Jump to content

Date Hacker, changes date creates future dated restore point


Recommended Posts

JANUARY 2nd, 2017

Around 5am this morning my date changed and the system created a restore point with a future date of 1/3/2017,  I tried to restore computer but "system restore" would not work so I had to result to an Acronis back-up from the 29th.   I am thinking this bug is somehow hacking my router, because since I reinstalled I could never connect to the 5.5Mhz only the 2.4Mhz would connect, but now I can connect to both, wow.  Anyway this date thing happened twice now since the reinstall so I seem to be carrying an inside bug OR malwarebytes is missing this hacker when he takes over my computer.  I can visualize Classrooms in China and India with hundreds of students whose soul purpose is to learn how to hack American Computers, hopefully, Trump will do something to stop this internet piracy.    Unfortunately I think Malwarebytes is jumping the gun when they say that MB3 is all one needs cause it makes anti-virus obsolete ...notta.   Neither Norton Security or Malwarebytes is stopping this hacking of my computer so I am looking for a fix, also when this happened ... amazingly Malwarebytes pops up a page which says to buy MB3 premium as if I am not already licensed in some form thru one of my other malwarebytes licenses.   IS Malwarebytes involved in making my computer look like it is being hacked so I will fork out $39.95.... I don't mind paying for a product which does what it says but so far MB3 is not proving to be fool proof for the hackers around the world.   I still respect and admire Malwarebytes I am just saying I have a problem and it needs fixing. I will attempt to download the farbar and send the associated frst and addition files.   Blessings and HOPE for all of us, we surely need it.

 

Link to post
Share on other sites
  • Replies 60
  • Created
  • Last Reply

Top Posters In This Topic

Hello Kurttb1 and welcome to Malwarebytes,

My screen name is kevinf80, i`m here to help clean up your system. Make sure to run all scans from accounts with Administrator status, continue as follows please:

Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...

Change the download folder setting in the default Browser so all tools we may use are saved to the Desktop:

user posted imageGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. user posted image
Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

user posted imageMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. user posted image Choose Options. In the downloads section, click the Browse button, click on the Desktop folder and the click the "Select Folder" button. Click OK to get out of the Options menu.

user posted imageInternet Explorer - Click the Tools menu in the upper right-corner of the browser. user posted image Select View downloads. Select the Options link in the lower left of the window. Click Browse and select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

user posted imageChange default download folder location in Edge -Boot to a user account with admin status, select start > file explorer > right click on "Downloads" folder and select "Properties"

In the new window select "Location" tab > clear the text field box and type in or copy/paste %userprofile%\Desktop > select "Apply" then "OK"

Be aware you are not changing the Browser download folder location, you are changing the user’s download directory location.....

Next,

Follow the instructions in the following link to show hidden files:

http://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/

Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


Let me see those logs...

Thank you,

Kevin..
Link to post
Share on other sites

I`m just checking through your logs, if Malwarebytes has found and removed Poweliks we need to see that log also run FRST again...

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs. "FRST.txt" and "Addition.txt"

 

 

Edited by kevinf80
Link to post
Share on other sites

Hi Kevin,

Well you should have no problem finding that log.  MB3 showed it in it's records as I was looking how to spell the name.

I'm not sure if that is the only problem I have or had, but from what I read online about it, it looks suspiciously suspect.

I wanted to mention that I have been scanning the computer almost hourly if not more trying to catch this thing.  the scan right before the one which showed it removed, was taking a long time and I found that it was stuck scanning on file no. 311 and the counter was not moving, but the timer was working.  I tried to reset etc to get MB3 back to where it would respond but it wouldn't in fact I think the entire computer stopped responding so I had to shut it down, it would not shut off so after a few minutes I forced it to shut down by holding down the on button.  

When it came back on I immediately updated MB3 and ran the scan that is when it showed that it had removed it.

 

FRST.txt

Addition.txt

Edited by Kurttb1
more info about actions right before MB3 showed it removed
Link to post
Share on other sites

Hi Kevin,

Well you should have no problem finding that log.  MB3 showed it in it's records as I was looking how to spell the name.

I'm not sure if that is the only problem I have or had, but from what I read online about it, it looks suspiciously suspect.

HERE is a screen shot of the Malwarebytes report

MB3 showing removal Quarantine of Trojan.Poweliks.B.JPG

Link to post
Share on other sites

Thanks for those logs, continue as follows:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Open Malwarebytes, select > "settings" > "protection tab"

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan Scan within Archives are both on.... Leave all other settings to default..

Go back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes deal with any found entries... Then select "Export Summary" then "Text File (*.txt)" name that log and save , you can copy or attach that to your reply...

Next,

Download AdwCleaner by Xplode onto your Desktop.
 
  • Double click on Adwcleaner.exe to run the tool.
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...


Next,

Download and save ESET Online scanner to your Desktop from the following Link:

http:/download.eset.com/special/eos/esetonlinescanner_enu.exe

Turn off the real-time scanner of any existing antivirus program before performing the online scan. Instructions here

Right click on user posted image and select "Run as Administrator"

In the new Window accept the terms of service

user posted image

In the new Window select "Enable detection of potentially unwanted applictions" then expand "Advanced Settings"

user posted image

In the new Window checkmark (tick) the entries as shown, make sure "Clean threats automatically" is not checkmarked. Now select "Scan"

user posted image

In the new Window new virus database signatures will download, Do Not Select Stop

user posted image

The Window will progress showing the scan in action....

user posted image

In the new Window if no threats are found, select "Delete applications data on close" then select "Finish" no log is produced, confirm that in your reply...

user posted image

If threats are found the following Window will open:

user posted image

Click on "Select All" then "Save to Text file" name and save that file, attach to your reply.

Now select "Do not clean" and then close out....

Let me see those logs in your next reply, also tell me if you have any remaining issues or concerns...

Thank you,

Kevin....

 

Fixlist.txt

Link to post
Share on other sites

Hi Kevin,  YES   I still have the  problem.   Please see the attached file picture with the future dated restore point of 01/05/2017 this was found after noticing my computer date had once again been moved up to a future date also 01/05/2017 in this picture I had moved the computer date back to the correct date of 01/04/2017.  So I still have the same issue I started out with even after going thru all these scans and even removing all the files which es|et found as potential issues.

Thank you for your continued support, Kurt      01/04/2017  10:17am

2017-0104 restore point created on 1-5 along with date change on computer.JPG

Link to post
Share on other sites
Download and save RogueKiller to your Desktop from this link:

https://www.fosshub.com/RogueKiller.html/setup.exe

Right click setup.exe and select Run as Administrator to start installing RogueKiller.

At the next window Checkmark "Install 32 and 64 bit versions, then select "Next"

user posted image

In the next window skip Licence I.D. and Licence Key, select "Next"

user posted image

In the next window make no changes and select "Next"

user posted image

In the next window leave both "Additional Shortcuts" checkmarked, then select "Next"

user posted image

In the next window make no changes and select "Install"

user posted image

RogueKiller will extract and complete installation, in the new window leave "Launch Roguekiller" checkmarked, then select finish.

user posted image

RogueKiller will launch. Accept UAC, then read and accept "User Agreements"

user posted image

In the new window the "Home" tab should already be selected, Change by selecting "Scan" tab, then select "Start Scan"

user posted image

When the scan completes select "Open Report"

user posted image

In the new Window select "Export text" name that file RK.txt, save to your Desktop and attach to your reply

user posted image

 

Link to post
Share on other sites

Having trouble accessing anything with computer I have had to restore with acronis 3x today trying to stay ahead but losing battle just noticed that it says my MB web and ransome ware protection if off but on the program screen inside it says it's on.   Also I am locked out of my documents and settings and any file I try to save on desktop disappears and who knows where it is going to.  I am having to try and redo all the things I did before if you think I should keep doing or trying to do those.  I will respond with more info soon, Kurt

Help ! !  P.S. RogueKiller would not save the text file in the desktop or else it is invisable and I don't know if I can get in to show hidden and all files now, will check maybe that is why I am not seeing them.. but I am seeing all the files saved from FRST.

Link to post
Share on other sites

Since I have had to restore from Acronis I am sure that some of the other scans have been affected.  Also need to find out why I am locked out of my Documents and Settings folder.   

 

Here is the latest FRST and Addition files  and if needed I will run the fix you sent again unless you think another one would be best.  K

FRST.txt

Addition.txt

Link to post
Share on other sites

I do not see any Malware or Infection in the FRST logs, what exactly do you believe to be wrong with your system...

The C:\Documents and Settings folder is what's called a Junction, it is not a real folder. This folder was used in previous versions (XP) to hold all of the users files. This location was changed in Windows 7 to  C:\Users\<YourUsername>\.

Thank you,

Kevin

 

 

Link to post
Share on other sites

Hi kevin,  

Ok so I have restored my computer using Acronis to immediately after MB3 said it had removed the "trojan.Poweliks.B" as mentioned above, 

  I have just now changed all of my network names and passwords.

I spend yesterday at the doctors with my son so have not been on the computer but a few hours this moring  and so far no date change,  I will keep you posted,

Thank you for your continued help.  Kurt

Edited by Kurttb1
I did want to know about the "windows.old" file in C: drive. also am crossing my fingers as I change from wired to wifi
Link to post
Share on other sites

Hi kevin,  

Finally got back on the computer this Saturday morning (1/7/2017)  and the date showing on the bottom right was (1/16/2017) ,  I immediately went to check the restore points and do not see any restore points which are listed as unusual or >>future dated<<.  Either this  (....name of issue)  is hiding or it has been at least slowed down to only a date changer which still affects some (or all) of my programs because when this happens MB3 ALWAYS shows it needs updating but as long as the date remains future dated will not show as (updated and current) ,  also it affects Norton Security and roboform.   Therefore the scenario is thus.... start computer,   notice date,  change date to current date, update MB3, update Norton .... manually input my roboform license info so it will show as activated.   Then I wait and hope for a windows update and  MB3 or NORTON to identify the culprit and fix this issue.   

Is there anyway to check windows from Farbar to make sure it is doing what it should to verify itself etc..??

 

So therefore,  Kevin,    I STILL HAVE A DATE CHANGER BUG but as of right now it has not created a future dated restore point.  If it continues with its previous behavior then sometime later this morning it will change the date again and then create a >future dated restore point which it will designate as a "critical update".   If so then I am exactly the same place I was when I started this thread.  

 

Will keep you posted or if you want me to run all those items again starting with adwcleaner etc.  then I can begin re-doing those. ??? Please inform, Thanks, Kurt  What I will do next time I notice the date is changed, I will AT THAT TIME , before I change the date back..., run FRST.

Link to post
Share on other sites

Hi kevin,  

Earlier today I did have another date change, this time rather than the 16th it was for Mon the 9th.   

1:54 PM ... I replaced the CMOS Battery,  I had to wiggle the battery to get it to make contact but then I was able to go to the set up menu and insert todays date and time.

I haven't turned the computer off and back on yet , so I am going to do that now.  Hope it boots back up.

Edited by Kurttb1
Computer rebooted without any problem so it must be keeping contact.
Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.


Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.