Jump to content

arkhaan

Members
  • Posts

    67
  • Joined

  • Last visited

Posts posted by arkhaan

  1. both Adware Cleaner and Rkill(used as file name iexplorer.exe/iexplore64) continually find PUP.Winlogon.Heuristic          HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell.  RKill detects it as * Empty HKLM\...\Winlogon: [Shell]! Value reset to explorer.exe
    when removed it respawns. oh and both program tools also detects these values in WIndows 10 Pro 64's "safe mode". I also ran MBAM and Norton Power Eraser, though I only use Windows default Antivirus/firewall Microsoft Defender. when I use Power Eraser I notice the it dectects nothing and stops responding and when I scan with Adware Cleaner and Rkill, the PUP goes into its "hide E Hole" also Norton and Zemana detect notihng at all. nor does MBAM.  I reboot and then a bit later, I scan and again, the stupid thing respawns after rebooting into normal mode and running Adware Cleaner and Rkill respectively. I go into safe mode and again it detects the PUP I run Power Eraser and abra-kadabra it is gone, until I reboot into normal mode again and scan with Adware cleaner and Rkill! here are the Farbar Logs. if you reply and wish for the ADW and RKill logs I will gladly send them as well.

    FRST.txt

    Addition.txt

  2. is there any thing malicious on my computer as of now. trojans or other malware that would run as I browse?  I did nothing except end up on that site. and click "leave"(which by the pics and vids you sent know it wasn't the best thign to do) I assume powering down the PC is best. but I wanted to be certain no phishing or trojans got stuck on as a result of being autoreferred to that weird site, refer to my farbar logs.

    I am going to assume what had happened was when I typed http://www.cogar-world.com/ the correct site name for the hardware is http://www.cougar-world.com/ "u key in cougar-world did not regsiter on my keyboard(as this is not a mechanical keyboard keys often misregister on most membrane keyboards these days, and the typo got me onto a bad site.

    and

    thanks for the info!

  3. when I go to download drivers for my Couger 600M mouse, as referred to on the mouse's instruction box,
    http://cougar-world.com/
    I am referred to
    http://159.65.226.68/3dg3/us/?t=(888) 810-8302&bk=72e60765
    and given a "microsoft" warning about pornware and riskware being installed and that if I don't call this number
    888-810-8302 in less than five minutes that all my credintials will be stolen. a voice in a british accent claims error 0x80072ee7, it is not the cortana voice but I want to know if my computer is truely infected with this stuff or if it is a hoax.
    please referr to screenshot.
    I have also reported this site and phonenumber via microsoft feedback.

    FRST.txt

    Addition.txt

    Capture.PNG

  4. I scanned with Adware Cleaner and it detected these entries in my registry(or running somewhere) my PC is slow to boot to startup, programs are sluggish and after google searching I found nothing but forums indicating this is a good indication of malware. I ran Malwarebytes prior to my Adware scan but it found nothing, however my PC is running slow. and programs(including Mbam and MS Security Essentials) is slow to open and slow to load. often times MS Security Essentials doesn't turn on autoprotect at all.

    FRST.txt

    Addition.txt

  5. I was downloading a very large game(roughly 24 GB) from Gog.com(a legitimate site) and the LAC was the correct name, running fine, the following morning, I found it had been renamed 3333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333334444 overnight, while I was asleep, as it downloaded this huge game.(either "The Solus Project", or "Dying Light") I cannot recall which), but that doesn't matter, it is my PC that does matter and who might have hacked it or intercepted it with malware while I slept-OI do use credit card transactions on this machine from time to time. Also, online banking and billing of my utilities/phone service and my account with the local community neighborhood watch site(seeclickfix.com) and am concerned of the security on this computer for these activities and also Gog/steam downloading in the future. I will upload a screen shot of my network sharing area, for reference in addition to farbar reports.  this is a home PC, I am the only one who uses it, no one can access my PC but me(from the physical end) I am concerned it is from the online end, not the physical. I want to determine what it is and why it happened(rather than just renaming it to its original name, as Microsoft's community told me) once I find out what it is and if it is a harmless glitch I can remain it back, but much appreciate anyone's time aiding me in determining possible malware or opened security breach then I'll have peace of mind. what is most alarming, is that on Sunday morning when this occurred I had a disconnected LAC(Local Area Connection) when I "enabled" it, it duplicated itself into a clone with this 333(and so on) name and then the original "disabled" connection disappeared when the clone enabled itself. I now have only one(and I assume it is the clone, not the original connection) I am not so concerned with the renaming in itself(as one pointed out on the Microsoft community help website, that is common place) but what it named itself(333333s is a bit bazaar IMhO) and that it cloned itself, refused to connect and only would with the clone, and thus when I enabled the clone the original disappeared(aka was deleted) I use 2 other machines(not connected nor sharing with this one) on the "home" network of my Ethernet gateway(AT&T) they are not affected by this odd occurrence.

    FRST.txt

    Addition.txt

    weird network duplicate with numbers.PNG

  6. ran delfix

    I checked windows search a few times and it didn't seem to crash, I did disable the indexing feature via each hard disk manually but the service is still enabled.

    Java doesn't seem to be on my computer or the browsers(unless windows hides it well)

    I will make a hard copy of all the information so I can read it away from the computer screen more closely

    thanks for the reassurance though I will probably remove SAS from my PC as MS-DOS files are not a proper way to run a program in Windows.

     

  7. JRT and Adaware cleaner came up pretty clean JRT had a few deletions. I uploaded those logs regardless even though they are clean. Sophos installed fine but did not execute upon hitting finish, I noticed that  after finishing the install of Sohpos my hard disk ran for 5 minutes nearly constantly. when it stopped spinning(I heard clearly via the noise and the indicator light) I ran the Sophos scan manually with its installed executable.   I did not include a log entry for it, it came up clean and did not indicate it had needed to make one so I assume that means it is okay too. FRST and Additon Farbar scan results below also.

    JRT.txt

    AdwCleaner[S0].txt

    FRST.txt

    Addition.txt

  8. the thing that concerned me the most was when Superantispyware was launched the first time after I installed it it was in the taskbar but would not open. it did not go to the website as it always did before and it did not indicate anything was enabled the first time nor could I do a manual scan. upon rebooting I could launch the utility but no indication of any protection. I didn't try a manual scan as I was worried it was not even SuperAntispyware software at all. right now, it is showing green(real-time is enabled) but this happened only the day after I rebooted a second time in the morning after doing this software's installation. after two reboots it worked but not until then.  though I don't use the features, autoupdate and auto schedule were turned on when I installed but did not indicate they were on it was "red" but settings were on.

  9. I have an odd MS-DOS "entry" in place of SuperAntispyware's usual .exe it is a series of numbers and letters all lettering is lowercase this series of number/lettering is followed by .com. I have noticed other file and folder names as this have appeared in my C:\ root directory. as well as D:\root which is an additional partition(extended from the same drive). SuperAntispyware appears in my lower right screen in the taskbar area but does not open nor can I access the commands to update nor scan right click context for this task icon does not register. this is likely a fakeware disguiesed as Superantispyware and the site is fake, it did not have the https, only www.superantispyware.com I only noticed this when I did a second google sreach and it was purpled out meaning I had been there. also this time there was another site labeled $ that was referred to as https//superantispyware.com but google headed the title "$" very odd. MBAM detected nothing.

    I have in addition to farbar results uploaded a screenshot of the offending .com file in the SAS directory for any aid's quick reference before beginning.

    FRST.txt

    Addition.txt

    SASentry.PNG

  10. when I install or update my nVidia drivers I get warnings that Vulkaninfo.exe and vulkaninfo-1-1-0-26-0.exe are trojans. they are quarantined by Super Anti spyware. Malware bytes detects nothing at all. but today, my network settings changed. I have my PC set to Public Network and never share files with anyone,  however, today, I found that my file/folder sharing was set to "on" so anyone in public network could access my files.  also, when I disconnect or reconnect the network via the adapter settings it "identifies" but never connects nor disconnects.  My PC was never set to a home network, but I find now it is. I did not do that! some of my firewall settings seem to allow things I never set it to do.(Microsoft Windows Firewall). am wondering if the nvidia website I go to in obtaining drivers is a fake or not. same with nVidia Experience driver updater.

    FRST.txt

    Addition.txt

  11. thanks for the clean up.

    I added those articles to "favorites" for downloading later linked software(if needed) and also printed them for future reading.

    regarding Reg cleaning, I ceased using CCleaner and Glary reg cleaning features.  However, this PC is old and a referb. the hard disk is slow(even at optimal configuration) I often remove programs and reinstall, some of them leave stuff behind and that affects the disk performance adversely. my other PC is unaffected because it uses a SSD, this one uses an old western digital notebook drive(not even color coded) and a cheapo at that. this computer is a basement bargain bin variety but it does the job for what I need it. still the hard disk and booting is slow(and that is hardware) however if junk is not loaded it is not so slow as to be unbearable.

    the Ethernet connection will not re-acquire the connection if I disable it manually. however this time, with the intel drivers on the website, when I reboot it will go ahead and connect but it takes a minute and a half. Before it took 20 seconds after fully loaded desktop. I am not too concerned if no malware is present how fast it connects just thought I'd mention that. I never had the problem of re-enabling it after disable before, but since it is unorthodox to disable one's Ethernet anyway(I do it for security when not using my PC) I guess I can reboot as needed.

    boot time improved with the Delfix tool

    connection speed satisfactory

    thanks! if that is all go ahead and close this topic.

    I will surf safe!

    you take care as well!

  12. I do not have premium full on this PC, this PC Is only trial edition-expiring in 7 days. Did not know it was not permitted to do the trial on another PC   however, I ended the trial and am now using only the freeware edition. 

    the link provided me with the same driver I just downloaded from the Intel website. the autoupdater claimed I had a "generic version" but it istalled nothing and instead brought me to the "modify" screen where it had merely replaced the driver with the one I already had with the same driver. that is 7/18/2013 Intel 12.10.13.0 it also installed Intel Improvement Program and in the administrator dos window loaded something ending in an all caps called WILLIAMETTE. 

    It was recommended I install other antimalware programs by my computer distributer, I have also been told this by retail stores. This is because one may detect what another fails to. however I have disabled "realtime protection" on all but MSSE. which remains enabled.

  13. 14 minutes ago, arkhaan said:

    I rolled back only to get the dropout upon installation of that rollback. however, I went to intel and got the 2013 driver(current for this Dell Optiplex 780 Adapter) it dropped out on install, so I rebooted and it came up after a long delay. it usually before, was attempting to connect upon arrival to desktop(before this current system restore).  it now takes 20 seconds of the red "X" then attempts after all the other taskbar icons are loaded.  I don't care how long it takes it is not a problem, just that it is a change in behavior. MBAM icon has a red/orange ! under it. and the first reboot SuperAntiSpyware failed to load at all(at least on the taskbar in the lower right) but claimed to be running. I rebooted a second time and SAS icon was present, MBAM still has the red/orange ! but 7 day expiration may have something to do with this. I have the license loaded on another PC and do not wish to transfer it over as that PC is probably more important than this one is. I don't know if the trial expiration in 7 days is actually the reason for the ! warning in the icon or not. I do have the connection again and it is not slow it is a good speed. it was very slow before when I was connected.

    I want to clarify as I cannot edit this, I have the full liscense on the other PC which expires in 290 days, I am using Trial edition of Mbam here, and that expires in 7 days. after that I plan on using only the freeware edition on this PC as the Premium Full edition is on the other PC and that one has more critical need of that protection than this one does.

  14. I rolled back only to get the dropout upon installation of that rollback. however, I went to intel and got the 2013 driver(current for this Dell Optiplex 780 Adapter) it dropped out on install, so I rebooted and it came up after a long delay. it usually before, was attempting to connect upon arrival to desktop(before this current system restore).  it now takes 20 seconds of the red "X" then attempts after all the other taskbar icons are loaded.  I don't care how long it takes it is not a problem, just that it is a change in behavior. MBAM icon has a red/orange ! under it. and the first reboot SuperAntiSpyware failed to load at all(at least on the taskbar in the lower right) but claimed to be running. I rebooted a second time and SAS icon was present, MBAM still has the red/orange ! but 7 day expiration may have something to do with this. I have the license loaded on another PC and do not wish to transfer it over as that PC is probably more important than this one is. I don't know if the trial expiration in 7 days is actually the reason for the ! warning in the icon or not. I do have the connection again and it is not slow it is a good speed. it was very slow before when I was connected.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.