Re-ImagePlus Virus Removal on MS Windows 7

Background

It is time to remotely connect to an MS Windows computer and see about the virus attacks that have been buffeting the laptop for a while now.

Remote Control

Thanks goodness a couple of weeks ago, my brother installed Team Viewer (on same computer) and so we are good; as I don’t have to see about accessing “Safe Mode with Networking” and installing that nice tool.

Before it used to be LogMeIn for me.

LogMeIn

BTW, here is LogMeIn’s text stating “Free Subscription” is no longer available.

Textual:

To continue using remote access, you’ll need to purchase an account subscription of LogMeIn Pro.
Packages starting at $99/year for two computers.
Your new account includes our signature remote access with premium features like remote printing, file transfer and cloud data access, plus desktop and mobile apps to improve your experience.

Image:

Logmein

Slow Performance

Noticed right away that the computer is too slow.

Task Manager

Launched “Task Manager” to see what is the matter…

CPUUsageAt100Percent

From the “Performance” tab saw that we at 100%.

Applications and Processes

DWM – Desktop Window Manager

processes

Saw that dwm.exe, Desktop Top Window Manager, is at the top of class.

Let us disable all the niceties.

Accessed “Control Panel”\”System Properties” \ Advanced \ Performance Options \ Visual Effects”:

Here is here we were:

VisualEffects-Before

Windows is choosing what is best for my computer.

Unfortunately, I do not like the choice.

Chose to weigh in on Performance bar.

VisualEffects-After

Synaptics Pointing Device Helper

Via Control Panel\ Programs, Programs and Features uninstalled Synaptics Pointing Device Helper.

AddAndRemove

tv_w32.exe  ( Keep )

tv_w32

tv_w32.exe was another busy tool.  Due to patience and double-checking, thanks goodness, did not run into uninstalling that one; as it is part of our remote desktop tool, Team Viewer.

Microsoft Security Client

I think the PC at 3 GB of Ram might be a bit under-powered for Microsoft Security Client and so took it out, as well.

Here is it in Task Manager:

MicrosoftSecurityClient

The process name is MsMpEng.exe

Accessed “Programs \ Programs and Features” and chose to remove “Microsoft Security Essentials”.

Uninstall

And, here is us removing it:

RemovingSecurityClient

Microsoft Search Indexer

Microsoft SearchIndexer as another busy CPU hogger.

TurnOffSearchIndexer

Turn Windows Features On and Off

Accessed Control Panel\Programs\ Programs and Features \ Turn Windows Features on and off:

WindowsSearchOn

Transversed the list of features and unchecked it.

WindowsSearchOff

Was not dithered by the “Confirm” prompt.

Confirm

Microsoft Windows Player

wmpnetwk.exe – Windows Media Player Network Sharing Service

wmpnetwk

Accessed Services applet via running services.msc

Sought out “Windows Media Player Network Sharing Service”, stopped it , and changed the “start mode” to disabled.

ServicesBefore

Media Downloader

Accessed Programs and Features and selected “Media Downloader Version 1.5”.

MediaDownloader

Chose to uninstall that app:

Uninstall

Browser

Ugly Sites

Here are some of the ugly sites that were popping up…

reimageplus.com

http://www.reimageplus.com

reimageplus

onlinecollegepeople.com

http://www.onlinecollegepeople.com

onlinecollegepeople

Please Update Internet Explorer

PleaseUpdateInternetExplorer

FreeFaire.com

cdn.freefaire.com

Install Media Downloader ….

freefaire

MyMoviesCorner.com

http://www.mymoviescorner.com

mymoviescorner

attention-virus-alert.com

attention-virus-alert

Browsers CleanUp

Firefox

There are a few pathways to remove malwares from Firefox.

Here are some of them:

  1. Start Firefox in Safe Mode
  2. In Firefox, access “about:support”  to access “Troubleshooting Information”

Firefox – “Safe Mode”

Let us launch Firefox in Safe Mode and Refresh Firefox.

Accessed command prompt and launched Firefox in “Safe Mode”:

  1. Changed Directory to “C:\Programs Files\Mozila Firefox”
  2. Issued “firefox -safe-mode”

launchFirefoxInSafeMode

Chose to “Refresh Firefox“.

refreshFirefox

Restart Firefox

  1. Access “Troubleshooting Information” by entering the “about:support” in the URL
  2. Click the “Refresh Firefox” button

Troubleshooting Information

Firefox-TroubleShootingInformation

Refresh Firefox

In the “Refresh Firefox” window, click the “Refresh Firefox” button.

RefreshFirefox

Chrome

  1. In the URL box, enter “chrome://settings/”
  2. Transverse to the bottom of the screen and click on the “Show advanced settings”
  3. Again, navigate to the bottom of the screen and click on the “Reset settings”
  4. In the Reset Settings Confirm alert, please choose the “reset” button

Show Advanced Settings

Chrome-ShowAdvancedSettings

Reset Settings

Chrome-ResetSettings

Reset Settings Confirm

Chrome-ResetSettings-Confirm

Internet Explorer

Reset IE to “default settings”

  • Close all Internet Explorer windows that are currently open

  • Reopen Internet Explorer

  • Click the Tools Tools button, and then click Internet options.
  • Click the Advanced tab, and then click Reset.

  • In the Reset Internet Explorer Settings dialog box, click Reset.

  • When Internet Explorer finishes applying default settings, click Close, and then click OK

Anti-Virus and Anti-Malware

Installed MalwareBytes and Spybot Search & Destroy

Downloaded and ran both.

Please remove any infects.

Summary

Confirmed that the following applications are viruses:

  1. Media Downloader
    • Remove Media Downloader adware (Virus Removal Guide)
      Media Downloader is an adware program, that displays pop-up ads and advertisements on web pages that you visit.
      These advertisements will be shown as boxes containing various coupons that are available, as underlined keywords, pop-up ads or advertising banners.
      http://malwaretips.com/blogs/remove-media-downloader-virus/

References

  1. Microsoft Windows Indexing
  2. Microsoft Windows Media Player
  3. Browser
  4. Firefox
  5. Virus

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s