Jump to content

TheGhostlyCat

Members
  • Posts

    4
  • Joined

  • Last visited

Everything posted by TheGhostlyCat

  1. I haven't gotten any more pop-ups (this time was the first), and I'm pretty glad I got ask.com off my browser. It's running smoothly as normal and I haven't noticed any obvious signs of viruses.
  2. So someone uploaded my screenshot on some random blog within hours of me posting it, which is really creepy. I guess I'll take that as a lesson that when you post something on the internet, someone is completely able to access and use it on their sketchy virus blog.
  3. Thanks for helping. For the sake of closure I ran an AdwCleaner scan, it seemed to have quarantined several adware and chrome extensions I didn't download. Me being unfamiliar with the program I think I accidentally quarantined a printer driver. AdwCleaner[C1].txt # Username : Joeseph - Joeseph-PC # Running from : C:\Users\Joeseph\Downloads\adwcleaner_5.201.exe # Option : Clean # Support : https://toolslib.net/forum ***** [ Services ] ***** ***** [ Folders ] ***** [-] Folder Deleted : C:\ProgramData\Trymedia [#] Folder Deleted : C:\ProgramData\Application Data\Trymedia [-] Folder Deleted : C:\Users\Harding\AppData\Local\PackageAware [-] Folder Deleted : C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh ***** [ Files ] ***** [-] File Deleted : C:\END [-] File Deleted : C:\Users\Joeseph\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.metrolyrics.com_0.localstorage [-] File Deleted : C:\Users\Joeseph\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.metrolyrics.com_0.localstorage-journal ***** [ DLLs ] ***** ***** [ WMI ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled tasks ] ***** ***** [ Registry ] ***** [-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.Protector [-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.Protector.1 [-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho [-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1 [-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib [-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1 [-] Key Deleted : HKLM\SOFTWARE\Trymedia Systems ***** [ Web browsers ] ***** [-] [C:\Users\Harding\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : bopakagnckmlgajfccecajhnimjiiedh [-] [C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com [-] [C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com [-] [C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : bopakagnckmlgajfccecajhnimjiiedh ************************* :: "Tracing" keys deleted :: Winsock settings cleared ************************* C:\AdwCleaner\AdwCleaner[C1].txt - [2321 bytes] - [08/07/2016 07:28:52] C:\AdwCleaner\AdwCleaner[S1].txt - [2276 bytes] - [08/07/2016 07:25:37] ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2467 bytes] ########## AdwCleaner[S1].txt # AdwCleaner v5.201 - Logfile created 08/07/2016 at 07:25:37 # Updated 30/06/2016 by ToolsLib # Database : 2016-07-08.1 [Server] # Operating system : Windows 7 Home Premium Service Pack 1 (X64) # Username : Joeseph - Joeseph-PC # Running from : C:\Users\Joeseph\Downloads\adwcleaner_5.201.exe # Option : Scan # Support : https://toolslib.net/forum ***** [ Services ] ***** ***** [ Folders ] ***** Folder Found : C:\ProgramData\Trymedia Folder Found : C:\ProgramData\Application Data\Trymedia Folder Found : C:\Users\Joeseph\AppData\Local\PackageAware Folder Found : C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh ***** [ Files ] ***** File Found : C:\END File Found : C:\Users\Joeseph\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.metrolyrics.com_0.localstorage File Found : C:\Users\Joeseph\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.metrolyrics.com_0.localstorage-journal ***** [ DLL ] ***** ***** [ WMI ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled tasks ] ***** ***** [ Registry ] ***** Key Found : HKLM\SOFTWARE\Classes\protector_dll.Protector Key Found : HKLM\SOFTWARE\Classes\protector_dll.Protector.1 Key Found : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho Key Found : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1 Key Found : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib Key Found : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1 Key Found : HKLM\SOFTWARE\Trymedia Systems ***** [ Web browsers ] ***** [C:\Users\Joeseph\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : bopakagnckmlgajfccecajhnimjiiedh [C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com [C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com [C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : bopakagnckmlgajfccecajhnimjiiedh ************************* C:\AdwCleaner\AdwCleaner[S1].txt - [2124 bytes] - [08/07/2016 07:25:37] ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2197 bytes] ##########
  4. I am requiring some help regarding a fairly common type of virus. My family's computer displayed an extremely suspicious pop up warning which prevented closing and reopened itself when I tried to close the chrome dialog attached to it. I created a screenshot and then closed the task through the task menu. This happened a little over an hour ago and has not happened again. The pop-up generated following a completely normal search (searching for google.com in yahoo) and to my knowledge has not happened prior. This same computer has been infected with Powliks in the past, but due to there being an epidemic of the same virus, removal instructions were common on this forum, and a few weeks ago I noticed somewhere around 50 steamwebhelper processes. I had steam installed and I ended the process tree and ran a malwarebytes scan, nothing came of it so I figured it was just a glitch. Enclosed are the FRST.txt and Addition.txt records, along with an attached .png screenshot of the pop-up. (I did not call any of the numbers) FRST.txt Addition.txt I changed everyone's name for their privacy, please excuse the obviously fake names
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.