Jump to content

Suspected Malware Infection - Chrome Home Back Incorrect - Errors when installing a game from Steam etc


Recommended Posts

My Dad is experiencing problems with his laptop, so I am helping him out. You guys have helped me loads in the past with my previous malware infections.

He has a laptop running Windows 10 (Recent MS Upgrade from 7)

A few weeks ago he clicked a bad link on facebook ( a fake news story ), and he had a series of popups which disabled his laptop. In these popup there were ransom demands etc. Instinctively he pulled the plug on the router to stop the internet connection and shut down his laptop, after hearing so much about ransom demands corrupting your pc.

He then turned the laptop back on and it appeared to work fine. Since then, his laptop is working however there are a few problems starting to show which I think may be linked to this malware attack he had.

He has recently purchased a game, which requires Steam to run. When Steam tries to install Direct X it gives an error message and code. After researching this code it is linked to corrupted system files. When we looked further we found that he may have an infection called shopperz? We also found out that there are many duplicated of the directx files, where there should not be. We found out this from running System File Check Tool from Microsoft.

I have also notice that the Chrome home page has been changed to some random google lookalike page, when opened Malwarebytes says Malicious Website Blocked. Domain anx.mindspark.com. IP 74.113.233.192. Port 55503. Type Outbound. Processes Application\chrome.exe.

That is where we are now, so I am looking to you guys for some help with this please. Attached are the logs from Farbar Recovery Scan Tool, as instructed. We have previously run Malware bytes. It found something once, but has been showing clean since.

In order to run Farbar I had to shut down Bullguard Antivirus and Firewall, hence why it may show as off on the logs.

Many Thanks,
Louis

Addition.txt

FRST.txt

Link to post
Share on other sites

Hello Louis and welcome to Malwarebytes,

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Please download MBAM-clean and save it to your desktop.
 
  • Right-click on mbam-clean.exe icon and select user posted image Run as Administrator to start the tool.
  • It will ask you to reboot the machine - please do so.
  • Run the cleaner tool again, re-boot when complete. <<<---do not miss this step


If you have lost the activation licence key information it can be located here: http://www.cleverbridge.com/342/?scope=cusecolp

Download Malwarebytes version 3 from the following link:

https://www.malwarebytes.com/mwb-download/thankyou/

Double click on the installer and follow the prompts. If necessary select the Blue Help tab for video instructions....

When the install completes and is updated do the following:

Open Malwarebytes, select > "settings" > "protection tab"

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Go back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes deal with any found entries... Then select "Export Summary" then "Text File (*.txt)" name that log and save , you can copy or attach that to your reply...

Next,

Download AdwCleaner by Xplode onto your Desktop.
 
  • Double click on Adwcleaner.exe to run the tool.
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...


Next,

Download and save ESET Online scanner to your Desktop from the following Link:

http:/download.eset.com/special/eos/esetonlinescanner_enu.exe

Turn off the real-time scanner of any existing antivirus program before performing the online scan. Here's how

Right click on user posted image and select "Run as Administrator"

In the new Window accept the terms of service

user posted image

In the new Window select "Enable detection of potentially unwanted applictions" then expand "Advanced Settings"

user posted image

In the new Window checkmark (tick) the entries as shown, make sure "Clean threats automatically" is not checkmarked. Now select "Scan"

user posted image

In the new Window new virus database signatures will download, Do Not Select Stop

user posted image

The Window will progress showing the scan in action....

user posted image

In the new Window if no threats are found, select "Delete applications data on close" then select "Finish" no log is produced, confirm that in your reply...

user posted image

If threats are found the following Window will open:

user posted image

Click on "Select All" then "Save to Text file" name and save that file, attach to your reply.

Now select "Do not clean" and then close out....

Let me see those logs in your reply. also tell me if there are any remaining issues or concerns...

Thank you,

Kevin....

 

Fixlist.txt

Link to post
Share on other sites

Hi Kevin,

Thanks for the help so far. Sorry it has taken so long to come back to you, the scans took a long time as the laptop is running slowly. One took overnight!

I have attached the logs you requested. The only difference I can see now is that Chrome has been removed? I am now posting from Internet Explorer.

Look forward to hearing your thoughts, and much appreciating your help.

Fixlog.txt

MB Scan 06-01-17.txt

AdwCleaner[C0].txt

ESET Threats Found.txt

Link to post
Share on other sites

Select "Search" type or copy/paste dxdiag into the search text field, hit enter. The DirectX diagnostic tool will open with "System" option selected... That will show which version you have, should be 12...

From the tool bar select in turn Display, Sound 1, Sound 2, and finally Input.

As each option is selected look to the text field under "Notes" that should list if there are any problems..... what feedback do you get..?

 

 

Link to post
Share on other sites

Thank you for the reply and update, if no remaining issues or concerns run the following to clean up:

Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

If your security program alerts to Delfix either, accept the alert or turn your security off.

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:

 
  • Remove disinfection tools <----- this will remove tools we have used.
  • Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created.
  • Reset system settings <--- this will reset any system settings back to default that were changed either by us during cleansing or malware/infection


Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted…

Next,

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin... user posted image

 

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.