Christofferz Posted June 21, 2013 ID:693842 Share Posted June 21, 2013 Hello all! I have a problem, I suspect that my computer has been infected, but nothing I cannot seem to find it. Although, I am not sure if it's actually infected, or if something's just glitched.The effect is that from time to time, random tabs in my browser (Chrome) opens. The interesting thing is that the tabs are websites are never loaded and there's always something related to what I'm currently doing in the URL. I did a search with both malwarebytes and HitmanPro, and found a few things that might have caused the problem and I thought that the problem would be solved, however, it occured again now. I have attached the Hijackthis logfile. Neither Hitman Pro or Malwarebytes have found anything on the last scans.hijackthis.log Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted June 21, 2013 Root Admin ID:693889 Share Posted June 21, 2013 Please download Malwarebytes Anti-Rootkit from HEREUnzip the contents to a folder in a convenient location.Open the folder where the contents were unzipped and run mbar.exeFollow the instructions in the wizard to update and allow the program to scan your computer for threats.Click on the Cleanup button to remove any threats and reboot if prompted to do so.Wait while the system shuts down and the cleanup process is performed.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt Link to post Share on other sites More sharing options...
Christofferz Posted June 21, 2013 Author ID:693985 Share Posted June 21, 2013 Hello, I checked with the root-kit as well, and no malware was found, Attached the two log-files here; Thank youmbar-log-2013-06-21 (10-39-31).txtsystem-log.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted June 21, 2013 Root Admin ID:693987 Share Posted June 21, 2013 Please download the following scanner from Kaspersky and save it to your computer: TDSSkiller Then watch the following video on how to use the tool and make sure to temporarily disable your security applications before running TDSSkiller. PC Winvids - How to run Kaspersky TDSSKiller If any infection is found please make sure to choose SKIP and post back the log in case of a False Positive detection. Once the tool has completed scanning make sure to re-enable your other security applications. Link to post Share on other sites More sharing options...
Christofferz Posted June 21, 2013 Author ID:693988 Share Posted June 21, 2013 Hello again, and thank you for all your help! This is the logfile from the tdskiller, it shows one threat, something unsigned that appears to be from Intel, however, I am not sure if this is a false positive or something nasty. Thank youTDSSKiller.2.8.18.0_21.06.2013_11.21.11_log.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted June 21, 2013 Root Admin ID:693990 Share Posted June 21, 2013 That log was good and the file it listed is not an issue. Let me have you run this online scan to help look for any potential threats. Go here to run an online scannner from ESET.Note: You will need to use Internet explorer for this scan or download an installer if using another browserTurn off the real time scanner of any existing antivirus program while performing the online scanTick the box next to YES, I accept the Terms of Use.Click StartWhen asked, allow the activex control to installClick StartMake sure that the option Remove found threats is unticked and the Scan Archives option is ticked.Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.Click ScanWait for the scan to finishUse notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txtCopy and paste that log as a reply to this topic and also let me know how things are now. Link to post Share on other sites More sharing options...
Christofferz Posted June 23, 2013 Author ID:694659 Share Posted June 23, 2013 Currently scanning...It found a few "variants of toolbar", which is nothing I recognise (babylon, AZ and some other things). So I'm just gonna go ahead and remove them (If I'll be able to).This is the punishment for not being awake while installing a program without double checking that there'll be no toolbars and other stuff as well. I'll link the log when it's done as well, but since it clearly states toolbars (which is nothing I use to start with), I'm just gonna remove these. Link to post Share on other sites More sharing options...
Christofferz Posted June 23, 2013 Author ID:694663 Share Posted June 23, 2013 Here's the log form the scan, and there are a few nasty things. I'll run the scan again and delete the threats since they're all something I don't want. C:\Users\Christoffer\AppData\Local\Temp\ICReinstall_ZipOpenerSetup (1).exe Win32/InstallCore.BN.Gen applicationC:\Users\Christoffer\AppData\Local\Temp\ICReinstall_ZipOpenerSetup (2).exe Win32/InstallCore.BN.Gen applicationC:\Users\Christoffer\AppData\Local\Temp\Setup__2338_il359057 (1).exe a variant of Win32/Amonetize.D applicationC:\Users\Christoffer\AppData\Local\Temp\Setup__2338_il359057.exe a variant of Win32/Amonetize.D applicationC:\Users\Christoffer\AppData\Local\Temp\10022171.Uninstall\uninstaller.exe a variant of Win32/InstallCore.AZ applicationC:\Users\Christoffer\AppData\Local\Temp\1AD85436-BAB0-7891-A98C-BEF0ED583AE4\Latest\BExternal.dll a variant of Win32/Toolbar.Babylon.C applicationC:\Users\Christoffer\AppData\Local\Temp\1AD85436-BAB0-7891-A98C-BEF0ED583AE4\Latest\IEHelper.dll Win32/Toolbar.Babylon.E applicationC:\Users\Christoffer\AppData\Local\Temp\1AD85436-BAB0-7891-A98C-BEF0ED583AE4\Latest\Setup.exe a variant of Win32/Toolbar.Babylon.E applicationC:\Users\Christoffer\AppData\Local\Temp\8207093.Uninstall\uninstaller.exe a variant of Win32/InstallCore.AZ applicationC:\Users\Christoffer\AppData\Local\Temp\is357113909\DeltaTB.exe a variant of Win32/Toolbar.Babylon.E applicationC:\Users\Christoffer\AppData\Local\Temp\is357113909\uninstaller.exe a variant of Win32/InstallCore.AZ applicationC:\Users\Christoffer\Downloads\cbsidlm-tr1_13-SpeedFan-ORG-10067444.exe Win32/DownloadAdmin.G applicationC:\Users\Christoffer\Downloads\Setup__2338_il359057 (1).exe a variant of Win32/Amonetize.D applicationC:\Users\Christoffer\Downloads\Setup__2338_il359057.exe a variant of Win32/Amonetize.D applicationC:\Users\Christoffer\Downloads\ZipOpenerSetup (1).exe Win32/InstallCore.BN.Gen applicationC:\Users\Christoffer\Downloads\ZipOpenerSetup (2).exe Win32/InstallCore.BN.Gen applicationC:\Users\Christoffer\Downloads\ZipOpenerSetup.exe Win32/InstallCore.BN.Gen application Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted June 24, 2013 Root Admin ID:695003 Share Posted June 24, 2013 STEP 01Backup the Registry:Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.Please download ERUNT from one of the following links: Link1 | Link2 | Link3 ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed. Double click on erunt-setup.exe to Install ERUNT by following the prompts. Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process. Choose a location for the backup.Note: the default location is C:\Windows\ERDNT which is acceptable. [*]Make sure that at least the first two check boxes are selected. [*]Click on OK [*]Then click on YES to create the folder.Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exeSTEP 02Please download Junkware Removal Tool to your desktop.Shutdown your antivirus to avoid any conflicts. Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP. The tool will open and start scanning your system. Please be patient as this can take a while to complete. On completion, a log (JRT.txt) is saved to your desktop and will automatically open. Post the contents of JRT.txt into your next reply message When completed make sure to re-enable your antivirusSTEP 03Please download AdwCleaner by Xplode to your desktop.Close all open programs and internet browsers. Double click on AdwCleaner.exe to run the tool. If prompted by the User Account Control click Yes to allow it to run. Under Actions click on the Delete button. Click OK on all prompts. You will be prompted to restart your computer. A text file will open after the restart. Please post the entire contents of that logfile to your next reply. You can find the logfile at C:\AdwCleaner[s1].txt where the number in brackets indicates how often it was run.STEP 04Next, download Security Check from here or here.Save it to your Desktop. Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document. Link to post Share on other sites More sharing options...
Christofferz Posted June 29, 2013 Author ID:696997 Share Posted June 29, 2013 Sorry for the delay, I was on holiday during the week. But thank you for all your help and I hope that you are willing to continue helping me, even though I had this break. I ran these scans now, and the result is as following: JRT Scan: ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\tarma installer"Successfully deleted: [Folder] "C:\Users\Christoffer\appdata\local\swvupdater" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on 29/06/2013 at 21:07:24.63End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ AdwCleaner log: # AdwCleaner v2.303 - Logfile created 06/29/2013 at 21:12:27# Updated 08/06/2013 by Xplode# Operating system : Windows 8 (64 bits)# User : Christoffer - CHRIS# Boot Mode : Normal# Running from : C:\Users\Christoffer\Downloads\AdwCleaner.exe# Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** File Deleted : C:\windows\Tasks\DSite.jobFolder Deleted : C:\Users\Christoffer\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjoijdanhaiflhibkljeklcghcmmfffhFolder Deleted : C:\Users\Christoffer\AppData\Roaming\DSite ***** [Registry] ***** Key Deleted : HKCU\Software\BabSolutionKey Deleted : HKCU\Software\InstallCoreKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCSKey Deleted : HKLM\SOFTWARE\Wow6432Node\5d6ddd8e734e913Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}Key Deleted : HKLM\SOFTWARE\Tarma Installer ***** [internet Browsers] ***** -\\ Internet Explorer v10.0.9200.16537 [OK] Registry is clean. -\\ Google Chrome v27.0.1453.116 File : C:\Users\Christoffer\AppData\Local\Google\Chrome\User Data\Default\Preferences ************************* AdwCleaner[s1].txt - [1590 octets] - [29/06/2013 21:12:27] ########## EOF - C:\AdwCleaner[s1].txt - [1650 octets] ##########Security Check logfile: Results of screen317's Security Check version 0.99.68 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Windows Defender Norton Internet Security WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Java 7 Update 21 Java version out of Date! Google Chrome 27.0.1453.110 Google Chrome 27.0.1453.116 ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` Thank you a lot! Link to post Share on other sites More sharing options...
Christofferz Posted June 30, 2013 Author ID:697159 Share Posted June 30, 2013 Does it look safe enough? Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 1, 2013 Root Admin ID:697406 Share Posted July 1, 2013 Please uninstall ALL versions of Java and let me know if there are anymore signs of an infection or other issues then before we close up here. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 8, 2013 Root Admin ID:700094 Share Posted July 8, 2013 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts