[Solved]trojans found and clean up help needed

[jabernathy]

Fred, this is Jamie at PTS. I ran a scan yesterday using the Windows Security Essentials and found several trojans on our NEW pc system. after removal I wanted to install Spybot and I am getting errors with the installation : I attached a .doc that shows the errors. The bugs found were Trojan: HTML, Trojan JS/redirector, Exploit : Win32, Trojan: BAT/MINEBicoin and Exploit Win 32, Trojan PHP/Iframe Trojan : HTML/Porny, TrojanClicker:JS/IFrame.C. After removing the trojan using the Windows Essential I ran another UVK log. I have attached that as well. I still feel like there is something causing problems. But I dont really understand how to use the UVK safely for fixing all my issues that are now out of whack. I am running the SFC scan now. Can you help me? and now I can't seem to upload my .doc or .pdf or .txt to you. Thanks Jamie

[Fred]

Hello Jamie.

I will help you with your malware, but it will take a while, because I am not at home right now, and I have limited internet access.

Hope you're not in a big rush.

[Fred]

I just had a quick look at the INstall errors pic and I think that error may be caused by the UVK immunization.

Please proceed as follows:

Run UVK and go to the UVK Immunization section.

Uncheck all areas, or click None, in the lower pane.

Click Apply selected immunization, and confirm.

Now you should be able to install Spybot.

Please note that nowadays you have better tools than Spybot, such as Malwarebytes anti malware or SuperAntiSpyware, but it's up to you to decide whether to use them.

Don't forget to Immunize your machine again after installing.

[jabernathy]

ok will do. I will use the malwarebytes.

[Fred]

Hi Jamie. I'm back.

Is everything working OK with your pc now?

Do you still want me to analyze your log?

[jabernathy]

Hello Fred, I am going to upload the logs I have done today. I scanned with Malwarebytes..couple of trojans found. I used UVK service manager and one file was found..when I did a google search I "think" it is saying it is a trojan.. something is still amiss with my system. I can tell for sure. this is the new pc I am on but I have been very busy in healthcare so I hate that I couldn't get back with you earlier. But I still need help. would be great if you could just log in and fix this bugger...but I also need to learn what to do or what I am reading when I read all the help contents and forums. I am still lost.

[Fred]

Hi Jamie.

No problem, please send a UVK log when possible.

Thanks.

[jabernathy]

Fred I Uploaded my UVK log and my malwarebyte log. It shows trojans quaranteened but there is still something amiss. I can definately tell. this morning I went to get on internet and driver went down for a minute... like I said yesterday that I did the service manager on UVK and one file shows up that when google looked like bug/trojan. I Dont know how to get you a look at that. as always...thanks Jamie

[Fred]

Hi Jamie.

Ok, let's see if we can make this machine work as new. You can start by removing programs you don't use.

Uninstall unneeded programs:

Launch UVK, go to the UVK immunization section, uncheck all areas (or click None, in the lower pane), click Apply selected immunization and confirm. This will un-immunize all areas temporarily.

Then go to the UVK smart uninstaller section, check Try unattended uninstall, and uninstall the programs you are sure you don't use.

Below are some suggestions, but you should only uninstall the ones you are sure you don't need. If you're not sure, then just leave them installed. You have a very powerful machine, and leave them installed will not make much difference.

• iTunes (if you uninstall this, then uninstall Bonjour, Apple Application Support and Apple Mobile Device Support too).
  
  Cisco WebEx Meetings (Web conferencing and desktop sharing software).
  
  Picture Timeclock (Uninstall only if you don't need, OK?).
  
  Spybot - Search & Destroy (If you're using Malwarebytes, maybe you don't need it anymore).
  
  TurboMeeting (another web conferencing and desktop sharing software).
  
  Cisco WebEx Meeting Center for Internet Explorer (Related to Cisco WebEx Meetings).
  
  GoToMeeting 5.4.0.1082 (Related to Cisco WebEx Meetings).

If you have any doubts concerning the UVK smart uninstaller usage, please refer to our help page.

Log analysis and repair script:

I found a few malware remnants and a couple of trojans in your log. I made a UVK script which will remove them, but it will also perform other repair, maintenance and optimization.

Note that this script may take up to two hours or more to finish, because it will also update the .Net framework and defragg the hard drive. The computer will be rebooted after the script finishes executing.

Download the script:

UVKcfJamie.zip

(1.1 KiB) Downloaded 1041 times

Note: This script should only be used in this computer.

No need to immunize the system again, as the script will automatically do it.

Please report the computer status after the reboot. I may have some more advice.

[jabernathy]

Fred I am doing this now. I have to keep my PC timeclock as I use it to log my hours for my boss. easier than paper. been using it for about 9 years now. everything else went . I will get back with you when it 's all done. opps I accidently uninstalled a Cisco Connect.

[jabernathy]

NEW LOG.

[jabernathy]

wow Fred, not sure what the log is showing but feels pretty good about now. there has GOT to be some sort of safety for not allowing these bugs in. being a medical office we can't use the norton, mcaffee kind of stuff.

[Fred]

Yes, I already checked your last log, and it shows only one harmless remnant.

I have some advice regarding the protection in the future. Just give me a couple of days, until I finish a new UVK update and move the site to a new server, and I will post them for you.

[jabernathy]

wonderful. looking forward to your suggestions. Thanks again Jamie

[jabernathy]

Fred, since we did that script I have had a couple of Emergency shutdowns...a display driver problem. The second time I got a bluescreen. I copied the error. Can you tell me if I need to update something since running the script?
Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7601.2.1.0.256.48
Locale ID: 1033

Additional information about the problem:
BCCode: 116
BCP1: FFFFFA800CED24E0
BCP2: FFFFF8800462D45C
BCP3: 0000000000000000
BCP4: 0000000000000002
OS Version: 6_1_7601
Service Pack: 1_0
Product: 256_1

Files that help describe the problem:
C:\Windows\Minidump\040313-14320-01.dmp
C:\Users\Eric Rockwell\AppData\Local\Temp\WER-56940-0.sysdata.xml

[Fred]

Hi Jamie.

Please send me the file C:\Windows\Minidump\040313-14320-01.dmp

Thanks.

[jabernathy]

sORRY, I am so behind on work. sending now.

[jabernathy]

Fred, I am having the same problem with the shut down again. no blue screen yet..but everything comes to a halt and driver error comes up.

[jabernathy]

I spoke to soon. got the blue screen everything shut down just a moment after sending you that file. here's the error message
Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7601.2.1.0.256.48
Locale ID: 1033

Additional information about the problem:
BCCode: 116
BCP1: FFFFFA800BADF010
BCP2: FFFFF8800478A45C
BCP3: 0000000000000000
BCP4: 0000000000000002
OS Version: 6_1_7601
Service Pack: 1_0
Product: 256_1

Files that help describe the problem:
C:\Windows\Minidump\040913-16208-01.dmp
C:\Users\Eric Rockwell\AppData\Local\Temp\WER-56597-0.sysdata.xml

Read our privacy statement online:
http://go.microsoft.com/fwlink/?linkid= ... cid=0x0409

If the online privacy statement is not available, please read our privacy statement offline:
C:\Windows\system32\en-US\erofflps.txt

[Fred]

Hi Jamie.

I'll have a look at the logs tomorrow. It's time to call it a night in my timezone.

I'll be back with news tomorrow.