Malicious Website Protection

[thais]

This is a continuation of a situation discussed in the following thread:

 

https://forums.malwarebytes.org/index.php?/topic/164154-malicious-website-protection/

 

I was requested to move the discussion here.  I am using a Dell 8700 XPS machine with Windows 8.1.

 

The security programs that I use are:  Windows Defender (which came on the machine); MBAM Premium 2.0.4.1028 (which I purchased 6 weeks ago); SpywareBlaster 1-28-15 database loaded and no items have protection disabled; and  CCleaner v5.02.5101(64-bit)

 

As mentioned in my last post in the old thread, after I downloaded FRST64.exe and attempted to run it, the screen darkened and I got a message that Windows Smart Screen prevented it from starting.  So I am unsure what to do now or even if I have a problem.

 

Please advise.  Thanks..................Thais

[TwinHeadedEagle]

Hello,

All tools we use here are perfectly legitimate and safe to use.

Click more info on that screen and press Run Anyway.

[thais]

FRST.txtAddition.txtOK - I ran the scan and am attaching the two files here:

[TwinHeadedEagle]

Fix with Farbar Recovery Scan Tool
 

This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable.

 
Download attached fixlist.txt file and save it to the Desktop:
 
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

• Right-click on icon and select Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Press the Fix button just once and wait.
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please post it to your reply.

fixlist.txt

[thais]

When the FRST64.exe downloaded to my computer it was put in the "Downloads" folder, not the desktop - so both the FRST.txt and Addition.txt files were created there also.  Should I now download the fixlist.txt to my "Downloads" folder?

 

Where is the "Ft" icon?

 

Sorry to be so dense about this - I am not very computer talented.

 

..............Thais

[TwinHeadedEagle]

Yes, you can download fixlist.txt in your Downloads folder if FRST tool is located at this location.

[thais]

OK - here is my fixlog.txt file.  What does it tell you?

 

After rebooting and clicking on the Internet Explorer icon, which normally takes me to my RoadRunner home page, it this time took me to an MSN page. 

 

Please tell me what you found and if anything is wrong with my computer.

 

Thanks................Thais

Fixlog.txt

[TwinHeadedEagle]

You can set your Home Page again.

 

 

Set up home pages so that every time you open Internet Explorer the sites you visit the most will be open and waiting for you.

To add or change home pages

1. On the Start screen, tap or click Internet Explorer to open Internet Explorer.

2. Go to a page that you'd like to set as a home page.

3. Swipe in from the right edge of the screen, and then tap Settings.
   (If you're using a mouse, point to the lower-right corner of the screen, move the mouse pointer up, and then click Settings.)

4. Tap or click Options, and under Home pages, tap or click Customize.

5. Tap or click Add current site, edit the URL if you'd like, and then tap or click Add to make the site one of your home pages.

The next time you open a new browsing session, this site and any other sites you've set up as home pages will load automatically.

 

 

 

How is your PC behaving now?

[thais]

PC is behaving very nicely.  Have received 3-4 more inbound detections but I understand now that inbound detections only means that MBAM is doing its job.  The one outbound detection on 1/30 at 1:55pm is the only one of concern, I think, and that has not appeared again.  I guess I don't understand what an outbound detection actually is.  What would I be doing that might somehow send out malware?

 

Is it correct that I do not need to report inbound detections but should report inbound detections?

 

I take it that none of those logs showed anything wrong with my computer?

 

I think that you folks that man these boards are great.  Your instructions are so precise, clear and orderly that even a novice like me can follow.

 

Thank you..................Thais

[TwinHeadedEagle]

Yes, Inbound connections are something normal, Outbound ones means that something from your PC is making suspicious connection and they need investigation.
 
 
Glad I could help. We will delete all used tools and I'll give you some tips to harden your security and learn how to protect yourself
 
 

Recommended reading:

 
 
MUST READ - security tips:

• Computer Security - a short guide to staying safer online.

• Simple and easy ways to keep your computer safe and secure on the Internet

• How Malware Spreads - How did I get infected

MUST READ - general maintenance:

• What to do if your Computer is running slowly?

The Importance of Software Updating:

 

 
In order to stay protected it is very important that you regularly update all of your software. Cybercriminals depend on the apathy of users around software updates to keep their malicious endeavor running.
 
Operating systems, such as Windows, and applications, such as Adobe Reader or JAVA, are used by tens of millions of computers and devices around the world, making them a huge target for cybercriminals. Downloading updates and installing them can sometimes be tedious, but the advantages you get from the updates are certainly worth it.

• How to configure and use Automatic Updates in Windows
• How to update Java
• How to update Adobe Reader

Recommended additional software:

 
 
TFC - to clean unneeded temporary files.
Malwarebytes' Anti-Malware - to scan your system from time to time in search for malware.
Malwarebytes' Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities.
McShield - to prevent infections spread by removable media.
Unchecky - to prevent from installing additional foistware, implemented in legitimate installations.
Adblock - to surf the web without annoying ads! 
 
 

Post-cleanup procedures:

 

 
Download DelFix by Xplode and save it to your desktop.

• Run the tool by right click on the icon and Run as administrator option.
• Make sure that these ones are checked:
  • Remove disinfection tools
  • Purge system restore
  • Reset system settings
• Push Run.
• The program will run for a few seconds and display a notepad report. You do not need to attach it.

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning. 
 
 
 

My help is free for everybody.

If you're happy with the help provided and/or wish to buy me a beer for the assistance you received, then you can consider a donation: 

 

Thank you!

 
 
Stay safe,
TwinHeadedEagle  

[thais]

Followup question:  After I ran the post cleanup procedures ( DelFix), I discovered that my Classic Shell start button was gone and had reverted back to the Windows 8 start button.  Somebody installed the Classic Shell for me many many months ago and I don't know how to get it back now. 

Help!

...............Thais

[TwinHeadedEagle]

Just download it again

 

http://www.classicshell.net/

[Naathim]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!