Jump to content

Trial version by accident; wanted free version


Trotafox
 Share

Recommended Posts

I downloaded from CNET but accepted trial by mistake. It's running out in 3 days and I want the free version. My problem is that I have a hacker (180.130.251.27) from the Ukraine trying to break into my system via winvnc.exe. Malwarebytes is stopping him. He's been at it for 2 weeks now every 2 mins. I'm afraid if I let the trial version expire that he might get in before I can get the free version downloaded.

Incidently, the hacker attempt window went away once. As soon as I performed a Malwarebytes Quick Scan, he came right back. I'm wondering if he is somehow somehow attached to the Malwarebytes CNET download or this is a CNET attempt to force me using fear of being hacked to buy the Pro version.

What should I do?

Link to post
Share on other sites

:welcome: I am TheDarkKnight and will be assisting you. Please ask questions if anything is unclear. :)

Please download a copy of Malwarebytes Anti-Malware from here and click on Free Download. Install this version.

=====

Then, please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF).

Please go here to see a list of programs that need to be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.**

**Note 2: If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.**

Please include the C:\ComboFix.txt in your next reply for further review.

=====

Also, please download Malwarebytes Anti-Rootkit here.

  • Unzip the contents to a folder on the Desktop.
  • Open the folder where the contents were unzipped and run mbar.exe ( right-click and select Run as adminsistrator for Vista and Windows 7).
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Please post the two logs produced.

Please note: This tool is still in BETA mode, so please ensure you have backed up any important files.

=====

In your reply please post the contents of the following logs:

  • ComboFix.txt.
  • Both logs from Malwarebytes Anti-Rootkit.

How is your computer running? Is there any slowness or search redirects?

Link to post
Share on other sites

Be advised, I'm not a techie. Just an elderly lady trying to keep a hacker out. My computer is running okay. I don't think I'm infected so why am I running ComboFix?

Can't I just download the Free version from here and let CNET's trial version expire? I can handle a download but the rest just seems over my head. I do not want to mess with the registry.

My problem is that this guy is trying to hack into me regularly. When the trial version expires, I don't want a lapse time before I get the free version. I have Norton 360 which requires Windows Firewall to be turned off and I am not comfortable turning off Norton with this hacker.

Link to post
Share on other sites

I downloaded the FREE version from your link but it looks like the Trial version downloaded again. It said it was 43 days out of date so I updated it and did a scan and got this. Only one verson is on my computer when I looked at my All Programs and it is still the trial version. This is the scan. My computer is running fine and I have no reason to suspect malware. I would prefer not to run ComboFix at this time.

Malwarebytes Anti-Malware (Trial) 1.65.1.1000

www.malwarebytes.org

Database version: v2012.11.12.01

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

Karen :: [i removed this.....]

Protection: Enabled

11/11/2012 9:17:10 PM

mbam-log-2012-11-11 (21-17-10).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 194426

Time elapsed: 7 minute(s), 45 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Good afternoon Trotafox,

I downloaded the FREE version from your link but it looks like the Trial version downloaded again. It said it was 43 days out of date so I updated it and did a scan and got this. Only one verson is on my computer when I looked at my All Programs and it is still the trial version.

You will need to completely uninstall the version you have. Then install the one from the link I gave you. However, please note that you are probably selecting trial mode for the PRO version. If you install the free version and elect to not use the PRO trial then it won't give you the trial version.

This is the scan. My computer is running fine and I have no reason to suspect malware. I would prefer not to run ComboFix at this time.

Are these hits occurring when you are on the internet? The reason I suggest ComboFix and Malwarebytes Anti-Rootkit is because you may have a rootkit or similar on your computer, which may be responsible for the constant hits. :)

Link to post
Share on other sites

Good morning Dark Knight:

Re FREE version download: I went through your link. There was only one option download button. I have found others on the Internet that are having the same problem…end up with Trial instead of Free. I now have 2 days left.

Re Reinstall: How do I uninstall this version when this IP address is hitting my computer every 3 minutes non-stop for the last 2 weeks? The block shows up even with no programs open and running. Talk about annoying. What do you call a guy who keeps trying to find a back door into your computer non-stop? Per the Internet, a lot of people are having a problem with him.

Re RootKit: Is that remote access capability? It's hitting Port 5900 via winvnc.exe. My computer crashed in June. Took one month and $800 to supposedly fix it. Something tells me he may not have cleaned off a Rootkit. He tried to put remote capability on my computer so he didn't have to come out again but I don't think he could do it for some reason. I have a Dell and Dell may have installed one also. I do get IP address conflict error messages, and my Dell All-in-One printer won't print without rebooting sometimes. I also get Jucheck.exe error messages that it can't run. My tech said to just ignore them. Ignore them? What's your opinion?

Re BackUp: I have Carbonite running all the time for my files only; not entire system.

To tell you the truth, I am scared to death to go through this ComboFix process myself.

Link to post
Share on other sites

Good morning Trotafox,

It sounds like you might have some issues on your computer. I think those can be fixed.

Let's try one step at a time. Please give ComboFix a go. There isn't much to it; simply download the file from the link I gave you, and let it run. When it finishes it will produce a log for you. Just copy and paste those contents and post them in your reply. The same goes for the Malwarebytes Anti-Rootkit. These tools will run by themselves and all you will need to do is copy their logs.

As for your trial version of MBAM, there is no need to worry. When the two days have expired your version will automatically revert to the free version.

I hope that helps. :)

Link to post
Share on other sites

Hello, Dark Knight. Thank you for answering my questions. Glad to know that it will revert to the FREE version. I didn't want real time protection because of Norton 360.

Should I run a full system Malwarebytes scan right now before we do ComboFix?

Will the turning off of my Norton, etc. be while my wireless is still connected to Internet? Worried about access by my persistent never-ending IP attacker attempt going on.

I run Carbonite backup in background which I must freeze I guess temporarily.

So I can plans for being at my computer, approximately how long do you think this will take.

Link to post
Share on other sites

Good afternoon Trotafox,

Please scan with Malwarebytes and post a log.

When you run ComboFix, it will disable your internet connection temporarily so that you are not vulnerable. You will need to disable Norton as it can interfere with ComboFix. Please also disable Carbonite while ComboFix is running.

The scan will depend on your computer. It should roughly take no longer than 20 minutes.

Link to post
Share on other sites

Here is my Malwarebytes log. Took over 2 hours. Found 1 Trojan in the Google Chrome application.

I have a Java Update (jucheck.exe) that keeps flashing for my permission to update. I've canceled it but will that interfere with ComboFix run?

Malwarebytes Anti-Malware (Trial) 1.65.1.1000

www.malwarebytes.org

Database version: v2012.11.13.09

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

Karen :: KAREN-PC [administrator]

Protection: Enabled

11/14/2012 12:44:00 PM

mbam-log-2012-11-14 (12-44-00).txt

Scan type: Full scan (C:\|D:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 355422

Time elapsed: 2 hour(s), 18 minute(s), 56 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Program Files\Google\Chrome\Application\21.0.1180.83\chrome_frame_helper.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

Link to post
Share on other sites

HELP. My File Download did not give me a chance to save to my Desktop.

I found it in Downloads.

Right-clicked to moved it to Desktop menu.

Did a Desktop(Create Shortcut).

Cannot get it to appear on Desktop even though it shows up as a shortcut in the Desktop menu. I did it 4 times.

When I click on Combofix.exe, I get the disclaimer. I don't want to run it until I can get the icon on my Desktop.

I'm now reactivating my Norton while I'm waiting for your answer. Thank you.

Link to post
Share on other sites

In the Desktop folder, I'm right-clicking on: Send To/Desktop/Create Shortcut

I can't get the icon to show up.

OK. I've decided not to run ComboFix. I cannot wait for 4-5 hours to have an answer to my questions. Because of that delay, I am not confident of your immediate response in the event something doesn't go right and my computer goes down. I will continue running full scans of Malwarebytes on a regular basis. You may close this topic.

Thank you.

Link to post
Share on other sites

Good morning Trotafox,

Please delete all tools you have downloaded.

=====

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future. :thumbup:

IMPORTANT: Please enable Automatic Updates under Start > Control Panel > Automatic Updates to ensure your Windows updates regularly. This is extremely important in ensuring you remain protected against vulnerabilities and infections. This is a crucial security measure.

As a minimum, you need at least an antivirus, firewall and some type of anti-spyware program.

Please consider installing and running the following program (there is a free version available):

SpywareBlaster

A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster, can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you may be able to find out if it is a rogue here:

http://www.spywarewarrior.com/rogue_anti-spyware.htm

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and Add-ons, like Adblock Plus and NoScript, can make it even more secure. To avoid dangerous sites Web of Trust or McAfee SiteAdvisor can be installed. Google Chrome or Opera are other good options.

Two useful programs for keeping your programs up-to-date are FileHippo or Secunia PSI. Running one of these regularly will help you obtain the latest program updates.

Please also read Tony Klein's excellent article: How did I get infected in the first place.

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help. :)

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.