Jump to content

possible malware on my computer

EqualMight

By EqualMight
in Resolved Malware Removal Logs

 Share

Recommended Posts

EqualMight

EqualMight

Posted
Posted

Ok so I was on my old computer just browsing the web when I noticed something was trying to load as I saw the loading icon appear next to the mouse cursor. At first I didn't think much of it, but then for a split second while I was browsing the command prompt window open and closed really quick. At this point I knew something was up, so I immediately closed the browser, opened my task manager and saw two suspicious processes trying to run. One of these was "HotFixInstaller.exe" and another one I can't quite remember, it had a long name along the lines of "ND_______.exe". I ended the process tree on both processes and blocked all traffic on Comodo Firewall and put Defense+ on paranoid mode so no programs could be run without my permission. I then went into safemode with networking, updating Malwarebytes and performed a quick scan, which oddly enough came back clean. I then booted up into normal mode and did the same scan, nothing was found either. Scanned with AVG... nothing. Scanned with TDSSKiller... and nothing. At this point I went into my temp files to see if I could find the files I saw in task scheduler thought couldn't find it. I'm hoping that I terminated the processes before the could infect the computer, but I think they could still be on my PC. I'm not experiencing any issues at the moment, but I thought I'd leave it up to a professional. Thanks!

 

 

dds.txt

attach.txt

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Hello EqualMight! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
I don't think your system is infected. HotFixInstaller.exe is HOTIRON Hotfix Installer belongs to software Microsoft Visual Studio.

Step 1

Please uninstall this application: µTorrent .

Step 2

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

      Save it to your Desktop.

    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
Link to post
Share on other sites
EqualMight

EqualMight

Posted
  • Author
Posted

C:\Documents and Settings\Owner\Local Settings\Temp\AskSLib.dll    a variant of Win32/Bundled.Toolbar.Ask application    cleaned by deleting - quarantined
C:\Documents and Settings\Owner\Local Settings\Temp\NeroInstallFiles\NERO20120813151223929\ISSetupPrerequisites\neroAskToolbar\ApnIC.dll    a variant of Win32/Bundled.Toolbar.Ask application    cleaned by deleting - quarantined
C:\Documents and Settings\Owner\Local Settings\Temp\NeroInstallFiles\NERO20120813151223929\ISSetupPrerequisites\neroAskToolbar\ApnToolbarInstaller.exe    a variant of Win32/Bundled.Toolbar.Ask application    cleaned by deleting - quarantined
C:\Documents and Settings\Owner\My Documents\Downloads\cbsidlm-tr1_10a-Inspiration-ORG-10209250.exe    Win32/DownloadAdmin.G application    cleaned by deleting - quarantined
C:\Documents and Settings\Owner\My Documents\Downloads\CVPiano.rar    Win32/PrcView application    deleted - quarantined
C:\Documents and Settings\Owner\My Documents\Downloads\CVPiano\CVPiano\CVPiano-GVI-Modeled_Setup.exe    Win32/PrcView application    cleaned by deleting - quarantined
 

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Step 1

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 2

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Clean.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.
Step 3

Download TFC to your desktop

  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean
In your next reply, post the following log files:
  • Junkware Removal Tool log
  • AdwCleaner log
Link to post
Share on other sites
EqualMight

EqualMight

Posted
  • Author
Posted

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:3)
OS: Microsoft Windows XP x86
Ran by Owner on Wed 23/10/2013 at 16:38:29.31
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211181104}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\Owner\Local Settings\Application Data\coupon companion plugin"
Successfully deleted: [Folder] "C:\Documents and Settings\Owner\Local Settings\Application Data\updater21804"
Successfully deleted: [Folder] "C:\Program Files\coupon companion plugin"
Successfully deleted: [Folder] "C:\Program Files\driver-soft"



~~~ FireFox

Successfully deleted the following from C:\Documents and Settings\Owner\Application Data\mozilla\firefox\profiles\yie2v80t.default-1357885241531\prefs.js

user_pref("extensions.crossrider.bic", "13ce7139f3cf7f3239ea387b1c3dbce7");





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 23/10/2013 at 16:45:42.18
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

# AdwCleaner v3.010 - Report created 23/10/2013 at 16:51:34
# Updated 20/10/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Owner - USER-D223DF0E53
# Running from : C:\Documents and Settings\Owner\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v24.0 (en-GB)

[ File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yie2v80t.default-1357885241531\prefs.js ]


*************************

AdwCleaner[R0].txt - [1159 octets] - [23/10/2013 16:51:04]
AdwCleaner[s0].txt - [1088 octets] - [23/10/2013 16:51:34]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1148 octets] ##########
 

 

As for the Temp File Cleaner I can't seem to get it to work. When I hit start is starts no responding at "ending processes"

 

Thanks

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

No, Coupon is adware, so is true.

Let's clean temp files to make sure that folder is empty:

Download TFC to your desktop

  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean
Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
EqualMight

EqualMight

Posted
  • Author
Posted

Ok I ran the TFC once again like you said and things we're running fine for the past few days. Although today when I woke up explorer.exe seems to freeze about 10 seconds after start up. I am able to click on icons but it'll freeze/not respond if I try click on it. I'm currently in safe mode with networking. Tried scanning with Malwarebytes which found nothing... tried disabling start-up items in "msconfig" and that didn't work... I also tried a possible fix I found on google to change the ObjectName of registry HKEY_LOCAL_MACHINE\SYSTEM\CurrentCotrolSet\Services\RpcSs from "NT Authority\NetworkService" to "LocalSystem"

and that also didn't seem to work... Any ideas?

 

Thanks.

Link to post
Share on other sites
EqualMight

EqualMight

Posted
  • Author
Posted

Update: I spent hours trying to fix it, and I'm not sure how, but I somehow got it to work. I tried so many things that I'm not sure how I did it. Although it seemed to work after I uninstalled Malwarebytes and disabled all start up's in "msconfig" (I did all this in safe mode). Restarted and it seemed to work. I'm installing MBAM again right now and started up AVG and Comodo Firewall again. So I guess it was one of the start up's that was causing the problem... I've left all the start up program in "msconfig" unchecked until you can help me!

 

Thanks!

Link to post
Share on other sites
  • 4 weeks later...
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.