Author Topic: vista anti-spyware infection  (Read 5016 times)

0 Members and 1 Guest are viewing this topic.

Offline winchester73

  • Half a bubble off plumb
  • Administrator
  • Hero Member
  • *****
  • Posts: 6350
  • Liverpool FC - YNWA
    • View Profile
Re: vista anti-spyware infection
« Reply #15 on: September 25, 2011, 11:48:08 AM »
Did you run the System File Checker tool?

http://support.microsoft.com/kb/958044
Justice for the 96
15/4/89, 3.06pm
Hillsborough, Sheffield
YOU'LL NEVER WALK ALONE

Speak softly, but carry a big Winchester ... Winchester Arms Collectors Association member

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 15974
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: vista anti-spyware infection
« Reply #16 on: September 25, 2011, 01:57:38 PM »
Hi, chbq. 

Running the System File Checker Tool is the first step to see if it will correct the problem.  However, if not, based on the Error Code, you will need to take additional steps.

The System Update Readiness Tool may solve the problem with Error Code 80070490.  You can download it from Description of the System Update Readiness Tool for Windows Vista, for Windows Server 2008, for Windows 7, and for Windows Server 2008 R2.  You will need the version identified as "All supported x86-based versions of Windows Vista".

Note:  The System Update Readiness Tool scans for inconsistencies in your computer, while it is being installed. It typically takes less than 15 minutes to run the scan, however, the tool might take significantly longer on some environments. Although the progress bar may appear to stop, the scan is still running and you should not cancel the update.

Unfortunately, if that tool does not solve the problem, you will need to do a repair install.  Additional information is available at Windows Update error 80070490.  Illustrated instructions are in the following Bleeping Computer tutorial:  How to automatically repair Windows Vista using Startup Repair.



Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline chbq

  • Jr. Member
  • **
  • Posts: 16
    • View Profile
Re: vista anti-spyware infection
« Reply #17 on: September 29, 2011, 11:43:08 AM »
Good morning,
     
   I have followed your instructions.  Looks like the repair installation is needed.  The "install windows Vista"  screen does not give the "Repair your computer" option as shown in the Bleeping computer tutorial - options given are" what to know before installing windows" and "transfer files and settings from another computer".  I clicked on "install now" and "go online to get latest updates for installation".  The next screen says"Upgrade has been disabled",  "The upgrade cannotbe started.  To upgrade, cancel the installation and then choose to upgrade toa version of Windows that is more recent than the version you are currently running." 

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 15974
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: vista anti-spyware infection
« Reply #18 on: September 29, 2011, 04:41:54 PM »
Hi, chbq.

You have several options, although the first two may still lead to the same recommendation to do a repair install.  Based on the message, are you certain you had the Vista media? 

First, if you are unable to get any Microsoft Security Updates, I suggest that you go to http://supportservices.microsoft.com/support/services/windows_update for free assistance or call Microsoft Security Support.  The number is listed here:  Telephone Support..

Second, if it is only Microsoft Security Essentials you are unable to install, you can Submit a support case online.

Third, because you have SP2 installed, it appears it will be necessary to create a Vista SP2 slipstream installation DVD to use to do a Repair (upgrade) install.  Note that this does not always work to use for a Repair install.  Additional information at http://www.vistax64.com/tutorials/88236-repair-install-vista.html and http://www.vistax64.com/tutorials/230249-sliptream-vista-sp2.html


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline chbq

  • Jr. Member
  • **
  • Posts: 16
    • View Profile
Re: vista anti-spyware infection
« Reply #19 on: October 10, 2011, 10:14:18 PM »
Hi Corrine,

 I was unable to get ANY Microsoft Security updates so I followed your first suggestion and went to the microsoft support services website.  The expert/tech person there took control of my laptop and did something which allowed the ms security update to install.  Thank you..

Now, should I still complete your third suggestion to create a Vista SP2 slipstream installation DVD to use to do a Repair (upgrade) install?
Also, websites are extremely slow to load, any suggestions?

thanks for all your help

chbq

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 15974
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: vista anti-spyware infection
« Reply #20 on: October 10, 2011, 11:10:39 PM »
Hi, chbq.  Welcome back!

Solving the problem to enable installing Microsoft updates was the primary goal, which has now been achieved.  Are you able to run programs normally now?  Did you solve the antivirus issues?  At the time of your original posting, there were other updates needed too.

To see where things stand now, it would be best if you were to post a fresh DDS log. 


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline chbq

  • Jr. Member
  • **
  • Posts: 16
    • View Profile
Re: vista anti-spyware infection
« Reply #21 on: October 11, 2011, 12:00:26 AM »

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 15974
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: vista anti-spyware infection
« Reply #22 on: October 11, 2011, 01:15:58 PM »


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 15974
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: vista anti-spyware infection
« Reply #23 on: October 11, 2011, 01:45:47 PM »
Hi, Hi, chbq.

From your log, I see you were successful in installing Microsoft Security Essentials.  However, McAfee is still active on your computer, which could be part of the problem for it being slow.  Having two antivirus solutions can also cause conflicts.  If you still wish to continue with Microsoft Security Essentials, please uninstall McAfee.  Please follow the instructions at How to uninstall or reinstall supported McAfee consumer products using the McAfee Consumer Products Removal tool (MCPR.exe).

Following that, let's deal with the leftovers from the original infection and do some additional cleanup.

Please follow these instructions carefully.

Download ComboFix from one of the following locations:

Link 1
Link 2

!!! IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your antivirus and anti-malware security applications. If not disabled, these programs will likely interfere with cleanup process. This can usually be accomplished by a right-click on the icon in the System Tray. 

Note:  If you are unsure how to disable your security software, see the instructions in this topic at Tech Support Forum:  How to disable your security applications.

Now, please run ComboFix:
  • Note:  If infections are found, ComboFix will automatically reboot the machine to complete the removal process.  Please ensure all opened windows are closed before proceeding.
  • Double-click ComboFix.exe on your desktop and follow the prompts.
  • As part of the process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it is strongly recommended to have this pre-installed on your machine before doing any malware removal. The Recovery Console will allow you to start up the computer in a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    Please note: If the Microsoft Windows Recovery Console is already installed on the computer, ComboFix will continue the malware removal procedures.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
  • When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

  • After the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

  • Click "Yes" to continue scanning for malware.
  • When finished, a log will be produced. Please include the C:\ComboFix.txt in your next reply.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline chbq

  • Jr. Member
  • **
  • Posts: 16
    • View Profile
Re: vista anti-spyware infection
« Reply #24 on: October 12, 2011, 12:05:11 AM »
HI Corinne,

   Which program offers more protection - McAfee or Microsoft Security  Essentials?

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 15974
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: vista anti-spyware infection
« Reply #25 on: October 12, 2011, 01:15:34 PM »
Hi, chbq.

When it comes to security software and which one is better, the answer you get will likely depend on the experiences of the person you are asking.  My personal choice when it comes to a paid/licensed solution is ESET.  Microsoft Security Essentials is my preference for a free solution.  You may find Ed Bott's articles interesting:  Microsoft vs. McAfee: How free antivirus outperformed paid and Why McAfee is still at the top of my Not Recommended list.

Note:  If you elect to remove McAfee, be sure the Windows Vista Firewall is turned on.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline chbq

  • Jr. Member
  • **
  • Posts: 16
    • View Profile
Re: vista anti-spyware infection
« Reply #26 on: October 12, 2011, 05:30:53 PM »

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 15974
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: vista anti-spyware infection
« Reply #27 on: October 12, 2011, 07:45:19 PM »
Hi, chbq.

Let's start with the outdated/vulnerable software on your computer.  We'll talk about ongoing security after I know things are back to normal.

Please download JavaRa and unzip it to your desktop.

  • Double-click on JavaRa.exe to start the program.  (Windows Vista users Right-click JavaRa.exe > Select Run as Administrator)
  • Click on Remove Older Versions to remove older versions of Java.
  • A logfile will pop up. Please save it to a convenient location.

Then download and install Java SE Runtime Environment 6u27.   

Note:  UNCHECK any pre-checked toolbar and/or software options presented with the update.  They are not part of the software update and are completely optional.   

Next comes Adobe Reader, which has also had a number of critical security updates.  Install the latest version of Adobe Reader from http://www.adobe.com/products/reader/

After those updates have been completed, please do the following:

Custom CFScript

Note: The following instructions were created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


  • Please open Notepad (Click Start -> Run -> type notepad in the Open field -> OK).  Copy/Paste all of the text present inside the code box below:
Code: [Select]
Registry::
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} -
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} -
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} -
  • Save this as CFScript.txt and place it on your desktop.
  • Close any open browsers.
  • Close/disable all antivirus and anti-malware programs so they do not interfere with the running of ComboFix.




  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline chbq

  • Jr. Member
  • **
  • Posts: 16
    • View Profile
Re: vista anti-spyware infection
« Reply #28 on: October 13, 2011, 12:34:05 AM »

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 15974
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: vista anti-spyware infection
« Reply #29 on: October 13, 2011, 02:00:15 PM »
Hi, chbq.  Let's do one more run with ComboFix. 

Custom CFScript

Note: The following instructions were created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


  • Please open Notepad (Click Start -> Run -> type notepad in the Open field -> OK).  Copy/Paste all of the text present inside the code box below:
Code: [Select]
RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
  • Save this as CFScript.txt and place it on your desktop.
  • Close any open browsers.
  • Close/disable all antivirus and anti-malware programs so they do not interfere with the running of ComboFix.




  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

How is your computer now?


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.