captainiceberg
-
Posts
8 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by captainiceberg
-
-
Hi, I've reset both Chrome and Firefox, but same fault occurs - operates for a few minutes then the connection seems to gradually gets slower until it stops being able to load pages. Can restart machine and that sometimes resets it back into operation.
-
Hi, I think we're getting there. MBAM scan no longer shows the CrossRider files so they appear to have been purged from the system (yay).
Chrome still seems to be buggy - will run ok the first time its loaded in a session, but after a few minutes it is very slow and often still fails to load pages. Any suggestions?
Also, part way through the debugging process, MBAM decided it needed to update. Now it sometimes comes up saying that it is unable to load the Rootkit element, and this may be caused by Malware activity. Should I worry about this?
Thanks
-
FRST Fix run and log attached.
I will index the windows search overnight tonight, and have downloaded the startup manager.
-
Sorry, forgot the FRST file - see attached
-
Hi,
Ok, next reports:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.9 (09.30.2016)
Operating System: Windows 10 Pro x64
Ran by Administrator (Administrator) on Fri 10/07/2016 at 23:34:49.91
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 0
Registry: 0~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 10/07/2016 at 23:42:25.14
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~# AdwCleaner v6.021 - Logfile created 07/10/2016 at 23:57:48
# Updated on 06/10/2016 by ToolsLib
# Database : 2016-10-07.1 [Local]
# Operating System : Windows 10 Pro (X64)
# Username : Administrator - DAVID-THINK
# Running from : C:\Security and virus tools\AdwCleaner.exe
# Mode: Clean
# Support : https://toolslib.net/forum
***** [ Services ] *****
[-] Service deleted: Update service
***** [ Folders ] *****
***** [ Files ] *****
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Shortcuts ] *****
***** [ Scheduled Tasks ] *****
***** [ Registry ] *****
***** [ Web browsers ] *****
[-] [C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: uk.ask.com
[-] [C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: samsung-kies.en.softonic.com
[-] [C:\Users\KateM\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\KateM\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
*************************
:: "Tracing" keys deleted
:: Winsock settings cleared
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [3951 Bytes] - [03/10/2016 23:02:11]
C:\AdwCleaner\AdwCleaner[C2].txt - [1326 Bytes] - [07/10/2016 23:57:48]
C:\AdwCleaner\AdwCleaner[S0].txt - [3650 Bytes] - [03/10/2016 22:59:47]
C:\AdwCleaner\AdwCleaner[S1].txt - [1670 Bytes] - [07/10/2016 23:54:36]
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1545 Bytes] ##########
Sophos removal tool – no threats found
-
Hello @AdvancedSetup, Thanks for helping me out with this.
I've followed your instructions as above. I had to then restart the machine after the scan as the web browsers would not run again. The MBAN log is below:
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 10/7/2016
Scan Time: 8:53 PM
Logfile:
Administrator: Yes
Version: 2.2.0.1024
Malware Database: v2016.10.07.05
Rootkit Database: v2016.09.26.02
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 10
CPU: x64
File System: NTFS
User: Administrator
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 580461
Time Elapsed: 18 min, 50 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 2
PUP.Optional.CrossRider, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{22222222-2222-2222-2222-220222182204}, Quarantined, [b3ae5a3ce2b876c0c9c8fbf0887ceb15],
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{22222222-2222-2222-2222-220222182204}, Quarantined, [b3ae5a3ce2b876c0c9c8fbf0887ceb15],
Registry Values: 2
PUP.Optional.CrossRider, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{22222222-2222-2222-2222-220222182204}, CrossriderApp0021804.Sandbox, Quarantined, [b3ae5a3ce2b876c0c9c8fbf0887ceb15]
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{22222222-2222-2222-2222-220222182204}, CrossriderApp0021804.Sandbox, Quarantined, [58096333ddbd46f0058ca942ba4a827e]
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
-
Hello,
I am having a problem removing malware from my computer. It is causing the web browsing to operate very slowly / not at all. I have run MBAM and it identifies four PUP.Optional.CrossRider files (Two registry keys and two registry values).
I have repeatedly tried quarantining the files and deleting them, but they reappear each time I restart the machine.
I have also tried using ADW Cleaner, JRT and MBAR to isolate the files, but they are unable to locate them.
Does anyone have any suggestions as to how I can purge these files for good?
Thanks.
Cannot remove PUP.Optional.CrossRider - HELP PLEASE
in Resolved Malware Removal Logs
Posted
Hi, resetc router as described, but problem still occurred.
However I think I've now cracked it! The network connection was OK for Skype and Dropbox, but not for any of the Web browsers. I changed the DNS settings of the network connection to OpenDNS using the guide here http://www.howtogeek.com/164981/how-to-switch-to-opendns-or-google-dns-to-speed-up-web-browsing/
That appears to have resolved the slow browsing issue on all of the browsers. Had 24hrs operation and all good so far!
Thank you for all your help!!!
Is there any outstanding bits we need to wrap up?