edwardBe
-
Posts
17 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by edwardBe
-
-
Okay, thanks again.
-
It took some time to do it all. Norton had some issues that required a restart which hung, so I had to power off the computer manually, but everything seems fine, now. I can access the Mozilla folder under the Roaming folder. The MB scan was negative, but I guess I will have to wait for the results of the overnight scan tomorrow morning to see if the Spigot stuff is truly gone. Thanks again.
Malwarebytes
www.malwarebytes.com-Log Details-
Scan Date: 9/26/18
Scan Time: 12:11 PM
Log File: f1efb50c-c1bf-11e8-b595-54ab3ac4e8f8.json-Software Information-
Version: 3.6.1.2711
Components Version: 1.0.463
Update Package Version: 1.0.7027
License: Premium-System Information-
OS: Windows 10 (Build 17134.285)
CPU: x64
File System: NTFS
User: HOMER-VI\Edward-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 327708
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 3 min, 17 sec-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect-Scan Details-
Process: 0
(No malicious items detected)Module: 0
(No malicious items detected)Registry Key: 0
(No malicious items detected)Registry Value: 0
(No malicious items detected)Registry Data: 0
(No malicious items detected)Data Stream: 0
(No malicious items detected)Folder: 0
(No malicious items detected)File: 0
(No malicious items detected)Physical Sector: 0
(No malicious items detected)WMI: 0
(No malicious items detected)
(end) -
Okay the mozilla folder is gone. I forgot to mention because I forgot about it, but I have been running an older version of FireFox because the bookmarks toolbar I have been using is not compatible with the latest version, or it wasn't the last time I checked.
-
C:\Users\Edward\AppData\Roaming\Mozilla\Firefox\Profiles\m4j6rmyy.default This last folder I can't open or delete due to the permissions. I was able to open it yesterday when I started this post.
-
Thanks again, Kevin. I'm getting a message that I need permission from the computer's administrator to delete the files/folders in Roaming\Mozilla even though I am the administrator.
-
With the help of this forum, I managed to get Chrome cleaned up, but now I'm having problems with FireFox.
Each night Malwarebyes scans my computer and each morning reports this:
File: 1
PUP.Optional.Spigot, C:\USERS\EDWARD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M4J6RMYY.DEFAULT\PREFS.JSI quarantine and then delete the file and yesterday I deleted the file prefs.js itself, but it was recreated although I didn't restart FireFox.
I went into the Profiles folder and opened profiles.ini which shows this:
[General]
StartWithLastProfile=1[Profile0]
Name=default
IsRelative=1
Path=Profiles/m4j6rmyy.default
Default=1I have no idea where this profile came from, but I suspect it is created by Spigot and keeps recreating prefs.js which recreates the Spigot file all over again.
This isn't a major problem, but it is annoying to get this message every morning and have to spend a few minutes quarantining and removing the file, although I guess I could ignore it...
The previous cleaning used FRST64 and AdwareCleaner, but they didn't find this for some reason. Should I rerun them?
Thanks again for all the help.
-
-
Donation sent, thanks again.
-
Not for at least an hour. Thanks again.
-
Unable to post files or their content.
-
Thanks again. Here is the log from ADWCleaner:
# -------------------------------
# Malwarebytes AdwCleaner 7.2.3.1
# -------------------------------
# Build: 09-03-2018
# Database: (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 09-20-2018
# Duration: 00:00:04
# OS: Windows 10 Home
# Cleaned: 7
# Failed: 3
***** [ Services ] *****No malicious services cleaned.
***** [ Folders ] *****
Deleted C:\Users\Edward\Downloads\Video downloader
Deleted C:\Users\Edward\AppData\Local\DriverToolkit***** [ Files ] *****
No malicious files cleaned.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{2B51C83A-465D-4EA9-9CDC-1ED95ED09AC6}
Deleted HKCU\Software\APN PIP
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A38C15B2D5649AE4C9CDE19DE50DA96C
Deleted HKLM\Software\Classes\Installer\Products\A38C15B2D5649AE4C9CDE19DE50DA96C
Deleted HKLM\Software\Classes\Installer\Features\A38C15B2D5649AE4C9CDE19DE50DA96C***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
Not Deleted Ask
Not Deleted AOL***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
Not Deleted nortonsafe.search.ask.com
*************************[+] Delete IFEO
[+] Delete Prefetch
[+] Delete Tracing Keys
[+] Reset BITS
[+] Reset Windows Firewall
[+] Reset Hosts File
[+] Reset IPSec
[+] Reset Chromium Policies
[+] Reset IE Policies
[+] Reset Proxy Settings
[+] Reset TCP/IP
[+] Reset Winsock*************************
AdwCleaner[S00].txt - [1937 octets] - [20/09/2018 14:42:19]
AdwCleaner_Debug.log - [3686 octets] - [20/09/2018 14:43:33]########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
-
Thanks. Here is the copy and paste of the report from MB:
Malwarebytes
www.malwarebytes.com-Log Details-
Scan Date: 9/20/18
Scan Time: 2:23 PM
Log File: 779e03ba-bd1b-11e8-a429-54ab3ac4e8f8.json-Software Information-
Version: 3.6.1.2711
Components Version: 1.0.463
Update Package Version: 1.0.6937
License: Trial-System Information-
OS: Windows 10 (Build 17134.285)
CPU: x64
File System: NTFS
User: HOMER-VI\Edward-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 335929
Threats Detected: 14
Threats Quarantined: 14
Time Elapsed: 2 min, 45 sec-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect-Scan Details-
Process: 0
(No malicious items detected)Module: 0
(No malicious items detected)Registry Key: 5
Trojan.BitCoinMiner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Microsoft\Windows\Google\GOOGLEUPDATETASKMACHINEGU, Quarantined, [543], [558322],1.0.6937
Trojan.BitCoinMiner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{AA36516D-DE69-45A1-9DC4-18934375739D}, Quarantined, [543], [558322],1.0.6937
Trojan.BitCoinMiner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{AA36516D-DE69-45A1-9DC4-18934375739D}, Quarantined, [543], [558322],1.0.6937
PUP.Optional.DriverToolkit, HKU\S-1-5-21-481108157-1381744732-3800661945-1001\SOFTWARE\DriverToolkit, Quarantined, [915], [512874],1.0.6937
PUP.Optional.Spigot, HKU\S-1-5-21-481108157-1381744732-3800661945-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{59E31E7C-2F2C-492B-BF86-6EE571951867}, Quarantined, [170], [243431],1.0.6937Registry Value: 2
PUP.Optional.Spigot, HKU\S-1-5-21-481108157-1381744732-3800661945-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{59E31E7C-2F2C-492B-BF86-6EE571951867}|URL, Quarantined, [170], [243431],1.0.6937
Trojan.BitCoinMiner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{AA36516D-DE69-45A1-9DC4-18934375739D}|PATH, Quarantined, [543], [558320],1.0.6937Registry Data: 1
PUP.Optional.Spigot, HKU\S-1-5-21-481108157-1381744732-3800661945-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Replaced, [170], [293199],1.0.6937Data Stream: 0
(No malicious items detected)Folder: 3
PUP.Optional.DriverToolkit, C:\Program Files (x86)\DriverToolkit\Download, Quarantined, [915], [512876],1.0.6937
PUP.Optional.DriverToolkit, C:\Program Files (x86)\DriverToolkit\Backup, Quarantined, [915], [512876],1.0.6937
PUP.Optional.DriverToolkit, C:\PROGRAM FILES (X86)\DRIVERTOOLKIT, Quarantined, [915], [512876],1.0.6937File: 3
Trojan.BitCoinMiner, C:\WINDOWS\SYSTEM32\TASKS\MICROSOFT\WINDOWS\GOOGLE\GOOGLEUPDATETASKMACHINEGU, Quarantined, [543], [558322],1.0.6937
PUP.Optional.Spigot, C:\USERS\EDWARD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M4J6RMYY.DEFAULT\PREFS.JS, Replaced, [170], [301667],1.0.6937
Generic.Malware/Suspicious, C:\USERS\EDWARD\APPDATA\ROAMING\NHM2\BIN\EXCAVATOR_SERVER\EXCAVATOR.EXE, Quarantined, [0], [392686],1.0.6937Physical Sector: 0
(No malicious items detected)WMI: 0
(No malicious items detected)
(end) -
I'm having the same problem as other users have had. I get notifications that "Norton Blocked an attack by System infected: Bitcoinminer Activity 7 (sometimes 9)" I have tried a complete scan by NIS and Norton Power Eraser. I've read the other threads, but didn't want to try the suggested tools without direction. Thanks.
-
Here's the log file: just a list of websites successfully blocked.
-
Hi all,
I get a steady stream of popups from Anti-Malware that it has successfully blocked access to a potentially malicious website and shows the ip address. I am glad that it is doing this, but I would like to know what programs are attempting to access the sites so that I can remove them... Any ideas?
Thanks,
Edward
-
Hi all,
First of all I looove this program. I guess Norton Internet Security is basically crap, as it allowed all kinds of malware to accumulate on my computer to the point that my browser was being hijacked and the computer was running slowly, but since running Anti-Malware it is like it is a new computer...
Meanwhile, I keep getting popup messages from Anti-malware saying that it has successfully blocked access to a potentially malicious website: (an ip address follows.) While I'm glad it is doing this , I would also like to know where the attempts to connect are coming from and eliminate the programs whatever they are.
Thanks,
Edward
PUP.Optional.Spigot in Mozilla AppData folder.
in Resolved Malware Removal Logs
Posted
Nothing this morning, thanks, again.
Malwarebytes
www.malwarebytes.com
-Log Details-
Scan Date: 9/27/18
Scan Time: 2:25 AM
Log File: 3e5f1550-c237-11e8-b7b5-54ab3ac4e8f8.json
-Software Information-
Version: 3.6.1.2711
Components Version: 1.0.463
Update Package Version: 1.0.7039
License: Premium
-System Information-
OS: Windows 10 (Build 17134.285)
CPU: x64
File System: NTFS
User: System
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Scheduler
Result: Completed
Objects Scanned: 327147
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 3 min, 49 sec
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
-Scan Details-
Process: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registry Key: 0
(No malicious items detected)
Registry Value: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Data Stream: 0
(No malicious items detected)
Folder: 0
(No malicious items detected)
File: 0
(No malicious items detected)
Physical Sector: 0
(No malicious items detected)
WMI: 0
(No malicious items detected)
(end)