Jump to content

Cleaning my PC


Recommended Posts

Hello everyone.

I was searching on Google about virus on Onedrive. Then, I clicked on 2 websites (I only go to trusted websites)

 

I clicked on these two here:

 

- http:/[/]help.overdrive[dot]com/customer/portal/articles/1481229-what-to-do-if-your-on-access-anti-virus-software-is-preventing-you-from-opening-a-title-you-ve-just-downloaded

- http:/[/]microsoft-onedrive.en.lo4d[dot]com/virus-malware-tests

 

Added the [dot] and [/] to prevent people clicking it.

 

Even if Virus Total said that those websites were safe, Google Safebrowsing website told me that the second website had some virus.

 

Just to know, are those websites safe? If not, I'm ready todo any scan.

 

 

Thank you guys for the help.

Link to post
Share on other sites

Hello everyone!

 

I know that I created another thread, about visiting some strange websites.

After some searches on Google, looks like that they're clean websites.

But, anyway, for security, I used the FRST program to test if my PC is okay.

 

So, can someone help me to test if my PC is safe? (please note that even if I'm infected now, maybe the infection came before visiting those websites, but that's really unlikely, since I only visit websites that I know that are safe (except those that I visited in the other thread, I clicked without thinking.))

 

 

Thank you guys for helping me.

 

 

 

Addition.txt

FRST.txt

Link to post
Share on other sites

Sorry for the double post.

 

But I forgot to say that I did 3 scans:

- Malwarebytes on Safe mode (no infections)

- Avast on Administrator account (no infections)

- ESET Online Scanner on Administrator account (no infections)

 

Also, before doing the ESET scan, I disabled the Avast anti-virus.

But, I forgot to turn it on (Luckly, I only visited a post on facebook and sent an e-mail).

Link to post
Share on other sites

Hello Aya_Tachibana, welcome to Malwarebytes' Malware Removal forum!
 
My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that. xsmile.png.pagespeed.ic.CwSpBGGvqN.png
 
General P2P/Piracy Notice: 
 

If you are using Peer to Peer (P2P) filesharing software such as uTorrent, BitTorrent or similar you must either fully uninstall or completely disable the programme(s) from running whilst receiving assistance at this forum. 
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
If you have illegal/cracked/keygen or similar software on the computer, please remove/uninstall the software now and read the policy on Piracy. Failure to do so will also result in your topic being closed.

 
======================================================
 
Please read through the points below to ensure this process moves as quickly and efficiently as possible.

  • Please read through my instructions thoroughly, and ensure you carry out each step in the order specified.
  • Please do not post logs using the CODEQUOTE or ATTACHMENT format. Logs should be posted directly in plain text. If you receive an error whilst posting, please break the log in half and use multiple posts.
  • Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in ascertaining the current situation & providing the best set of instructions for you.
  • Please backup important documents before proceeding with my instructions.
  • If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before you run anything.
  • Topics are locked if no response is made after 4 days. Please inform me if you will require additional time to complete my instructions.

======================================================
 
Your logs are clean. :)


Malwarebytes on Safe mode (no infections)

 
Some security tools such as anti-rootkit scanners (ARKs) and programmes with anti-rootkit technology use special drivers which are required for the scanning and removal process. These tools are designed to work in Normal Mode because the drivers will not load in Safe Mode which lessens the scan's effectiveness. Other security tools are optimized to run from Normal Mode where they are most effective. For example, Malwarebytes Anti-Malware is designed to run at full capacity when malware is running so using Safe Mode is not necessary. In fact, Malwarebytes loses effectiveness for detection and removal when used in SafeMmode. For optimal efficiency, Normal Mode is recommended so it does not limit the abilities of Malwarebytes.
 
If you wish to rerun MBAM in Normal Mode then by all means go ahead. But based on your logs so far I do not believe anything will be detected. 
 
Lets run a few more scans to double-check.
 
STEP 1
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    start2014-08-22 12:18 - 2014-09-19 18:53 - 00109056 ___SH () C:\Users\Nori-chan\Downloads\Thumbs.dbFolder: C:\tmpCMD: ipconfig /flushdns CMD: netsh winsock reset allCMD: netsh int ipv4 reset CMD: netsh int ipv6 reset CMD: bitsadmin /reset /allusers EmptyTemp: end
  • Click File, Save As and type fixlist.txt as the File Name.
  • Important: The file must be saved in the same location as FRST64.exe.

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
     

STEP 2
BY4dvz9.png AdwCleaner

  • Please download AdwCleaner and save the file to your Desktop.
  • Right-Click AdwCleaner.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts.
  • Click Scan.
  • Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate.
  • Ensure anything you know to be legitimate does not have a checkmark, and click Clean.
  • Follow the prompts and allow your computer to reboot.
  • After rebooting, a log (AdwCleaner[s0].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.
 
 
STEP 3
E3feWj5.png Junkware Removal Tool (JRT)

  • Please download Junkware Removal Tool and save the file to your Desktop.
  • Note: If you unchecked any items in AdwCleaner, please backup the associated folders/files before running JRT.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Right-Click JRT.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts and allow the scan to run uninterrupted.
  • Upon completion, a log (JRT.txt) will open on your desktop.
  • Re-enable your anti-virus software.
  • Copy the contents of JRT.txt and paste in your next reply.
     

======================================================
 
STEP 4
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Fixlog.txt
  • AdwCleaner[s0].txt
  • JRT.txt
Link to post
Share on other sites

I think that the program called Blender created that folder, since even Blender tells me that I used C:\tmp recently.

In that folder, there's a lot of pictures, but every picture is 100% black (because I failed on rendering)

 

I don't know if the folder was deleted before or not (because of the programs that I used, like adwcleaner), but it's still here, and I can easily remove it, if you want (deleting or not will  not make much difference here)

Link to post
Share on other sites

Hi Aya, 
 
No, that's fine. You can leave the folder. 
Lets run one final scan to double-check. 
 
7D2ig3K.png Emsisoft Emergency Kit (Portable)

  • Please download Emsisoft Emergency Kit and save the file to a your Desktop.
  • Double-click EmsisoftEmergencyKit.exe.
  • Click Extract.
  • Upon completion, double-click the Emsisoft Emergency Kit shortcut on your Desktop to start the programme.
  • Click Yes to update the programme definitions.
  • Click Yes to detect Potentially Unwanted Programs (PUP's).
  • Click Scan now.
  • Select Full Scan and click Scan.
  • Close any High Risk notification screen that may appear.
  • When the scan is finished click Quarantine selected objects if malicious objects were found.
  • Click View Report, and open the most recent log. 
  • Copy the contents of the log and paste in your next reply.
Link to post
Share on other sites

Hello Adam.

Here is the log:

 

Emsisoft Anti-Malware Free - Versão 9.0
Última atualização 23/09/2014 18:48:24
User account: Nori-laptop\Nazuna
 
Configuração do exame:
 
Tipo de exame: Exame Profundo
arquivos: Rootkits, Memória, Rastros, C:\
 
Detect PUPs: Ligado
Análise de arquivos: Ligado
Análise de ADS: Ligado
Extensão de arquivo: Desligado
Caching avançado: Ligado
Acesso direto ao disco: Desligado
 
Início do exame: 23/09/2014 18:49:11
Value: HKEY_USERS\S-1-5-21-3515020605-1485836062-4049228841-1006\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detectados: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-21-3515020605-1485836062-4049228841-1006\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detectados: Setting.DisableRegistryTools (A)
 
Analisados: 481675
Achado 2
 
Fim do exame: 23/09/2014 19:33:27
Duração do exame: 0:44:16
 
Value: HKEY_USERS\S-1-5-21-3515020605-1485836062-4049228841-1006\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS Em quarentena Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-21-3515020605-1485836062-4049228841-1006\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR Em quarentena Setting.DisableTaskMgr (A)
 
Em quarentena 2
Link to post
Share on other sites

Looks good, Aya. 

Now for the good news. 

 

All Clean!
Congratulations, your computer appears clean!   :)
I see no signs of malware on your computer, and feel satisfied that our work here is done. The steps below will remove the tools we have used, and reset any settings changed. I have also provided a list of resources and tools that you may find useful
 
My help will always be free. But if you are happy with the help provided, and would like to support my fight against malware and/or buy me a beer, please consider a donation. YSCcjW7.png
 
 

STEP 1
AFZxnZc.jpg DelFix

  • Please download DelFix and save the file to your Desktop.
  • Double-click DelFix.exe to run the programme.
  • Place a checkmark next to the following items:
    • Activate UAC
    • Remove disinfection tools
    • Create registry backup
    • Purge system restore
    • Reset system settings
  • Click the Run button.

-- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).
 
======================================================
 
Below I have compiled a list of resources you may find useful. The articles document information on computer security, common infection vectors and how you can stay safe on the Internet.

The following programmes come highly recommended in the security community.

  • xKsUqI5A.png.pagespeed.ic.vn1Hlvqi8h.jpg AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.
  • x7D2ig3K.png.pagespeed.ic.x4TC1AK8OX.jpg Emsisoft Antimalware (free) acts as an additional on-demand scanner, and can be used in conjunction with your Anti-Virus.
  • EG85Vjt.png Malwarebytes Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
  • x6YRrgUC.png.pagespeed.ic.HjgFxjvw2Z.jpg Malwarebytes Anti-Malware Premium (MBAM) incorporates real-time protection and is designed to run alongside your Anti-Virus.
  • xjv4nhMJ.png.pagespeed.ic.A5YbWn1eDO.png NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
  • 3O8r9Uq.png Sandboxie isolates programmes of your choice, preventing files from writing to your HDD unless you approve the file.
  • DgW1XL2.png.pagespeed.ce.v1OlJl_ZAS.png Secuina PSI will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you.
  • xj1OLIec.png.pagespeed.ic.k6hhwopU0q.jpg SpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
  • xsHjS79L.png.pagespeed.ic.n4Sk8_GzZn.jpg Unchecky automatically removes checkmarks for additional software in programme installers, helping you avoid adware and PUPs.
  • xJEP5iWI.png.pagespeed.ic.4tmM1lM7DQ.png Web of Trust (WOT) is a browser add-on designed to alert the user before interacting with a potentially malicious website. 

-- Please feel free to ask if you have any questions or concerns on computer security or the programmes above.
 
======================================================
 
Please confirm you have no outstanding issues, and are happy with the state of your computer. Once I have confirmation things are in order, we can wrap things up and I will close this thread. 
 
Thank you for using Malwarebytes.
 
Safe Surfing.  :) 
Adam (LiquidTension).

Link to post
Share on other sites

Emsisoft Portable cannot be uninstalled; only deleted. You simply need to delete the icon (right-click + Delete) if you so wish. Or, as you say, you can keep Emsisoft and run a weekly/fortnightly scan in conjuction with an MBAM scan to maintain security.

Temporary files, browser/DNS cache, etc build up over time. We cleared these temporary files out, which is why you've seen an increase in free space.

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.