drive by installed malware ?

[Mark63]

Hi

 

I  observed an unautorized install to my device manager then had problems loading web pages.

 

I  have  attemted system restore but it failed.   I  also  got to  the point of  a  clean intall however My BIOS change to boot from CD would not  stuick  so  I  am  at  a loss of how  to resolve this isue.

 

 

The  macjime   will boot amd  all  appears normal  untill a  certain time  frame unknown  then it plays up  again with the wireless mouse& keyboard locking up.

 

I  am a lonf term subscriber of malwarebytes and  any assistance in resolvimg tis iss would be appreciated.

 

Thank you  Mark

[TwinHeadedEagle]

Hello,

    

 

They call me TwinHeadedEagle around here, and I'll try to help your with your issue.

 

     

    

Before we start please read and note the following:

• We're primarily oriented on malware removal here, so you must know that some issues just cannot be solved and you must be prepared for this. Some tools we use here will remove your browser search history, so backup your important links and all the files whose loss is unacceptable.
• Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
• Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time. Keep in mind that private life gets in the way too. Note that we may live in totally different time zones, what may cause some delays between answers.
• Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
• Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
• Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
• Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
• If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.

I can't foresee everything, so if anything not covered in my instructions happens, please stop and inform me!

There are no silly questions. Never be afraid to ask if in doubt!

 

 

 

  Rules and policies

 

We won't support any piracy.

That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!

The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

 

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.

 

 

---

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.

Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

[Mark63]

 Thank you for  your  quick response TwinHeadedEagle ..... I downloaded FarBar ....I ran FarBR  and  attached the  two logs  requested - see attached.

FRST.txt

Addition.txt

[Mark63]

Os/ I ran the  scan in standard user mode account ................ If you need me  to  have   administrator  rights   I  can rerun the scans with Ademin rights  - sorry if this needs  to be  done   again.

[TwinHeadedEagle]

Yes, please run FRST within Administrator account.

[Mark63]

Yes I thought as much - Admin privilafes required - here are the 2 requested logs.

 

I need to  tell you that on 2 reboots since the last system restore indicated that a failure in the 'restore process' that I  'System  restore was succesfull'.  the machine is   running well  at this point in  time - but I  have  been  here at this point before and   hoping it keeps that way.

 

My machine is a Winsdows7 Pro OS  (x64) - ATTACHED LOGS X 2

 

Thanks TwinHeadedEagle - Mark

FRST.txt

Addition.txt

[TwinHeadedEagle]

I do not recommend usage of IOBIT products, they have bad reputation, and are prone to create problems. That is why I suggest to uninstall:

- Advanced SystemCare 8

- Driver Booster

- Game Booster

- IObit Malware Fighter

- IObit Uninstaller

- Smart Defrag 2

- Surfing Protection

 

When you see a word "Booster", "Optimizer", "TuneUp" or similar it is often some kind of silly application. You cannot "boost" you system more than it actually is. Microsoft optimized Windows perfectly and they are constantly working on improvements, so these tools are just selling you nothing but "fog".

 

Only way to actually boost your system is to upgrade your hardware by adding SSD, more processor power or more ram memory.

[Mark63]

Thanks  for  your opinion on oibits programs, hiowever I  have a  differing opinion - I only use a  small sample of  those programs by oibit.

 

"Only way to actually boost your system is to upgrade your hardware by adding SSD, more processor power or more ram memory"

I am aware of that fact but I  rarely use  any "boost" programs in run mode and have them  "turned off",

 

I ran an online scan (ESET) which identified a single win32 variant of "win32/FusionCore.c" present on the system.    This  was associated with "icloud" and/or GOM Player- both of them which I now  have uninstalled using Oibit uninstaller + followied by power scan uninstal removing registry items.

 

I'll do a reboot tonight and a clean boot tomorrow to see how thie machine is performing.   I will post tomorrow if things do not go well.

 

Thank you - Mark

[Mark63]

TwinHeadedEagle it booted ok but soon become slow andnI  have identified a  further issue.  The  remaining issue is  tht My CD rive ejects the CD Iimmediately when I try to install a program disc (Wireless printer).

 

Can you provied further support please ?   Let me  know if  you need  further scans run - Thank you - Mark

[TwinHeadedEagle]

Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

• Right-click on icon and select Run as Administrator to start the tool.

  (XP users click run after receipt of Windows Security Warning - Open File).

• Make sure that Addition option is checked.
• Press Scan button and wait.
• The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content into your next reply.

[Mark63]

Hi TwinHeadedEagle,

 

I  have solved the auorun problem  and installed my new wireless 'Brother Printer'.  The CD/DVD appears to beworking fine now.   As I reboot the computer problems re-immerge, thus I suspect a registryentry problem/s exists.  I will not attempt any further fixes in respect of your good work  and knowledge (expertise) in this   area - the registry is scary to me.

 

also I  was  using a  faceook app (game) when I saw a unautorized download  occurring.   I tryed to access theTask Manager  but judging quickly the time frame I  thoght I would not be able  to  accesss it in time so I immediately terminated the page and app which I  thought  would stop the download.  It was  a  green loading bar at the  top ofthe page.   I believe that terminated what ever was attenoting to access m system.

 

I  appreciate very much your assistance (expertise) in further dealing with  the registy (if any).  I  have  the  scans  completed and  attached same

 

Thank you  again  for  you help !

Addition.txt

FRST.txt

[TwinHeadedEagle]

Check Disk

• Press the + R on your keyboard at the same time. Type cmd and click OK.
• Copy/Enter the command below and press Enter:

• chkdsk C: /r

• You should get a message to schedule Check Disk at next system restart. Please type Y and press Enter.
• All you should do now is to restart your PC and let the Check Disk process finish uninterrupted.

Check Disk report:

• Press the + R on your keyboard at the same time. Type eventvwr and click OK.
• In the left panel, expand Windows Logs and then click on Application.
• Now, on the right side, click on Filter Current Log.
• Under Event Sources, check only Wininit and click OK.
• Now you'll be presented with one or multiple Wininit logs.
• Click on an entry corresponding to the date and time of the disk check.
• On the top main menu, click Action > Copy > Copy Details as Text.
• Paste the contents into your next reply.

[Mark63]

TwinHeadedEagle, I entered the chkdsk /r then pressed ok  - the response was that access is denied - I  do not have  sufficient privileges - I am the Admin and no other users are using this computer.

 

I know  there  are multiple  ways of  accessing chkdsk  ... I  run a risk of being locked out of the computer on  rebooting but have managed to keep it going after each reboot.  I'm  keeping reboots to a minimum as I soimetime   have  to do  a  system restore the computer.  I   use the admin account when preforming tasks to resolve  this issue with you.

 

What is  your  next suggested move ?

 

Mark

[Mark63]

I  had a thought ... I believe by making another Admin account then trying the above course of action may be a suggestion - I won't try this until I get the ok from you,

[TwinHeadedEagle]

Did you try to perform chkdsk?

[Mark63]

See post # 13 as it refers to my attempt at entering chkdsk C: /r.  I believe  that  the  detected  WINn32/FusionCore.c was quarintined and hopefully deleted but I do not know what ESET dose  after the problem ias  detected.    The problem  surrounds now  surroundas any remaining registry entries (leftovers)

 

"Posted Yesterday, 09:42 PM

TwinHeadedEagle, I entered the chkdsk /r then pressed ok  - the response was that access is denied - I  do not have  sufficient privileges - I am the Admin and no other users are using this computer."

 

Left overs are possibly preventing access to chkdsk \r as I  appear not to have Admin prioviolage to  run from cammand proimpt.

 

Is there any way to  alternativy access the  command promp with elevated dmin privliages to run  scan disk?

 

As I  said I appear to  have solved the CD/DVD after alot of  google  searching and  reading alhough I need  to confirm  this .

 

Thanks Mark

[TwinHeadedEagle]

Click Start, type CMD, then right click and Run as Administrator.

[Maurice Naggar]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!