Last report from ESETScan
C:\Users\All Users\Spybot - Search & Destroy\Recovery\myPCBackup.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\myPCBackup.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
Printable View
Last report from ESETScan
C:\Users\All Users\Spybot - Search & Destroy\Recovery\myPCBackup.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\myPCBackup.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
You're doing something wrong.
Open Windows Explorer, navigate to to the location where you downloaded uiclean.rar
Right click on that file...
Attachment 11903
step by step of what I am doing with this uiclean.rar. I am starting from the beginning:
I click to download it and get this... http://prntscr.com/28ctgj
I choose open with browse and choose 7-zip console and click ok.... http://prntscr.com/28cu0c
I get the open with 7-zip console and choose ok http://prntscr.com/28cu5j
here is where it downloaded to.. http://prntscr.com/28cueh
I right click here...... http://prntscr.com/28cuiv
I go to open containing folder .... http://prntscr.com/28cup3 if I right click it here it looks like this . http://prntscr.com/28cv1l
Now what? Nothing like what you show, shows up on my end. Look I have completed all steps but this so is this important?
NO. You save the fileQuote:
I choose open with browse
I am not following you. Is it wrong to save as I did what are you wanting me to do that I have not done?
When you go to download page you click on "Save file" not "Open with" so you save the file to your computer.
ok so you want me to click open with not save ok I will do it again. How are the others did I get them all to you or do I need more? Thanks
Ok I downloaded it and right clicked it http://prntscr.com/28dgqw
I choose open containing folder http://prntscr.com/28dgy5
so now do I click the last one that says uiclean? http://prntscr.com/28dh0x
If so right click? http://prntscr.com/28dh6l
if I click open from there using right click it flashes like it opens then it goes away really fast. No options like yours?
cant click open it flashes open and goes away?
should I try this program to open rar? http://download.cnet.com/WinRAR-32-b...-10007677.html
lets start again I removed the winzip and then re downloaded it so now what do I do to get this open now that I have winzip?
ok got it open with win zip tells me unsafe exe so do I do it? http://prntscr.com/28diqi
Okay went to re download it and get this error message http://prntscr.com/28e4rn
new error when I try to use winzip http://prntscr.com/28e9s7
and this one http://prntscr.com/28ea2g - I clicked on reinstall using recommended settings got this http://prntscr.com/28eaa1
OK...one more time.
I really don't know how to explain it better.
Go to download site.
Click on download link.
Click on "Save file" not "Open with" so you save the file to your computer.
Open Windows Explorer, navigate to to the location where you downloaded uiclean.rar
Right click on that file...and...look at the picture below:
Attachment 11905
Please read below as I have done what you said and get error messages when I now try to download the program. let me repeat the error messages.
Okay went to re download it and get this error message http://prntscr.com/28e4rn
new error when I try to use winzip http://prntscr.com/28e9s7
and this one http://prntscr.com/28ea2g - I clicked on reinstall using recommended settings got this http://prntscr.com/28eaa1
I attached Uninstall Cleaner file in a zip form.
Download it, double click on it and it should unzip.
Thank you for this. I downloaded it and get the same error messages.
I right clicked open and got the error message unsafe exe http://prntscr.com/28lg59
but I still clicked yes to open it and these error messgaes came back up?
http://prntscr.com/28ea2g - I clicked on reinstall using recommended settings got this http://prntscr.com/28eaa1
This makes no sense as you can see the .dll file is in the unzip folder yet the error message says missing? http://prntscr.com/28ll4q
Hey I got it opened...I think is this what it is supposed to look like opened? It didn't run a program but this opened up:
http://prntscr.com/28lliv
Yes, you good. Go ahead.
Another problem has come up. I use Windows Live Mail here at home for work. I am in a panic because I need to read a email and I clicked to see it and it opens with blank in them message area. All the emails open to blanks? Please see this and tell me did any of the programs I used erase the messages, all of them? OMG I am so dead.
http://prntscr.com/28oqce
I have the box open what do I do click uninstall? If I do that will it delete all he programs listed in it? Here is where I am. http://prntscr.com/28ovb1
I'm not sure what you're doing.
You're supposed to run Uninstall Cleaner to remove dead OpenCandy listing.
I told you what I was doing step by step. I got to this box what should I do all it offers is delete and so on am I in the wrong place? I also told you this was a kind of work around to get here since I was getting the error messages and it wouldn't let me go past due to the messages. Here it is again.
I right clicked open and got the error message unsafe exe http://prntscr.com/28lg59
but I still clicked yes to open it and these error messgaes came back up?
http://prntscr.com/28ea2g - I clicked on reinstall using recommended settings got this http://prntscr.com/28eaa1
This makes no sense as you can see the .dll file is in the unzip folder yet the error message says missing? http://prntscr.com/28ll4q
then I got to here http://prntscr.com/28ovb1 I am stuck now as to what to do? I scrolled down the list no open candy to remove? Could it be gone?
Possibly.
Since this is a very long topic update me on current issues if any.
ok seems they were removed from IE tool bar and add remove programs all that we wanted gone. I do see some programs I am not familiar with such as XM Asia Pacific Pte Ltd and Wild Tangent.
This http://prntscr.com/28qwyp http://prntscr.com/28qx4h
Also the problem with Windows live mail. I removed my name and person I sent to last month http://prntscr.com/28qyq6 the message in all my mails are gone even the sent mails. The address to and from are there but the message poof?"
I found something it wont leave add ons in IE. http://prntscr.com/28rxby
I simply have no time to go through a list of your installed programs.
Nothing malicious there so if you want to pursue that matter you can create new topic in Windows forum.
Same goes for Windows mail.
It's not malware related.
As for IE if you don't have any visible toolbar or other issue leave those alone.
ok ty but could one of the programs you had me download and install of caused the live mail to have a problem? also do I uninstall the programs you had me install and use?
Thank you for your time and help.
I doubt any of my programs caused any Windows mail issues.
Your computer is clean http://dev.discussions.virtualdr.forums.relay.cool/
1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following:
Code::OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Post resulting log.
2. Now, we'll remove all tools, we used during our cleaning process
Clean up with OTL:
- Double-click OTL.exe to start the program.
- Close all other programs apart from OTL as this step will require a reboot
- On the OTL main screen, press the CLEANUP button
- Say Yes to the prompt and then allow the program to reboot your computer.
If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.
3. Make sure Windows Updates are current.
4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!
5. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)
6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.
7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.
8. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly.
9. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.
10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.
11. (Windows XP only) Run defrag at your convenience.
12. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.
13. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tuto...r-safe-online/
14. Please, let me know, how your computer is doing.
All processes killed
========== OTL ==========
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
User: Test
->Temp folder emptied: 22060481 bytes
->Temporary Internet Files folder emptied: 57726723 bytes
->Java cache emptied: 19897593 bytes
->FireFox cache emptied: 305996553 bytes
->Google Chrome cache emptied: 242966637 bytes
->Flash cache emptied: 4240 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 12058 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 9043476 bytes
Total Files Cleaned = 627.00 mb
[EMPTYFLASH]
User: All Users
User: Default
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: Public
User: Test
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0.00 mb
[EMPTYJAVA]
User: All Users
User: Default
User: Default User
User: Public
User: Test
->Java cache emptied: 0 bytes
Total Java Files Cleaned = 0.00 mb
Restore point Set: OTL Restore Point
OTL by OldTimer - Version 3.2.69.0 log created on 12042013_230016
Files\Folders moved on Reboot...
File\Folder C:\Users\Test\AppData\Local\Temp\CVHLauncher(201312041313001C98).log not found!
C:\Users\Test\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Test\AppData\Local\Temp\~DF1ECAA1A6E8400DEB.TMP not found!
File\Folder C:\Users\Test\AppData\Local\Temp\~DF5D0788F4AFF393F3.TMP not found!
File\Folder C:\Users\Test\AppData\Local\Temp\~DF603CD0011883E692.TMP not found!
File\Folder C:\Users\Test\AppData\Local\Temp\~DF641BDA1F467923B9.TMP not found!
File\Folder C:\Users\Test\AppData\Local\Temp\~DF7280D39B699951FB.TMP not found!
File\Folder C:\Users\Test\AppData\Local\Temp\~DFA94901D5B539C61F.TMP not found!
File\Folder C:\Users\Test\AppData\Local\Temp\~DFC41B0168F1C0B12A.TMP not found!
File\Folder C:\Users\Test\AppData\Local\Temp\~DFE2AEA18BFA96C54F.TMP not found!
C:\Users\Test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N366MR0B\36OULDR7.htm moved successfully.
C:\Users\Test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\4A72F430-B40C-4D36-A068-CE33ADA5ADF9.dat moved successfully.
C:\Users\Test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
File move failed. C:\Users\Test\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Okay did all these . Now did you find any trojans, rootkits or bootkits in my system so I know to change passwords and such? Again thank you for the time you took to help me out.
No. Your passwords are safe.
Thank you and good night I can rest easy now that you saved my baby
Way to go!! http://dev.discussions.virtualdr.forums.relay.cool/
Good luck and stay safe :)