I'm snake bit

[Pennie77]

 :(Hi, yesterday I ran a full AVG scan plus a full Malwarebytes scan.  The Malwarebytes brought up several Microsoft files bad.

Today, I came and got all the instructions.  Went and did every step in order of your sequence.  However your instructions said to run a 'quick scan' with Malwarebytes.  I did and it did find some, but not the ones I'd already found!

So, when all steps were finished, I ran a full scan again.  It did not find any Microsoft files bad, but came up with 9 more.  I didn't remove the program files because I just wasn't sure if I should.  I did remove the ones that have "Aaron's Sales" because those are
totally ancient and shouldn't even be there.

Please email me with questions or instructions.

Thanks!  Pennie 

[recovering disk space, attachment deleted by admin]

[SuperDave]

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Please do not attach your logs unless absolutely necessary. Copy and paste them in your reply(ies)

Please run MBAM again and remove all those infections.
Any unusual behaviour on your computer?

Please download Junkware Removal Tool to your desktop.

•Warning! Once the scan is complete JRT will shut down your browser with NO warning.

•Shut down your protection software now to avoid potential conflicts.

•Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

•Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator

•The tool will open and start scanning your system.

•Please be patient as this can take a while to complete depending on your system's specifications.

•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

•Copy and Paste the JRT.txt log into your next message.

[Pennie77]

   Oh, thank you SuperDave for helping me!

First, you asked if I have any weird things happening on my computer.
Well, yes maybe.  It hasn't happened in the last week.  But, for about a month, sometimes my desktop turned stone black or turned
patchy black rectangles scattered around my desktop.  I could erase it by waving my curser around.  But, I immediately rebooted every time I saw this, because I didn't know what else to do.

Anyway, I carefully followed your clear cut steps.  The two logs are copied and pasted as you instructed.

I'll await to hear from you again. 

And again, thanks!  Pennie



[recovering disk space, attachment deleted by admin]

[SuperDave]

It hasn't happened in the last week.  But, for about a month, sometimes my desktop turned stone black or turned
patchy black rectangles scattered around my desktop.

Sounds like the monitor is going bad or the Video card.

The two logs are copied and pasted as you instructed.

No, they were attached.
The MBAM log shows "no action taken" Please run it again and remove the infections.

Download Combofix from any of the links below, and save it to your DESKTOP. 
If your version of Windows defaults to you download folder you will need to copy it to your desktop.

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with  ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

• Close any open windows and double click ComboFix.exe to run it.
  
  You will see the following image:
  

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to  have this pre-installed on your machine before doing any malware  removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair  mode that will allow us to more easily help you should your computer  have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

[Pennie77]

Oh Geez, have allot to say! 

First, sorry I had trouble trying to figure which log to send you.  They all looked alike.  But, I did delete all of them as you instructed.

Then I ran it again yesterday and have copied it to the attachment here.

But, I ran ComboFix and it did give a report, but it totally messed my computer!  IE won't run and my timer won't run, and my alarm clock did not get me up this morning.  I'm pretty much a mess now.  I tried to do a system restore since ComboFix had made one.  But, a message came back and said 'failed'.

(I fear ComboFix itself has a virus or malware and it traveled my entire computer)

I've been copying and storing important files and folders to CD today and also on a storage cloud I use.

My question is:  Should I go back to Factory Settings?

Thanks for your time Dave!  Pennie

[recovering disk space, attachment deleted by admin]

[SuperDave]

Normally, ComboFix is a very stable scanner.
It's a good idea to save your important documents and files to CD's or DVD's. Let's try one more thing before we resort to going to the Recovery console.

Please download and run MicroSoft Safety Scanner. This will take about 20 minutes to run and will produce a log if your computer was infected. Please post the log. This scanner only has a shelf life of 10 days so you will need to download a new one if you want to run a scan after the trial period has expired.
*******************************************************
Please download and run MS Fix-it from here.

[Pennie77]

Dave, I have a confession.  I think I caused the problems myself.
I scanned what you wanted me to do and did it.  It was AFTER
that, that I saw you had said not to be on the computer while
ComboFix was running. 

I was on all the while working on images and even went to
Bing Images.

I ran both Malwarebytes and AVG today and both come up
clean.  No threats on either.

Now, I'll go follow today's instructions from you.

Thanks for being so great.  Pennie

[Pennie77]

Oh wow SuperDave!  You deserve your title!  You must have sniffed a problem.  Because as I write this
Microsoft Security Scan is still ( and forever) running.  I clicked 'full scan'. Didn't guess it'd check .dlls and
everything!

At this point there are 21 'infections' found by Microsoft!  WOW!  Guess I'm mislead on how much a regular
anti-virus or anti-malware program can find?

Of course the log hasn't been given me yet.  After 2 hr 20 minutes, I decided to write you.

I think I'll be your forever admiror!  Just tell me who needs a reference about you.  I'm a good writer!
Except tonight.....when Microsoft hit 18 'infections' and stayed there, I got the vodka out].

Actually, I feel very safe with you advising me.  Plus today I made CD copies until I felt better. I also added
storage to 'MozyHome' cloud storage (the best I've tried!  They are excellent!) Now anything can happen and I'm
ready to hit it head-on. 

So with 21 infections, I'll be back tonight to post them for you when it EVER gets done.  I'm also anxious to see
what the 'Fix It' program can do for me.

Be back soon - NO REASONE TO REPLY!,   

[Pennie77]

Ok, Microsoft Safety Scanner identified 3 folders that had a total of 21 infections.
It doesn't come up with a log, but does report the following:

Adware 32:  Win32/OpenCandy  Removed
ExploitJava - Removed

Adware 32: Win32/WinSave App -Partially Removed

It's 2 am my time, so I'll do the Fix It [u/] tomorrow as soon as I get up.

You are awesome for wading through this!  Pennie

[Pennie77]

Hey SuperDave, I just finished with Microsoft Fix It.  The link you gave me was a Fix It for audio problems.  However, I
searched for the primary one.  That was in Beta and they've finished Windows 7 and am not allowing more.

SO, I ended up in a long list of Fix It's.  I ran all the ones that looked possibly related to me.  In this way, I found
remote registry problems and policy settings errors.  I let Microsoft fix them and it reported back that both were fixed.

Then, I also found 2 display problems and again had Microsoft fix them and it reported back as fixed.

I left the other results last night for you, so you should find 2 entries from me.

Thanks!  Pennie