New
#51
I'm sure that I did not do ESET properly. I'll do it again tomorrow. I'll uninstall it or delete it from my downloads and download it again; this time I won't choose between "Purchase" and "30-day Free Trial."
I went to Edge > three dots > Settings > View Advanced Settings but I couldn't find an option called "Open Proxy Settings." Is it hidden under one of the other options?
I did not use FireFox to go to the ESET Online Scanner, but I'll be sure to do that tomorrow.
I'll also create the new System Restore Point that you suggest tomorrow. This sounds as though it will take some time.
I'm going to call it a day for now; it's approaching 11 pm here in Florida, and I've had a long day.
If you're not on Microsoft's payroll, I think you should be. Thanks again for all you help.
HURRAH! NOW we're talking! I think, based on this news, we may be able to skip resetting the Edge browser. Let's leave that for now.
It's a bit tricky at the end. I will try to post some screen shots for you to follow tomorrow.
Yes, tomorrow is fine.
So, to recap,
Set another restore point,
Run ESET from Firefox, save the log file and paste it here, let it delete whatever it finds.
Run Malwarebytes Anti-Exploit (see post #17)
Run SuperAntiSpyware
Run one last scan of Malwarebytes Antimalware - but this time you're going to do a full scan of drive C and not just a threat scan (I'll give you those instructions tomorrow).
Then we'll run SFC /SCANNOW to make sure your operating system files are intact.
Finally, we will have you install CryptoPrevent to stop these nasties from running in the future.
We will then set 2 new restore points, calling them CLEAN1 and CLEAN2.
Then we will install Ccleaner (free version), open the list of existing restore points, and we will delete all old ones, because they contain infection remnants and we don't want to have them available for a restore.
Then, I will suggest you put an add-on in Firefox and adjust some settings for safety, and ONLY use Firefox to browse the web, until Edge has extension support (sometime next year).
Good night! :)
Last edited by simrick; 17 Nov 2015 at 08:43.
ESET Part 2
You may also want to scan archives. I don't show that checked here.
Be sure to check all external drives to be scanned as well, if they were connected to the computer at any time when it was infected. DVD is not scanned.
Click list of found threats. Select Export to text file or copy to clipboard.
Click Back. Select Manage Quarantine. This is where you restore any false positives. You don't have to worry about that..
Don't restore anything on your system!
Click Back.
Click Finish. Your computer has been cleaned. Now the BUY or Trial box shows. You can just close that.
I just got started at about 9:30 am
Thanks for all of the new Information.
I created another System Restore Point: "11-17-2015 Tuesday"
Concerning lx07's query about Defender: I just checked, and it says the same as yesterday: "This app is turned off by Group Policy." So, I don't know if it is still incapacitated from the virus. Thanks for the question, @lx07.
When I booted up this morning, the following message appeared: I don't know it's significance:
Concerning my not finding "Open Proxy Settings": I looked again, and this option is not there. You show it as being just above "Privacy and Services." On mine, just above "Privacy and Services" is "Always use caret browsing." However, as you write, we may not need to reset Edge since www-searching.com is now gone.Run DLL
There was a problem starting C:\users\AppData\Local\PluginBus\xBin\PluginBus.dll
The specified module could not be found.
I'll download ESET now and run the Scan. I don't know if I can use the computer for other matters when the Scan is running, so I'll probably be occupied with the Scan for at least an hour.
Malwarebytes did an automatic Scan this morning at 9:09 am; here is the Scan Log:
One file was removed: PUP.Optional.CrossRider
Malwarebytes Anti-Malware
Malwarebytes | Free Anti-Malware & Internet Security Software
Scan Date: 11/17/2015
Scan Time: 9:09 AM
Logfile:
Administrator: Yes
Version: 2.2.0.1024
Malware Database: v2015.11.17.03
Rootkit Database: v2015.11.14.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 10
CPU: x86
File System: NTFS
User: User
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 354818
Time Elapsed: 30 min, 35 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 1
PUP.Optional.CrossRider, HKU\S-1-5-21-4156195948-2828175874-2147720042-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{9563BC59-9556-4805-8CD4-886781779D8D}, Quarantined, [e037b1ce8dfe5cdaccd10ec936cdb947],
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)