Jump to content

Recommended Posts

This is a brand new computer, though files were transferred over from my old one so I know it's possible something infected might've gotten in. That said, I also made some changes to my registry yesterday. Soooo not wanting to screw anything up - should these be removed or leave them alone?

 

alwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/16/2017
Scan Time: 2:29 AM
Logfile: log.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2017.03.16.01
Rootkit Database: v2017.03.11.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: mokiw

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 318711
Time Elapsed: 1 min, 57 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.Spigot, HKU\S-1-5-21-389903724-568362387-1990068967-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{A7504771-3EDD-4649-A234-D4C2AFCFAE4B}, , [5c55af1b23858bab0d3b27838f741ae6], 

Registry Values: 1
PUP.Optional.Spigot, HKU\S-1-5-21-389903724-568362387-1990068967-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{A7504771-3EDD-4649-A234-D4C2AFCFAE4B}|URL, http://imp.searchetg.com/impression.do?source=488335&sub_id=20170315&user_id=089da339-6b35-4730-884a-c967ff366b0b&traffic_source=Spigot&event=ro_inb_search&implementation_id=Vuze+Core&redir=https[5c55af1b23858bab0d3b27838f741ae6]AFFsearch.yahoo.comFsearch[5c55af1b23858bab0d3b27838f741ae6]Ffr[5c55af1b23858bab0d3b27838f741ae6]Dchr-greentree_ie%26ei[5c55af1b23858bab0d3b27838f741ae6]Dutf-8%26ilc[5c55af1b23858bab0d3b27838f741ae6]D12%26type[5c55af1b23858bab0d3b27838f741ae6]D488335%26p[5c55af1b23858bab0d3b27838f741ae6]D&st={searchTerms}, %4, %5

Registry Data: 1
PUP.Optional.Spigot, HKU\S-1-5-21-389903724-568362387-1990068967-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://imp.searchetg.com/impression.do?source=488335&sub_id=20170315&user_id=089da339-6b35-4730-884a-c967ff366b0b&traffic_source=Spigot&event=ro_homepage&implementation_id=Vuze+Core&redir=httpsBad: (http://imp.searchetg.com/impression.do?source=488335&sub_id=20170315&user_id=089da339-6b35-4730-884a-c967ff366b0b&traffic_source=Spigot&event=ro_homepage&implementation_id=Vuze+Core&redir=https%3A%2F%2Fsearch.yahoo.com%2F%3Ftype%3D488335%26fr%3Dspigot-yhp-ie),,[7938bc0ea206b284f0e940f338cc7b85]AGood: (www.google.com)FGood: (www.google.com)Fsearch.yahoo.comGood: (www.google.com)FBad: (http://imp.searchetg.com/impression.do?source=488335&sub_id=20170315&user_id=089da339-6b35-4730-884a-c967ff366b0b&traffic_source=Spigot&event=ro_homepage&implementation_id=Vuze+Core&redir=https%3A%2F%2Fsearch.yahoo.com%2F%3Ftype%3D488335%26fr%3Dspigot-yhp-ie),,[7938bc0ea206b284f0e940f338cc7b85]FtypeBad: (http://imp.searchetg.com/impression.do?source=488335&sub_id=20170315&user_id=089da339-6b35-4730-884a-c967ff366b0b&traffic_source=Spigot&event=ro_homepage&implementation_id=Vuze+Core&redir=https%3A%2F%2Fsearch.yahoo.com%2F%3Ftype%3D488335%26fr%3Dspigot-yhp-ie),,[7938bc0ea206b284f0e940f338cc7b85]D488335%26frBad: (http://imp.searchetg.com/impression.do?source=488335&sub_id=20170315&user_id=089da339-6b35-4730-884a-c967ff366b0b&traffic_source=Spigot&event=ro_homepage&implementation_id=Vuze+Core&redir=https%3A%2F%2Fsearch.yahoo.com%2F%3Ftype%3D488335%26fr%3Dspigot-yhp-ie),,[7938bc0ea206b284f0e940f338cc7b85]Dspigot-yhp-ie, %4, %5

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

Hello mokiwolf and welcome to Malwarebytes,

Spigot is adware and browser hijacker, anything related to spigot needs to removed from your system ASAP...... Continue with the following:

Clean install Malwarebytes from version 2 to version 3... (Your current licence will activate new version of Malwarebytes to current status)

Please download MBAM-clean and save it to your desktop.
 
  • Right-click on mbam-clean.exe icon and select user posted image Run as Administrator to start the tool.
  • It will ask you to reboot the machine - please do so.
  • Run the cleaner tool again, re-boot when complete. <<<---do not miss this step


If you have lost the activation licence key information it can be located here: http://www.cleverbridge.com/342/?scope=cusecolp

Download Malwarebytes version 3 from the following link:

https://www.malwarebytes.com/mwb-download/thankyou/

Double click on the installer and follow the prompts. If necessary select the Blue Help tab for video instructions....

When the install completes and is updated do the following:

Open Malwarebytes, select > "settings" > "protection tab"

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Go back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes deal with any found entries... Then select "Export Summary" then "Text File (*.txt)" name that log and save , you can copy or attach that to your reply...

Next,

Download AdwCleaner by Xplode onto your Desktop.
 
  • Double click on Adwcleaner.exe to run the tool.
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...


Next,

Please download Junkware Removal Tool to your desktop.
 
  • Shut down your protection software now to avoid potential conflicts. (re-enable when done)
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


Let me see those logs in your reply...

Thank you,

Kevin.....
Link to post
Share on other sites

Thanks for those logs mokiwolf, continue with the following:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

32 Bit version:
https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

64 Bit version:
https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en

Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window
In the "Scan Type" window, select Quick Scan
Perform a scan and Click Finish when the scan is done.

Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

notepad c:\windows\debug\mrt.log

The log will include log details for each time MSRT has run, we only need the most recent log by date and time....

Post those logs, also tell me if there are any remaining issues or concerns...

Thank you,

Kevin..

fixlist.txt

Link to post
Share on other sites

Excellent, continue with the following:

Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

If your security program alerts to Delfix either, accept the alert or turn your security off.

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:

 
  • Remove disinfection tools <----- this will remove tools we have used.
  • Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created.
  • Reset system settings <--- this will reset any system settings back to default that were changed either by us during cleansing or malware/infection


Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted…

Next,

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin... user posted image
Link to post
Share on other sites

  • Root Admin

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.