[RESOLVED] Blocked from using website because of "excessive usage"

[dialyn]

Happy Thanksgiving! I hope you don't read this today....if anyone deserves a day off, you do.

Anyway, Security Check and Farbar Service Scanner logs follow.

No log from Sophos Free Virus Removal Tool....just a message that my machine was clean of viruses. That's good, right?

Results of screen317's Security Check version 0.99.90
Windows 7 Service Pack 1 x86 (UAC is disabled!)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
McAfee Anti-Virus and Anti-Spyware
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
McAfee SiteAdvisor
CCleaner
JavaFX 2.1.0
Java 7 Update 72
Java version out of Date!
Adobe Flash Player 15.0.0.239
Adobe Reader XI
Mozilla Firefox (33.1)
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
IObit IObit Malware Fighter IMFsrv.exe
Online Games Manager ogmservice.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 5%
````````````````````End of Log``````````````````````

Farbar Service Scanner Version: 21-07-2014
Ran by Owner (administrator) on 26-11-2014 at 20:26:02
Running from "C:\Users\Owner\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => File is digitally signed
C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\system32\dhcpcore.dll => File is digitally signed
C:\Windows\system32\Drivers\afd.sys => File is digitally signed
C:\Windows\system32\Drivers\tdx.sys => File is digitally signed
C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\system32\dnsrslvr.dll => File is digitally signed
C:\Windows\system32\mpssvc.dll => File is digitally signed
C:\Windows\system32\bfe.dll => File is digitally signed
C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\system32\SDRSVC.dll => File is digitally signed
C:\Windows\system32\vssvc.exe => File is digitally signed
C:\Windows\system32\wscsvc.dll => File is digitally signed
C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\system32\wuaueng.dll => File is digitally signed
C:\Windows\system32\qmgr.dll => File is digitally signed
C:\Windows\system32\es.dll => File is digitally signed
C:\Windows\system32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\system32\ipnathlp.dll => File is digitally signed
C:\Windows\system32\iphlpsvc.dll => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed


**** End of log ****

[dialyn]

Well, this is annoying. No sooner had I posted my report on the last scans than McAfee signaled that it had quarantined a trojan. It never ends.

[Broni]

McAfee signaled that it had quarantined a trojan

Details please.

Update your Java version here: http://www.java.com/en/download/manual.jsp
Alternate download: http://www.filehippo.com/search?q=java

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: If you're running 64-bit system make sure you install BOTH, 32-bit and 64-bit Java.

Note 3: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

[dialyn]

Sadly, I don't have any more details on the trojan. I can't find a place in McAfee that lets me see much less print out the details, nor did it give any details in the pop up message I received. Should I scan again with something else?

Were you able to tell which program(s) caused the initial problem of hammering the website I used to visit (have been blocked from using for a week now)?

I got the following message when I tried to uninstall the old version of Java:

javamsg.jpg

Should I still download Java software?

[Broni]

Just make sure you have Version 8 Update 25 installed.

Were you able to tell which program(s) caused the initial problem of hammering the website I used to visit (have been blocked from using for a week now)?

There wasn't much there but we cleaned up couple of things.
Ask those people to give you another shot.

From my point of view....

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

• Activate UAC (optional; some users prefer to keep it off)
• Remove disinfection tools
• Create registry backup
• Purge System Restore
• Reset system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tuto...r-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/foru.../#entry3187642

[dialyn]

I don't mean to complain when you've been such a patient person, but I just discovered all my tutorials for Paint Shop Pro and Photoshop have been deleted during the cleaning process. These are tutorials from a variety of places, mostly pdf files. Were they all infected somehow? Is that why they were deleted? Should I start a new thread?

[dialyn]

I don't think I was very clear and I apologize for that. I had one folder called "Tutorials" in which I had put all my tutorial files arranged by the tutorial author. Everything, including the folders, is gone from this one main folder. As far as I can tell so far, no other documents have been deleted (not saying they aren't but just saying I haven't noticed it).

[Broni]

In fact I can see AdwCleaner removed this:

Folder Deleted : C:\Users\Owner\Favorites\Tutorials

If that's the folder you're talking about...

Open AdwCleaner - Click on Tools > Quarantine to open the quarantine
Tick entries to restore, and click on the [Restore] button.

[dialyn]

I don't want to wear out my welcome, but will restoring my tutorials also restore whatever has been causing the original problem, or is this a coincidence rather than a related issue?

I do see the files..thank you so much for finding them. I will continue with the rest of the steps once I have restored them. Thank you again.

[Train]

When you download a item, r-click and select Malwarebytes and it will be checked. And yes malware and other nasties can and are attached to files.
Do the same thing with you antivirus.

If either finds something, I delete it.

[Broni]

You'll be OK after restoring.
I'm fairly sure AdwCleaner was wrong in this case.
I'd assume it didn't like some "Tutorials" folder in "Favorites" directory which is basically directory reserved for IE stuff.

[dialyn]

Here's what I've accomplished:

I restored my tutorial files (thank you).
Java has been updated.
Delfix.exe has been run.
Windows Updates checked.
Firefox plugins updates checked.
Downloaded and installed WOT (Web OF Trust).
Noted: Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.
Noted: Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly
Downloaded and installed Secunia Personal Software Inspector.
Downloaded and installed FileHippo Update Checker
Noted: select "Custom " installation.

I think that's all I can complete this morning. Thank you so much for your help. I just hope this resolves the original problem, though I think I can detect some improvements in the performance of my computer anyway.

Here's to a trouble free weekend.

[Broni]

Way to go!!
Good luck and stay safe

[dialyn]

I will certainly be more careful. I don't know if this fixed the original problem (haven't heard from the other web site) but you certainly fixed another problem I had that I didn't mention: a browser that was losing its tabs the longer I worked online. Obviously things were going wrong that I just ignored. Bad on me. Many, many thanks for all your help. Happy dance!! Dianne

[Broni]

You're very welcome