-
Posts
713 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by Android8888
-
Is my computer infected or hijacked?
Android8888 replied to Vectrex's topic in Resolved Malware Removal Logs
Hi Vectrex, I forgot to say that DelFix may left some stuff that it does not remove. No problem with that, just delete it by yourself, it's safe. Come back whenever you need. Kindly regards, Rui -
Hello fullera. It's good to hear that all is well! Before you go I suggest you check for outdated programs that you might have installed in your system. Outdated programs contains security vulnerabilities that are exploited by malware in order to infect the computer without the user's knowledge. Usually this is one of the ways that more contributes to the infection of your computer. Run a program like Personal Software Inspector (PSI) or FileHippo Update Checker to see what programs need to be updated. After that you can delete the tolls we used in the removal process using DelFix. Follow the instructions below to download and execute DelFix. Download DelFix and move the executable to your Desktop; Right-click on DelFix.exe and select Run as Administrator; Check the following options : Activate UAC (This option will activate the User Account Control feature). Remove disinfection tools (this option will remove the tools used in the cleaning process). Create registry backup (this option will create a backup from the Windows Registry). Purge system restore (this option will remove all previous and possibly infected restore points, and will create a new and clean restore point of your system). Reset system settings (this option will reset any system settings back to default that were changed either by us during cleansing or by malware infection). Once the options mentioned above are checked, click on Run; After DelFix is done running, a log will open. I do not need to see the log, you can delete it. If all is well with the computer: To help keep malware off your system below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please consider using these ideas to help secure your computer. Keep your Windows Operating System up-to-date. Keep your AntiVirus program up-to-date. Please note: Many installer offer third-party downloads that are installed automatically when you do not uncheck certain checkboxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser. Keep Malwarebytes Anti-Malware (MBAM) update and perform a regular scan to your system as it will make it harder for malware to reside on your computer. A tutorial on using MBAM can be found here and a complete guide here Please Note: Only the paid for version has real time capabilities. Please Note: Only the paid for version has real time capabilities. Please go here and scroll down to find a comparison list of the two versions. A free non-resident utility to prevent the installation of ActiveX-based malware is JavaCool's SpywareBlaster, available here Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster can be run with any of them. Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above. Another most feared threat at the moment is an infection by a Ransomware. A Ransomware infection is a program that ransoms the data or functionality of your computer until you perform an action. This action is typically to pay a ransom in the form of Bitcoins or another payment method. I advise you to read more info on this terrible threat here and here. Please keep your programs up to date. This applies to most of the programs and all your Internet Browsers in particular. Vulnerabilities in the programs are often exploited in order to install malware on your PC. Be careful with flash drives, as they can spread infections. See this post on USB/flash drive safety. Stay away from P2P software; even with a clean P2P program, their networks are often riddled with malware. Don't click on attachments or links in e-mail, and read your e-mail in text-only mode for the highest safety. Don't click on links received in instant message programs. A HOSTS file will prevent Internet Explorer from communicating with sites known to be associated with adware or spyware. A good regularly updated HOST file is MVPS HOSTS File, available here For much more useful and complete information, please read the following links to fully understand PC Security and Best Practices: So how did I get infected in the first place Answers to common security questions - Best Practices Hopefully these steps will help to keep you error and malware free. If you run into more difficulty, we will certainly do what we can to help. Happy surfing and stay safe. Android8888
- 8 replies
-
- windows 7 home premium
- recently removed rootkit
-
(and 1 more)
Tagged with:
-
Is my computer infected or hijacked?
Android8888 replied to Vectrex's topic in Resolved Malware Removal Logs
Hi Vectrex. I'm glad to hear that! It's time to say that your computer appears to be clean and malware free. Now it's time to check for outdated programs. Outdated programs contains security vulnerabilities that are exploited by malware in order to infect the computer without the user's knowledge. Usually this is one of the ways that more contributes to the infection of your computer. Run a program like Personal Software Inspector (PSI) or FileHippo Update Checker to see what programs need to be updated. When the updates are complete, you can delete all the tools we used in the removal process by using DelFix. Download DelFix and move the executable to your Desktop; Right-click on DelFix.exe and select Run as Administrator; Check the following options : Activate UAC (This option will activate the User Account Control feature). Remove disinfection tools (this option will remove the tools used in the cleaning process). Create registry backup (this option will create a backup from the Windows Registry). Purge system restore (this option will remove all previous and possibly infected restore points, and will create a new and clean restore point of your system). Reset system settings (this option will reset any system settings back to default that were changed either by us during cleansing or by malware infection). Once the options mentioned above are checked, click on Run; After DelFix is done running, a log will open. I do NOT need to see that log. You can close and delete it. If all is running well with the computer: To help keep malware off your system below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please consider using these ideas to help secure your computer. Keep your Windows Operating System up-to-date. Keep your AntiVirus program up-to-date. Please note: Many installer offer third-party downloads that are installed automatically when you do not uncheck certain checkboxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser. Keep Malwarebytes Anti-Malware (MBAM) update and perform a regular scan to your system as it will make it harder for malware to reside on your computer. A tutorial on using MBAM can be found here and a complete guide here Please Note: Only the paid for version has real time capabilities. Please Note: Only the paid for version has real time capabilities. Please go here and scroll down to find a comparison list of the two versions. A free non-resident utility to prevent the installation of ActiveX-based malware is JavaCool's SpywareBlaster, available here Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster can be run with any of them. Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above. Another most feared threat at the moment is an infection by a Ransomware. A Ransomware infection is a program that ransoms the data or functionality of your computer until you perform an action. This action is typically to pay a ransom in the form of Bitcoins or another payment method. I advise you to read more info on this terrible threat here and here. Please keep your programs up to date. This applies to most of the programs and all your Internet Browsers in particular. Vulnerabilities in the programs are often exploited in order to install malware on your PC. Be careful with flash drives, as they can spread infections. See this post on USB/flash drive safety. Stay away from P2P software; even with a clean P2P program, their networks are often riddled with malware. Don't click on attachments or links in e-mail, and read your e-mail in text-only mode for the highest safety. Don't click on links received in instant message programs. A HOSTS file will prevent Internet Explorer from communicating with sites known to be associated with adware or spyware. A good regularly updated HOST file is MVPS HOSTS File, available here For much more useful and complete information, please read the following links to fully understand PC Security and Best Practices: So how did I get infected in the first place Answers to common security questions - Best Practices Hopefully these steps will help to keep you error and malware free. If you run into more difficulty, we will certainly do what we can to help. Happy surfing and stay safe. Android8888 -
Hi fullera. Great! Programs like this one which serve to find and display a license key for particular software or the Operating System fulfill the criteria for Potentially Unsafe Applications. That is why it has been detected and deleted. I'm glad that you have a backup of it. Okay, please perform another scan with Malwarebytes and quarantine all the items it finds. Please post its log in your next reply. Are there any issues or concerns with the computer? Thank you. Rui
- 8 replies
-
- windows 7 home premium
- recently removed rootkit
-
(and 1 more)
Tagged with:
-
Intruder takes control of my computer
Android8888 replied to ctom's topic in Resolved Malware Removal Logs
Hello Carlos. I'm wondering why do you need to update the BIOS of your computer. It’s a myth that BIOS updates somehow make your computer faster or run better. If you specifically need to install new hardware that is not recognized by your motherboard, then it’s probably worth taking the risk to install it. If not, then you should simply stick with your current BIOS because the new BIOS won’t make any difference and could actually cause more problems. Okay, please continue with the following instructions and perform the steps below: Please download AdwCleaner and move it to your Desktop Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users) Accept the EULA (I accept), then click on Scan Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all the active processes Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it After the restart, a log will open when logging in. Please attach that log in your next reply. Next, Download Junkware Removal Tool (JRT) and move it to your Desktop Right-click on JRT.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users) Press on any key to launch the scan and let it complete Credits: Bleeping Computer and Aura Once the scan is complete, a log will open. Please attach the log in your next reply. Next, Download the right version of RogueKiller for your Windows version (32 or 64-bit); Once done, move the executable file to your Desktop, right-click on it and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users); Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner); Wait for the scan to complete; On completion, the results will be displayed. Note: Do NOT remove anything it finds. The entries are not all bad; Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner); This will open the report in Notepad. Please attach the log in your next reply; Please attach the AdwCleaner clean log, the JRT log and the RogueKiller scan log for my review. Thank you. Rui -
Intruder takes control of my computer
Android8888 replied to ctom's topic in Resolved Malware Removal Logs
Hello Carlos and thank you for the logs. Sorry about the delay in responding. In case you need to restore your system to a previous state it is always better an infected restore point than none so the first thing to do is enable System Restore and create a new restore point: Enable and Create a System Restore Point Next, Please download Malwarebytes Anti-Rootkit and extract it to your desktop (MBAR will be launched shortly after the extraction) Click on Next, and then on the Update button to let it update its database. Once the database has been successfully updated, click on Next Make sure all the checkboxes are checked, then click on the Scan button, and let it completes its scan (this can take a while) Credits: Aura Once the scan is done, make sure that every item is checked, and click on the Cleanup button (a reboot might be required) After that (and the reboot, if one was required), go back in the mbar folder and look for a text file called mbar-log-TODAY'S-DATE.txt Please attach that log in your next reply for my review. How is the computer behavior? Same symptoms? Rui -
Hello fullera and thank you for the logs. Sorry about the delay in responding. Not for now. Usually we treat one computer at a time. That means one topic for each computer to avoid possible misunderstandings with the instructions. I suggest you open new threads to other computers. Please note that if the other computers you suspected being infected are connected in the same internal network as this one, then you should keep them disconnected until we complete the clean up process for this computer. Okay, please scan your computer with ESET Online Scanner to search for leftovers. Click on this link to open ESET Online Scanner in a new window. Click on the Scan Now button to download the esetonlinescanner_enu.exe file. Save it to your Desktop. Close all your programs and browsers and disconnect any USB flash drives from the computer. Please disable your antivirus program to avoid potential conflicts, improve the performance and speed up the scan. Double click on esetonlinescanner_enu.exe to start ESET Online Scanner. It will open a window with the Terms of Use. Check mark Download latest version of ESET Online Scanner and click the Accept button. Click Yes to accept any security warnings that may appear. Under Computer scan settings, check mark Enable detection of potentially unwanted applications. Then click Advanced settings and check mark the following options: Enable detection of potentially unsafe applications Clean threats automatically Click the Scan button. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time to finish. When the scan completes, click List Threats. Click Export, and save the file to your Desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. Click the Back button. Click the Finish button. Note: If nothing is found, it will not produce a log. Next, Please download RogueKiller 32/64 Bits Installer (RogueKiller_setup_ref3.exe) by Tigzy and save it to your computer's Desktop. Right click on the file RogueKiller_setup_ref3.exe and select Run as administrator to install the tool. Click Yes to accept any security warnings that may appear. Choose the installation language and click OK. Checkmark "Install 32 and 64 bits versions" and click Next. Follow the steps to install the tool. Now close all programs and browsers. Please disconnect any USB or external drives from the computer before you run this scan! Right-click on the RogueKiller icon and select Run as administrator. Click Yes to accept any security warnings that may appear. Click the Scan tab and then click the Start Scan button. Wait until the scan has finished. This may take some time consuming. Note: Do NOT remove any entries as they may are not all bad. Once finished click on Open Report. It will open a new window. Click Export TXT to export the report as a text file, give a name to the file such as RKlog.txt and save it to your Desktop. Close RogueKiller. Please copy and paste the contents of RKlog.txt to your next reply. Please re-enable your antivirus program. How is the system behavior now? Rui
- 8 replies
-
- windows 7 home premium
- recently removed rootkit
-
(and 1 more)
Tagged with:
-
Is my computer infected or hijacked?
Android8888 replied to Vectrex's topic in Resolved Malware Removal Logs
Hello Vectrex and sorry for the delay in responding. You're very welcome and thank you for the logs. They are clean. Below I will give instructions to run an online scan to check for leftovers. Regarding your questions: 1., 2. and 3. The file userinit.exe is a Windows Operating System program that is launched directly after a user logs into Windows. This program restores your profile, fonts, colors, etc for your username. This startup is a required and important system file for Windows. However its correct path (location) is C:\Windows\System32\userinit.exe instead of C:\USERS\STEFAN\DESKTOP\USERINIT.EXE. "Heuristics.Reserved.Word.Exploit" is most likely a false positive detection in Malwarebytes used simply to note when a file is out of its correct place. For example, when userinit.exe is the name for a file on the Desktop (which was the case), it would be detected because its real location is in C:\Windows\System32 and not where it was found. So, how did this file appeared out of its 'location'? Well, I can't tell you that for sure but be aware that if you browse the Internet in Safe Mode, your system is completely exposed to any kind of malware even if you only visit an infected website. You don't even need to download anything to become infected. 4. An easy way to monitor the Processes activity in your system is using Task Manager by pressing CTRL+ALD+DEL simultaneously and then select Task manager. There you can see all the active processes in your system. If you think a process is suspect, just try a search on Google for its name. If you don't find anything related, you can always ask for help here in the forum. 5. You can also download and use Process Monitor which is an advanced monitoring tool for Windows to watch the activity (processes, Registry, files...) of your system. Concerning the HDDs activity, let me tell you that your system may have active tasks that are still running according to their scheduled date and time. If you check the Task Scheduler in your system (see here on how to do it) will be very likely that you find active tasks which you even did not know they were there. Most part of these tasks should not be cancelled since they are necessary for the correct operation of the system. After looking into the logs that you provided I must say that it is very likely that some of these active Tasks are the cause of constant accesses to disk when the system is idle. If you’re following a good computer maintenance routine, your PC should be secure. Just to let you know that at this point on my Windows 10, I have 114 active schedule tasks to be run. Okay, let's run one last scan with Sophos Virus Removal Tool. This is a very thorough scan and it may take several hours to complete according to the number of programs and files installed in your system, but it is worth it. The Sophos Virus Removal Tool scans the following areas of your computer: Memory, including system memory on 32-bit (x86) versions of Windows; The Windows Registry; All local hard drives, fixed and removable; Mapped network drives are not scanned. Note: If threats are found in the computer memory, the scan stops. This is because further scanning could enable a threat to spread. You will be asked to click 'Start Cleanup' to remove the threats before continuing the scan. Please download Sophos Virus Removal Tool and save it to your computer's Desktop. Right-click the icon and select Run as administrator. Click Yes to accept any security warnings that may appear. Click the Next button. Select 'I accept the terms in the license agreement', then click Next twice. Click the Install button and wait until the installation is complete. Click the Finish button. The tool created a shortcut icon on the Desktop of your computer. Now, double-click the Sophos Virus Removal Tool shortcut icon to run the tool. Click Yes to accept any security warnings that may appear. After it updates and a "Start Scanning" button appears in the lower right: Disconnect from the Internet or physically unplug your Internet cable connection. Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver. Temporarily disable your anti-virus and real-time anti-spyware protection. Click the "Start Scanning" button in the lower right to start the scan. After starting the scan, do not use the computer until the scan has completed. When finished, if it detected anything there will be a "Start Clean-up" button, click it and allow it to finish. When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet. If any threats are found click Details, then View Log file (bottom left-hand corner). Copy and paste its contents in your next reply and note any errors encountered. Close the Notepad document, close the Threat Details screen, then click Start cleanup. Click Exit to close the program. If no threats were found, please confirm that result. Note: Whenever necessary, the log will be in the following location: Windows Vista and above: C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs\SophosVirusRemovalTool.log Please let me know the final result of the scan and post the contents of the log in your next reply. Are there any issues or concerns with the computer at this point? Rui -
Intruder takes control of my computer
Android8888 replied to ctom's topic in Resolved Malware Removal Logs
Hello ctom and My screen name is Android8888 but if you wish you can call me Rui which is my real name. I will be helping you with your malware issues. Please ask questions if anything is unclear. Okay, I need you to run a new scan with Malwarebytes. Open Malwarebytes; On the left pane select Settings; Select the Protection tab; Scroll down to Scan Options and ensure Scan for Rootkits and Scan within Archives are both on and leave all other settings to default. Go back to DashBoard and select the blue Scan Now tab; Note: The scan may take some time to finish, so please be patient. When the scan completes if potential threats are detected, ensure to checkmark all the listed items, and click the Quarantine Selectedbutton. While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), give it a name and save it to your Desktop. The log can also be viewed by clicking the log to select it, then clicking the View Report button. Please attach the new log in your next reply. Please delete the current FRST64 executable and delete also the folder C:\FRST and both logs (FRST.txt and Addition.txt). Now download a new version of FRST (64-bit) from here, perform a new scan and attach the new set of logs (FRST.txt and Addition.txt) in your next reply. After you execute the above instructions please tell me exactly what issues or symptoms are you still experiencing in the computer. Thank you Rui -
Remove www.trackpackagehome.com
Android8888 replied to Dbacks's topic in Resolved Malware Removal Logs
Hello Dbacks and Please read the content of the topic I'm infected - What do I do now?, perform the scans and attach the requested logs for review. We need to see those logs in order to help you. Thank you. Android8888 -
Hello fullera and My screen name is Android8888 but if you wish you can call me Rui which is my real name. I will be helping you with your malware issues. Please ask questions if anything is unclear. I suggest printing out each set of instructions or copy them to a Notepad file and reading the entire post before proceeding. It will make following them easier. Read all of my instructions very carefully and bear in mind that any mistakes during the cleaning process may have serious consequences such as leaving the computer unbootable. Please DO NOT run any tools on your own or make any other changes to your computer and follow the directions in the order listed during the malware removal process, otherwise you can worsen the situation rather than solve it. Make sure to run all tools from the computer's Desktop and with Administrator privileges (i.e. right-click the tool icon and select Run as administrator). Please run one scan at a time. Once started the malware removal process has to be completed. Even if your computer appears to be running better after performing a first set of instructions, it may still be infected as some infections are difficult to remove and can leave remnants on the System. Please consider it clean and safe only when I declare it free of malware. In some cases malware uses Group Policy restrictions to enforce restriction on security programs and prevent them from functioning normally. In other cases those restrictions are set by the system administrators to prevent the users or the malware from doing harm. Next, Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply. Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST64.exe executable is located); DO NOT open or modify that file! Right-click on the FRST executable and select Run as Administrator; Click on the Fix button; Credits: Aura On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad; Please attach the Fixlog.txt in your next reply; Next, Download AdwCleaner and move it to your Desktop Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users) Accept the EULA (I accept), then click on Scan Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all active processes Credits: Aura Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it After the restart, a log will open when logging in. Please attach that log in your next reply Next, Download Junkware Removal Tool (JRT) and move it to your Desktop Right-click on JRT.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users) Press on any key to launch the scan and let it complete Credits: Bleeping Computer and Aura Once the scan is complete, a log will open. Please attach that log in your next reply Next, I need you to run a scan with Malwarebytes and attach its log in your next reply but before you do that I suggest you to update the program from version 2 to version 3. Malwarebytes version 3 engine supports newer, more efficient and more advanced detection techniques and rule syntax not available in the MBAM 2.x engine. You can follow the instructions below to do it. When installing the version 3, the old version will be automatically removed, so please proceed as follow: Please download Malwarebytes version 3 from here and save it to your computer's Desktop. Right-click on the Malwarebytes icon and select Run as administrator to run the tool. Click Yes to accept any security warnings that may appear. Once the Malwarebytes dashboard opens, on the right detail pane click on the word "Current" under the Scan Status to update the tool´s database. On the left menu pane click on the Settings tab, and then select the Protection tab on the top. Under the Scan Options, turn on the buttons Scan for rootkits and Scan within archives. Click the Scan tab on the right detail pane, select Threat Scan and click the Start Scan button Note: The scan may take some time to finish, so please be patient. If potential threats are detected, ensure to check-mark all the listed items, and click the Quarantine Selected button. While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop. The log can also be viewed by clicking the log to select it, then clicking the View Report button. Please attach the log for my review. Note: If asked to restart the computer, please do so immediately. In your next reply please attach the following logs: Fixlog.txt AdwCleaner clean log Junkware Removal Tool log (JRT.txt) Malwarebytes clean log How is the computer running now? Any issues or concerns? Rui fixlist.txt
- 8 replies
-
- windows 7 home premium
- recently removed rootkit
-
(and 1 more)
Tagged with:
-
Is my computer infected or hijacked?
Android8888 replied to Vectrex's topic in Resolved Malware Removal Logs
Hello Vectrex and My screen name is Android8888 but if you wish you can call me Rui which is my real name. I will be helping you with your malware issues. Please ask questions if anything is unclear. I do not see evidences of infection in the FRST logs, just some leftovers. The infected item was quarantined by Malwarebytes at 10/02/2017 and the latest scan (10/13/2017) shows no infection. That means that Malwarebytes took care of it. I will give you a fix with FRST just to clean up some leftovers but nothing serious at this point. We will check further. Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply. Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST64.exe executable is located); DO NOT open or modify that file! Right-click on the FRST executable and select Run as Administrator; Click on the Fix button; Credits: Aura On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad; Please attach the Fixlog.txt in your next reply; Next, Download AdwCleaner and move it to your Desktop Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users) Accept the EULA (I accept), then click on Scan Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all active processes Credits: Aura Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it After the restart, a log will open when logging in. Please attach that log in your next reply Next, Download the right version of RogueKiller for your Windows version (64-bit) Once done, move the executable file to your computer's Desktop, right-click on it and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users) Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner) Wait for the scan to complete; NOTE: Do NOT remove any item it finds. On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner) This will open the report in Notepad. Save that file and attach it to your next reply. Please attach the following logs to your next reply: Fixlog.txt AdwCleaner clean log. RogueKiller scan log. How is the computer behaving? Rui fixlist.txt -
Svchost.exe infected, need help
Android8888 replied to djkeefer's topic in Resolved Malware Removal Logs
Hello djkeefer and My screen name is Android8888 but if you wish you can call me Rui which is my real name. I will be helping you with your malware issues. Please ask questions if anything is unclear. I suggest printing out each set of instructions or copy them to a Notepad file and reading the entire post before proceeding. It will make following them easier. Read all of my instructions very carefully and bear in mind that any mistakes during the cleaning process may have serious consequences such as leaving the computer unbootable. Please DO NOT run any tools on your own or make any other changes to your computer and follow the directions in the order listed during the malware removal process, otherwise you can worsen the situation rather than solve it. Make sure to run all tools from the computer's Desktop and with Administrator privileges (i.e. right-click the tool icon and select Run as administrator). Please run one scan at a time. Once started the malware removal process has to be completed. Even if your computer appears to be running better after performing a first set of instructions, it may still be infected as some infections are difficult to remove and can leave remnants on the System. Please consider it clean and safe only when I declare it free of malware. With that being said let's begin. The first thing to do would be to turn on User Account Control to give some added protection against unwanted installs. See this link for instructions on how to enable it: https://support.microsoft.com/en-us/help/975787/guided-help-adjust-user-account-control-settings-in-windows-7-and-wind You have Spybot - Search & Destroy installed. I strongly suggest you remove it as it will conflict with your other antivirus program. Besides that running Spybot - Search & Destroy in addition to Malwarebytes would be redundant. I would not run both. Next, Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply. Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST64.exe executable is located); DO NOT open or modify that file! Right-click on the FRST executable and select Run as Administrator; Click on the Fix button; Credits: Aura On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad; Please attach the Fixlog.txt in your next reply; Next, Download AdwCleaner and move it to your Desktop Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users) Accept the EULA (I accept), then click on Scan Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all active processes Credits: Aura Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply Next, Download Junkware Removal Tool (JRT) and move it to your Desktop Right-click on JRT.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users) Press on any key to launch the scan and let it complete Credits : BleepingComputer.com and Aura Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply Next, Please download Zemana AntiMalware and save it to your Desktop. Right-click on the icon and select Run as administrator to install the program. Click Yes to accept the UAC security warning that may appear. Select the language and click the OK button. Click the Next button, accept the EULA warning and follow the instructions to continue and install the program. Once the installation is complete it will start automatically. Wait a few seconds until the update of signature database is complete. Without changing any options, click Scan to begin. After the short scan is finished, if threats are detected click Next to remove them. Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please re-boot your computer manually. Click on the Back button. On the top right corner click on Reports icon (the one with three bars) and double click on the latest report. Now click File > Save As, then choose your computer's Desktop and click the Save button. Please attach the saved report in your next reply. Next, Please perform another scan with Malwarebytes and post its log. Also check if the issue (the svchost.exe detection) still remains. Please attach the following logs to your next reply: Fixlog.txt AdwCleaner clean log JRT.txt Zemana log. Malwarebytes log. How is the computer running now? Rui fixlist.txt -
Used Malwarebytes now my wifi does not work
Android8888 replied to beat432's topic in Resolved Malware Removal Logs
Hi Vic and thank you for those logs. You're most welcome and I'm glad to hear that the problem seems to be solved. Your computer appears to be clean and malware free. Now is time for some program updates. Outdated programs contains security vulnerabilities that are exploited by malware in order to infect the computer without the user's knowledge. Usually this is one of the ways that more contributes to the infection of your computer. Run a program like Personal Software Inspector (PSI) or FileHippo Update Checker to see what programs need to be updated. After that you can clean up the tools we used in the removal and the logs created by them. Then, and if all is well with the computer: To help keep malware off your system below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please consider using these ideas to help secure your computer. Keep your Windows Operating System up-to-date. Keep your AntiVirus program up-to-date. Please note: Many installer offer third-party downloads that are installed automatically when you do not uncheck certain checkboxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser. Keep Malwarebytes Anti-Malware (MBAM) update and perform a regular scan to your system as it will make it harder for malware to reside on your computer. A tutorial on using MBAM can be found here and a complete guide here Please Note: Only the paid for version has real time capabilities. Please Note: Only the paid for version has real time capabilities. Please go here and scroll down to find a comparison list of the two versions. A free non-resident utility to prevent the installation of ActiveX-based malware is JavaCool's SpywareBlaster, available here Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster can be run with any of them. Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above. Another most feared threat at the moment is an infection by a Ransomware. A Ransomware infection is a program that ransoms the data or functionality of your computer until you perform an action. This action is typically to pay a ransom in the form of Bitcoins or another payment method. I advise you to read more info on this terrible threat here and here. Please keep your programs up to date. This applies to most of the programs and all your Internet Browsers in particular. Vulnerabilities are often exploited in order to install malware on your PC. Be careful with flash drives, as they can spread infections. See this post on USB/flash drive safety. Stay away from P2P software; even with a clean P2P program, their networks are often riddled with malware. Don't click on attachments or links in e-mail, and read your e-mail in text-only mode for the highest safety. Don't click on links received in instant message programs. A HOSTS file will prevent Internet Explorer from communicating with sites known to be associated with adware or spyware. A good regularly updated HOST file is MVPS HOSTS File, available here For much more useful and complete information, please read the following links to fully understand PC Security and Best Practices: So how did I get infected in the first place Answers to common security questions - Best Practices Hopefully these steps will help to keep you error and malware free. If you run into more difficulty, we will certainly do what we can to help. Happy surfing and stay safe. Rui- 4 replies
-
- malwarebytes
- no wifi
-
(and 2 more)
Tagged with:
-
Used Malwarebytes now my wifi does not work
Android8888 replied to beat432's topic in Resolved Malware Removal Logs
Hello beat432 and My screen name is Android8888 but if you wish you can call me Rui which is my real name. I will be helping you with your malware issues. Please ask questions if anything is unclear. I suggest printing out each set of instructions or copy them to a Notepad file and reading the entire post before proceeding. It will make following them easier. Read all of my instructions very carefully and bear in mind that any mistakes during the cleaning process may have serious consequences such as leaving the computer unbootable. Please DO NOT run any tools on your own or make any other changes to your computer and follow the directions in the order listed during the malware removal process, otherwise you can worsen the situation rather than solve it. Make sure to run all tools from the computer's Desktop and with Administrator privileges (i.e. right-click the tool icon and select Run as administrator). Please run one scan at a time. It is advisable that once started, malware removal process should be completed. That means even if your computer appears to be running better after performing a first set of instructions, it may still be infected as some infections are difficult to remove and can leave remnants on the System. Please consider it clean and safe only when I declare it free of malware. With that being said let's start. Next, Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply. Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST64.exe executable is located); DO NOT open or modify that file! Right-click on the FRST executable and select Run as Administrator; Click on the Fix button; Credits: Aura On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad; Please attach the fixlog.txt in your next reply; Next, Download Junkware Removal Tool (JRT) and move it to your Desktop; Right-click on JRT.exe and select Run as Administrator; Press on any key to launch the scan and let it complete; Credits: Bleeping Computer and Aura Once the scan is complete, a log will open. Please attach that log in your next reply; Next, Open Malwarebytes; On the left pane select Settings; Select the Protection tab; Scroll down to Scan Options and ensure Scan for Rootkits and Scan within Archives are both on and leave all other settings to default. Go back to DashBoard and select the blue Scan Now tab; Note: The scan may take some time to finish, so please be patient. When the scan completes if potential threats are detected, ensure to checkmark all the listed items, and click the Quarantine Selectedbutton. While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), give it a name and save it to your Desktop. The log can also be viewed by clicking the log to select it, then clicking the View Report button. Please attach the log in your next reply. Next, Please download Sophos Virus Removal Tool and save it to your computer's Desktop. The Sophos Virus Removal Tool scans the following areas of your computer: Memory, including system memory on 32-bit (x86) versions of Windows The Windows registry All local hard drives, fixed and removable Mapped network drives are not scanned. Note: If threats are found in the computer memory, the scan stops. This is because further scanning could enable the threat to spread. You will be asked to click Start Cleanup to remove the threats before continuing the scan. Right-click the icon and select Run as administrator. Click Yes to accept any security warnings that may appear. Click the Next button. Select 'I accept the terms in the license agreement', then click Next twice. Click the Install button and wait until the installation is complete. Click the Finish button. The tool created a shortcut icon on the Desktop of your computer. Now, double-click the Sophos Virus Removal Tool shortcut icon to run the tool. Click Yes to accept any security warnings that may appear. After it updates and a "Start Scanning" button appears in the lower right: Disconnect from the Internet or physically unplug your Internet cable connection. Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver. Temporarily disable your anti-virus and real-time anti-spyware protection. Click the "Start Scanning" button in the lower right to start the scan. After starting the scan, do not use the computer until the scan has completed. When finished, if it detected anything there will be a "Start Clean-up" button, click it and allow it to finish. When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet. If any threats are found click Details, then View Log file (bottom left-hand corner). Copy and paste its contents in your next reply and note any errors encountered. Close the Notepad document, close the Threat Details screen, then click Start cleanup. Click Exit to close the program. If no threats were found, please confirm that result. Note: Whenever necessary, the log will be in the following location: Windows Vista and above: C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs\SophosVirusRemovalTool.log Please post the contents of the log in your next reply and note any errors encountered. In your next reply please attach: The fixlog.txt; The JRT.txt log; The Malwarebytes quarantine log. The SVRT.log How is the computer running? Are you able to connect the wi-fi network now? Rui fixlist.txt- 4 replies
-
- malwarebytes
- no wifi
-
(and 2 more)
Tagged with:
-
myhelpfuldownloads.com tab opens in Google Chrome
Android8888 replied to Ukellele's topic in Resolved Malware Removal Logs
Hello Kelly. Thank you for the feedback. If all is running well it is advisable to check for outdated programs. To complete the process the next step is to check the vulnerabilities of your System. Outdated programs contains security vulnerabilities that are exploited by malware in order to infect the computer without the user's knowledge. Usually this is one of the ways that more contributes to the infection of your computer. Run a program like Personal Software Inspector (PSI) or FileHippo Update Checker to see what programs need to be updated. After performing the updates, you can delete the following tools used in the removal process: FRST and the logs it produced (FRST.txt, Addition.txt and Fixlog.txt), and delete also the folder C:\FRST AdwCleaner (Open the tool, click on File and then click Uninstall) and delete also the folder C:\AdwCleaner Junkware Removal Tool (JRT). You can keep ESET and perform a scan to your System once in a while. To help keep malware off your system below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please consider using these ideas to help secure your computer. Keep your Windows Operating System up-to-date. Keep your AntiVirus program up-to-date. Please note: Many installer offer third-party downloads that are installed automatically when you do not uncheck certain checkboxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser. Keep Malwarebytes Anti-Malware (MBAM) updated and perform a regular scan to your system as it will make it harder for malware to reside on your computer. A tutorial on using MBAM can be found here and a complete guide here Please Note: Only the paid for version has real time capabilities. Please Note: Only the paid for version has real time capabilities. Please go here and scroll down to find a comparison list of the two versions. A free non-resident utility to prevent the installation of ActiveX-based malware is JavaCool's SpywareBlaster, available here Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster can be run with any of them. Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above. Another most feared threat at the moment is an infection by a Ransomware. A Ransomware infection is a program that ransoms the data or functionality of your computer until you perform an action. This action is typically to pay a ransom in the form of Bitcoins or another payment method. I advise you to read more info on this terrible threat here and here. Please keep your programs up to date. Vulnerabilities in are often exploited in order to install malware on your PC. Be careful with flash drives, as they can spread infections. See this post on USB/flash drive safety. Stay away from P2P software; even with a clean P2P program, their networks are often riddled with malware. Don't click on attachments or links in e-mail, and read your e-mail in text-only mode for the highest safety. Don't click on links received in instant message programs. A HOSTS file will prevent Internet Explorer from communicating with sites known to be associated with adware or spyware. A good regularly updated HOST file is MVPS HOSTS File, available here For much more useful and complete information, please read the following links to fully understand PC Security and Best Practices: So how did I get infected in the first place Answers to common security questions - Best Practices Hopefully these steps will help to keep you error and malware free. If you run into more difficulty, we will certainly do what we can to help. Happy surfing and stay safe. Android8888 -
Hello Philippe. I'm glad to hear that. Your computer is clean and malware free. To complete the process the next step is to check the vulnerabilities of your System. Outdated programs contains security vulnerabilities that are exploited by malware in order to infect the computer without the user's knowledge. Usually this is one of the ways that more contributes to the infection of your computer. Run a program like Personal Software Inspector (PSI) or FileHippo Update Checker to see what programs need to be updated. After performing the updates you can delete all the tools no longer needed that were used in the malware removal process by using DelFix. DelFix completely delete those tools and will be removed by itself. Follow the instructions below to download and execute DelFix. Download DelFix and move the executable to your Desktop; Right-click on DelFix.exe and select Run as Administrator; Check the following options : Activate UAC (This option will activate the User Account Control feature). Remove disinfection tools (this option will remove the tools used in the cleaning process). Create registry backup (this option will create a backup from the Windows Registry). Purge system restore (this option will remove all previous and possibly infected restore points, and will create a new and clean restore point of your system). Reset system settings (this option will reset any system settings back to default that were changed either by us during cleansing or by malware infection). Once the options mentioned above are checked, click on Run; After DelFix is done running, a log will open. I don't need to see the log file, you can delete it. If all is running well: To help keep malware off your system below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please consider using these ideas to help secure your computer. Keep your Windows Operating System up-to-date. Keep your AntiVirus program up-to-date. Please note: Many installer offer third-party downloads that are installed automatically when you do not uncheck certain checkboxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser. Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs: Keep Malwarebytes Anti-Malware (MBAM) update and perform a regular scan to your system as it will make it harder for malware to reside on your computer. A tutorial on using MBAM can be found here and a complete guide here Please Note: Only the paid for version has real time capabilities. Please Note: Only the paid for version has real time capabilities. Please go here and scroll down to find a comparison list of the two versions. A free non-resident utility to prevent the installation of ActiveX-based malware is JavaCool's SpywareBlaster, available here Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster can be run with any of them. Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above. Another most feared threat at the moment is an infection by a Ransomware. A Ransomware infection is a program that ransoms the data or functionality of your computer until you perform an action. This action is typically to pay a ransom in the form of Bitcoins or another payment method. I advise you to read more info on this terrible threat here and here. Please keep your programs up to date. Vulnerabilities are often exploited in order to install malware on your PC. Be careful with flash drives, as they can spread infections. See this post on USB/flash drive safety. Stay away from P2P software; even with a clean P2P program, their networks are often riddled with malware. Don't click on attachments or links in e-mail, and read your e-mail in text-only mode for the highest safety. Don't click on links received in instant message programs. A HOSTS file will prevent Internet Explorer from communicating with sites known to be associated with adware or spyware. A good regularly updated HOST file is MVPS HOSTS File, available here For much more useful and complete information, please read the following links to fully understand PC Security and Best Practices: So how did I get infected in the first place Answers to common security questions - Best Practices Hopefully these steps will help to keep you error and malware free. If you run into more difficulty, we will certainly do what we can to help. Happy surfing and stay safe. Android8888
-
myhelpfuldownloads.com tab opens in Google Chrome
Android8888 replied to Ukellele's topic in Resolved Malware Removal Logs
Hi Kelly, You're very welcome! Are there any issues or concerns with the computer? -
Hello Philus, and thank you for the logs. Good news, but there are some work to do yet. Let's check for leftovers of infection. Please scan your computer with ESET Online Scanner. This is a very thorough scan but it's worth it. Click on this link to open ESET Online Scanner in a new window. Click on the Scan Now button to download the esetonlinescanner_enu.exe file. Save it to your Desktop. Close all your programs and browsers and disconnect any USB flash drives from the computer. Please disable your antivirus program to avoid potential conflicts, improve the performance and speed up the scan. Double click on esetonlinescanner_enu.exe to start ESET Online Scanner. It will open a window with the Terms of Use. Check mark Download latest version of ESET Online Scanner and click the Accept button. Click Yes to accept any security warnings that may appear. Under Computer scan settings, check mark Enable detection of potentially unwanted applications. Then click Advanced settings and check mark the following options: Enable detection of potentially unsafe applications Clean threats automatically Click the Scan button. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. When the scan completes, click List Threats. Click Export, and save the file to your Desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. Click the Back button. Click the Finish button. Note: If nothing is found, it will not produce a log. Please re-enable your antivirus program. Please post the ESET log (if it produced one) and let me know how is the computer behaving. Thank you. Android8888
-
Computer sluggish/won't go to random sites
Android8888 replied to cubfan56's topic in Resolved Malware Removal Logs
Hi Greg and thank you for your feedback. These are good news. At this point your computer appears to be clean and free of malware. Now check for program updates as outdated programs contains security vulnerabilities that are exploited by malware in order to infect the computer without the user's knowledge. Usually this is one of the ways that more contributes to the infection of your computer. Run a program like Personal Software Inspector (PSI) or FileHippo Update Checker to see what programs need to be updated. Next, You can now delete the tools used that were used in malware removal. Follow the instructions below to download and execute DelFix. Download DelFix and move the executable to your Desktop; Right-click on DelFix.exe and select Run as Administrator; Check the following options : Activate UAC (This option will activate the User Account Control feature). Remove disinfection tools (this option will remove the tools used in the cleaning process). Create registry backup (this option will create a backup from the Windows Registry). Purge system restore (this option will remove all previous and possibly infected restore points, and will create a new and clean restore point of your system). Reset system settings (this option will reset any system settings back to default that were changed either by us during cleansing or by malware infection). Once the options mentioned above are checked, click on Run; After DelFix is done running, a log will open. I don't need to see the log file, you can delete it. Is everything ok with the computer? Are there any issues or concerns? Rui -
myhelpfuldownloads.com tab opens in Google Chrome
Android8888 replied to Ukellele's topic in Resolved Malware Removal Logs
Hello Ukellele. Okay, please perform the following steps in the order listed. Read the information in the link below and clear the cache, cookies and history of Google Chrome: https://support.google.com/accounts/answer/32050?hl=en Read the information in the link below and reset Google Chrome settings to default: https://support.google.com/chrome/answer/3296214?hl=en Now let's remove all synced data from Chrome. To do that follow the instructions in this link: https://support.google.com/chrome/answer/6386691?hl=en-GB Close all Chrome windows. IMPORTANT: Chrome cannot be running for the next step. If needed, print this information or use another browser to read the information. Press the Windows key + R at the same time, to bring up the run dialog box. Type in (or copy/paste) the following text and press Enter: %localappdata%\Google\Chrome\User Data\Default\ Press Ctrl + A at the same time to select all the files and folders. Note: In some computers is Ctrl + T at the same time to select all the files and folders. Hold down the Ctrl key and simultaneously click once on the files Bookmarks and Bookmarks.bak. This will unselect these two files. With all the files selected (except for your Bookmarks), press the Delete key and click Yes to delete the files and folders. Restart your computer now and make sure there are no longer any redirects or other browser issues. Rui -
Hello Philus and I suggest printing out each set of instructions or copy them to a Notepad file and reading the entire post before proceeding. It will make following them easier. Read all of my instructions very carefully because any mistake you can make during the cleaning process may have serious consequences such as leaving the computer unbootable. Please DO NOT run any tools on your own or make any other changes to your computer and follow the directions in the order listed during the malware removal process, otherwise you can worsen the situation rather than solve it. Make sure to run all tools from the computer's Desktop and with Administrator privileges (i.e. right-click the tool icon and select Run as administrator). Please run one scan at a time. Once started the malware removal process has to be completed. Even if your computer appears to be running better after performing a first set of instructions, it may still be infected as some infections are difficult to remove and can leave remnants on the System. Please consider it clean and safe only when I declare it free of malware. With that being said let's start. Next, Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply. Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST64.exe executable is located); DO NOT open or modify that file! Right-click on the FRST executable and select Run as Administrator; Click on the Fix button; Credits: Aura On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad; Please attach the fixlog.txt in your next reply; Next, Open Malwarebytes; On the left pane select Settings; Select the Protection tab; Scroll down to Scan Options and ensure Scan for Rootkits and Scan within Archives are both on and leave all other settings to default. Go back to DashBoard and select the blue Scan Now tab; Note: The scan may take some time to finish, so please be patient. When the scan completes if potential threats are detected, ensure to checkmark all the listed items, and click the Quarantine Selectedbutton. While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), give it a name and save it to your Desktop. The log can also be viewed by clicking the log to select it, then clicking the View Report button. Please attach the log in your next reply. Next, Download Junkware Removal Tool (JRT) and move it to your Desktop; Right-click on JRT.exe and select Run as Administrator; Press on any key to launch the scan and let it complete; Credits: Bleeping Computer and Aura Once the scan is complete, a log will open. Please attach that log in your next reply; Next, Download AdwCleaner and move it to your Desktop; Right-click on AdwCleaner.exe and select Run as Administrator; Accept the EULA (I accept), let the database update, then click on Scan; Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Cleaning button. This will kill all the active processes; Credits: Aura Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it; After the restart, a log will open when logging in. Please attach that log in your next reply; In your next reply please attach: The fixlog.txt; The Malwarebytes log. The JRT.txt log; The AdwCleaner clean log; How is the computer running now? Android8888 fixlist.txt
-
Hello Philus, Just leave the AdwCleaner for now and read the instructions in the link I'm infected - What do I do now? Then perform the scans and post the requested logs. We need that information in order to help you. Thank you. Android8888
-
Computer sluggish/won't go to random sites
Android8888 replied to cubfan56's topic in Resolved Malware Removal Logs
Okay Greg, the fix with FRST ran well. AdwCleaner, Junkware Removal Tool and ESET cleaned some infected entries. At this point your computer appears to be clean and free of malware. What issues or concerns do are you still experiencing with this computer? Does it still slow when browsing in Internet? -
myhelpfuldownloads.com tab opens in Google Chrome
Android8888 replied to Ukellele's topic in Resolved Malware Removal Logs
Hi Ukellele, These are good news, but you did not attached the AdwCleaner clean log (something like AdwCleaner[C0].txt) which is located at C:\AdwCleaner\AdwCleaner[C0].txt. Can you attached that log please? In the meanwhile, are there any issues or concerns with the computer? Rui