BLTurntable
-
Posts
15 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by BLTurntable
-
-
Hello,
I recently had a problem where some kind of malware would bring up the command line randomly and bring me to the desktop for a second. I downloaded Malware Bytes and ran a scan.
This is the scan report. I had Malware Bytes quarantine all of the things that it found but I was wondering if there are any other steps that I need to take to secure my computer. Also, how serious were these threats?
Thanks you
Malwarebytes
www.malwarebytes.com-Log Details-
Scan Date: 5/31/17
Scan Time: 3:23 PM
Log File:
Administrator: Yes-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.122
Update Package Version: 1.0.2061
License: Trial-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: DESKTOP-F07M541\BLTurntable-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 371740
Threats Detected: 23
Threats Quarantined: 23
Time Elapsed: 1 min, 38 sec-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled-Scan Details-
Process: 0
(No malicious items detected)Module: 0
(No malicious items detected)Registry Key: 8
PUP.Optional.Webbar, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CHROME.EXE, Quarantined, [1005], [348279],1.0.2061
PUP.Optional.Webbar, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CHROME.EXE, Quarantined, [1005], [348279],1.0.2061
PUP.Optional.PastaLeads, HKU\S-1-5-21-3765320915-4275802966-2324895758-1001_Classes\LOCAL SETTINGS\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APPCONTAINER\STORAGE\MICROSOFT.MICROSOFTEDGE_8WEKYB3D8BBWE\CHILDREN\001\INTERNET EXPLORER\EDPDOMSTORAGE\nps.pastaleads.com, Quarantined, [7394], [259184],1.0.2061
PUP.Optional.PastaLeads, HKU\S-1-5-21-3765320915-4275802966-2324895758-1001_Classes\LOCAL SETTINGS\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APPCONTAINER\STORAGE\MICROSOFT.MICROSOFTEDGE_8WEKYB3D8BBWE\CHILDREN\001\INTERNET EXPLORER\EDPDOMSTORAGE\pastaleads.com, Quarantined, [7394], [259185],1.0.2061
Adware.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\eoalfhodgifhbkgmbbdafcihjpdldpll, Quarantined, [5125], [387361],1.0.2061
PUP.Optional.Spoutly, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{730E03E4-350E-48E5-9D3E-4329903D454D}, Quarantined, [8204], [386530],1.0.2061
PUP.Optional.PastaLeads, HKU\S-1-5-21-3765320915-4275802966-2324895758-1001_Classes\LOCAL SETTINGS\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APPCONTAINER\STORAGE\MICROSOFT.MICROSOFTEDGE_8WEKYB3D8BBWE\CHILDREN\001\INTERNET EXPLORER\DOMSTORAGE\nps.pastaleads.com, Quarantined, [7394], [259182],1.0.2061
PUP.Optional.PastaLeads, HKU\S-1-5-21-3765320915-4275802966-2324895758-1001_Classes\LOCAL SETTINGS\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APPCONTAINER\STORAGE\MICROSOFT.MICROSOFTEDGE_8WEKYB3D8BBWE\CHILDREN\001\INTERNET EXPLORER\DOMSTORAGE\pastaleads.com, Quarantined, [7394], [259183],1.0.2061Registry Value: 0
(No malicious items detected)Registry Data: 0
(No malicious items detected)Data Stream: 0
(No malicious items detected)Folder: 1
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\1.259.2\locales, Quarantined, [1005], [348279],1.0.2061File: 14
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\1.259.2\locales\en-US.pak, Quarantined, [1005], [348279],1.0.2061
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\1.259.2\chrome.dll, Quarantined, [1005], [348279],1.0.2061
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\1.259.2\chrome.exe, Quarantined, [1005], [348279],1.0.2061
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\1.259.2\chrome_100_percent.pak, Quarantined, [1005], [348279],1.0.2061
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\1.259.2\chrome_child.dll, Quarantined, [1005], [348279],1.0.2061
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\1.259.2\chrome_elf.dll, Quarantined, [1005], [348279],1.0.2061
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\1.259.2\ffmpegsumo.dll, Quarantined, [1005], [348279],1.0.2061
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\1.259.2\icudtl.dat, Quarantined, [1005], [348279],1.0.2061
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\1.259.2\isa.dll, Quarantined, [1005], [348279],1.0.2061
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\1.259.2\libEGL.dll, Quarantined, [1005], [348279],1.0.2061
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\1.259.2\libGLESv2.dll, Quarantined, [1005], [348279],1.0.2061
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\1.259.2\pdf.dll, Quarantined, [1005], [348279],1.0.2061
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\1.259.2\resources.pak, Quarantined, [1005], [348279],1.0.2061
PUP.Optional.SpyHunter, C:\PROGRAM FILES\ENIGMA SOFTWARE GROUP\SPYHUNTER\SPYHUNTER4.EXE, Quarantined, [927], [396112],1.0.2061Physical Sector: 0
(No malicious items detected)
(end) -
I havnt had any notifications from Malware bytes about it blocking something or anything like that. So if those logs I linked in my last reply show that its clean then I think its back to normal. Thank you for your help sir. You the real MVP.
-
I ran the fix restarted and then ran a new scan just to be sure. Here are all of the logs. Are we good haha?
-
So fix list should be saved to C:\FRST ?
-
-
Also when malware bytes ran a scan when I booted today it found 2 things so I'm pretty sure its still here. As I browse more malware bytes notifies me that it blocks that same outbound with the domain mentioned above. I saved the FixList to C:\FRST. Is that the wrong place? Should it be in C:\FRST\logs?
-
Chrome works fine. I ran another FRST scan because now everytime I open chrome malware bytes notifies me that it blocked this outbound domain m77.dnsqa.me. Do I still have it?
-
The chrome not opening isn't really a concern for me. I'll just reinstall it but I can take a picture of the properties when I get home. My main concern is still if that fix log shows DNS Unlocker completely gone from my system?
-
Maybe that is the wrong term. It won't open from the shortcut or the .exe in directory.
-
Maybe that is the wrong term. It won't open from the shortcut or the .exe in directory.
-
Again thank you for the help sir. It seems that after running the fix my google chrome.exe is broken. Here is the fixlog.
-
Hello there, TwinHeadedEagle. When I booted up my computer today Ive noticed that nothing has come up as blocked MalwareBytes so maybe I was just paranoid. Basically my question is if DNS Unlocker is actually out of my system or not. Here are the logs you requested. Thank you for your help.
-
Malware consistently blocks a malicious website from chrome - type: outbound - domain: m77dnsqa.me The dns in that domain makes be think it is involved with DNS Unlocker.
-
I've been struggling with DNS Unlocker all day. I didn't even download anything the last couple days so I was very confused when this thing showed up on my system because I'm really not sure how it even got there. I just booted up today and there were adds all over my google chrome and I was being redirected every click. Naturally I went through task manager and found it running. I went through all of the classic steps: I ended the task in manager, I uninstalled it in control panel, I looked through the registry and program files/data and deleted some stuff that I found, deleted all extensions on my chrome browser, and I even learned that it can mess with actual DNS so I went in to the settings and everything was normal, but nothing worked. I downloaded malware bytes and ran it. It found a bunch more files and registries that I then deleted and I thought I was all good. I restarted my system and upon start-up malware bytes blocked an outbound from svchost.eve which was sort of alarming. So I ran malware bytes again and nothing showed up. Now when I'm browsing it will frequently notify me that it blocked something and some of the addresses I recognize from when I first got this virus. Do I still have DNS Unlocker? Is this just some lingering file from it? Im just super paranoid because I just put this rig together like a month ago and I'm pretty worried about it.
Thanks
CMD line pop problem
in Resolved Malware Removal Logs
Posted
Attachment of scan report
scan.txt