Jump to content

Nicolrenee1968

Members
  • Posts

    11
  • Joined

  • Last visited

Reputation

0 Neutral
  1. I think I am good! I use this computer for so very much and was worried about vulnerabilities, particularly during this season. I wanted to make sure to fix whatever potential harm I inadvertently wrought by downloading/opening the file. Thanks for all of your assistance! You rock!
  2. Awesome, guys! Thanks oodles! This was a new one for me and I have been so good and so careful about downloading and opening attachments, clicking email links, etc.! What a pain in the hindquarters this was! Should it ever happen again, God forbid, I am well prepared.
  3. Seems to be behaving fine. I have not opened any word documents since attempting to open the document with the trojan. Should that be safe to attempt at this point?
  4. Adwcleaner logfile: # AdwCleaner v5.023 - Logfile created 02/12/2015 at 14:20:53# Updated 30/11/2015 by Xplode# Database : 2015-11-30.1 [server]# Operating system : Windows 10 Home (x64)# Username : Nicole - ATN_ADMIN# Running from : C:\Users\Nicole\Downloads\AdwCleaner.exe# Option : Cleaning# Support : http://toolslib.net/forum ***** [ Services ] ***** ***** [ Folders ] ***** [-] Folder Deleted : C:\Users\Nicole\AppData\Local\pokki[-] Folder Deleted : C:\Users\Nicole\AppData\Roaming\download Manager[-] Folder Deleted : C:\Users\Nicole\Favorites\StumbleUpon[!] Folder Not Deleted : C:\Users\Nicole\Favorites\StumbleUpon[-] Folder Deleted : C:\Users\QBDataServiceUser23\AppData\Local\pokki[-] Folder Deleted : C:\Users\QBDataServiceUser25\AppData\Local\pokki ***** [ Files ] ***** [-] File Deleted : C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.azlyrics.com_0.localstorage[-] File Deleted : C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.azlyrics.com_0.localstorage-journal[-] File Deleted : C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.metrolyrics.com_0.localstorage[-] File Deleted : C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.metrolyrics.com_0.localstorage-journal[-] File Deleted : C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.yourtango.com_0.localstorage[-] File Deleted : C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.yourtango.com_0.localstorage-journal ***** [ DLLs ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled tasks ] ***** ***** [ Registry ] ***** [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_b52b7a05ea010d22183cece45cbb6e86cf917a76[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A07E5BFF-B16C-4ABA-A30F-514213A945E6}[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A07E5BFF-B16C-4ABA-A30F-514213A945E6}[-] Key Deleted : HKCU\Software\Pokki[-] Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\nortonsafe.search.ask.com ***** [ Web browsers ] ***** [-] [C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : aol.com[-] [C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : ask.com[-] [C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [startup_URLs] Deleted : hxxp://Vosteran.com/?f=7&a=vst_ir_14_50_ch&cd=2XzuyEtN2Y1L1QzutByE0F0DyDtB0CtDzztDzz0DyByCyCyCtN0D0Tzu0StCtDyByCtN1L2XzutAtFyCtFtCtDtFyBtN1L1CzutCyEtBzytDyD1V1BtN1L1G1B1V1N2Y1L1Qzu2StByBzy0E0EyEtD0CtGyBzztAtCtG0EyCzyyCtG0EtCtAyEtGtA0CtAtDzztDtD0AtD0E0AtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CzytA0D0EtAzzzztG0FyD0E0EtGyE0B0C0CtGzzyCyCzytG0DtCyEzztD0ByEyD0C0ByEyE2Q&cr=272077845&ir=[-] [C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : oilkkkefbalmbfppgjmgjoefbclebkce ************************* :: "Tracing" keys removed:: Winsock settings cleared ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [3594 bytes] ##########
  5. So my other protection was able to successfully keep the trojan at bay?
  6. Thanks so much, Dave!!! The good news is that after finishing the MBAM scan and reboot, I was able to run the Farbar tool. Attached are the text files from that. I am running the Windows Malicious Software Removal Tool in the event that will be even remotely helpful as well. I am dead in the water right now and really would love to trust that I haven't just bricked my laptop. :-/ FRST.txt Addition.txt
  7. Sorry, noob to forum posting, noob to this sort of issue.
  8. Results of scan: Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 12/2/2015Scan Time: 11:29 AMLogfile: Administrator: Yes Version: 2.2.0.1024Malware Database: v2015.12.02.04Rootkit Database: v2015.11.26.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: Disabled OS: Windows 10CPU: x64File System: NTFSUser: Nicole Scan Type: Threat ScanResult: CompletedObjects Scanned: 451477Time Elapsed: 1 hr, 14 min, 59 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 3PUP.Optional.Vosteran, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{52C009CA-C475-409B-A8FF-3755E0E9CEFA}, , [b19b6c34e8a339fd8132e1ceec171be5], PUP.Optional.Yontoo, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Update DigiHelp, , [212b534d7e0db6802cf95f9311f27090], PUP.Optional.Yontoo, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Util DigiHelp, , [3418722e870458de988df9f916edec14], Registry Values: 5PUP.Optional.Vosteran, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{52C009CA-C475-409B-A8FF-3755E0E9CEFA}|URL, http://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ir_14_50_ch&cd=2XzuyEtN2Y1L1QzutByE0F0DyDtB0CtDzztDzz0DyByCyCyCtN0D0Tzu0StCtDyByCtN1L2XzutAtFyCtFtCtDtFyBtN1L1CzutCyEtBzytDyD1V1BtN1L1G1B1V1N2Y1L1Qzu2StByBzy0E0EyEtD0CtGyBzztAtCtG0EyCzyyCtG0EtCtAyEtGtA0CtAtDzztDtD0AtD0E0AtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CzytA0D0EtAzzzztG0FyD0E0EtGyE0B0C0CtGzzyCyCzytG0DtCyEzztD0ByEyD0C0ByEyE2Q&cr=272077845&ir=,, [b19b6c34e8a339fd8132e1ceec171be5] PUP.Optional.Vosteran, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{52C009CA-C475-409B-A8FF-3755E0E9CEFA}|TopResultURLFallback, http://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ir_14_50_ch&cd=2XzuyEtN2Y1L1QzutByE0F0DyDtB0CtDzztDzz0DyByCyCyCtN0D0Tzu0StCtDyByCtN1L2XzutAtFyCtFtCtDtFyBtN1L1CzutCyEtBzytDyD1V1BtN1L1G1B1V1N2Y1L1Qzu2StByBzy0E0EyEtD0CtGyBzztAtCtG0EyCzyyCtG0EtCtAyEtGtA0CtAtDzztDtD0AtD0E0AtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CzytA0D0EtAzzzztG0FyD0E0EtGyE0B0C0CtGzzyCyCzytG0DtCyEzztD0ByEyD0C0ByEyE2Q&cr=272077845&ir=,, [b6963b65464522144370c4eb61a2fa06] PUP.Optional.Vosteran, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{52C009CA-C475-409B-A8FF-3755E0E9CEFA}|FaviconPath, C:\Program Files (x86)\WSE_Vosteran\\FavIcon.ico, , [39137b25d0bbbd79595aab04b94acb35]PUP.Optional.Vosteran, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{52C009CA-C475-409B-A8FF-3755E0E9CEFA}, Vosteran, , [d27af9a7becd4cea6d46a10eb74cc23e]PUP.Optional.Vosteran, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{52C009CA-C475-409B-A8FF-3755E0E9CEFA}|DisplayName, Vosteran, , [54f8f8a82a6104329e151d925ba85ba5] Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 0(No malicious items detected) Physical Sectors: 0(No malicious items detected) (end) The good news (?) is that I don't use Internet Explorer!
  9. I am on a 64 bit system, downloaded the correct version. I also immediately began a scan and Malwarebytes is currently running in the background. So far, Vosteran/Yontoo detected. On the final Heuristic analysis.
  10. Unable to open the script file. Running Windows 10, if that makes a difference. Since realizing my idiocy (immediately after attempting to open the document and view), I shut down all open Office documents and have not opened any new ones, nor have I gone to any sites requiring a password.
  11. I need to know what to do to get rid of the suspected macro virus/trojan in the attached. It came from a trusted email, so I opened it up without thinking. *sigh*.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.