Hello and welcome to
Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs.
1. I will be working on your
Malware issues. This
may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please
DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.
Why do you have your Windows Security Center turned off? Not a good idea.Update Your Java (JRE)
Old versions of Java have vulnerabilities that malware can use to infect your system.First
Verify your Java VersionIf there are any other version(s) installed then update now.
Get the new version (if needed)If your version is out of date install the newest version of the
Sun Java Runtime Environment.
Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
Be sure to close ALL open web browsers before starting the installation.Remove any old versions
1. Download
JavaRa and unzip the file to your
Desktop.2. Open
JavaRA.exe and choose
Remove Older Versions3. Once complete exit
JavaRA.4. Run
CCleaner.Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to
Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for
Java Quick Starter. Click
OK and
reboot your computer.
*********************************
There is a malicious keylogger on your computer. I need to pass this information to you so that you know the risks that are involved and so you can the appropiate actions. That pop-up you're getting is part of the keylogger.
If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please
get to a known clean computer and change all passwords where applicable.
Do NOT change passwords or do any transactions while using the infected computer because the attacker may get the new passwords and transaction information. (If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connecting again.) Banking and credit card institutions should be notified to apprise them of your situation (possible security breach). To protect your information that may have been compromised, I recommend reading these references:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?What Should I Do If I've Become A Victim Of Identity Theft? Identity Theft Victims Guide - What to doIt is dangerous and incorrect to assume the computer is secure even if the malware appears to have been removed. In some instances an infection may have caused so much damage to your system that it cannot
be completely cleaned or repaired so you can never be sure that you have completely removed a rootkit. The malware may leave so many remnants behind that security tools cannot find them. Tools that claim to be able to remove rootkits
cannot guarantee that all traces of it will be removed. Many experts in the security community believe that once infected with such a piece of malware, the best course of action would be a reformat and clean reinstall of the OS. This is something I don't like to recommend normally, but in most cases it is the best solution for your safety. Making this decision is based on what the computer is used for, and what information can be accessed from it. For more information, please read these references very carefully:
When should I re-format? How should I reinstall?Help: I Got Hacked. Now What Do I Do?Help: I Got Hacked. Now What Do I Do? Part IIWhere to draw the line? When to recommend a format and reinstall?Guides for format and reinstall:how-to-reformat-and-reinstall-your-operating-system-the-easy-wayHowever, if you do not have the resources to reinstall your computer's OS and would like me to attempt to clean it, I will be happy to do so. But please
consider carefully before deciding against a reformat.
If you do make that decision, I will do my best to help you clean the computer of any infections, but you must understand that once a machine has been taken over by this type of malware,
I cannot guarantee that it will be 100% secure even after disinfection or that the removal will be successful.
Please let me know what you have decided to do in your next post. Should you have any questions, please feel free to ask.
**************************************
Copy and paste the text in the code box below into Notepad.
@echo off
del C:\Windows\system32\msllhsjn.dll
del begone.bat
exit
Then click File > Save as
Save to the Desktop as
begone.batAnd Save as type: All Files.
Double-click on
begone.bat to run it.
*************************************
Open
HijackThis and select
Do a system scan onlyPlace a check mark next to the following entries: (if there)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O4 - HKLM\..\Run: [byivqr] RUNDLL32.EXE C:\Windows\system32\msllhsjn.dll,w (filesize 44544 bytes, MD5 51138BEEA3E2C21EC44D0932C71762A8)
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript (filesize 1090952 bytes, MD5 D594EA4AC1C0E4675EF2F0063950ABEF)
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O9 - Extra button: Unibet - {00000000-0000-0000-0000-000000000000} - C:\MicroGaming\Poker\unibetpokerMPP\MPPoker.exe (file missing) (HKCU)
C:\Users\Kasper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Absolute Poker - {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Users\Kasper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (file missing) (HKCU)Important: Close all open windows except for
HijackThis and then click
Fix checked.Once completed, exit
HijackThis.*************************************
Please let me know what you intend to do with your computer. If you don't have too much data to save, it might be better to reinstall you OS.