StephenK

Hi there I had 2 detections of this and removals by Windows Defender today. I've since done Malwarebytes scans, Windows Defender, Microsoft Security, Eset Online Scanner and nothing further has been detected. Just wondering what this could have been and how I can double check that there are no residual issues. Appreciate your help.

No, I don't have that program. Given that StickyPassword was trying to access an outbound connection that wasn't expected, perhaps it was actually correct for MalwareBytes to block it as a phishing attempt?

I guess I'm also trying to understand why I would be redirected to www.equifax.com.au via Sticky Password at all? It's not a site I've ever accessed, and do not have it in Sticky Password. It didn't really make sense to me, which is why I thought that the alert from MalwareBytes could well be a valid block of a phishing attempt?

Just to clarify, what exactly is that domain? It's not harmful?

Thanks for your help.

No I haven't

No, not intentionally.

Hi there Malwarebytes keeps blocking an outbound connection when using StickyPassword. MB isn't picking up any infections in my daily scans. Not sure exactly what is going on here and what to do so would appreciate advice. Thanks

I've turned it off until there's a fix. Not ideal, but it was driving me crazy.

I have had exactly the same issue. I used to have a scan scheduled for early in the morning so it would always run on start-up and always had caused the resolving host issue and slow internet. After reset, speeds are fine again.

Thanks very much for your help Kevin - it's very much appreciated.

Hi Kevin I deleted the file last night and it doesn't seem to have any impact. I think all is good at my end now. Any thoughts on how I should beef up my security to avoid anything in future? Thanks Stephen

Hi Kevin Ran AdwCleaner and have attached report. One final concern I have is when I do a Rootkit scan with Spybot (report attached). I suspect the majority of the files are harmless, but I'm I'm not sure about the hidden file mentioned first in the log (file details in capture attached). Any thoughts? Thanks Stephen RootAlyzer.131104-0621.txt AdwCleanerS1.txt

Hi Kevin I've uploaded 3 of the files you asked for, but I'm having some issues running the Screen317 program. There seems to be some issue with the file path when I run it from the desktop, so I'm not sure that it is actually scanning, despite the fact it produces a blank report at the end. In regards to the ESET finding, am I correct in assuming that these are not significant issues, since they represent a potential issue only if the software is installed - currently they are just downloaded files sitting in my directory. Should I simply delete them, or do they need specialist removal? Not quite sure where to go from here with Screen317. Thanks for your help Stephen AdwCleanerR0.txt ESET.txt mbam-log-2013-11-04 (00-19-17).txt Screen317.pdf

Thanks. Will continue as you suggested and see how it goes.

Will do - thanks for your help. Out of interest, do you think I have a serious problem based on what you've seen? I'd certainly consider reinstalling the OS if you thought that was the case.

Aplogies, missed one of the files Addition.txt

Thanks for your help. I've also attached a list of the quarantined files from ComboFix ComboFix-quarantined-files.txt FRST - old.txt FRST.txt

Hi there Had a virus warning in Avast this afternoon: Threat: Rootkit: Hidden file (in C:\Windows\SoftwareDistribution\Dowload folder), which I accidentally deleted with Avast before having a proper chance to evaluate. I am not getting any further virus messages in either Avast or MalwareBytes Pro, or MalwareBytes Anti-Root kit, but when I first run the latter I get a message "Registry value "AppInit_Dlls" has been found ....". Note that I have no problem proceeding to run the tool. Could you please assist me to: 1) Understand if the "AppInit_Dlls" message is an issue I should be concerned with; and 2) How I can double-check to ensure my system is no longer infected (or perhaps the initial threat was just a false positive?) Thanks for your help. Stephen