Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Heantrad

Pages: 1 2 [3] 4 5 ... 7
31
Hi Heantrad,

Quote from: Heantrad
Then I should delete the folders you told me to right?
I checked the directions that the old thread had and they exist, and some of the folders are full, should I just delete all of them? (or copy them out of Steam, in case Steam doesn't create them again).
Also, as Steam utilizes webkit, resetting Chrome (and unistalling it) should reset Steam's browser too right?
I don't really know Steam Browser myself, so I advice you to follow the advice posted in Steam forum and to ask relating questions there as well.

Quote from: Heantrad
Just thought of it, could it be that the proxy server you helped me to delete was Mozilla's update server?, as now I've seen that the version I have is really old and in the update tab it says that the update server hasn't been found.
Firefox don't need a proxy to update,  so no.

Regards.
I'll make a post asking for every folder that I need for resetting Steam's browser.
Meanwhile, I remembered that in CCleaner there's an option to clean Steam, do you think it will clean up the browser too or just temporary files Steam creates?
So, I used Delfix as Ron told me for cleaning all the tools used, and I think it didn't work, this is what happened.

So, I used the Delfix tool (sorry that it took me so long) and it didn't do anything I think.
I runned the program, and it detected some programs, however, I didn't read the intruction of rebooting the sistem and I runned the tool again, then I restarted the PC and nothing got deleted, at least that's what seems, FRST stills there, Javara stills there and I think everything that showed on the log stills there.
I can't send you the log, because I didn't know I messed it up and I didn't do it right, so I didn't save it.
When I run the tool again, the log appears blank (I mean, it doesn't detect any programs installed).
Is possible to delete all the programs I installed during the malware removal manually or I needed the tool?
I've alredy replied to my post on Malwarebytes' forum with the same explanation, but I asked you too in case this error could harm the computer.

32
Hi Heantrad,

Quote from: Heantrad
CCleaner has detected some registry keys that can be deleted, should I delete any of those? (I have all of the search options actived)
I strongly advice you not to use CCleaner "Registry Cleaner. It could cause harm to your system.

Quote from: Heantrad
Also, it's normal that I can freely acces to Windows' folder?, I mean, I can freely enter System32, I thought those folders were protected.
It's perfectly normal. The system files and folders are protected again modification/deletion, not browsing.

Quote from: Heantrad
Alright, I got a responde alredy, in the images below I show them to you, the guy sended me to another thread and the folders he says I must delete are diferent (probably because it's outdated, it's from 2014), but he tells me to directly delete the folders, as I thought I should do the first time, I shouldn't do that right?
Also, now that I remember, Steam let's you reset your cookies directly from the parameters.
I don't really known Steam Browser so I assume the folders will be recreated. You can go ahead.

Regards.
Then I should delete the folders you told me to right?
I checked the directions that the old thread had and they exist, and some of the folders are full, should I just delete all of them? (or copy them out of Steam, in case Steam doesn't create them again).
Also, as Steam utilizes webkit, resetting Chrome (and unistalling it) should reset Steam's browser too right?
Just thought of it, could it be that the proxy server you helped me to delete was Mozilla's update server?, as now I've seen that the version I have is really old and in the update tab it says that the update server hasn't been found.

33
Hi Heantrad,

Yes, you should.
For more information, I suggest you to open a new thread on the Steam Forum.

Regards.
Alright, I opened a thread on the Steam forums for more information.
Meanwhile, I have a pair of questions.
CCleaner has detected some registry keys that can be deleted, should I delete any of those? (I have all of the search options actived)
Also, it's normal that I can freely acces to Windows' folder?, I mean, I can freely enter System32, I thought those folders were protected.
Alright, I got a responde alredy, in the images below I show them to you, the guy sended me to another thread and the folders he says I must delete are diferent (probably because it's outdated, it's from 2014), but he tells me to directly delete the folders, as I thought I should do the first time, I shouldn't do that right?
Also, now that I remember, Steam let's you reset your cookies directly from the parameters.

34
Hi Heantrad,

Don't delete these folders, only their contents.

Regards.
Inside the Overlay HTML Cache folder there's a folder called AppCache, should I delete it too (it's empty)?
Also, the cookies folders are empty and the HTML Cache folder doesn't even exist.

35
Hi Heantrad,

Please try to delete the following directories content :
Quote
C:\Program Files\Steam\config\Cookies
C:\Program Files\Steam\config\Overlay Cookies
C:\Program Files\Steam\config\HTML Cache
C:\Program Files\Steam\config\Overlay HTML Cache
Regards.
Before I delete them, will Steam create the folders again (after using the his browser, opening Steam again...) or will I need to create the folders again or reinstall Steam?

36
Hi Heantrad,

Quote from: Heantrad
Then I should leave the PUMs there right? (they probably appeared because Ron told me to reset all my browsers).
Yes.

Quote from: Heantrad
Also, should I delete any of those DNS entries?
No, you need them to access Internet.

Quote from: Heantrad
And Ron told me to delete all the system restores I had, it's because the infection can pass from a restoration to my PC again or just to avoid using them by mistake?
If you use a restore point were your computer was infected, the infection will indeed pass to your computer again.

Quote from: Heantrad
Does Steam's browser reset along Internet Explorer?, as they use the same engine.
Not anymore. Steam's browser uses WebKit now.

Quote from: Heantrad
Does Java still install adware? As I needed to unistall it during Ron's cleanup and not I'm doubting about installing it again.
Java doesn't install adwares. Ron makes you uninstall old and flawed versions of Java.

Quote from: Heantrad
Well, the sound problem happened again, this time the general volume went up to the max.
Sorry, I still have no clue.

Quote from: Heantrad
Is puush.me a bad webpage? VirusTotal says it has two positive results, but Norton Safeweb says it's safe.
It's safe.

Regards.
So, how can I reset Steam's browser?
Also, when I reseted all the browsers Steam's one algo got kind of reset I think, as for example the 'Watched' videos got reseted.

37
Hi Heantrad,

Quote from: Heantrad
Also, I found this http://answers.microsoft.com/en-us/windows/forum/windows_7-pictures/volume-mixer-does-not-retain-settings-for/558434e7-fe84-48e0-9385-474594c52e50 , could any of those solutions work if the volume mixer keeps resetting?
You can try those solutions but don't use the "System Restore" one. It will revert your computer to an earlier state, so Ron work will be useless.

Quote from: Heantrad
RogueKiller did detect something, I'll leave here the log (I haven't deleted anything yet).
The home page of IE seems to be this (Safeweb Norton and VirusTotal say it's safe) https://www.google.es/?gfe_rd=cr&ei=7UUMVrreAs2q8wed_L0g&gws_rd=ssl
PUM stands for Potentially Unwanted Modification. In your case, thoses entries are perfectly legit and necessary to access Internet.
For more information, please read RogueKiller Documentation.

Quote from: Heantrad
Also, it's me or there's now more DNS entries than before?
The "CurrentControlSet" keys are the ones that matter. :)

Regards.
Then I should leave the PUMs there right? (they probably appeared because Ron told me to reset all my browsers).
Also, should I delete any of those DNS entries?
And Ron told me to delete all the system restores I had, it's because the infection can pass from a restoration to my PC again or just to avoid using them by mistake?
Does Steam's browser reset along Internet Explorer?, as they use the same engine.
Does Java still install adware? As I needed to unistall it during Ron's cleanup and not I'm doubting about installing it again.
Well, the sound problem happened again, this time the general volume went up to the max.
Is puush.me a bad webpage? VirusTotal says it has two positive results, but Norton Safeweb says it's safe.
Now, after that I think there's only left the Program Files folder and the Nvidia Drivers.

38
RogueKiller / Re: svchost.exe process and a bunch of PUM (and other stuffs)
« on: September 30, 2015, 09:49:15 pm »
Hi Heantrad,

Quote from: Heantrad
Also, when I did the scan with ESET Online Scaner it detected that the installers of CCleaner had adware, is that true?
CCleaner installer don't contains any adware.

Quote from: Heantrad
And a weird thing that has been happening, for some reason the volumes at the volume mixer keep reseting at the maximun without an aparent reason, what could be causing it?
I'm sorry but I have no clue.

Quote from: Heantrad
What are the shortcuts .ink? SAS! has a option to follow them, but I don't know if it's a good decision to make it do it or it will make that SAS! analyzes less files.
.lnk files are Shell Links.
If you enable SAS! to follow them, it will then scan the files "linked" to them. It won't make it analyzes less files.

Regards.
SAS! hasn't detected anything.
Also, I found this http://answers.microsoft.com/en-us/windows/forum/windows_7-pictures/volume-mixer-does-not-retain-settings-for/558434e7-fe84-48e0-9385-474594c52e50 , could any of those solutions work if the volume mixer keeps resetting?

RogueKiller did detect something, I'll leave here the log (I haven't deleted anything yet).
The home page of IE seems to be this (Safeweb Norton and VirusTotal say it's safe) https://www.google.es/?gfe_rd=cr&ei=7UUMVrreAs2q8wed_L0g&gws_rd=ssl
Also, it's me or there's now more DNS entries than before?

39
RogueKiller / Re: svchost.exe process and a bunch of PUM (and other stuffs)
« on: September 30, 2015, 06:39:41 pm »
Hi Heantrad,

It's legit.

Regards.
Alright, I'm still doing scans, MBAM says it's clean, now there's only left SAS!, MSE and RogueKiller.
Also, when I did the scan with ESET Online Scaner it detected that the installers of CCleaner had adware, is that true?
And a weird thing that has been happening, for some reason the volumes at the volume mixer keep reseting at the maximun without an aparent reason, what could be causing it?
What are the shortcuts .ink? SAS! has a option to follow them, but I don't know if it's a good decision to make it do it or it will make that SAS! analyzes less files.

40
RogueKiller / Re: svchost.exe process and a bunch of PUM (and other stuffs)
« on: September 30, 2015, 03:03:36 pm »
Hi Heantrad,

You are welcome.

Regards.
Alright, so Ron has finished with me, so I'm doing a full scan with every antispyware I have.
AdwCleaner has detected this task, I searched for info and it seems that a virus can do that, is it legit or not?
I'll update if any program I have detects anything more.

41
RogueKiller / Re: svchost.exe process and a bunch of PUM (and other stuffs)
« on: September 28, 2015, 04:59:22 pm »
Hi Heantrad,

Quote from: Heantrad
Could it be that Panda USB vaccine has created the autorun file? As in the PC I use on that class has it.
This is certainly the case.

Quote from: Heantrad
Also, for curiosity, is hotmail/outlook that bad?
Not at all. I think it's a pretty good solution for end-user.

Regards.
Alright, then I'll keep the autorun, thanks.

42
RogueKiller / Re: svchost.exe process and a bunch of PUM (and other stuffs)
« on: September 25, 2015, 02:47:57 pm »
Hi Heantrad,

Quote from: Heantrad
I unistalled them because I thought that the trojan might have created them, it's okay anyways right?
Yes.

Quote from: Heantrad
So, if I execute the file, what would happen
Absolutely nothing since Windows cannot interpret it.

Quote from: Heantrad
So, I use an USB pen for computing class and today, when I used the USB, I saw it had a file called autorun, I've searched for info and I saw that some virus use that to install virus trough a USB, what should I do?
AutoRun could be subverted by malwares for propagation purposes but, most of the time, the instruction on the autorun.inf file are perfectly legit.
For more information, please read Creating an AutoRun-Enabled Application.

Regards.
Could it be that Panda USB vaccine has created the autorun file? As in the PC I use on that class has it.
Also, for curiosity, is hotmail/outlook that bad?

43
RogueKiller / Re: svchost.exe process and a bunch of PUM (and other stuffs)
« on: September 24, 2015, 05:32:07 pm »
Hi Heantrad,

Sorry, I didn't see the log at first sight.
The new lines are liked to ESet Smart Security driver, so they are legit.

I checked the file you attached.
It's not a valid PE file (exe file) and therefore it poses no threat.

Regards.
I unistalled them because I thought that the trojan might have created them, it's okay anyways right?
So, if I execute the file, what would happen
So, I use an USB pen for computing class and today, when I used the USB, I saw it had a file called autorun, I've searched for info and I saw that some virus use that to install virus trough a USB, what should I do?

44
RogueKiller / Re: svchost.exe process and a bunch of PUM (and other stuffs)
« on: September 24, 2015, 01:51:09 pm »
Hi Heantrad,

Quote from: Heantrad
So today I did a scan with RogueKiller because Ron is making me install a lot of things and this was detected.
Any idead of what can it be? (I haven't deleted it yet).
Could you please post RogueKiller log ? I'm sure Ron won't make you install something unsafe.

Quote from: Heantrad
Also, the svchost.exe process keeps appearing, it doesn't show in this report because I exported it to json format by mistake and I did another scan in txt format.
This is a bug on our side. Don't worry about that.

Quote from: Heantrad
And, it's normal that the rootkit section appears totally blank?, in older version it appeared a lot of files in green for information purposes, has it been updated?
Yes. RogueKiller doesn't display legit hooks anymore.

Quote from: Heantrad
So... Microsoft Security Essentials detected this... I'm going to delete it and the things that RogueKiller detected too...
Also, I've seen the scheluded tasks to be sure that the Trojan hasn't created one and I found why the Proxy server keeped reapearing, something created a scheluded task.
Please see this with Ron. If something must be removed, he will instruct you how to do it with FRST.

Quote from: Heantrad
So, today I noticed this, it was created the same day I replied with this comment, if you want I can send you the file so you can see what it is, for now I will move it to a .rar file until I know what to do with it.
Yes, the file could be useful for analysis.
Please rar it and attach it with your next reply.

Regards.
The log has been posted on my previous reply.
And here is the file.

45
RogueKiller / Re: svchost.exe process and a bunch of PUM (and other stuffs)
« on: September 18, 2015, 09:25:01 pm »
Hi Heantrad,

You are welcome.

Regards.
So today I did a scan with RogueKiller because Ron is making me install a lot of things and this was detected.
Any idead of what can it be? (I haven't deleted it yet).
Also, the svchost.exe process keeps appearing, it doesn't show in this report because I exported it to json format by mistake and I did another scan in txt format.
And, it's normal that the rootkit section appears totally blank?, in older version it appeared a lot of files in green for information purposes, has it been updated?
So... Microsoft Security Essentials detected this... I'm going to delete it and the things that RogueKiller detected too...
Also, I've seen the scheluded tasks to be sure that the Trojan hasn't created one and I found why the Proxy server keeped reapearing, something created a scheluded task.
So, today I noticed this, it was created the same day I replied with this comment, if you want I can send you the file so you can see what it is, for now I will move it to a .rar file until I know what to do with it.

Pages: 1 2 [3] 4 5 ... 7