waiting for a response from Networking forum. I went back to work on post-malware removal instructions. It turns out I already have Service Pack 1 of Windows 7. I just need to run Windows Updates when I get back my network connections working.
  #25  
Old 05-01-13, 18:13
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,771
Thanks: 62
Thanked 7,836 Times in 4,254 Posts
Default Re: Malware problem?: problems with windows7 starter

Quote:
Originally Posted by ChemMD View Post
Hi, thanks for your reply. I do not have the details you ask. These were not available when Microsoft Security Essentials when it "found" the Worm, neither do I find it now in History tab for MSE.
Most likely it was just what we already quarantine because this is the name MS gives to some of the items we already fixed.

Quote:
Originally Posted by ChemMD View Post
MSE did NOT find any new problems on full scan. I guess I don't have to look further for malware problems, do I?
No.

Quote:
Originally Posted by ChemMD View Post
Still waiting for a response from Networking forum. I went back to work on post-malware removal instructions. It turns out I already have Service Pack 1 of Windows 7. I just need to run Windows Updates when I get back my network connections working.
I suggest that you finished the rest of my instructions that do not require a network connection. This way at least you have finished the cleanup and have removed all leftovers.
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
The Following User Says Thank You to chaslang For This Useful Post:
ChemMD (05-01-13)
Sponsored links
  #26  
Old 05-01-13, 20:54
ChemMD ChemMD is offline
Private First Class
 
Join Date: May 2009
Posts: 38
Thanks: 19
Thanked 0 Times in 0 Posts
Default Re: Malware problem?: problems with windows7 starter

Thanks for your response. While waiting I went ahead and removed ALL security software that I can find installed (including MAM), tried to System Restore to an earlier automatic restore point. That did NOT work. Then tried to System Restore in safe mode (risky, I know). It WORKED! Writing this reply now using my notebook's internet connection. Will go ahead with the last steps you named here. Thanks a lot!
  #27  
Old 05-02-13, 04:42
ChemMD ChemMD is offline
Private First Class
 
Join Date: May 2009
Posts: 38
Thanks: 19
Thanked 0 Times in 0 Posts
Default Re: Malware problem?: problems with windows7 starter

Hi again. It looks like my excitement was premature Am attaching logs from Step 4 of Vista & Windows 7 Malware Removal/Cleaning Procedure. Here is what happened.

I followed the rest of your final instructions on this thread without any problems until the 8th step: How to Protect yourself from malware. I did the Windows Update without any problems. At the second step on installing an antivirus program, I noticed that my AVG free antivirus is back (I uninstalled this prior to the successful System Restore). There were two new error messages on the task bar: 1) on finding an antispyware online, and 2) turning on my antivirus program. When I clicked on the first, windows tells me that I have two programs - windows defender and AVG free - that are turned off. This leads to a sequence that is supposed to turn it on, but it does not. When I clicked on the second, nothing happens. I tried to uninstall AVG through the Control Panel but does not work either. I found and uninstalled web site advisors and search bars that were removed by our malware removal efforts earlier.

Thinking that doing System Restore to an earlier point lead me back to an infected state, I followed Step 4 noted above and am attaching the logs. Hope this helps you figure out where I am now. Please note that I can not undo System Restore because I did it on Safe Mode. It was not possible using Normal Mode.
Attached Files
File Type: log HitmanPro_20130502_1605.log (4.3 KB, 3 views)
File Type: txt mbam-log-2013-05-02 (15-29-31).txt (8.5 KB, 3 views)
File Type: zip MGlogs.zip (261.3 KB, 3 views)
File Type: txt RKreport[1]_S_05022013_02d1525.txt (1.7 KB, 4 views)
File Type: txt TDSSKiller.2.8.16.0_02.05.2013_15.48.37_log.txt (130.1 KB, 3 views)
  #28  
Old 05-02-13, 11:39
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,771
Thanks: 62
Thanked 7,836 Times in 4,254 Posts
Default Re: Malware problem?: problems with windows7 starter

Quote:
Originally Posted by ChemMD View Post
Thinking that doing System Restore to an earlier point lead me back to an infected state,
Correct. But this is still better than having no internet. When you first can here, your very first logs showed that your network interface was basically missing. Now you have the devices showing up and they work.

Now we can reclean what we need to clean. I will probably get back to you late tonight on this with the next steps. In the meantime, please do not make any other changes at all to the system. The cleanup should be relatively easy.
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
The Following User Says Thank You to chaslang For This Useful Post:
ChemMD (05-02-13)
  #29  
Old 05-03-13, 01:15
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,771
Thanks: 62
Thanked 7,836 Times in 4,254 Posts
Default Re: Malware problem?: problems with windows7 starter

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista or Win 7, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://blekko.com/ws/?source=5f97ddb...0054d4c0b44710
R3 - URLSearchHook: (no name) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (file missing)
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (file missing)
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe

After clicking Fix, exit HJT.


Please download OTM by Old Timer and save it to your Desktop.
  • Run it by double clicking on it (Note: if using Vista, Win7, or Win8, don't double click, use right click and select Run As Administrator).
  • Copy the lines from the below codebox to the clipboard by highlighting ALL of them and pressing CTRL + C
    (or, after highlighting, right-click and choose Copy): Do not include the word Code: which is just a title line of
    the code box
Code:
:Processes
explorer.exe
 
:Services
AVGIDSAgent 
avgwd
 
:Files
C:\Users\Inocencio Alejandro\AppData\Roaming\Mozilla\Firefox\Profiles\0x3adhg8.default\extensions\ffxtlbr@funmoods.com
C:\Users\Inocencio Alejandro\AppData\Roaming\DriverCure
C:\Users\Inocencio Alejandro\AppData\Roaming\SpeedyPC Software
C:\ProgramData\SpeedyPC Software
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
C:\$AVG
C:\Program Files\AVG
C:\Users\Inocencio Alejandro\AppData\Local\iLivid
C:\Program Files\SEARCH~1
C:\Program Files\blekko
C:\Windows\Temp\*.*
C:\Users\Inocencio Alejandro\AppData\Local\Temp\*.*
 
:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Funmoods]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
[-HKEY_USERS\S-1-5-21-2792451099-2161147092-3411897261-1000\Software\Datamngr]
[-HKEY_USERS\S-1-5-21-2792451099-2161147092-3411897261-1000\Software\DataMngr_Toolbar]
[-HKEY_USERS\S-1-5-21-2792451099-2161147092-3411897261-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2318C2B1-4965-11d4-9B18-009027A5CD4F}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{241DBC8D-14E3-4240-8EE5-3AC35086B638}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6F8CBBFB-7986-4140-91EC-D8C7F1EC8DF3}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iLivid]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\Run]
"DATAMNGR"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iLivid]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilividtoolbarguid]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{67A2568C-7A0A-4EED-AECC-B5405DE63B64}"
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{A4705A98-123C-4F53-8742-1D43275C867A}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BAE35237-8D73-44D0-905C-8A95EA1E7E69}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EECF410C-006C-4A05-AD13-6741A0814DBF}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\Run]
"Check Point Endpoint Security"=-
"AVG_UI"=-
:Commands
[purity]
[EmptyTemp]
[start explorer]

[Reboot]
  • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar
    ) and choose Paste.
  • Now click the large button.
  • If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
  • Close OTM.
Now navigate to the C:\_OTM\MovedFiles folder ( assuming your Windows drive is C). This is where your log will be
saved in the form of Date and Time mmddyyyy_hhmmss.log. Just look for the most recent .log file. Attach
this log file to your next message.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).


Then attach the below logs:
  • the C:\_OTM\MovedFiles log
  • C:\MGlogs.zip
Make sure you tell me how things are working now!
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
  #30  
Old 05-03-13, 03:32
ChemMD ChemMD is offline
Private First Class
 
Join Date: May 2009
Posts: 38
Thanks: 19
Thanked 0 Times in 0 Posts
Default Re: Malware problem?: problems with windows7 starter

Thanks for the next step! I was able to run everything without a hitch but please note the deviations below.

Quote:
Originally Posted by chaslang View Post
In the meantime, please do not make any other changes at all to the system. The cleanup should be relatively easy.
I stopped working on the notebook as soon as I got your quick reply. Unfortunately, I did make some some changes before then. I noticed two error messages about antivirus and antispyware. AVG won't start and can't be uninstalled. I found an AVG remover on this forum and used it successfully. Because I now have internet access without an antivirus I followed How to Protect yourself from malware on installing an antivirus and a firewall. I installed Microsoft Security Essentials and Comodo Personal Firewall. Because downloading slowed down noticeably with Comodo, I uninstalled it. It took more than an hour to uninstall and it was still going (HD LED light flickering). I went to bed and found it still shutting down when I woke in the morning. I used the notebook power switch to turn it off. Downloading became normal, and I have had no problem since.


Quote:
Originally Posted by chaslang View Post
Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista or Win 7, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://blekko.com/ws/?source=5f97ddb...0054d4c0b44710
R3 - URLSearchHook: (no name) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (file missing)
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (file missing)
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe

After clicking Fix, exit HJT.
No problems here, except that blekko, search bar and AVG are no longer here. I uninstalled these from Control Panel/Programs when I was trying to uninstall AVG.


Quote:
Originally Posted by chaslang View Post
Please download OTM by Old Timer and save it to your Desktop.
No deviations here. I have a stupid question: I noted references to AVG here. Will that be problem since I have uninstalled it earlier?

A second question: the desktop shows hidden files now. I noticed two files with different dates named desktop.ini... In My Documents folder I notice that there are a few files that have both the actual file and a shortcut to the file. Is this a problem?

No problems nor deviations in the rest of the steps. The logs are attached. Really appreciate your help.
Attached Files
File Type: log 05032013_144447.log (32.9 KB, 1 views)
File Type: zip MGlogs.zip (277.5 KB, 7 views)
Sponsored links
  #31  
Old 05-03-13, 23:24
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,771
Thanks: 62
Thanked 7,836 Times in 4,254 Posts
Default Re: Malware problem?: problems with windows7 starter

Quote:
Originally Posted by ChemMD View Post
I stopped working on the notebook as soon as I got your quick reply. Unfortunately, I did make some some changes before then.
For future reference, and this is stated right at the early sections of the READ & RUN ME, once you start working our procedures, you should only be doing what we ask you to do and nothing else until we finish.

Your logs are clean. Are you having any malware problems? The desktop.ini files are normal
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
The Following User Says Thank You to chaslang For This Useful Post:
ChemMD (05-04-13)
  #32  
Old 05-04-13, 06:04
ChemMD ChemMD is offline
Private First Class
 
Join Date: May 2009
Posts: 38
Thanks: 19
Thanked 0 Times in 0 Posts
Default Re: Malware problem?: problems with windows7 starter

Quote:
Originally Posted by chaslang View Post
For future reference, and this is stated right at the early sections of the READ & RUN ME, once you start working our procedures, you should only be doing what we ask you to do and nothing else until we finish.
I understand. Next time I will let you know of any deviations BEFORE acting on them. Thanks for your help.


Quote:
Originally Posted by chaslang View Post
Your logs are clean. Are you having any malware problems? The desktop.ini files are normal
That is good to hear. No, I have not noticed any traces of the problems I described when we first started, including the error messages in Device Manager/Network Adapters.

If I understand your sticky notes and your previous responses on this thread, I need to give this a few days to monitor for malware problems and then do the post-malware removal steps. Which do I follow - the one with toggling System Restore or the one in this thread without it?

I am also now ready to backup my files on an external hard drive. When should I do that in the post-malware removal steps? and how often should I backup after this?

Thanks again for your help!
  #33  
Old 05-04-13, 08:31
ChemMD ChemMD is offline
Private First Class
 
Join Date: May 2009
Posts: 38
Thanks: 19
Thanked 0 Times in 0 Posts
Default Re: Malware problem?: problems with windows7 starter

Problems again :-( Since you told me do as much as I can of the post-malware removal steps, I went ahead down the list. Defogger does not need to be uninstalled because it was already uninstalled earlier. Hijack This is NOT in the list of programs in Control Panel/Programs. I enabled UAC and ran MGClean.bat as instructed. I deleted c:\MGTools folder because it was still there. I then proceeded with How to Protect yourself from malware.

Windows is up-to-date. Microsoft Security Essentials is up-to-date and working. I hesitated on the firewall because of my problems earlier in this thread, so I used some of the tests suggested. My windows firewall failed in the comodo test and the auditmypc test. I downloaded and installed Comodo Personal Firewall. When I restarted the computer as instructed after the install, I got this error message: "C:\PROGRA~1\cnosd\cnosd.exe This operation returned because the timeout period expired." Comodo personal firewall seems to be running because the color was green.

The second problem was that Google Chrome froze while trying to log on to your site. I waited for a while, then I timed while waiting for two minutes, then turned the computer off using the power switch. I am now writing this message in the computer using Safe Mode with Networking. Will try to get online after this using Normal Mode. Will edit this message if I am able to do so.

NOTE: I was able to get back in Normal Mode, get online without a hitch. Comodo Personal Firewall is a green. Will stop work and wait for your instructions on next step.

Last edited by ChemMD; 05-04-13 at 08:36.. Reason: incomplete post
  #34  
Old 05-05-13, 14:37
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,771
Thanks: 62
Thanked 7,836 Times in 4,254 Posts
Default Re: Malware problem?: problems with windows7 starter

Quote:
Originally Posted by ChemMD View Post
I downloaded and installed Comodo Personal Firewall. When I restarted the computer as instructed after the install, I got this error message: "C:\PROGRA~1\cnosd\cnosd.exe This operation returned because the timeout period expired."
Do you know what this cnosd.exe program is? It is something you have installed. But what is it? It loads at startup. It shows as the below in your uninstall programs list and this does seem suspicious.
Quote:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{35F814AA-CB70-4927-A7BC-2B0D0F85F8C8}]
"AuthorizedCDFPrefix"=""
"Comments"=""
"Contact"=""
"DisplayVersion"="1.0.0.4"
"HelpLink"=""
"HelpTelephone"=""
"InstallDate"="20110909"
"InstallLocation"="C:\\Program Files\\cnosd\\"
"InstallSource"="C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\{F2345E53-E484-401D-B2CE-AC3E29AE5811}\\"
"ModifyPath"=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,78,\
00,65,00,20,00,2f,00,49,00,7b,00,33,00,35,00,46,00,38,00,31,00,34,00,41,00,\
41,00,2d,00,43,00,42,00,37,00,30,00,2d,00,34,00,39,00,32,00,37,00,2d,00,41,\
00,37,00,42,00,43,00,2d,00,32,00,42,00,30,00,44,00,30,00,46,00,38,00,35,00,\
46,00,38,00,43,00,38,00,7d,00,00,00
"Publisher"="cn_client"
"Readme"=""
"Size"=""
"EstimatedSize"=dword:00000050
"UninstallString"=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,\
78,00,65,00,20,00,2f,00,49,00,7b,00,33,00,35,00,46,00,38,00,31,00,34,00,41,\
00,41,00,2d,00,43,00,42,00,37,00,30,00,2d,00,34,00,39,00,32,00,37,00,2d,00,\
41,00,37,00,42,00,43,00,2d,00,32,00,42,00,30,00,44,00,30,00,46,00,38,00,35,\
00,46,00,38,00,43,00,38,00,7d,00,00,00
"URLInfoAbout"="http://www.cn_client.com"
"URLUpdateInfo"=""
"VersionMajor"=dword:00000001
"VersionMinor"=dword:00000000
"WindowsInstaller"=dword:00000001
"Version"=dword:01000000
"Language"=dword:00000000
"DisplayName"="CNOSD"
If you do not know what it is then uninstall it.


Quote:
Originally Posted by ChemMD View Post
The second problem was that Google Chrome froze while trying to log on to your site.
You may want to uninstall Chrome, reboot and delete the below folder.

C:\Users\Inocencio Alejandro\AppData\Local\Google\Chrome

The if you wish to still use Chrome, redownload and reinstall. You can get it here >> Google Chrome 26.0.1410.64 Stable
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
The Following User Says Thank You to chaslang For This Useful Post:
ChemMD (05-05-13)
  #35  
Old 05-05-13, 18:34
ChemMD ChemMD is offline
Private First Class
 
Join Date: May 2009
Posts: 38
Thanks: 19
Thanked 0 Times in 0 Posts
Default Re: Malware problem?: problems with windows7 starter

Thanks for the next step. I googled cnosd.exe and found that it generally is reported safe. One polish site seems a bit concerned about it. I uninstalled it.

I also uninstalled Google Chrome without a hitch, but had problem downloading it from your site. Something about it not being on my server. I downloaded it from the Google site (the stable one, of course) using Mozilla Firefox, and that crashed during the download and the install. I am also remembering now that in the recent past (?few weeks) Internet Explorer has had problems accessing a few websites. Do you think I should uninstall and re-install IE and MF? I use Google Chrome preferentially, and use MF as backup. Your sticky notes mention that IE is now safer than the rest (as of 2010?).

No other immediate problems on my notebook so far, apart from the browser problems noted.
Sponsored links
  #36  
Old 05-05-13, 19:39
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,771
Thanks: 62
Thanked 7,836 Times in 4,254 Posts
Default Re: Malware problem?: problems with windows7 starter

Yes some of our download page links are down right now.

I suggest that you use IE to download it from Google. If Firefox is a problem then perhaps it needs to be reinstalled too. Actually IE is more secure than both Google and Firefox. We have more problem here with Google and Firefox than with IE. Also IE is easier to clean when infected. Google and Firefox frequently need to be reinstalled when they get infected.
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
The Following User Says Thank You to chaslang For This Useful Post:
ChemMD (05-06-13)
  #37  
Old 05-06-13, 09:31
ChemMD ChemMD is offline
Private First Class
 
Join Date: May 2009
Posts: 38
Thanks: 19
Thanked 0 Times in 0 Posts
Default Re: Malware problem?: problems with windows7 starter

Thanks for this. Based on your response, I decided to uninstall Mozilla Firefox because I rarely use it recently. I have re-installed Google Chrome successfully before my previous post.

I am having problems with IE. When I open it, a pop-up window asks me if I want to allow Google toolbar for Internet Explorer. After I click to disallow it, I get multiple copies of the same pop-up window. It seems IE is infected but Microsoft Security Essentials and Malwarebytes' Anti-Malware finds no malicious software. How do I clean IE? I cannot uninstall and re-install because IE is NOT on Control Panel/Programs and Features.
  #38  
Old 05-07-13, 00:03
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,771
Thanks: 62
Thanked 7,836 Times in 4,254 Posts
Default Re: Malware problem?: problems with windows7 starter

Quote:
Originally Posted by ChemMD View Post
I am having problems with IE. When I open it, a pop-up window asks me if I want to allow Google toolbar for Internet Explorer. After I click to disallow it, I get multiple copies of the same pop-up window. It seems IE is infected
Google Toolbar is not an infection. You installed it when you installed the below software
Quote:
Google Chrome
Google Drive
Google Toolbar for Internet Explorer
Google Update Helper
Quote:
Originally Posted by ChemMD View Post
How do I clean IE? I cannot uninstall and re-install because IE is NOT on Control Panel/Programs and Features.
There is nothing to clean. Google Toolbar is not an infection. You installed it. If you do not want it then uninstall it.
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
The Following User Says Thank You to chaslang For This Useful Post:
ChemMD (05-07-13)
  #39  
Old 05-07-13, 01:04
ChemMD ChemMD is offline
Private First Class
 
Join Date: May 2009
Posts: 38
Thanks: 19
Thanked 0 Times in 0 Posts
Default Re: Malware problem?: problems with windows7 starter

Thanks. I have finished all the final steps in this thread, including How to Protect yourself from Malware! May I toggle System Restore now?
  #40  
Old 05-07-13, 19:28
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,771
Thanks: 62
Thanked 7,836 Times in 4,254 Posts
Default Re: Malware problem?: problems with windows7 starter

You're welcome.
Quote:
Originally Posted by ChemMD View Post
May I toggle System Restore now?
Yes since you now have network connectivity, you should do this to remove old and possibly infected restore points and establish a new clean starting point. The only reason we did not do this before was to try and use System Restore as a last chance option to fix the network problems. This is why our procedures only toggle SR after problems have been fixed. Too many sites have you do this first and antivirus companies do too. Then you are out of luck when something goes wrong. Our motto is "even an infected restore may be better than none at all when a problem arises".
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
The Following User Says Thank You to chaslang For This Useful Post:
ChemMD (05-08-13)
Sponsored links
Closed Thread

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Windows7 intermittent lockup. Suspect malware. motoslide Malware Removal 3 08-11-12 06:06
Virus or malware Windows7 64bit desktop, followed threads here and have logs. Riccawthra Malware Removal 3 07-31-12 02:00
Some problems with Windows7 and games debodun Software 15 01-24-12 20:59
Windows7 STUPID delete problem stevvie Software 0 04-14-10 18:43
problem: Avira Antivir/windows7 appreciative1 Software 1 12-18-09 17:45


All times are GMT -5. The time now is 10:06.

MajorGeeks.Com Menu

MajorGeeks.Com \ All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ NEW! PC Games \ System Tools \ Macintosh \ Demonews.Com \ Top Downloads

MajorGeeks.Com \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds


All content Copyright MajorGeeks.com source code Powered by vBulletin® Version 3.8.4
Copyright © 2009 vBulletin Solutions, Inc. All rights reserved.
Ad Management by RedTyger