Jump to content

Android8888

Trusted Advisors
  • Content Count

    657
  • Joined

  • Last visited

About Android8888

  • Rank
    Elite Member
  • Birthday 08/25/1969

Contact Methods

  • Website URL
    http://android8888.comlu.com

Profile Information

  • Location
    Portugal
  • Interests
    IT, malware fighting, reverse engineering, electrical and electronic engineering, technology, cinema.

Recent Profile Visitors

1,428 profile views
  1. Good. But we are not finished yet. We need to ensure the computer is totally clean and free of malware. Now please run the following scans in Normal mode: Open Malwarebytes; On the left pane select Settings; Select the Protection tab; Scroll down to Scan Options and ensure Scan for Rootkits and Scan within Archives are both 'On' and leave all other settings to default. Go back to DashBoard and select the blue Scan Now tab; When the scan completes if potential threats are detected, ensure to checkmark all the listed items, and click the Quarantine Selectedbutton. While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), give it a name and save it to your Desktop. The log can also be viewed by clicking the log to select it, then clicking the View Report button. Please attach the log in your next reply. Next, Download AdwCleaner and move it to your computer Desktop; Right-click on AdwCleaner.exe and select Run as Administrator; Click Yes to accept the User Account Control security warning that may appear; Click on the blue button 'I AGREE'; Click on the Scan Now button; Let the scan complete. Once it's done, make sure that every item listed is checked and click on the Clean & Repair button; Click on the Clean & Restart Now button; After the restart, a log will open when logging in. Please attach that log in your next reply. Next, Follow the instructions below and execute a scan on your system with FRST, and provide the two logs in your next reply. Right-click on the executable and select Run as Administrator; Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds; Click on the Scan button; On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files; Please attach both FRST.txt and Addition.txt in your next reply; To summarize, please attach the following files: Malwarebytes (quarantine log). AdwCleaner clean log. It can be found in C:\AdwCleaner\AdwCleaner[Cxx].txt (where 'xx' is a number, the highest number is the most recent and the one I need to see). FRST.txt Addition.txt
  2. Hello @seaweber You're welcome! Yes that was sufficient. It worked perfectly. Now please read carefully the following instructions and if you don't understand something, please STOP and ask before proceed! You will have to run a scan with FRST from the Windows Recovery Environment (RE). But first you will need to have access to another (clean) computer and a USB Flash Drive (4 GB size it's good). Please note: The USB Flash Drive can only be inserted in the infected computer if it is either shutdown, or in the Windows RE (Recovery Environment). Otherwise, the infection will mess with the files on the USB Flash Drive. Preparing the USB Flash Drive (on a clean computer) Plug-in the USB Flash Drive on a clean computer and format it before using it ('Quick Format' is enough); Access the Internet and download FRST 64-bit from a clean computer (Don't use the FRST64.exe file from the infected computer); Move the executable (FRST64.exe) on the USB Flash Drive. Boot in the Recovery Environment (RE) (on the infected computer) To enter the Recovery Environment with Windows Vista and Windows 7, follow the instructions below: Restart the computer; Once you've seen your BIOS splash screen (the computer manufacturer logo), tap the F8 key repeatedly until the Advanced Boot Options menu appears; Use the arrow keys to select Repair your computer, and press on Enter; Select your keyboard layout (US, French, etc.) and click on Next; Click on Command Prompt to open the command prompt; to open the command prompt; to open the command prompt; to open the command prompt; Note: If you can't access the Recovery Environment using the F8 method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on SevenForums. To enter the Recovery Environment with Windows 8 or Windows 8.1, follow the instructions in this tutorial on EightForums. Note: If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial. To enter the Recovery Environment with Windows 10, follow the instructions in this tutorial on TenForums. Note: If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on TenForums. Note: Once in the Windows RE, plug the USB Flash Drive in the computer. You will have to reach and select the Command Prompt icon in Advanced Options in the Recovery Environment. Once in the Command Prompt In the command prompt, type notepad and press on Enter; Notepad will open. Click on the File menu and select Open; Click on Computer/This PC, find the letter for your USB Flash Drive, then close the window and Notepad; In the command prompt, type e:\frst.exe (for the x64 version, type e:\frst64.exe and press on Enter; Note: Replace the letter e with the drive letter of your USB Flash Drive; FRST will open; Click on Yes to accept the disclaimer; Click on the Scan button and wait for the scan to complete; A log called FRST.txt will be saved on your USB Flash Drive; Please attach that log in your next reply. Please attach the FRST.txt log, restart the computer in Normal mode and let me know how is the machine behavior now. Thank you. Android8888
  3. Hello @seaweber and My screen name is Android8888 but if you wish you can call me Rui which is my real name. I will be helping you with your malware issues. Please ask questions if anything is unclear. Your computer is highly infected with malware and the main infection is a SmartService rootkit. This is a nasty infection so you will need to strictly follow up some procedures in the order listed to get your computer clean and safe. Okay, let's start. In Normal mode do this please: Right click on the FRST64 icon and select Run as administrator to start the tool; Highlight and copy the following text and paste it inside the 'Search' box area of FRST; Start:: CMD: bcdedit.exe /set {bootmgr} displaybootmenu yes CMD: bcdedit.exe /set {default} recoveryenabled yes End:: Once done, click on the Fix button. A file called Fixlog.txt should appear on your computer Desktop; Please attach that log in your next reply for my review and wait for further instructions. Thank you. Android8888
  4. Hello @msbhvn-1 Thank you for your time and patience. Please DO NOT run any tools on your own unless I ask you to do so. I see that you have multiple Antivirus programs installed on your system: AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: McAfee VirusScan (Disabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC} AV: AVG AntiVirus Free Edition (Enabled - Out of date) {4D41356F-32AD-7C42-C820-63775EE4F413} You should only have one Antivirus installed at all time on a computer. Reason being that having more than one installed can cause system instability and conflict due to the way these programs works and interact with the system. If you want to read more about these kind of issues, I suggest you to read the "IMPORTANT NOTE" in quietman7's post here. This being said, I'll ask you to choose the Antivirus program you want to keep, and uninstall the other(s). Usually, you would keep the program you pay for (if that is the case), and uninstall the free one(s). If you pay for multiple products, keep the one you prefer the most, and uninstall the other(s). Windows Defender (takes very few resources and runs in the background) is a good suggestion alongside with Malwarebytes Premium version. I will ask you to remove the programs listed below by using Revo Uninstaller (see instructions below). SereneScreen Marine Aquarium Lite WebDiscover Browser 4.28.2 If you don't use this one, remove it as well: Coupon Printer for Windows Please download the free version of Revo Uninstaller Portable from here and save the compressed file to your computer Desktop. Double-click the compressed file RevoUninstaller_Portable and extract the files within it (it will be created a folder with the same name); Within that folder, right-click the file RevoUPort and select Run as administrator to open the tool; Click Yes to accept the UAC security warning that may appear; Click OK to accept the License Agreement and Copyright; Select 'The Program to Remove' and click Uninstall. Follow the instructions to complete the removal process; Note: If it asks for a restart/reboot, select No/Later. In 'Search Mode' set it to 'Advanced' and click on the Scan button. The tool will search for leftovers; Click on Select All and then on Delete and then Yes to delete the selected items; Note: You may have to repeat this step to delete all the leftovers (Registry items, files and folders); Click the Finish button and restart the computer to complete the removal process. Note: You will have to run Revo more than once to completely uninstall each program listed above. Remove these extensions from Google Chrome browser: Yahoo Web Watch TV Instantly InboxNow Search Privacy Easy Map Finder SearchLock FromDocToPDF Recipes Homepage To do that: Open Google Chrome; Type chrome://extensions in the address bar and press Enter; Click the trash can icon by the extension. A confirmation dialog appears, click Remove. NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system. Note: I included a Disk Check in the fix. DO NOT interrupt it under any circumstances. Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply. Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST64.exe is located); DO NOT open or modify that file! Right-click on the FRST64 icon and select Run as Administrator; Click on the Fix button; On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad; Please attach the Fixlog.txt in your next reply; Next, Download AdwCleaner and move it to your computer Desktop; Right-click on AdwCleaner.exe and select Run as Administrator; Click Yes to accept the User Account Control security warning that may appear; Click on the blue button 'I AGREE'; Click on the Scan Now button; Let the scan complete. Once it's done, make sure that every item listed is checked and click on the Clean & Repair button; Click on the Clean & Restart Now button; After the restart, a log will open when logging in. Please attach that log in your next reply. Next, Open Malwarebytes; On the left pane select Settings; Select the Protection tab; Scroll down to Scan Options and ensure Scan for Rootkits and Scan within Archives are both ON and leave all other settings to default. Go back to Dashboard and select the blue Scan Now tab; Note: The scan may take some time to finish, so please be patient. When the scan completes if potential threats are detected, ensure to check-mark all the listed items, and click the Quarantine Selected button. While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), give it a name and save it to your Desktop. The log can also be viewed by clicking the log to select it, then clicking the View Report button. Please attach the log in your next reply. In your next reply please let me know: What Antivirus program you decide to keep. If you were able to uninstall the programs listed by running Revo. If you were able to remove the Chrome extensions listed. And attach the following logs: Fixlog.txt Malwarebytes log (after quarantine the threats). AdwCleaner clean log. The log can be found in C:\AdwCleaner\AdwCleaner[CXX].txt (where XX is a number, the highest number is the most recent and the one I need to see). Also, let me know how is the computer running now. Android8888 fixlist.txt
  5. Hello @msbhvn-1 and I'm Android 8888 and I'll be helping you with your malware issues. Please ask questions if anything is unclear. I will need some time to analyze your logs and I will get back to you as soon as possible. Thank you. Android8888
  6. Hello Maurice. Good. I'm glad to know that! Are there any more issues to address on this computer?
  7. Hello MHY (Maurice) and My screen name is Android8888 but if you wish you can call me Rui which is my real name. I will be helping you with your malware issues. Please ask questions if anything is unclear. First, I need you to move FRST64.exe to your computer Desktop. Next, Warning: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to the operating system. Now follow the instructions below to execute a script fix on your system using FRST, and provide the log in your next reply. Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST64.exe is located); DO NOT open or modify that file! Right-click on the FRST64 and select Run as Administrator; Click on the Fix button; On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad; Please attach the Fixlog.txt in your next reply; Next, reset Google Chrome back to defaults. First, go to >> Google Sync << and sign into your account. Make sure you know your password as this will clear it from the browser. Scroll down until you see the button and then click it to clear your data from the server and remove your passphrase. Now, close all Chrome windows. Chrome cannot be running for the next step. If needed, print this information or use another browser to read the information. Press the Windows key + R at the same time, to bring up the run dialog box. Type in (or copy/paste) the following and press Enter: %localappdata%\Google\Chrome\User Data\Default\ Press Ctrl + A to select all the files and folders. Hold down Ctrl + A and click once on the files "Bookmarks" and "Bookmarks.bak". This will unselect them. This is what it should look like: With all the files selected (except for your Bookmarks), press the Delete key and click Yes to delete the files and folders. Restart your computer now, then re-run AdwCleaner and check if the detection persists. Please attach the Fixlog.txt in your next reply and let me know if the detection persists. Thank you. Android8888 (Rui) fixlist.txt
  8. Hi Riverm, Thank you for trusting in our help. You're always welcome. Regarding your question: From what I can understand I guess you are thinking in using VMware to complement the protection of an antivirus product because VMware works in a virtual environment and as such it can't infect the host computer. Well, theory and practice are the same in theory, but often different in practice. There have been vulnerabilities in VM hypervisors that allow malware to breach the separation and infect the host computer. It's difficult to do, but it can be and has been done. If you want to have a safe surfing on Internet or even perform tests on a controlled environment without infect your computer I suggest you use a Sandbox. It's a different concept of VMware. Personally, I think a Sandbox becomes easier and more practical than a VM. But this also depends on your own purposes. Sandbox (computer security) What’s A Sandbox, And Why Should You Be Playing in One Sandboxes Explained: How They’re Already Protecting You and How to Sandbox Any Program Any further questions?
  9. Hi Riverm I'm glad to know that! If all is running well with the computer, below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please consider using these ideas to help secure your computer. Keep your Windows Operating System and Antivirus up-to-date. Always! Please note: Many installer offer third-party downloads that are installed automatically when you do not uncheck certain check-boxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser. Keep Malwarebytes Anti-Malware (MBAM) update and perform a regular scan to your system as it will make it harder for malware to reside on your computer. A complete guide on using MBAM can be found here A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program with resident protection at a time. Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. A similar category of programs is called "scareware" or Rogue programs. Rogue programs are active infections that will pop-up on your computer and tell you that you are infected when you are not. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. Another most feared threat at the moment is an infection by a Ransomware. A Ransomware infection is a program that ransoms the data or functionality of your computer until you perform an action. This action is typically to pay a ransom in the form of Bitcoins or another payment method. I advise you to read more info on this terrible threat here and here. Please keep your programs up to date. This applies to most of the programs and all your Internet Browsers in particular. Vulnerabilities in the programs are often exploited in order to install malware on your PC. Be careful with flash drives, as they can spread infections. See this post on USB/flash drive safety. Stay away from P2P software; even with a clean P2P program, their networks are often riddled with malware. Don't click on attachments or links in e-mail, and read your e-mail in text-only mode for the highest safety. Don't click on links received in instant message programs. A HOSTS file will prevent Internet Explorer from communicating with sites known to be associated with adware or spyware. A good regularly updated HOST file is MVPS HOSTS File, available here For much more useful and complete information, please read the following links to fully understand PC Security and Best Practices: So how did I get infected in the first place Answers to common security questions - Best Practices Hopefully these steps will help to keep you error and malware free. If you run into more difficulty, we will certainly do what we can to help. Happy surfing and stay safe. With my best regards. Android8888 (Rui)
  10. Hello @silveringking That you for your time and patience. I do not see evidences of active malware in your logs. We will run a script fix using FRST just to tidy up. Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply. Download the attached fixlist.txt file at the bottom of this post, and save it on your Desktop (or wherever your FRST64.exe is located); DO NOT open or modify that file! Right-click on the FRST icon and select Run as Administrator; Click on the Fix button; On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad; Please attach the Fixlog.txt in your next reply; Next, Download AdwCleaner and move it to your computer Desktop; Right-click on AdwCleaner.exe and select Run as Administrator; Click Yes to accept the User Account Control security warning that may appear; Click on the blue button 'I AGREE'; Click on the Scan Now button; Let the scan complete. Once it's done, make sure that every item listed is checked and click on the Clean & Repair button; Click on the Clean & Restart Now button; After the restart, a log will open when logging in. Please attach that log in your next reply. Now please perform this scan with ESET Online Scanner to search for leftovers. This is a very thorough scan but it's worth it. I suggest you run it when you are not working on the computer. Click on this link to open ESET Online Scanner in a new window. Click on the Scan Now button to download the esetonlinescanner_enu.exe file and save it to your computer Desktop. Close all your programs and browsers and disconnect any USB flash drives from the computer. Please disable your Antivirus and Anti-malware programs to avoid potential conflicts, improve the performance and speed up the scan. Right-click on esetonlinescanner_enu.exe and select Run as administrator. Click Yes to accept the User Account Control security warning that may appear. It will open a window with the Terms of Use. Click the Accept button. Under Computer scan settings, check mark Enable detection of potentially unwanted applications. Then click Advanced settings and check mark the following options: Enable detection of potentially unsafe applications Clean threats automatically Click the Scan button. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. When the scan completes, click List Threats. Click Export, and save the file to your Desktop using a unique name, such as ESETScan. Please attach this report in your next reply. Click the Back button. Click the Finish button. Note: If nothing is found, it will not produce a log. Now re-enable your Antivirus and Anti-malware programs, please. To summarize, in your next reply attach the following logs, please: Fixlog.txt AdwCleaner clean log. This log can be found in C:\AdwCleaner\AdwCleaner[Cxx].txt (where xx is a number, the highest number is the most recent and the one I need to see). The ESET log (if it produced one). Also, let me know in detail which issues remain on the computer at this time. Thank you. Android8888 fixlist.txt
  11. Olá @silveringking, No, this is not a problem. However let's keep the English language so that others can understand. I have been in the North but never in Fafe. Farbar Recovery Scan Tool (FRST) was developed to scan certain areas of the Operating System, therefore it only scans the partition where the OS is installed which in your case is C. Alright, first of all please tell me if you know or use this software: Chocolatey
  12. Hello @silveringking and Forums. Please read the content of the topic I'm infected - What do I do now?, perform the scans and attach the requested logs for review. We need to see the information on those logs in order to help you. Thank you. Android8888
  13. Hi, Thanks for letting me know. Regards, Android8888
  14. Hello @ripclaw90000 Do you still need assistance with your computer?
  15. Hi riverm, It's been three weeks since your last reply. Do you still need assistance? Thank you. Rui
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.