1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Viruses on my system Win 7

Discussion in 'Virus & Other Malware Removal' started by NcRam356, Jul 16, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. NcRam356

    NcRam356 Thread Starter

    Joined:
    Nov 29, 2010
    Messages:
    62

    The little ad screen is back again it started today when I signed on
     
  2. JSntgRvr

    JSntgRvr José Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,524
    The file, CFScript.txt, is to be dragged and dropped into Combofix. That should start Combofix and remove those entries.

    In regard to avp.exe, this is a file that belongs to Kaspersky. Please have this file scanned at VirusTotal:

    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2113\avp.exe

    The small window is Adware. Seems to be part of Less Tabs which is a programs that was apparently installed in your computer, bundled with third party software. See here.

    Before removing this program, lets collect its information:

    Please download SystemLook from one of the links below and save it to your Desktop.

    32 bit Download Mirror #1
    32 bit Download Mirror #2


    For 64bit systems, Please download SystemLook from the link below and save it to your Desktop.

    64 bit Download Mirror

    • Double-click SystemLook.exe (or SystemLook_x64.exe) to run the application.
    • Copy the content of the following quote box into the main textfield (Do not include the word Quote):
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

    Note: The log can also be found on your Desktop entitled SystemLook.txt
     
  3. NcRam356

    NcRam356 Thread Starter

    Joined:
    Nov 29, 2010
    Messages:
    62



    SystemLook 30.07.11 by jpshortstuff
    Log created at 20:02 on 24/07/2013 by Laura
    Administrator - Elevation successful
    No Context: Quote:
    ========== regfind ==========
    Searching for " *LessTabs*"
    No data found.
    Searching for " :folderfind:"
    No data found.
    Searching for " *LessTabs*"
    No data found.
    Searching for " :filefind"
    No data found.
    Searching for " *LessTabs* "
    No data found.
    -= EOF =-
    Here is what the scan showed what is this anything I need to be worried about. I attached the file at the top of the scan
    Advanced heuristic and reputation engines

    ClamAV PUA
    Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/index.php?s=pua&lang=en .

    Thank You for all your help !
     

    Attached Files:

  4. JSntgRvr

    JSntgRvr José Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,524
    Lets try this script on SystemLook:

     
  5. NcRam356

    NcRam356 Thread Starter

    Joined:
    Nov 29, 2010
    Messages:
    62
    SystemLook 30.07.11 by jpshortstuff
    Log created at 20:44 on 24/07/2013 by Laura
    Administrator - Elevation successful
    No Context: Quote:
    ========== regfind ==========
    Searching for " LessTabs*"
    No data found.
    Searching for " :folderfind:"
    No data found.
    Searching for " LessTabs*"
    No data found.
    Searching for " :filefind"
    No data found.
    Searching for " LessTabs* "
    No data found.
    -= EOF =-

    The Java thing try to install again and then there was the Trojan I attached the file
     

    Attached Files:

  6. JSntgRvr

    JSntgRvr José Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,524
    Did you uninstall LessTabs?
     
  7. JSntgRvr

    JSntgRvr José Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,524
    Lets empty the temp folders:

    Download TFC by OldTimer to your desktop
    • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
    • It will close all programs when run, so make sure you have saved all your work before you begin.
    • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
    • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.
    Security check

    Download and run Security Check by screen317 and post its report.
     
  8. JSntgRvr

    JSntgRvr José Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,524
    There seems to be a space in the script ran.

    Please use the following text in bold as the script:

    :regfind
    LessTabs

    :folderfind
    LessTabs

    :filefind
    LessTabs
     
  9. JSntgRvr

    JSntgRvr José Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,524
    That is a bad Trojan. I hope you blocked it. Chances are your JAVA is outdated. Run Security Check above to see the status of your security.
     
  10. NcRam356

    NcRam356 Thread Starter

    Joined:
    Nov 29, 2010
    Messages:
    62
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 10
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Disabled!
    Kaspersky Internet Security
    Here are the results of the Security Check
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Java(TM) 6 Update 30
    Java version out of Date!
    Adobe Flash Player 11.8.800.94
    Adobe Reader 10.1.7 Adobe Reader out of Date!
    Google Chrome 28.0.1500.71
    Google Chrome 28.0.1500.72
    ````````Process Check: objlist.exe by Laurent````````
    Kaspersky Lab Kaspersky Internet Security 2013 avp.exe
    Kaspersky Lab Kaspersky Internet Security 2013 x64 klwtblfs.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 0%
    ````````````````````End of Log``````````````````````

    When the Java thing is trying to install Kaspersky stops it because it is a Trojan .
     
  11. NcRam356

    NcRam356 Thread Starter

    Joined:
    Nov 29, 2010
    Messages:
    62

    SystemLook 30.07.11 by jpshortstuff
    Log created at 21:34 on 24/07/2013 by Laura
    Administrator - Elevation successful
    ========== regfind ==========
    Searching for " LessTabs"
    No data found.
    Searching for " :folderfind"
    No data found.
    Searching for " LessTabs"
    No data found.
    Searching for " :filefind"
    No data found.
    Searching for " LessTabs"
    No data found.
    -= EOF =-
     
  12. JSntgRvr

    JSntgRvr José Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,524
    I don't know why isn't working.

    Go to Control Panel ->Uninstall a program. Remove the following programs:

    DefaultTab (x32 Version: 2.2.8.0)
    LessTabs (x32 Version: 1.7.2.0)


    Remove “Less Tabs” extension from Internet Explorer

    1. Open Internet Explorer,then click on the gear icon at the top (far right), then select Manage add-ons.
    2. From the Toolbars and Extensions tab, select LessTabs and any other unknown extensions, then click on Disable.

    Remove Less Tabs from Mozilla Firefox

    1. At the top of the Firefox window, click the Firefox button, or select Tools from the menu, then select Add-ons. Or
    2. Select the Extensions tab, then remove LessTabs extension from Mozilla Firefox.

    Remove Less Tabs from Google Chrome

    1. Click the Chrome menu Chrome menu button on the browser toolbar, select Tools and then click on Extensions.
    2. In the Extensions tab,remove the Less Tabs extension by clicking on the Recycle Bin next to the plugin.

    Please note that you may also find a plugin labeled DefaultTab. It should also go throughout the same process.

    Run TFC to remove temp files and folders.

    Manually clear the JAVA cache:
    1. Click on the Start button and then click on the Control Panel option.
    2. In the Control Panel Search enter Java Control Panel.
    3. Click on the Java icon to open the Java Control Panel.
    4. In the Java Control Panel, under the General tab, click Settings under the Temporary Internet Files section.
    5. The Temporary Files Settings dialog box appears.
    6. Click Delete Files on the Temporary Files Settings dialog.
    7. The Delete Files and Applications dialog box appears. Check all options.
    8. Click OK on the Delete Files and Applications dialog. This deletes all the Downloaded Applications and Applets from the cache.

    [​IMG] Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. NOT supported for use in 9x or ME

    Upgrade Java : (64 bits)
    • Download the latest version of Java SE Runtime Environment (JRE) Version 7 Update 25 .
    • Under the JAVA Platform Standard Edition, click the "Download JRE" button to the right.
    • Check the box that says: "Accept License Agreement.".
    • Click on the link to download Windows Offline Installation 64 bit (jre-7u25-windows-x64.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
    • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each Java version.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on the download to install the newest version.(Vista or Win 7 users, right click on the jre-7u25-windows-x64.exe and select "Run as an Administrator.")

    --------------------------------------------------------------------------

    Upgrade Java : (32 bits)
    • Download the latest version of Java SE Runtime Environment (JRE) JRE Version 7 Update 25 .
    • Under the JAVA Platform Standard Edition, click the "Download JRE" button to the right.
    • Accept License Agreement.[/b]".
    • Click on the link to download Windows Offline Installation 32 bit (jre-7u25-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
    • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each Java version.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on the download to install the newest version.(Vista or Win 7 users, right click on the jre-7u25-windows-i586.exe and select "Run as an Administrator.")
     
  13. NcRam356

    NcRam356 Thread Starter

    Joined:
    Nov 29, 2010
    Messages:
    62
    I can't find this
    DefaultTab (x32 Version: 2.2.8.0)
    )
     
  14. JSntgRvr

    JSntgRvr José Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,524
    Continue with the rest.
     
  15. NcRam356

    NcRam356 Thread Starter

    Joined:
    Nov 29, 2010
    Messages:
    62
    Ok was able to do all but still not finding the DEFAULT Tab.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1103820