Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: Viruses on my system Win 7


(!)

NcRam356's Avatar
NcRam356 NcRam356 is offline
Computer Specs
Member with 62 posts.
THREAD STARTER
 
Join Date: Nov 2010
Location: Cary,NC
Experience: Intermediate
24-Jul-2013, 09:07 AM #31
Quote:
Originally Posted by NcRam356 View Post
Here is the what you requested

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{4adc9c1b-9c50-4c2d-a471-5c06d8de7e80}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n]
"RadioPI_4e Browser Plugin Loader"=-


There is also a Java trying to download but Kaspersky keeps blocking it says it is a Trojan

The little ad screen is back again it started today when I signed on
JSntgRvr's Avatar
Moderator & Malware Removal Specialist with 17,219 posts.
 
Join Date: Jul 2003
Location: Puerto Rico
Experience: Advanced
24-Jul-2013, 07:31 PM #32
The file, CFScript.txt, is to be dragged and dropped into Combofix. That should start Combofix and remove those entries.

In regard to avp.exe, this is a file that belongs to Kaspersky. Please have this file scanned at VirusTotal:

C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2113\avp.exe

The small window is Adware. Seems to be part of Less Tabs which is a programs that was apparently installed in your computer, bundled with third party software. See here.

Before removing this program, lets collect its information:

Please download SystemLook from one of the links below and save it to your Desktop.

32 bit Download Mirror #1
32 bit Download Mirror #2


For 64bit systems, Please download SystemLook from the link below and save it to your Desktop.

64 bit Download Mirror
  • Double-click SystemLook.exe (or SystemLook_x64.exe) to run the application.
  • Copy the content of the following quote box into the main textfield (Do not include the word Quote):
    Quote:
    :regfind
    *LessTabs*

    :folderfind:
    *LessTabs*

    :filefind
    *LessTabs*
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt
__________________
Unanswered threads for 5 days will no longer be part of my subscriptions.
NcRam356's Avatar
NcRam356 NcRam356 is offline
Computer Specs
Member with 62 posts.
THREAD STARTER
 
Join Date: Nov 2010
Location: Cary,NC
Experience: Intermediate
24-Jul-2013, 08:25 PM #33
Quote:
Originally Posted by JSntgRvr View Post
The file, CFScript.txt, is to be dragged and dropped into Combofix. That should start Combofix and remove those entries.

In regard to avp.exe, this is a file that belongs to Kaspersky. Please have this file scanned at VirusTotal:

C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2113\avp.exe

The small window is Adware. Seems to be part of Less Tabs which is a programs that was apparently installed in your computer, bundled with third party software. See here.

Before removing this program, lets collect its information:

Please download SystemLook from one of the links below and save it to your Desktop.

32 bit Download Mirror #1
32 bit Download Mirror #2

For 64bit systems, Please download SystemLook from the link below and save it to your Desktop.

64 bit Download Mirror
  • Double-click SystemLook.exe (or SystemLook_x64.exe) to run the application.
  • Copy the content of the following quote box into the main textfield (Do not include the word Quote):
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt



SystemLook 30.07.11 by jpshortstuff
Log created at 20:02 on 24/07/2013 by Laura
Administrator - Elevation successful
No Context: Quote:
========== regfind ==========
Searching for " *LessTabs*"
No data found.
Searching for " :folderfind:"
No data found.
Searching for " *LessTabs*"
No data found.
Searching for " :filefind"
No data found.
Searching for " *LessTabs* "
No data found.
-= EOF =-
Here is what the scan showed what is this anything I need to be worried about. I attached the file at the top of the scan
Advanced heuristic and reputation engines

ClamAV PUA
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/index.php?s=pua&lang=en .

Thank You for all your help !
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
JSntgRvr's Avatar
Moderator & Malware Removal Specialist with 17,219 posts.
 
Join Date: Jul 2003
Location: Puerto Rico
Experience: Advanced
24-Jul-2013, 08:39 PM #34
Lets try this script on SystemLook:

Quote:
:regfind
LessTabs*

:folderfind:
LessTabs*

:filefind
LessTabs*
NcRam356's Avatar
NcRam356 NcRam356 is offline
Computer Specs
Member with 62 posts.
THREAD STARTER
 
Join Date: Nov 2010
Location: Cary,NC
Experience: Intermediate
24-Jul-2013, 08:51 PM #35
Quote:
Originally Posted by JSntgRvr View Post
Lets try this script on SystemLook:
SystemLook 30.07.11 by jpshortstuff
Log created at 20:44 on 24/07/2013 by Laura
Administrator - Elevation successful
No Context: Quote:
========== regfind ==========
Searching for " LessTabs*"
No data found.
Searching for " :folderfind:"
No data found.
Searching for " LessTabs*"
No data found.
Searching for " :filefind"
No data found.
Searching for " LessTabs* "
No data found.
-= EOF =-

The Java thing try to install again and then there was the Trojan I attached the file
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
JSntgRvr's Avatar
Moderator & Malware Removal Specialist with 17,219 posts.
 
Join Date: Jul 2003
Location: Puerto Rico
Experience: Advanced
24-Jul-2013, 09:05 PM #36
Did you uninstall LessTabs?
JSntgRvr's Avatar
Moderator & Malware Removal Specialist with 17,219 posts.
 
Join Date: Jul 2003
Location: Puerto Rico
Experience: Advanced
24-Jul-2013, 09:08 PM #37
Lets empty the temp folders:

Download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.
Security check

Download and run Security Check by screen317 and post its report.
JSntgRvr's Avatar
Moderator & Malware Removal Specialist with 17,219 posts.
 
Join Date: Jul 2003
Location: Puerto Rico
Experience: Advanced
24-Jul-2013, 09:13 PM #38
There seems to be a space in the script ran.

Please use the following text in bold as the script:

:regfind
LessTabs

:folderfind
LessTabs

:filefind
LessTabs
JSntgRvr's Avatar
Moderator & Malware Removal Specialist with 17,219 posts.
 
Join Date: Jul 2003
Location: Puerto Rico
Experience: Advanced
24-Jul-2013, 09:17 PM #39
Quote:
The Java thing try to install again and then there was the Trojan I attached the file
That is a bad Trojan. I hope you blocked it. Chances are your JAVA is outdated. Run Security Check above to see the status of your security.
NcRam356's Avatar
NcRam356 NcRam356 is offline
Computer Specs
Member with 62 posts.
THREAD STARTER
 
Join Date: Nov 2010
Location: Cary,NC
Experience: Intermediate
24-Jul-2013, 09:30 PM #40
Quote:
Originally Posted by JSntgRvr View Post
That is a bad Trojan. I hope you blocked it. Chances are your JAVA is outdated. Run Security Check above to see the status of your security.
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Kaspersky Internet Security
Here are the results of the Security Check
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java(TM) 6 Update 30
Java version out of Date!
Adobe Flash Player 11.8.800.94
Adobe Reader 10.1.7 Adobe Reader out of Date!
Google Chrome 28.0.1500.71
Google Chrome 28.0.1500.72
````````Process Check: objlist.exe by Laurent````````
Kaspersky Lab Kaspersky Internet Security 2013 avp.exe
Kaspersky Lab Kaspersky Internet Security 2013 x64 klwtblfs.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

When the Java thing is trying to install Kaspersky stops it because it is a Trojan .
NcRam356's Avatar
NcRam356 NcRam356 is offline
Computer Specs
Member with 62 posts.
THREAD STARTER
 
Join Date: Nov 2010
Location: Cary,NC
Experience: Intermediate
24-Jul-2013, 09:37 PM #41
Quote:
Originally Posted by NcRam356 View Post
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Kaspersky Internet Security
Here are the results of the Security Check
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java(TM) 6 Update 30
Java version out of Date!
Adobe Flash Player 11.8.800.94
Adobe Reader 10.1.7 Adobe Reader out of Date!
Google Chrome 28.0.1500.71
Google Chrome 28.0.1500.72
````````Process Check: objlist.exe by Laurent````````
Kaspersky Lab Kaspersky Internet Security 2013 avp.exe
Kaspersky Lab Kaspersky Internet Security 2013 x64 klwtblfs.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

When the Java thing is trying to install Kaspersky stops it because it is a Trojan .

SystemLook 30.07.11 by jpshortstuff
Log created at 21:34 on 24/07/2013 by Laura
Administrator - Elevation successful
========== regfind ==========
Searching for " LessTabs"
No data found.
Searching for " :folderfind"
No data found.
Searching for " LessTabs"
No data found.
Searching for " :filefind"
No data found.
Searching for " LessTabs"
No data found.
-= EOF =-
JSntgRvr's Avatar
Moderator & Malware Removal Specialist with 17,219 posts.
 
Join Date: Jul 2003
Location: Puerto Rico
Experience: Advanced
24-Jul-2013, 10:01 PM #42
I don't know why isn't working.

Go to Control Panel ->Uninstall a program. Remove the following programs:

DefaultTab (x32 Version: 2.2.8.0)
LessTabs (x32 Version: 1.7.2.0)


Remove “Less Tabs” extension from Internet Explorer
  1. Open Internet Explorer,then click on the gear icon at the top (far right), then select Manage add-ons.
  2. From the Toolbars and Extensions tab, select LessTabs and any other unknown extensions, then click on Disable.

Remove Less Tabs from Mozilla Firefox
  1. At the top of the Firefox window, click the Firefox button, or select Tools from the menu, then select Add-ons. Or
  2. Select the Extensions tab, then remove LessTabs extension from Mozilla Firefox.

Remove Less Tabs from Google Chrome
  1. Click the Chrome menu Chrome menu button on the browser toolbar, select Tools and then click on Extensions.
  2. In the Extensions tab,remove the Less Tabs extension by clicking on the Recycle Bin next to the plugin.

Please note that you may also find a plugin labeled DefaultTab. It should also go throughout the same process.

Run TFC to remove temp files and folders.

Manually clear the JAVA cache:
  1. Click on the Start button and then click on the Control Panel option.
  2. In the Control Panel Search enter Java Control Panel.
  3. Click on the Java icon to open the Java Control Panel.
  4. In the Java Control Panel, under the General tab, click Settings under the Temporary Internet Files section.
  5. The Temporary Files Settings dialog box appears.
  6. Click Delete Files on the Temporary Files Settings dialog.
  7. The Delete Files and Applications dialog box appears. Check all options.
  8. Click OK on the Delete Files and Applications dialog. This deletes all the Downloaded Applications and Applets from the cache.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. NOT supported for use in 9x or ME

Upgrade Java : (64 bits)
  • Download the latest version of Java SE Runtime Environment (JRE) Version 7 Update 25 .
  • Under the JAVA Platform Standard Edition, click the "Download JRE" button to the right.
  • Check the box that says: "Accept License Agreement.".
  • Click on the link to download Windows Offline Installation 64 bit (jre-7u25-windows-x64.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista or Win 7 users, right click on the jre-7u25-windows-x64.exe and select "Run as an Administrator.")

--------------------------------------------------------------------------

Upgrade Java : (32 bits)
  • Download the latest version of Java SE Runtime Environment (JRE) JRE Version 7 Update 25 .
  • Under the JAVA Platform Standard Edition, click the "Download JRE" button to the right.
  • Accept License Agreement.[/b]".
  • Click on the link to download Windows Offline Installation 32 bit (jre-7u25-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista or Win 7 users, right click on the jre-7u25-windows-i586.exe and select "Run as an Administrator.")

Last edited by JSntgRvr; 24-Jul-2013 at 10:07 PM..
NcRam356's Avatar
NcRam356 NcRam356 is offline
Computer Specs
Member with 62 posts.
THREAD STARTER
 
Join Date: Nov 2010
Location: Cary,NC
Experience: Intermediate
24-Jul-2013, 10:11 PM #43
Quote:
Originally Posted by JSntgRvr View Post
I don't know why isn't working.

Go to Control Panel ->Uninstall a program. Remove the following programs:

DefaultTab (x32 Version: 2.2.8.0)
LessTabs (x32 Version: 1.7.2.0)

Remove “Less Tabs” extension from Internet Explorer
  1. Open Internet Explorer,then click on the gear icon at the top (far right), then select Manage add-ons.
  2. From the Toolbars and Extensions tab, select LessTabs and any other unknown extensions, then click on Disable.
Remove Less Tabs from Mozilla Firefox
  1. At the top of the Firefox window, click the Firefox button, or select Tools from the menu, then select Add-ons. Or
  2. Select the Extensions tab, then remove LessTabs extension from Mozilla Firefox.
Remove Less Tabs from Google Chrome
  1. Click the Chrome menu Chrome menu button on the browser toolbar, select Tools and then click on Extensions.
  2. In the Extensions tab,remove the Less Tabs extension by clicking on the Recycle Bin next to the plugin.
Please note that you may also find a plugin labeled DefaultTab. It should also go throughout the same process.

Run TFC to remove temp files and folders.


Manually clear the JAVA cache:
  1. Click on the Start button and then click on the Control Panel option.
  2. In the Control Panel Search enter Java Control Panel.
  3. Click on the Java icon to open the Java Control Panel.
  4. In the Java Control Panel, under the General tab, click Settings under the Temporary Internet Files section.
  5. The Temporary Files Settings dialog box appears.
  6. Click Delete Files on the Temporary Files Settings dialog.
  7. The Delete Files and Applications dialog box appears. Check all options.
  8. Click OK on the Delete Files and Applications dialog. This deletes all the Downloaded Applications and Applets from the cache.
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. NOT supported for use in 9x or ME


Upgrade Java : (64 bits)
  • Download the latest version of Java SE Runtime Environment (JRE) Version 7 Update 25 .
  • Under the JAVA Platform Standard Edition, click the "Download JRE" button to the right.
  • Check the box that says: "Accept License Agreement.".
  • Click on the link to download Windows Offline Installation 64 bit (jre-7u25-windows-x64.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista or Win 7 users, right click on the jre-7u25-windows-x64.exe and select "Run as an Administrator.")
--------------------------------------------------------------------------


Upgrade Java : (32 bits)
  • Download the latest version of Java SE Runtime Environment (JRE) JRE Version 7 Update 25 .
  • Under the JAVA Platform Standard Edition, click the "Download JRE" button to the right.
  • Accept License Agreement.[/b]".
  • Click on the link to download Windows Offline Installation 32 bit (jre-7u25-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista or Win 7 users, right click on the jre-7u25-windows-i586.exe and select "Run as an Administrator.")
I can't find this
DefaultTab (x32 Version: 2.2.8.0)
)
JSntgRvr's Avatar
Moderator & Malware Removal Specialist with 17,219 posts.
 
Join Date: Jul 2003
Location: Puerto Rico
Experience: Advanced
24-Jul-2013, 11:21 PM #44
Quote:
I can't find this
DefaultTab (x32 Version: 2.2.8.0)
)
Continue with the rest.
NcRam356's Avatar
NcRam356 NcRam356 is offline
Computer Specs
Member with 62 posts.
THREAD STARTER
 
Join Date: Nov 2010
Location: Cary,NC
Experience: Intermediate
25-Jul-2013, 06:48 PM #45
Quote:
Originally Posted by JSntgRvr View Post
Continue with the rest.
Ok was able to do all but still not finding the DEFAULT Tab.
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑