bloodhound.exploit?

Yes, David was right to have you try to uninstall these softwares to try and help diagnose the problem. He didn't do anything wrong. Your last comment in that thread was:

Now you are here.

So you must follow these procedures please.

Please read ALL of this message including the notes before doing anything.

Pleases follow the instructions in the below link:

READ & RUN ME FIRST. Malware Removal Guide


and attach the requested logs when you finish these instructions.

• **** If something does not run, write down the info to explain to us later but keep on going. ****
• Do not assume that because one step does not work that they all will not. MGtools will frequently run even when all other tools will not.

• After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!

Helpful Notes:

1. If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
   
   • Starting your computer in Safe mode
2. If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware and Malwarebytes ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
3. If you cannot seem to login to an infected user account, try using a different user account (if you have one) in either normal or safe boot mode and running only SUPERAntiSpyware and Malwarebytes while logged into this other user account. Then reboot and see if you can log into the problem user account. If you can then run SUPERAntiSpyware, Malwarebytes, ComboFix and MGtools on the infected account as requested in the instructions.
4. To avoid additional delay in getting a response, it is strongly advised that after completing the READ & RUN ME you also read this sticky:
   • Don't Bump! It Only Hurts You!!!

Any additional post is a bump which will add more delay. Once you attach the logs, your thread will be in the work queue and as stated our system works the oldest threads FIRST.
​

 

See comments in bold brown:

• AdAware - antispyware but free version provides no protection. Should be uninstall anyway since it is ineffective
• ASC - antispyware plus other unnecessary and not recommended stuff
• Avira - antivirus and antispyware
• SAS - antispyware but free version provides no protection so there is no conflict with free version.
• WinWash - none of the above.
• UninstallerPro - none of the above.
• ZoneAlarm - depends on what you installed from them. They offer full security suites, AV, AS, and firewall or only firewall.
• CCleaner - none of the above.
• HiJackThis - none of the above.
• MBAM - antispyware but free version provides no protection so there is no conflict with free version
• SpyBot - antispyware but free version provides no protection if Teatimer is disabled as we request. However their newest version offers more so without knowing what you installed, we cannot say what you have.
• Norton - Norton what. They make many things just like ZoneAlarm. However if you have their antivirus installed, you are all ready in conflict with Avira
• Windows Defender - - antispyware

You definitely have too many antispyware protection applications already installed for sure ( ASC, Avira, Windows Defender )

MGtools and RootRepeal do not delete files and folder. ComboFix could do this if they are suspected of being infections but that would be expected. What files and folders are you referring to?

 

You're welcome.

No one is at odds. antivirus (AV) does not equal antimalware (AM which is really antispyware [AS] ).

Already stated the below

What "kestrel/guide" are you referring to? I don't know of one. There is only the guide that I wrote. And if you are using the free version ( you did not state ) there is no protection and thus no conflict with anything and this is all stated in the How to protect yourself from malware sticky.

The only one you or us would care about is ASC and it is always running if you used the default install and thus it has its protection running too.

NOT ACCEPTABLE. The you MUST UNINSTALL. You cannot and must not even install multiple antivirus programs. Their services are still running and they are fighting over control of Windows Security Center. If you are going to keep Norton Internet Security, you must uninstall this. In fact you may have to uninstall everything and perform manual cleanup afterwards now and then reboot before reinstalling only one antivirus. You may have cause many internal conflicts/problems within Windows already and likely have reduced the effectiveness of all of your protection programs due to what you have done.

Windows Defender is NOT a firewall.

Then you mean you are using the firewall in Norton Internet Security now. You should not have ZoneAlarm installed at all then since Norton would be your firewall.

 

I still don't know what you are referring too. Kestrel13! just told you to run the READ & RUN ME cleaning procedure.

???????

 

Once you actually run the READ & RUN ME and attach the requested logs we can begin to check your PC out. You are wasting too much time over nothing and delaying getting any real help. You could have been finished already.

 

This is the Malware Removal forum. If you want help with malware, you need to follow our instructions in this forum and attach the logs we request. There is nothing that we want that you put in the other thread.

I suggest that you not bother posting again until you have the logs we requested to attach.

 

I just scanned quickly thru your other thread and it seems that you are saying that you are not having any problems right now. Is this true? If so, let's just do a quick check with one scan ( will only take you about 10 minutes ). Run MGtools as instructed in the below:

Using MGtools


Then attach the C:\MGlogs.zip file

 

Per your logs both Norton and ASC are still running. Norton does show as installed but ASC does not show in the Uninstall list obtained from your logs. It may be a good idea to finish removing both of these completely and then reinstall Norton Internet Security. Would you like to do this? Do you have the installer program to reinstall Norton?

Not necessarily but it is always good to run it to see if it helps.

 

Then if you want to try, it you will have to run it from your Start menu and see if it still let's you choose the free trial. It is Norton and it is running although maybe not fully running as a full protection program. Not sure you are missing it as it is quite obvious that it running and in your logs. You can see the service/process named >>> ccSvcHst.exe And the junk from Ask.com ( Norton partnered with Ask ) was installed with it and it is running too.

If you accept the free trial, Norton Internet Security (NIS) will be your full protection suite. That is it will be your antivirus, antispyware, firewall, and perhaps it does other things too. Not sure of everything that comes with this program now.

If you cannot get the trial to run then you will need to uninstall it or you can possibly set your PC back to how it came out of the box and get everything back to the way it was shipped and then don't install a load of unnecessary conflicting applications. Use the free NIS trial to see if you like it. There is possibly a factory recovery partition to put it back into the state it was shipped. Talk to your vendor or post in the Software Forum for instructions. Note that doing this, will cause everything you put on it to be gone so backup anything you need first.

We can forcefully remove it, but you need to simply answer either Yes or No without all the excess verbage. However if you are going to restore your PC to the state it was shipped, we will not have to waste time on this.

We already explained to you several times that it is not a firewall and I even told you in message number 4 that it is an antispyware. Yes it came on your PC because it is installed with Win 7 by default and since you never had accepted the trial from Norton you had no conflict with Norton's protection. Microsoft does not know what PC vendors are going to put on a PC. Nor do they know what you will be installing. They decided to build some additional protection into their OS starting with Vista. However since you seem to have a problem accepting what we are telling you, read the below from Microsoft:

http://www.microsoft.com/windows/products/winfamily/defender/default.mspx

Don't know for sure what you are really referring too exactly but I cannot tell you whether you had or have any malware problems on your PC unless you run our full cleaning procedure and attach all the logs we ask for. Based on a quick glance at your other thread, it did not really sound like malware but without logs, we cannot say for sure.

 

It's there but you may have a version that installed with a PFD reader that you installed.

Not really. Either activate it now ( if you still can ) or delete it so that you can properly install other programs to do the same. You cannot leave Norton installed and running like this in the background. It is only going to be a trial whether you try it now or try it later. And trying it later means it would be more out of date when you do.

You had no default AV. Your PC was shipped with a trial version of Norton which you did not fully activate/accept. You should have uninstalled it completely if you were not going to use it. Then you should have installed Avira.

You will have to do some searching then. Each program tells you what they are. Look on the vendors site if unsure.

Note that UAC is not an AV, AS/AM, or firewall. It is just User Account Control something that Microsoft added to Windows when Vista came out and it did nothing to help protect anyone from malware. UAC is really more of a protection from yourself since you get some warning messages. It limits application software to standard user privileges until an administrator authorizes an increase or elevation. Doing this allows only applications trusted by the user to receive administrative privileges. It was hoped that this would stop some from compromising the operating system. In other words, a user account may have administrator privileges assigned to it, but applications that the user runs do not inherit those privileges unless they are approved beforehand or the user explicitly authorizes it.

In reality, UAC only made life more difficult for malware removal then it did for for malware to get on a PC. It likely does at least make you think before approving certain applications, much like a firewall or AV may do, but it was very easy for malware to work around it.

 

As I was saying in my last message, there is no "default AV" in Windows.

 

Okay let's just end all of this right now as this is taking too much time and none of it is really a Malware Forum problem. I will give you my suggestions below which will remove ASC, Ask.com, and Norton. I cannot answer whether Norton provides free trials at some other time. You can ask Symantec or in the Software Forum. But it looks like they have trials but may have catches >>> http://us.norton.com/downloads/index.jsp


Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista or Win 7, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

R3 - URLSearchHook: (no name) - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
O3 - Toolbar: Foxit PDF Creator Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O4 - HKCU\..\Run: [Advanced SystemCare 4] "C:\Program Files (x86)\ASC 4.0.1\ASCTray.exe"

After clicking Fix, exit HJT.

Now uninstall the below
Ask Toolbar
Norton Internet Security.

Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.




Now download The Avenger by Swandog46, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Do not change any check box options!!
• Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

• Now click the Execute button.
• Click Yes to the prompt to confirm you want to execute.
• Click Yes to the Reboot now? question that will appear when Avenger finishes running.
• Your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

After reboot look for all of the above files we had Avenger attempt to delete. If you still see them, delete them yourself.

Also delete all files in the below folders except ones from the current date (Windows will not let you delete the files from the current day).
C:\WINDOWS\TEMP
C:\Documents and Settings\Sean Walsh\Local Settings\Temp

Now run Ccleaner. Only use the Run Cleaner button. Do not run anything else on any other forms.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).




Then attach the below logs:

• C:\avenger.txt
• C:\MGlogs.zip

Make sure you tell me how things are working now!
If everything is good, you will then be able to start on getting properly protected.