Author Topic: Comodo detected:Heur.suspicious@1. (Read 16740 times)

Painted Pony · « **Reply #16 on:** November 13, 2012, 02:16:50 PM »

C:\Documents and Settings\Sharon\Local Settings\temp\KMP_3.4.0.59.exe a variant of Win32/SoftonicDownloader.E application cleaned by deleting - quarantined

Painted Pony · « **Reply #17 on:** November 13, 2012, 02:55:37 PM »

In addition to what I sent -- I just ran SAS and it detected several items -- 8 items of which are in now in quarantine.

Dr Jay · « **Reply #18 on:** November 14, 2012, 01:20:55 AM »

Do you have a log from that? It probably detected stuff in quarantine and system restore.

It all appears to be good, so we will finish up to make sure your computer is protected from malware in the future.

Clean up System Restore

Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

Select Start > All Programs > Accessories > System tools > System Restore.
On the dialogue box that appears select Create a Restore Point
Click NEXT
Enter a name e.g. Clean
Click CREATE

You now have a clean restore point, to get rid of the bad ones:

Select Start > All Programs > Accessories > System tools > Disk Cleanup.
In the Drop down box that appears select your main drive e.g. C
Click OK
The System will do some calculation and the display a dialogue box with TABS
Select the More Options Tab.
At the bottom will be a system restore box with a CLEANUP button click this
Accept the Warning and select OK again, the program will close and you are done

Run OTC to remove our tools

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:

Save it to your Desktop.
Double click OTC.exe.
Click the CleanUp! button.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes.

Note:If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Purge old temporary files

NOTE: If you already have this installed, you don't have to reinstall it.

Please download CCleaner Slim and save it to your Desktop - Alternate download link

When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
Follow the prompts to install the program.

Double-click the CCleaner shortcut on the desktop to start the program.
A prompt will ask you if you want CCleaner to do a check to see what cookies it needs to keep. Allow that operation.
On the Cleaner tab, click on Run Cleaner on the bottom-right to run the program.
Important: Make sure that ALL browser windows are closed before selecting Run Cleaner, or it will ask if you want the program to close them for you (when you do this, all unsaved data may be lost in the browser).

Caution: Only use the Registry feature if you are very familiar with the registry.
Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.

Security Check

Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Painted Pony · « **Reply #19 on:** November 14, 2012, 11:29:02 AM »

Before I start the rest, here is the SAS log from yesterday:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/13/2012 at 01:44 PM

Application Version : 5.6.1014

Core Rules Database Version : 9578
Trace Rules Database Version: 7390

Scan type : Complete Scan
Total Scan Time : 00:07:17

Operating System Information
Windows XP Professional 32-bit, Service Pack 2 (Build 5.01.2600)
Administrator

Memory items scanned : 511
Memory threats detected : 0
Registry items scanned : 36937
Registry threats detected : 0
File items scanned : 6877
File threats detected : 8

Adware.Tracking Cookie
   C:\Documents and Settings\Sharon\Cookies\[email protected][1].txt [ /ads.pubmatic ]
   C:\Documents and Settings\Sharon\Cookies\sharon@amazon-adsystem[1].txt [ /amazon-adsystem ]
   C:\Documents and Settings\Sharon\Cookies\sharon@insightexpressai[1].txt [ /insightexpressai ]
   C:\Documents and Settings\Sharon\Cookies\sharon@media6degrees[2].txt [ /media6degrees ]
   C:\Documents and Settings\Sharon\Cookies\sharon@revsci[2].txt [ /revsci ]
   C:\DOCUMENTS AND SETTINGS\SHARON\Cookies\sharon@adsonar[2].txt [ Cookie:[email protected]/adserving ]
   .imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\SHARON\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NR5AA0AZ.DEFAULT\COOKIES.SQLITE ]
   .imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\SHARON\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NR5AA0AZ.DEFAULT\COOKIES.SQLITE ]

Painted Pony · « **Reply #20 on:** November 14, 2012, 11:53:00 AM »

Did everything up until the OTC. Then got the following errors:
Active Desktop Recovery
Windows Explorer Error
Internet Explorer Script Error

Yikes

Painted Pony · « **Reply #21 on:** November 14, 2012, 11:56:29 AM »

CORRECTION:

I did run OTC. I haven't killed this machine 'yet' so will run CCleaner.

Dr Jay · « **Reply #22 on:** November 14, 2012, 11:58:33 AM »

Those aren't even threats. No biggie at all. Go ahead with cleanup.

Painted Pony · « **Reply #23 on:** November 14, 2012, 12:08:58 PM »

Results of screen317's Security Check version 0.99.54
Windows XP Service Pack 2 x86
Out of date service pack!!
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Disabled!
AntiVir Desktop
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````[/u]
SpywareBlaster 4.6
SUPERAntiSpyware
Malwarebytes Anti-Malware version 1.65.1.1000
CCleaner
Adobe Flash Player 11.4.402.265
Mozilla Firefox (16.0.2)
````````Process Check: objlist.exe by Laurent````````[/u]
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Comodo Firewall cmdagent.exe
Comodo Firewall cfp.exe
`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C:: 6%
````````````````````End of Log``````````````````````[/u]

Dr Jay · « **Reply #24 on:** November 14, 2012, 12:40:19 PM »

Update the service pack if you can: http://windows.microsoft.com/en-us/windows/help/learn-how-to-install-windows-xp-service-pack-3-sp3

Personal Tips on Preventing Malware

See this page for more info about malware and prevention.

Any other questions before I mark this topic solved?

Painted Pony · « **Reply #25 on:** November 14, 2012, 12:48:43 PM »

I've had problems in the past trying to update from SP2 to SP3 -- If I have problems this time -- where should I post my query?

PLEASE! How do I get RID of the YAHOO toolbar? It showed up @ the same time as my 'bug'.

Computer Hope Forum

News:

Author Topic: Comodo detected:Heur.suspicious@1. (Read 16740 times)

Dr Jay

Re: Comodo detected:Heur.suspicious@1.

Painted Pony

Re: Comodo detected:Heur.suspicious@1.

Painted Pony

Re: Comodo detected:Heur.suspicious@1.

Dr Jay

Re: Comodo detected:Heur.suspicious@1.

Painted Pony

Re: Comodo detected:Heur.suspicious@1.

Painted Pony

Re: Comodo detected:Heur.suspicious@1.

Painted Pony

Re: Comodo detected:Heur.suspicious@1.

Dr Jay

Re: Comodo detected:Heur.suspicious@1.

Painted Pony

Re: Comodo detected:Heur.suspicious@1.

Dr Jay

Re: Comodo detected:Heur.suspicious@1.

Painted Pony

Re: Comodo detected:Heur.suspicious@1.