New Problem!! 'Security Shield'

[Corrine]

Hi, Toobroketopay.

I thought I posted this earlier.  I guess I got distracted.  Anyway, I'd like to see the results of an online scan. 

Please go here to run an on-line scan from ESET.

• Note: It is easiest if you use Internet explorer for this scan.  (If you use an alternate browser, it will be necessary to download the ESET Smart Installer)
  
• Turn off the real time scanner of any existing antivirus program while performing the online scan
  
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
  
• When asked, allow the ActiveX control to install
  
• Click Start
  
• Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  
• Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
• Click Scan
  
• Wait for the scan to finish
• Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  
• Copy and paste that log as a reply to this topic and also let me know how things are now.

[Toobroketopay]

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK

Everything seems fine!

[Corrine]

Hi, Toobroketopay.

Excellent!

Please do the following to implement cleanup procedures and also to reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

Note: In the event you wish to contribute to the ongoing development of ComboFix, the developer is accepting donations via PayPal.


Personally, I would not allow any programs in the Trusted Zone.  After all, even well known sites can be the victim of an SQL injection, hidden scripts, and more.  I suggest you discuss this with your daughter and, if you elect to remove the entries from the Trusted Zone, please do the following:

• Launch Internet Explorer, click Internet Options on the Tools  menu, and then click the Security tab.
• Click Trusted Sites, and then click Sites.
• Click the site you want to delete, and then click Remove.

I also note that even though Secunia PSI is installed on your daughter's computer both Internet Explorer and Java are out of date.  Internet Explorer 9 had a number of security and privacy enhancements, outlined in my blog post at Internet Explorer 9, Privacy and Security Enhancements.  If the optional upgrade to IE9 has has been hidden, you can go to Internet Explorer downloads.  However, I think it would be best to check for updates to find out if other updates are needed.

The latest version of Java can be obtained from here:  Java SE Runtime Environment 6u31

Pass along this tip to your daughter should she run into one of those nasty rogue applications again:  use the key combination of Alt + F4 to close open windows.  Repeat as many times as needed until they are all closed.

Please let me know if you or your daughter have any questions.

[Toobroketopay]

I will DEFINITELY be donating to ComboFix!!  Thanks so much - again you saved us so much time and money.   All the volunteering we do this week will be in your name - women's prison, church, children's hospital, food pantry, etc.    One last question- I still have SecurityCheck, TFC, and rkill installed (or at least the icons are on the desktop).  Should I uninstall these somehow?  Hope you have a great day!     ps  My daughter is thrilled to be able to do her homeword again :)

[Corrine]

You are so very welcome.  I am honored that your volunteering will be in my name.  Thank you so much for that as well as the donation to the developer of ComboFix.   :flowers:

As to the other programs, sorry, yes.  You can delete SecurityCheck and RKill.  However, you may want to keep TFC around and run it occasionally.   This is what it does:

TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder. It also cleans out the %systemroot%\temp folder and checks for .tmp files in the %systemdrive% root folder, %systemroot%, and the system32 folder (both 32bit and 64bit on 64bit OSs). It shows the amount removed for each location found (in bytes) and the total removed (in MB).

A word of warning to anyone running any temp file cleaner:  in the event your computer is infected with one of the fake/rogue applications that "hides" your Programs, desktop shortcuts, etc., do NOT run a temp file cleaner!  The rogue has not deleted those files but rather has hidden them.  Developers in the security community have created specialized tools for restoring the programs to their proper location.