Jump to content

palmpre-hacks.com


ebarke

Recommended Posts

Results of screen317's Security Check version 0.99.89
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Defender
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Panda Cloud Cleaner
Visual Studio Extensions for Windows Library for JavaScript
Visual Studio Extensions for Windows Library for JavaScript 1.0.9200.20789
JavaScript Tooling
Visual Studio Extensions for Windows Library for JavaScript
JavaScript Tooling
Visual Studio Extensions for Windows Library for JavaScript
Java version out of Date!
Adobe Reader XI
Mozilla Firefox 29.0.1 Firefox out of Date!
Google Chrome 38.0.2125.101
Google Chrome 38.0.2125.104
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSMpEng.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbam.exe
Malwarebytes Anti-Malware mbamscheduler.exe
Windows Defender MpCmdRun.exe
Common Files Microsoft Shared Microsoft Online Services MSOIDSVC.EXE
Common Files Microsoft Shared Microsoft Online Services MSOIDSvcm.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

Link to post
Share on other sites

  • Root Admin

The logs still show some Java apps. Please look again for anything Java in your Control Panel, Add/Remove and uninstall, then run the JavaRA removal tool again.

 

Please update your Firefox browser. Then reset it using the instructions below. This should also reset IE

 

 

Please visit each of the following sites and lets reset all of your browsers back to defaults to prevent unexpected issues.
If you are not using one of the browsers but it is installed then you may want to consider uninstalling it as older versions of some software can pose an increase in the potential for an infection to get in.

Internet Explorer
How to reset Internet Explorer settings

Firefox
Click on Help / Troubleshooting Information then click on the Reset Firefox button.

Chrome
Start by disabling Sync
How To Delete Your Google Chrome Browser Sync Data
Chrome - Reset browser settings
If that fails then Uninstall Google Chrome and do not reinstall until sure the system is clean.
 

Link to post
Share on other sites

Ok, I've done all above, I think the java stuff that was reported is javascript files used by Visual studio for development.  I need those to work.  I couldn't find any installation of Java anywhere.  I also only use fire fox to test website development, and chrome is used slightly more, but IE is my main browser.  I've only seen this issue when running IE.

 

I haven't seen malwarebytes block anything in the last few days, don't know if it's coincidental or something got rid of it.

Link to post
Share on other sites

  • Root Admin

An IE reset probably fixed it as it's just a redirect "trick" of sorts. Unless there is something else then we should be done here now.

 

 

At this time there are no more signs of an infection on your system.
However if you are still seeing any signs of an infection please let me know.

Let's go ahead and remove the tools and logs we've used during this process.

Most of the tools used are potentially dangerous to use unsupervised or if ran at the wrong time.
They are often updated daily so if you went to use them again in the future they would be outdated anyways.

The following procedures will implement some cleanup procedures to remove these tools.
 
bwebb7v.jpgDownload Delfix from here and save it to your desktop. (you may already have this)

  • Ensure Remove disinfection tools is checked.
  • Click the Run button.
  • Reboot

Any other programs or logs that are still remaining, you can manually delete. (right click.....Delete)
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall.

Note:
If you used FRST and can't delete the quarantine folder:
Download the fixlist.txt to the same folder as FRST.exe.
Run FRST.exe and click Fix only once and wait
That will delete the quarantine folder created by FRST.
The rest you can manually delete.
 
 
If there are any other left over Folders, Files, Logs then you can delete them on your own.
 
Please visit the following link to see how to delete old System Restore Points. Please delete all of them and create a new one at this time.
How to Delete System Protection Restore Points in Windows 7 and Windows 8

Remove all but the most recent Restore Point on Windows XP


As Java seems to get exploited on a regular basis I advise not using Java if possible but to at least disable java in your web browsers
How do I disable Java in my web browser? - Disable Java

A lot of reading here but if you take the time to read a bit of it you'll see why/how infections and general damage are so easily inflicted on the computer. There is also advice on how to prevent it and keep the system working well. Don't forget about good, solid backups of your data to an external drive that is not connected except when backing up your data. If you leave a backup drive connected and you do get infected it can easily damage, encrypt, delete, or corrupt your backups as well and then you'd lose all data.
Nothing is 100% bulletproof but with a little bit of education you can certainly swing things in your favor.


If you're not currently using Malwarebytes Premium then you may want to consider purchasing the product which can also help greatly reduce the risk of a future infection.
 

Link to post
Share on other sites

  • 2 weeks later...

Malwarebytes Anti-Malware

www.malwarebytes.org

Update, 11/4/2014 7:16:15 AM, SYSTEM, ERICS-PC, Scheduler, Malware Database, 2014.11.3.9, 2014.11.4.3,

Protection, 11/4/2014 7:16:15 AM, SYSTEM, ERICS-PC, Protection, Refresh, Starting,

Protection, 11/4/2014 7:16:15 AM, SYSTEM, ERICS-PC, Protection, Malicious Website Protection, Stopping,

Protection, 11/4/2014 7:16:15 AM, SYSTEM, ERICS-PC, Protection, Malicious Website Protection, Stopped,

Protection, 11/4/2014 7:18:33 AM, SYSTEM, ERICS-PC, Protection, Refresh, Success,

Protection, 11/4/2014 7:18:34 AM, SYSTEM, ERICS-PC, Protection, Malicious Website Protection, Starting,

Protection, 11/4/2014 7:18:34 AM, SYSTEM, ERICS-PC, Protection, Malicious Website Protection, Started,

Scan, 11/4/2014 7:24:59 AM, SYSTEM, ERICS-PC, Manual, Start:11/4/2014 7:16:19 AM, Duration:8 min 32 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections,

Detection, 11/4/2014 8:05:27 AM, SYSTEM, ERICS-PC, Protection, Malicious Website Protection, IP, 204.11.56.26, www.professionalvisualstudio.com, 26703, Outbound, C:\Program Files (x86)\Internet Explorer\iexplore.exe,

Detection, 11/4/2014 8:05:27 AM, SYSTEM, ERICS-PC, Protection, Malicious Website Protection, IP, 204.11.56.26, www.professionalvisualstudio.com, 26703, Outbound, C:\Program Files (x86)\Internet Explorer\iexplore.exe,

Detection, 11/4/2014 8:05:29 AM, SYSTEM, ERICS-PC, Protection, Malicious Website Protection, IP, 204.11.56.26, www.professionalvisualstudio.com, 26705, Outbound, C:\Program Files (x86)\Internet Explorer\iexplore.exe,

(end)

Link to post
Share on other sites

Malwarebytes Anti-Malware

www.malwarebytes.org

Update, 11/3/2014 6:45:07 AM, SYSTEM, ERICS-PC, Scheduler, Malware Database, 2014.11.3.2, 2014.11.3.5,

Protection, 11/3/2014 6:45:11 AM, SYSTEM, ERICS-PC, Protection, Refresh, Starting,

Protection, 11/3/2014 6:45:11 AM, SYSTEM, ERICS-PC, Protection, Malicious Website Protection, Stopping,

Protection, 11/3/2014 6:45:11 AM, SYSTEM, ERICS-PC, Protection, Malicious Website Protection, Stopped,

Protection, 11/3/2014 6:47:40 AM, SYSTEM, ERICS-PC, Protection, Refresh, Success,

Protection, 11/3/2014 6:47:40 AM, SYSTEM, ERICS-PC, Protection, Malicious Website Protection, Starting,

Protection, 11/3/2014 6:47:40 AM, SYSTEM, ERICS-PC, Protection, Malicious Website Protection, Started,

Scan, 11/3/2014 6:53:46 AM, SYSTEM, ERICS-PC, Manual, Start:11/3/2014 6:45:11 AM, Duration:8 min 27 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections,

Detection, 11/3/2014 7:13:27 AM, SYSTEM, ERICS-PC, Protection, Malicious Website Protection, IP, 204.11.56.26, www.professionalvisualstudio.com, 18212, Outbound, C:\Program Files (x86)\Internet Explorer\iexplore.exe,

Detection, 11/3/2014 7:13:27 AM, SYSTEM, ERICS-PC, Protection, Malicious Website Protection, IP, 204.11.56.26, www.professionalvisualstudio.com, 18212, Outbound, C:\Program Files (x86)\Internet Explorer\iexplore.exe,

Detection, 11/3/2014 7:13:29 AM, SYSTEM, ERICS-PC, Protection, Malicious Website Protection, IP, 204.11.56.26, www.professionalvisualstudio.com, 18214, Outbound, C:\Program Files (x86)\Internet Explorer\iexplore.exe,

Update, 11/3/2014 8:38:40 AM, SYSTEM, ERICS-PC, Scheduler, Malware Database, 2014.11.3.5, 2014.11.3.6,

Protection, 11/3/2014 8:38:40 AM, SYSTEM, ERICS-PC, Protection, Refresh, Starting,

Protection, 11/3/2014 8:38:40 AM, SYSTEM, ERICS-PC, Protection, Malicious Website Protection, Stopping,

Protection, 11/3/2014 8:38:40 AM, SYSTEM, ERICS-PC, Protection, Malicious Website Protection, Stopped,

Protection, 11/3/2014 8:39:55 AM, SYSTEM, ERICS-PC, Protection, Refresh, Success,

Protection, 11/3/2014 8:39:55 AM, SYSTEM, ERICS-PC, Protection, Malicious Website Protection, Starting,

Protection, 11/3/2014 8:39:56 AM, SYSTEM, ERICS-PC, Protection, Malicious Website Protection, Started,

Update, 11/3/2014 11:27:12 AM, SYSTEM, ERICS-PC, Scheduler, Malware Database, 2014.11.3.6, 2014.11.3.7,

Protection, 11/3/2014 11:27:12 AM, SYSTEM, ERICS-PC, Protection, Refresh, Starting,

Protection, 11/3/2014 11:27:12 AM, SYSTEM, ERICS-PC, Protection, Malicious Website Protection, Stopping,

Protection, 11/3/2014 11:27:12 AM, SYSTEM, ERICS-PC, Protection, Malicious Website Protection, Stopped,

Protection, 11/3/2014 11:29:28 AM, SYSTEM, ERICS-PC, Protection, Refresh, Success,

Protection, 11/3/2014 11:29:28 AM, SYSTEM, ERICS-PC, Protection, Malicious Website Protection, Starting,

Protection, 11/3/2014 11:29:29 AM, SYSTEM, ERICS-PC, Protection, Malicious Website Protection, Started,

Update, 11/3/2014 12:38:28 PM, SYSTEM, ERICS-PC, Scheduler, Malware Database, 2014.11.3.7, 2014.11.3.8,

Protection, 11/3/2014 12:38:28 PM, SYSTEM, ERICS-PC, Protection, Refresh, Starting,

Protection, 11/3/2014 12:38:28 PM, SYSTEM, ERICS-PC, Protection, Malicious Website Protection, Stopping,

Protection, 11/3/2014 12:38:29 PM, SYSTEM, ERICS-PC, Protection, Malicious Website Protection, Stopped,

Protection, 11/3/2014 12:39:13 PM, SYSTEM, ERICS-PC, Protection, Refresh, Success,

Protection, 11/3/2014 12:39:13 PM, SYSTEM, ERICS-PC, Protection, Malicious Website Protection, Starting,

Protection, 11/3/2014 12:39:13 PM, SYSTEM, ERICS-PC, Protection, Malicious Website Protection, Started,

Update, 11/3/2014 2:27:04 PM, SYSTEM, ERICS-PC, Scheduler, Malware Database, 2014.11.3.8, 2014.11.3.9,

Protection, 11/3/2014 2:27:04 PM, SYSTEM, ERICS-PC, Protection, Refresh, Starting,

Protection, 11/3/2014 2:27:04 PM, SYSTEM, ERICS-PC, Protection, Malicious Website Protection, Stopping,

Protection, 11/3/2014 2:27:05 PM, SYSTEM, ERICS-PC, Protection, Malicious Website Protection, Stopped,

Protection, 11/3/2014 2:29:08 PM, SYSTEM, ERICS-PC, Protection, Refresh, Success,

Protection, 11/3/2014 2:29:08 PM, SYSTEM, ERICS-PC, Protection, Malicious Website Protection, Starting,

Protection, 11/3/2014 2:29:08 PM, SYSTEM, ERICS-PC, Protection, Malicious Website Protection, Started,

(end)

Malwarebytes Anti-Malware

www.malwarebytes.org

Update, 11/2/2014 7:22:44 AM, SYSTEM, ERICS-PC, Scheduler, Rootkit Database, 2014.10.22.1, 2014.11.1.2,

Update, 11/2/2014 7:22:50 AM, SYSTEM, ERICS-PC, Scheduler, Malware Database, 2014.11.1.6, 2014.11.2.3,

Protection, 11/2/2014 7:22:50 AM, SYSTEM, ERICS-PC, Protection, Refresh, Starting,

Protection, 11/2/2014 7:22:50 AM, SYSTEM, ERICS-PC, Protection, Malicious Website Protection, Stopping,

Protection, 11/2/2014 7:22:50 AM, SYSTEM, ERICS-PC, Protection, Malicious Website Protection, Stopped,

Protection, 11/2/2014 7:23:28 AM, SYSTEM, ERICS-PC, Protection, Refresh, Success,

Protection, 11/2/2014 7:23:28 AM, SYSTEM, ERICS-PC, Protection, Malicious Website Protection, Starting,

Protection, 11/2/2014 7:23:28 AM, SYSTEM, ERICS-PC, Protection, Malicious Website Protection, Started,

Scan, 11/2/2014 7:31:36 AM, SYSTEM, ERICS-PC, Manual, Start:11/2/2014 7:22:51 AM, Duration:8 min 38 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections,

Update, 11/2/2014 6:03:38 PM, SYSTEM, ERICS-PC, Scheduler, Malware Database, 2014.11.2.3, 2014.11.2.7,

Protection, 11/2/2014 6:03:38 PM, SYSTEM, ERICS-PC, Protection, Refresh, Starting,

Protection, 11/2/2014 6:03:38 PM, SYSTEM, ERICS-PC, Protection, Malicious Website Protection, Stopping,

Protection, 11/2/2014 6:03:38 PM, SYSTEM, ERICS-PC, Protection, Malicious Website Protection, Stopped,

Protection, 11/2/2014 6:04:01 PM, SYSTEM, ERICS-PC, Protection, Refresh, Success,

Protection, 11/2/2014 6:04:01 PM, SYSTEM, ERICS-PC, Protection, Malicious Website Protection, Starting,

Protection, 11/2/2014 6:04:01 PM, SYSTEM, ERICS-PC, Protection, Malicious Website Protection, Started,

Update, 11/2/2014 6:31:37 PM, SYSTEM, ERICS-PC, Scheduler, Malware Database, 2014.11.2.7, 2014.11.3.1,

Protection, 11/2/2014 6:31:37 PM, SYSTEM, ERICS-PC, Protection, Refresh, Starting,

Protection, 11/2/2014 6:31:37 PM, SYSTEM, ERICS-PC, Protection, Malicious Website Protection, Stopping,

Protection, 11/2/2014 6:31:37 PM, SYSTEM, ERICS-PC, Protection, Malicious Website Protection, Stopped,

Protection, 11/2/2014 6:31:41 PM, SYSTEM, ERICS-PC, Protection, Refresh, Success,

Protection, 11/2/2014 6:31:41 PM, SYSTEM, ERICS-PC, Protection, Malicious Website Protection, Starting,

Protection, 11/2/2014 6:31:41 PM, SYSTEM, ERICS-PC, Protection, Malicious Website Protection, Started,

Update, 11/2/2014 7:42:40 PM, SYSTEM, ERICS-PC, Scheduler, Malware Database, 2014.11.3.1, 2014.11.3.2,

Protection, 11/2/2014 7:42:40 PM, SYSTEM, ERICS-PC, Protection, Refresh, Starting,

Protection, 11/2/2014 7:42:40 PM, SYSTEM, ERICS-PC, Protection, Malicious Website Protection, Stopping,

Protection, 11/2/2014 7:42:40 PM, SYSTEM, ERICS-PC, Protection, Malicious Website Protection, Stopped,

Protection, 11/2/2014 7:44:44 PM, SYSTEM, ERICS-PC, Protection, Refresh, Success,

Protection, 11/2/2014 7:44:44 PM, SYSTEM, ERICS-PC, Protection, Malicious Website Protection, Starting,

Protection, 11/2/2014 7:44:44 PM, SYSTEM, ERICS-PC, Protection, Malicious Website Protection, Started,

(end)

Link to post
Share on other sites

  • Root Admin

That IP block is not ongoing or continuous so I'm betting that it's due to possibly advertisement or something like that in your browser.

 

If you close all browsers and instant messaging and email I bet that these IP blocks do not happen.

 

IP address: 204.11.56.26
No host name is associated with this IP address or no reverse lookup is configured.

Error:Host not found

204.11.56.26 is from Virgin Islands, British(VG) in region Caribbean and West Indies

 

 

We can try to reset the browsers again.

 

 

Please visit each of the following sites and lets reset all of your browsers back to defaults to prevent unexpected issues.
If you are not using one of the browsers but it is installed then you may want to consider uninstalling it as older versions of some software can pose an increase in the potential for an infection to get in.

Internet Explorer
How to reset Internet Explorer settings

Firefox
Click on Help / Troubleshooting Information then click on the Reset Firefox button.

Chrome
Start by disabling Sync
How To Delete Your Google Chrome Browser Sync Data
Chrome - Reset browser settings
If that fails then Uninstall Google Chrome and do not reinstall until sure the system is clean.
 

Link to post
Share on other sites

  • 3 weeks later...

I'm still seeing this. I've noticed though, it seems to appear when I go to an Https website and have to log in. this happens every time after I log into pos.e-xact.com which is a company that process credit card transactions. So, I think there is definitely something on my box that is trying to send passwords to this IP address. Malwarebytes doesn't seem to be able to detect this with a scan, and neither do any of the other programs I've run.

Link to post
Share on other sites

  • Root Admin

Okay please do a full reset of IE again.

 

Internet Explorer
How to reset Internet Explorer settings

 

Then run the following and restart the computer and try again

 

 

Please Run TFC by OldTimer to clear temporary files:

  • Download TFC from here and save it to your desktop.
  • http://oldtimer.geekstogo.com/TFC.exe
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

Link to post
Share on other sites

Here's my findings:

Did all of the above, after starting IE and going to pos.e-xact.com, and waiting, I did not receive the popup in malwarebytes.  I then setup IE back to the way I like it (downloaded the google tool bar and installed it, added the menu bar).

 

I restarted IE, then brought up the site again (through my bookmark) and waited, I got the popup again.

 

I then disabled the google toolbar, restated Ie went to the site directly, no issue.

 

I enabled the toolbar went to the site again (through my bookmark), got the popup.

 

I disabled the toolbar, went to the site, no popup.

 

I enabled the tool bar, restarted IE, went to the site (directly, not through my bookmark), Waited for a long time, no popup.

 

I then went to the site through the bookmark, popup occurred after a little bit of time. 

 

It seems the issue is coming from the Google toolbar.  I downloaded and installed a fresh copy from Google, which is a bit scary to think that their toolbar is infected with something.  I also ran into another site that was blocked by malwarebytes (before I ran everything above) and it's ip pointed to a russian host...kinda scary!  I only saw that happen one time.

 

I think there is definitely something going on with the google toolbar and the bookmarks feature, malwarebytes as well as anything else can't seem to find any malware on it, but I don't think google is sending data off to offshore sites, at least I would certainly hope not!

Link to post
Share on other sites

  • Root Admin

No way for us to easily test that. Sorry but I would recommend you simply don't use their toolbar. Almost all toolbars have issues and come with junk.

 

Unless there is something else we should be done here.

 

At this time there are no more signs of an infection on your system.
However if you are still seeing any signs of an infection please let me know.

Let's go ahead and remove the tools and logs we've used during this process.

Most of the tools used are potentially dangerous to use unsupervised or if ran at the wrong time.
They are often updated daily so if you went to use them again in the future they would be outdated anyways.

The following procedures will implement some cleanup procedures to remove these tools.
 
bwebb7v.jpgDownload Delfix from here and save it to your desktop. (you may already have this)

  • Ensure Remove disinfection tools is checked.
  • Click the Run button.
  • Reboot

Any other programs or logs that are still remaining, you can manually delete. (right click.....Delete)
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall.

Note:
If you used FRST and can't delete the quarantine folder:
Download the fixlist.txt to the same folder as FRST.exe.
Run FRST.exe and click Fix only once and wait
That will delete the quarantine folder created by FRST.
The rest you can manually delete.
 
 
If there are any other left over Folders, Files, Logs then you can delete them on your own.
 
Please visit the following link to see how to delete old System Restore Points. Please delete all of them and create a new one at this time.
How to Delete System Protection Restore Points in Windows 7 and Windows 8

Remove all but the most recent Restore Point on Windows XP


As Java seems to get exploited on a regular basis I advise not using Java if possible but to at least disable java in your web browsers
How do I disable Java in my web browser? - Disable Java

A lot of reading here but if you take the time to read a bit of it you'll see why/how infections and general damage are so easily inflicted on the computer. There is also advice on how to prevent it and keep the system working well. Don't forget about good, solid backups of your data to an external drive that is not connected except when backing up your data. If you leave a backup drive connected and you do get infected it can easily damage, encrypt, delete, or corrupt your backups as well and then you'd lose all data.
Nothing is 100% bulletproof but with a little bit of education you can certainly swing things in your favor.


If you're not currently using Malwarebytes Premium then you may want to consider purchasing the product which can also help greatly reduce the risk of a future infection.
 

Link to post
Share on other sites

  • 3 months later...
  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.