Jump to content

Is this a virus? Should I be worried?


Recommended Posts

I apologize in advanced if it's actually nothing, I'm quite computer illiterate when it comes to this sort of thing so I don't know if I'm just freaking out over nothing or what. My IP seems to have changed, even though I'm pretty sure it's supposed to be static. I can't post the IPs since it's really private and this is a public forum, but the most I can say publicly is that the first set of numbers is VERY different. Before the first set of numbers was 3 digits, now it's 2 and I'm getting alerts on my emails when I log into things like 'hey, unrecognized IP address'. I first noticed it a few hours ago when I was on Tumblr, checking my account activity. Apparently, it's been going on for a while but I'm not getting any signs of intruders (things missing, password resets etc). The country, province, OS, browser, is all the same, except it can't seem to pinpoint my city anymore. (It would say it before, now its blank )

I DID get a new router a while ago, but the IP change has happened a month after the router was changed, so I'm kind of really worried? 

I'm not experiencing any symptoms of  virus/malware 

...Unless... 

There's another computer on the connection, the owner doesn't take care with their web browsing. Could they have gotten a virus on their computer that's affecting mine? If so, what can I do about it? I don't want their negligence affecting my laptop and making me lose personal information. :( 

Malwarebytes Anti-Malware Free came up with nothing, all the detection options are selected and PUP/PUMs are selected to be treated as malware. I'm sorry if I sound like I'm freaking out

Link to post
Share on other sites

  • Staff

Hello and welcome to the Malwarebytes Forum.

Let's get a diagnostic scan of your machine

Please do the following:

Please download the appropriate version of Farbar Recovery Scan Tool  (FRST.exe) from here:

http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

 

  • Press Scan button.

     

  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

     

  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

     

 

Link to post
Share on other sites

  • Staff

There are no obvious signs of any infection in the logs, so that's not the cause of what you are seeing.

Please run the following:

  • Please download MiniToolBox and save it to your desktop and run it.

    Checkmark following checkboxes:

    • Flush DNS

    • Report IE Proxy Settings

    • Report FF Proxy Settings

    • List content of Hosts

    • List installed programs.

    Click Go and attach the result (Result.txt) that pops up. A copy of result.txt will be saved in the same directory the tool is run.

Link to post
Share on other sites

  • Staff

Please run the following:

 

  • Download RogueKiller  and save it to your desktop.

  • Quit all other programs

  • Start RogueKiller.exe

  • Wait until the Prescan has finished ...

  • Click on Scan

    RGKRScan.png

  • Wait for the end of the scan

  • Click on Report when the scan has finished, attach the report to your next reply

Link to post
Share on other sites

  • Staff

No, nothing to remove there, all the entries are legitimate - the flags are PUM - meaning "potentially unwanted modifications", as those are modifications that you set intentionally, that's nothing to worry about.

There does not appear to be any issues with your machine or the settings.

(I removed the log as it contained the IP's you didn't want to post)

Contact your ISP and ask about the behaviour you are seeing.

Also, make sure you have set a secure password on your router.

 

 

 

 

 

Link to post
Share on other sites

  • Staff

You are quite welcome.

Let me know what you find out from your ISP and if you are able to add a secure password to the router (if you don't have one already)

In the meantime run this specialized adware removal tool in case there is any adware in the browsers

Download AdwCleaner and save it to your desktop.

  • Run AdwCleaner

  • Click the "Options" menu heading on the menu bar and uncheck "Reset Winsock Settings"

  • Now select Scan

    When it has finished, click the Logs button and a log will automatically open

  • please attach the log to your next reply

    You can also find the log file at C:\AdwCleaner\AdwCleaner[Sn].txt ('n' is the scan order number).

Link to post
Share on other sites

The router came with a randomized password. 

My dad is on the phone with them right now, and he said the guy said the IP doesn't match our location. I know I said I didn't want to post IP's publicly, but I think I probably should now.

Our original IP was xxx from Thunder Bay, and apparently, it's now  xxx coming from a place called Stoney Creek and that our IP should have stayed the same. Could you please remove the IPs from this post after you view them? Thank you. 

AdwCleaner[S2].txt

Link to post
Share on other sites

  • Staff

The IP in Stoney Creek is a legitimate IP address.

See the explanation here for why this might be happening:

http://www.howtogeek.com/177648/how-to-force-your-pc-to-keep-its-private-ip-address/

you could also try Google DNS and see if that changes the situation:

Note: If you connect via a wireless router > make the changes to the wireless adapter as well as the local area connection.

Open your Network and Sharing Center; (right click the connection icon in the system tray > open network and sharing center)

click on "change adapter settings' in the left pane.

Right click "Local Area Connection" and select "Properties" (and/or wireless adapter)

Scroll down to and select, "Internet Protocol Version 4 (TCP/IPv4)"

Click Properties

Select "Use the following DNS Server Addresses"

Enter either the OpenDNS or Google addresses

Google:

preferred: 8.8.8.8

alternate: 8.8.4.4

Open DNS

preferred: 208.67.222.222

alternate: 208.67.220.220

Click Apply, then OK

Let me know if that fixes the issue.

 

The adwCleaner reported two extensions - Grammarly for Chrome and Amazon Assistant.

If you want to keep those please do, otherwise, re-run adwCleaner and press the cleaning button.

 

 

Link to post
Share on other sites

It's still using the IP from Stoney Creek. If it's legitimate, would it be dangerous to continue using it? Changing DNSes is way out of my league, I'm gonna have to get dad to do it for me. 

I'm removing Amazon Assistant, it keeps popping up. Not on a regular basis, just every once and a while 

Link to post
Share on other sites

  • Staff

That's good news

Please download DelFix from the following link and save the file to your Desktop.

https://toolslib.net/downloads/finish/2/

 

(it takes a good 10 seconds for the download to start)

 

Double-click DelFix.exe to run the program.

Place a checkmark next to the following items:

Activate UAC

Remove disinfection tools

Create registry backup

Reset System Settings

Click the Run button.

 

This will remove the specialized tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).

You should be good to go

Link to post
Share on other sites

  • 4 months later...
  • Root Admin

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.