Jump to content

Told by helper in other forum that I'm infected.


Recommended Posts

  • Replies 51
  • Created
  • Last Reply

Top Posters In This Topic

You have to understand that I'm not affiliated with Malwarebytes or Malwarebytes Anti-Malware.

I help people rid their computers of malware and can only give very limited support for Malwarebytes Anti-Malware.

-----------------------------

It may be a conflict problem with one of the programs on the system or even a W8 problem.

Have you disabled Norton and see how it is???

You can also do a clean boot to see if you can spot something.

http://winaero.com/blog/how-to-perform-a-clean-boot-of-windows-8-and-windows-8-1-to-diagnose-issues/

MrC

Link to post
Share on other sites

Turning off Norton doesn't affect anything.

 

I have a question about the clean boot--doesn't that mean that MB won't run at start-up, so there won't be any problem of MB using too much cpu? Sorry, maybe I'm misreading the link, but it seems like I'll be turning it off, so of course it won't be a problem. Sorry if I'm misunderstanding. 

Also, could you tell me if the initial logs that sent me here are clear there's an infection, or could it also be a conflict? I have everything backed up, I was getting to the point of pulling a "do-over" with Windows, the only thing I'd lose are a few programs I got as giveaways. But if it's just a case of MB, I'd rather do that than restore the computer and still have the same issue.

Lastly, I sent you a little snack money via PayPal about a half an hour ago. Your time is worth more, but I live and work in a commune in NYC, so--low wages, high cost of living. I appreciate your help, though.

Link to post
Share on other sites

I have a question about the clean boot--doesn't that mean that MB won't run at start-up, so there won't be any problem of MB using too much cpu? Sorry, maybe I'm misreading the link, but it seems like I'll be turning it off, so of course it won't be a problem. Sorry if I'm misunderstanding.

You'll have to play around with it, try to keep MB running and disable other items

Also, could you tell me if the initial logs that sent me here are clear there's an infection, or could it also be a conflict?

You had some adware and there's some errors involving this program:

 

Error: (09/23/2014 07:25:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: VideoConverterFactoryPro.exe, version: 7.0.0.0, time stamp: 0x541844cc
Faulting module name: avcodec-55.dll, version: 55.52.102.0, time stamp: 0x53cf232a
Exception code: 0xc0000005
Fault offset: 0x007485ce
Faulting process id: 0x1a74
Faulting application start time: 0xVideoConverterFactoryPro.exe0
Faulting application path: VideoConverterFactoryPro.exe1
Faulting module path: VideoConverterFactoryPro.exe2
Report Id: VideoConverterFactoryPro.exe3
Faulting package full name: VideoConverterFactoryPro.exe4

 


I have everything backed up, I was getting to the point of pulling a "do-over" with Windows, the only thing I'd lose are a few programs I got as giveaways. But if it's just a case of MB, I'd rather do that than restore the computer and still have the same issue.

I'm not sure what the problem is


======================================

Just to make sure I missed something, run this scan:

Please run a free online scan with the ESET Online Scanner (it may take a while to run)
Note: You will need to use Internet Explorer for this scan.
First please Disable any Antivirus you have active, as shown in This Topic

Note: Don't forget to re-enable it after the scan.
http://www.eset.eu/online-scanner
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats is unchecked and the option Scan unsafe applications is checked
Click Advanced settings and select the following:

ceba8c51-8f88-44b9-ad41-5f07ba8351b1.png

Click Start
Wait for the scan to finish
If threats were found:
Click on "list of threats found"
Click on "export to text file" and save it as ESET SCAN and save to the desktop
Click on back
Put a checkmark in "Uninstall application on close"
Click on finish
Post back the log.....MrC

Link to post
Share on other sites

Please manually delete these:

C:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Package\Ask\AskPIP_FF_.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application

C:\Program Files (x86)\SecurityXploded\BrowserPasswordRemover\BrowserPasswordRemover.exe a variant of Win32/SecurityXploded.A potentially unsafe application
C:\Users\Matt\Videos\Shortcuts\Browse\BrowserPasswordRemover.exe a variant of Win32/SecurityXploded.A potentially unsafe application

C:\Users\Matt\Videos\Shortcuts\Apps\My Favorite Apps\FFSetup3.3.4.0.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application

C:\Users\Matt\Videos\Shortcuts\Apps\My Favorite Apps\FreeAudioConverter.exe Win32/OpenCandy potentially unsafe application

C:\Users\Matt\Videos\Shortcuts\Apps\My Favorite Apps\FreemakeVideoDownloaderSetup.exe a variant of Win32/OpenCandy.A potentially unsafe application

C:\Users\Matt\Videos\Shortcuts\Apps\My Favorite Apps\GOMPLAYERENSETUP.EXE Win32/OpenCandy potentially unsafe application

C:\Users\Matt\Videos\Shortcuts\Apps\My Favorite Apps\InstallFreeRARExtractFrog.exe Win32/OpenCandy potentially unsafe application

C:\Users\Matt\Videos\Shortcuts\Apps\My Favorite Apps\spsetup126.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

MrC

Link to post
Share on other sites

Oh, I had such high hopes for this. But it was still running 20-40% with lots of "not responding" from task manager. I used clean-uninstall and used the build you specified and then I checked to make sure none of the files you had me delete had magically reappeared. They hadn't. So, I guess I won't have it run when Windows starts and I'll set a reminder to manually run a scan every few days, which isn't that big of a deal. 

 

And I've learned a lesson that free software isn't always free.

Link to post
Share on other sites

No problems in safe mode. Started turning start-up programs off and it took me about ten seconds to figure out it's KeyScrambler that's conflicting. Which seems to make sense, given its function. 

 

So, resolution? Feels like victory from here. Kind of kicking myself for not trying it sooner, but I'm still glad we caught the stuff in the Eset scan you suggested.  

 

Any recommendations on a good key scrambler, or do I even need one? 

Link to post
Share on other sites

Good........

You might ask that question in your original topic or in General Chat:

https://forums.malwarebytes.org/index.php?/forum/35-general-chat/

===========================

If there's no other problems............

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
MrC
Link to post
Share on other sites

 Results of screen317's Security Check version 0.99.87  

   x64 (UAC is enabled)  

 Internet Explorer 11  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

Windows Defender           

Norton Internet Security   

 WMI entry may not exist for antivirus; attempting automatic update. 

`````````Anti-malware/Other Utilities Check:````````` 

 SlimCleaner     

 Adobe Reader XI  

 Mozilla Firefox 29.0.1 Firefox out of Date!  

 Google Chrome 37.0.2062.120  

 Google Chrome 37.0.2062.124  

````````Process Check: objlist.exe by Laurent````````  

 Malwarebytes Anti-Malware mbamservice.exe  

 Malwarebytes Anti-Malware mbam.exe  

 Malwarebytes Anti-Malware mbamscheduler.exe   

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C:  % 

````````````````````End of Log`````````````````````` 
Link to post
Share on other sites

OK, then you're good......

A little clean up to do....

Please Uninstall ComboFix: (------->if you used it<-------)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter. (it may look like CF is re-installing but it's not)

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

bwebb7v.jpgDownload Delfix from here and save it to your desktop. (you may already have this)

  • Ensure Remove disinfection tools is checked.
  • Click the Run button.
  • Reboot
Any other programs or logs that are still remaining, you can manually delete. (right click.....Delete)

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall.

Note:

If you used FRST and can't delete the quarantine folder:

Download the fixlist.txt to the same folder as FRST.exe.

Run FRST.exe and click Fix only once and wait

That will delete the quarantine folder created by FRST.

The rest you can manually delete.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.