Jump to content

arkhaan

Members
  • Posts

    67
  • Joined

  • Last visited

Everything posted by arkhaan

  1. both Adware Cleaner and Rkill(used as file name iexplorer.exe/iexplore64) continually find PUP.Winlogon.Heuristic HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell. RKill detects it as * Empty HKLM\...\Winlogon: [Shell]! Value reset to explorer.exe when removed it respawns. oh and both program tools also detects these values in WIndows 10 Pro 64's "safe mode". I also ran MBAM and Norton Power Eraser, though I only use Windows default Antivirus/firewall Microsoft Defender. when I use Power Eraser I notice the it dectects nothing and stops responding and when I scan with Adware Cleaner and Rkill, the PUP goes into its "hide E Hole" also Norton and Zemana detect notihng at all. nor does MBAM. I reboot and then a bit later, I scan and again, the stupid thing respawns after rebooting into normal mode and running Adware Cleaner and Rkill respectively. I go into safe mode and again it detects the PUP I run Power Eraser and abra-kadabra it is gone, until I reboot into normal mode again and scan with Adware cleaner and Rkill! here are the Farbar Logs. if you reply and wish for the ADW and RKill logs I will gladly send them as well. FRST.txt Addition.txt
  2. thank you for that odd I have been unable to find info on that error message being connected to porn or risk or any microsoft related problem beyond what it is truely intended to mean MS store error.
  3. is there any thing malicious on my computer as of now. trojans or other malware that would run as I browse? I did nothing except end up on that site. and click "leave"(which by the pics and vids you sent know it wasn't the best thign to do) I assume powering down the PC is best. but I wanted to be certain no phishing or trojans got stuck on as a result of being autoreferred to that weird site, refer to my farbar logs. I am going to assume what had happened was when I typed http://www.cogar-world.com/ the correct site name for the hardware is http://www.cougar-world.com/ "u key in cougar-world did not regsiter on my keyboard(as this is not a mechanical keyboard keys often misregister on most membrane keyboards these days, and the typo got me onto a bad site. and thanks for the info!
  4. when I go to download drivers for my Couger 600M mouse, as referred to on the mouse's instruction box, http://cougar-world.com/ I am referred to http://159.65.226.68/3dg3/us/?t=(888) 810-8302&bk=72e60765 and given a "microsoft" warning about pornware and riskware being installed and that if I don't call this number 888-810-8302 in less than five minutes that all my credintials will be stolen. a voice in a british accent claims error 0x80072ee7, it is not the cortana voice but I want to know if my computer is truely infected with this stuff or if it is a hoax. please referr to screenshot. I have also reported this site and phonenumber via microsoft feedback. FRST.txt Addition.txt
  5. I scanned with Adware Cleaner and it detected these entries in my registry(or running somewhere) my PC is slow to boot to startup, programs are sluggish and after google searching I found nothing but forums indicating this is a good indication of malware. I ran Malwarebytes prior to my Adware scan but it found nothing, however my PC is running slow. and programs(including Mbam and MS Security Essentials) is slow to open and slow to load. often times MS Security Essentials doesn't turn on autoprotect at all. FRST.txt Addition.txt
  6. go ahead and close this, this was explained to me by Falcon Northwest tech agent as a glitch in the program for my mouse drivers.
  7. I was downloading a very large game(roughly 24 GB) from Gog.com(a legitimate site) and the LAC was the correct name, running fine, the following morning, I found it had been renamed 3333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333334444 overnight, while I was asleep, as it downloaded this huge game.(either "The Solus Project", or "Dying Light") I cannot recall which), but that doesn't matter, it is my PC that does matter and who might have hacked it or intercepted it with malware while I slept-OI do use credit card transactions on this machine from time to time. Also, online banking and billing of my utilities/phone service and my account with the local community neighborhood watch site(seeclickfix.com) and am concerned of the security on this computer for these activities and also Gog/steam downloading in the future. I will upload a screen shot of my network sharing area, for reference in addition to farbar reports. this is a home PC, I am the only one who uses it, no one can access my PC but me(from the physical end) I am concerned it is from the online end, not the physical. I want to determine what it is and why it happened(rather than just renaming it to its original name, as Microsoft's community told me) once I find out what it is and if it is a harmless glitch I can remain it back, but much appreciate anyone's time aiding me in determining possible malware or opened security breach then I'll have peace of mind. what is most alarming, is that on Sunday morning when this occurred I had a disconnected LAC(Local Area Connection) when I "enabled" it, it duplicated itself into a clone with this 333(and so on) name and then the original "disabled" connection disappeared when the clone enabled itself. I now have only one(and I assume it is the clone, not the original connection) I am not so concerned with the renaming in itself(as one pointed out on the Microsoft community help website, that is common place) but what it named itself(333333s is a bit bazaar IMhO) and that it cloned itself, refused to connect and only would with the clone, and thus when I enabled the clone the original disappeared(aka was deleted) I use 2 other machines(not connected nor sharing with this one) on the "home" network of my Ethernet gateway(AT&T) they are not affected by this odd occurrence. FRST.txt Addition.txt
  8. ran delfix I checked windows search a few times and it didn't seem to crash, I did disable the indexing feature via each hard disk manually but the service is still enabled. Java doesn't seem to be on my computer or the browsers(unless windows hides it well) I will make a hard copy of all the information so I can read it away from the computer screen more closely thanks for the reassurance though I will probably remove SAS from my PC as MS-DOS files are not a proper way to run a program in Windows.
  9. JRT and Adaware cleaner came up pretty clean JRT had a few deletions. I uploaded those logs regardless even though they are clean. Sophos installed fine but did not execute upon hitting finish, I noticed that after finishing the install of Sohpos my hard disk ran for 5 minutes nearly constantly. when it stopped spinning(I heard clearly via the noise and the indicator light) I ran the Sophos scan manually with its installed executable. I did not include a log entry for it, it came up clean and did not indicate it had needed to make one so I assume that means it is okay too. FRST and Additon Farbar scan results below also. JRT.txt AdwCleaner[S0].txt FRST.txt Addition.txt
  10. I will likely remove SAS I would still feel safer with this PC if we do some other scans to be sure it is not loading malware/virues and then when it is safe, I will gladly remove SAS from my computer. much appreciated!
  11. the thing that concerned me the most was when Superantispyware was launched the first time after I installed it it was in the taskbar but would not open. it did not go to the website as it always did before and it did not indicate anything was enabled the first time nor could I do a manual scan. upon rebooting I could launch the utility but no indication of any protection. I didn't try a manual scan as I was worried it was not even SuperAntispyware software at all. right now, it is showing green(real-time is enabled) but this happened only the day after I rebooted a second time in the morning after doing this software's installation. after two reboots it worked but not until then. though I don't use the features, autoupdate and auto schedule were turned on when I installed but did not indicate they were on it was "red" but settings were on.
  12. I am trying to get rid of the above screenshot in the reply but am unable. sorry. for the result of that scan, The detection ratio on www.virustotal.com is 0/57 they list it is probably harmless. I would also send an analysis screenshot of that but it seems to bog up the replies with my screenshots.
  13. I have an odd MS-DOS "entry" in place of SuperAntispyware's usual .exe it is a series of numbers and letters all lettering is lowercase this series of number/lettering is followed by .com. I have noticed other file and folder names as this have appeared in my C:\ root directory. as well as D:\root which is an additional partition(extended from the same drive). SuperAntispyware appears in my lower right screen in the taskbar area but does not open nor can I access the commands to update nor scan right click context for this task icon does not register. this is likely a fakeware disguiesed as Superantispyware and the site is fake, it did not have the https, only www.superantispyware.com I only noticed this when I did a second google sreach and it was purpled out meaning I had been there. also this time there was another site labeled $ that was referred to as https//superantispyware.com but google headed the title "$" very odd. MBAM detected nothing. I have in addition to farbar results uploaded a screenshot of the offending .com file in the SAS directory for any aid's quick reference before beginning. FRST.txt Addition.txt
  14. my applolgies I have not checked back in a while. was busy and forgot about this case. this PC is no longer functional. I am going to replace some parts and do a clean install with its OS. please close this topic.
  15. when I install or update my nVidia drivers I get warnings that Vulkaninfo.exe and vulkaninfo-1-1-0-26-0.exe are trojans. they are quarantined by Super Anti spyware. Malware bytes detects nothing at all. but today, my network settings changed. I have my PC set to Public Network and never share files with anyone, however, today, I found that my file/folder sharing was set to "on" so anyone in public network could access my files. also, when I disconnect or reconnect the network via the adapter settings it "identifies" but never connects nor disconnects. My PC was never set to a home network, but I find now it is. I did not do that! some of my firewall settings seem to allow things I never set it to do.(Microsoft Windows Firewall). am wondering if the nvidia website I go to in obtaining drivers is a fake or not. same with nVidia Experience driver updater. FRST.txt Addition.txt
  16. I am looking in the TBS service as it had been missing from another PC today, but is still present in this one however comes up with "failed to read description" Error code: 2 I don't know what TBS is but it seems important as my connection must be rebooted if I ever try and disconnect now. Where as before it did not. I usually leave it connected however.
  17. one last question regarding Sophos Virus removal tool, did you intend I leave this on my PC? I notice the Delfix did not remove this tool.
  18. thanks for the clean up. I added those articles to "favorites" for downloading later linked software(if needed) and also printed them for future reading. regarding Reg cleaning, I ceased using CCleaner and Glary reg cleaning features. However, this PC is old and a referb. the hard disk is slow(even at optimal configuration) I often remove programs and reinstall, some of them leave stuff behind and that affects the disk performance adversely. my other PC is unaffected because it uses a SSD, this one uses an old western digital notebook drive(not even color coded) and a cheapo at that. this computer is a basement bargain bin variety but it does the job for what I need it. still the hard disk and booting is slow(and that is hardware) however if junk is not loaded it is not so slow as to be unbearable. the Ethernet connection will not re-acquire the connection if I disable it manually. however this time, with the intel drivers on the website, when I reboot it will go ahead and connect but it takes a minute and a half. Before it took 20 seconds after fully loaded desktop. I am not too concerned if no malware is present how fast it connects just thought I'd mention that. I never had the problem of re-enabling it after disable before, but since it is unorthodox to disable one's Ethernet anyway(I do it for security when not using my PC) I guess I can reboot as needed. boot time improved with the Delfix tool connection speed satisfactory thanks! if that is all go ahead and close this topic. I will surf safe! you take care as well!
  19. if you believe I do not have any more malware, please let me know so I can continue downloading windows updates and put this PC to work. thanks in advance!
  20. I do not have premium full on this PC, this PC Is only trial edition-expiring in 7 days. Did not know it was not permitted to do the trial on another PC however, I ended the trial and am now using only the freeware edition. the link provided me with the same driver I just downloaded from the Intel website. the autoupdater claimed I had a "generic version" but it istalled nothing and instead brought me to the "modify" screen where it had merely replaced the driver with the one I already had with the same driver. that is 7/18/2013 Intel 12.10.13.0 it also installed Intel Improvement Program and in the administrator dos window loaded something ending in an all caps called WILLIAMETTE. It was recommended I install other antimalware programs by my computer distributer, I have also been told this by retail stores. This is because one may detect what another fails to. however I have disabled "realtime protection" on all but MSSE. which remains enabled.
  21. I want to clarify as I cannot edit this, I have the full liscense on the other PC which expires in 290 days, I am using Trial edition of Mbam here, and that expires in 7 days. after that I plan on using only the freeware edition on this PC as the Premium Full edition is on the other PC and that one has more critical need of that protection than this one does.
  22. I rolled back only to get the dropout upon installation of that rollback. however, I went to intel and got the 2013 driver(current for this Dell Optiplex 780 Adapter) it dropped out on install, so I rebooted and it came up after a long delay. it usually before, was attempting to connect upon arrival to desktop(before this current system restore). it now takes 20 seconds of the red "X" then attempts after all the other taskbar icons are loaded. I don't care how long it takes it is not a problem, just that it is a change in behavior. MBAM icon has a red/orange ! under it. and the first reboot SuperAntiSpyware failed to load at all(at least on the taskbar in the lower right) but claimed to be running. I rebooted a second time and SAS icon was present, MBAM still has the red/orange ! but 7 day expiration may have something to do with this. I have the license loaded on another PC and do not wish to transfer it over as that PC is probably more important than this one is. I don't know if the trial expiration in 7 days is actually the reason for the ! warning in the icon or not. I do have the connection again and it is not slow it is a good speed. it was very slow before when I was connected.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.