Jump to content

Malware.Exploit.Agent.Generic, , Blocked, [0], [-1],0.0.0


Recommended Posts

Hello,

Today when I started my PC I got this message just as Windows booted up:

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 5/16/17
Protection Event Time: 5:02 PM
Log File:
Administrator: Yes

-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.122
Update Package Version: 1.0.1946
License: Premium

-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: System

-Exploit Details-
File: 0
(No malicious items detected)

Exploit: 1
Malware.Exploit.Agent.Generic, , Blocked, [0], [-1],0.0.0

-Exploit Data-
Affected Application: Mozilla Firefox (and add-ons)
Protection Layer: Application Hardening
Protection Technique: Exploit blocked by Anti-HeapSpray Enforcement
File Name:
URL:

 

(end)

 

I also ran a Malwarebytes scan with rootkits enabled and a FRST scan with addition enabled.

Malwarebytes threat scan.txt

FRST.txt

Addition.txt

Link to post
Share on other sites

Hello Bodylotion and :welcome: Forums.

 

My screen name is Android8888 but if you wish you can call me Rui which is my real name. I will be helping you with your malware issues.

I'm going to ask you to wait while I analyze your logs.

Please ask questions if anything is unclear.

Thank you.

Rui

 

Link to post
Share on other sites

Hello Bodylotion.

That's great.

Anyway if you wish we can proceed with the following instructions and clean up some adware and leftovers.

I suggest printing out each set of instructions or copy them to a Notepad file and reading the entire post before proceeding. It will make following them easier.

Read all of my instructions very carefully and bear in mind that any mistakes during the cleaning process may have serious consequences such as leaving the computer unbootable.

Please DO NOT run any tools on your own or make any other changes to your computer and follow the directions in the order listed during the malware removal process, otherwise you can worsen the situation rather than solve it.

Make sure to run all tools from the computer's Desktop and with Administrator privileges (i.e. right-click the tool icon and select Run as administrator).

Please run one scan at a time.

Once started the malware removal process has to be completed. Even if your computer appears to be running better, it may still be infected as some infections are difficult to remove and can leave remnants on the System.


Going over your logs I noticed that you have Torrent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.


It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall Torrent, however that choice is up to you. If you choose to remove these programs, you can do so via right-click on Start > Control Panel > Programs and Features.
If you wish to keep it, please do not use it until your computer is cleaned.

 

I noticed that you have programs with suspicious behavior installed on your system and they can also contribute to install 3rd party unwanted software without your knowledge or consent. I'll ask you to uninstall them since uninstalling such programs before running malware removal tools will ensure a better clean-up.
Ace Stream Media 3.1.7
DAEMON Tools Lite
If you have an issue when uninstalling these programs, please let me know.


Next,

Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.

  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST64.exe executable is located); DO NOT open or modify that file!
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator;
  • Click on the Fix button;
    NYA5Cbr.png
    Credits: Aura
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
  • Please attach the fixlog.txt in your next reply;


Next,

  • Download Junkware Removal Tool (JRT) and move it to your Desktop;
  • Right-click on JRT.exe and select Spcusrh.pngRun as Administrator;
  • Press on any key to launch the scan and let it complete;
    tLsXbWy.png
    Credits: Bleeping Computer and Aura
  • Once the scan is complete, a log will open. Please attach that log in your next reply;


Next,

  • Download AdwCleaner and move it to your Desktop;
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator;
  • Accept the EULA (I accept), let the database update, then click on Scan;
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Cleaning button. This will kill all the active processes;
    MV5ejgW.png
    Credits: Aura
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it;
  • After the restart, a log will open when logging in. Please attach that log in your next reply;


Next,

Please download Sophos Virus Removal Tool and save it to your computer's Desktop.

  • Right-click the icon and select Run as administrator.
  • Click Yes to accept any security warnings that may appear.
  • Click the Next button.
  • Select 'I accept the terms in the license agreement', then click Next twice.
  • Click the Install button and wait until the installation is complete.
  • Click the Finish button. The tool created a shortcut icon on the Desktop of your computer.
  • Now, double-click the Sophos Virus Removal Tool shortcut icon to run the tool.
  • Click Yes to accept any security warnings that may appear.
  • After it updates and a "Start Scanning" button appears in the lower right:
    • Disconnect from the Internet or physically unplug your Internet cable connection.
    • Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
    • Temporarily disable your anti-virus and real-time anti-spyware protection.

  • Click the "Start Scanning" button in the lower right to start the scan.
  • After starting the scan, do not use the computer until the scan has completed.
  • When finished, if it detected anything there will be a "Start Clean-up" button, click it and allow it to finish.
  • When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.
  • If any threats are found click Details, then View Log file (bottom left-hand corner).
  • Copy and paste its contents in your next reply and note any errors encountered.
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup.
  • Click Exit to close the program.
  • If no threats were found, please confirm that result.


Note: Whenever necessary, the log will be in the following location:

C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs\SophosVirusRemovalTool.log


To summarize please attach in your next reply the following logs:
The fixlog.txt;
The JRT.txt log;
The AdwCleaner clean log;
Copy and paste the entire contents of the SVRT log.

Let me know how is the computer running at the moment.

Thank you.

Rui

 

fixlist.txt

Link to post
Share on other sites

Hello,

I did as all you said. The SVRT scan said my PC was clean.

A couple of questions, why is my addon BetterTTV removed? It's an addon for twitch.tv that I use a lot.

Why is Process Explorer unusable suddenly? It's still there but cannot execute it. Process explorer is a program developed by Microsoft that I like to use instead of task manager since I think it's way more useful.

PC runs fine, ran fine before this also.

 

Thank you.

Fixlog.txt

JRT.txt

AdwCleaner[S0].txt

Link to post
Share on other sites

Hello Bodylotion and thank you for the logs you provided.


The SVRT scan said my PC was clean.


Okay, this is good.


BetterTTV is considered potentially unwanted software. You can see more information about it here or here and here

However if you wish to get it back we can restore it.
Please proceed as follow:

Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.

  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST64.exe executable is located);
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator;
  • Click on the Fix button;
    NYA5Cbr.png
    Credits: Aura
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
  • Copy and paste its content in your next reply;


Please let me know how is the working now. Are BetterTTV extension and Process Explorer working well?

Are there any issues or concerns with your computer?

Thank you.

fixlist.txt

Link to post
Share on other sites

Now today when I start up firefox just after pc boot I get the same popup from malwarebytes again: Protection Technique: Exploit blocked by Anti-HeapSpray Enforcement. Firfox then closes on it's own. I start it up again and firefox starts up normally without closing.

Edited by Bodylotion
Link to post
Share on other sites

Hello Bodylotion.

According to the information in the Malwarebytes log:

Affected Application: Mozilla Firefox (and add-ons)


The affected application is Mozilla Firefox and add-ons so it is likely that the BetterTTV add-on is the culprit because I do not see in your logs other add-ons or signs of malicious programs installed that can cause this.

I would ask you to test Mozilla Firefox without the add-on BetterTTV installed and see if the problem persists.

Please keep me posted with any update that can happen.

Thank you.

Rui

Link to post
Share on other sites

Hello Bodylotion.

If all is running well with your computer, you can delete the tools and the logs created by them.

The best way to do it is using the DelFix application. This little program deletes the tools and the logs created by them and then is deleted by itself.

Please follow the instructions below to download and execute DelFix.

  • Download DelFix and move the executable to your Desktop;
  • Right-click on DelFix.exe and select Run as Administrator;
  • Check the following option:
    • Remove disinfection tools (this option will remove the tools used in the cleaning process).
  • Once the option mentioned above is checked, click on Run;
  • After DelFix is done running, a log will open in a Notepad file (DelFix.txt). Please close it.
  • Now go to C:\ and delete the file DelFix.txt.

Are there any questions, issues or concerns?

Link to post
Share on other sites

It did not remove sophos so I guess I uninstall that manually.

Got the Protection Technique: Exploit blocked by Anti-HeapSpray today again with BetterTTV not installed in Firefox. I only ever get this popup from Malwarebytes the first time I start Firefox after a Windows boot, never again after that until maybe the next boot, but not always. Guess it's an other addon. Doubt it's Adblock Plus or NoScript.

Edited by Bodylotion
Link to post
Share on other sites

Yes you can remove Sophos manually by going to Programs and Features.


Probably the Ace Stream plugin. Ace Stream is also considered a PUP (Potentially Unwanted Program).

Try to uninstall the Ace Stream Extension / Plugin and test it for several days to see if the message persists.

If the problem remains, try to do a clean install of Mozilla Firefox.

First you need to save / backup your Bookmarks:
Open Mozilla Firefox;
Click on Bookmarks menu;
Select Show all bookmarks;
Click Import and Backup and select Backup;
Chose where you want to save the file and click the Save button.


Now use the following program (Revo Uninstaller) to completely remove Mozilla Firefox from your computer. This program is free and will completely remove Firefox and all the leftovers from it.

Please download and install the free version of Revo Uninstaller
Right-click on the icon of Revo Uninstaller and select Run as administrator to run the tool.
Click Yes to accept the User Account Control security warning that may appear.
Select Mozilla Firefox and click Uninstall. Follow the instructions to complete the removal process.
In 'Search Mode' set it to 'Advanced' and click on the Scan button. The tool will search for leftovers.
Click on Delete and then click Next. You may have to repeat this to delete all the leftovers (Registry items, files and folders).
Click on the Finish button.
Restart the computer.


Now go here download a new copy of Mozilla Firefox and install it on your computer.

Restore your bookmarks file:
How to Restore bookmarks

Test the computer for several days and see if the problem remains.

Please keep me posted.

Thank you.

Edited by Android8888
Link to post
Share on other sites

Hello.

 

17 hours ago, Bodylotion said:

Ace stream plugin you already removed with FRST a couple of days ago, I don't have it installed anymore.

You're right. I did not noticed that.

 

17 hours ago, Bodylotion said:

I'll test for a few days.

Okay, I'll wait for the results.

Thank you.

Link to post
Share on other sites

Hello Bodylotion.

I am very sorry for the late reply.

I have been checking your problem and I don't think the issue that you are having with Malwarebytes is malware related.

If you are still having those messages from Malwarebytes I would suggest you perform a clean removal and reinstall of Malwarebytes to see if that can solve the problem.

To do that please read the instructions below and make a clean removal and reinstall of Malwarebytes version 3.

Download MBAM-clean and save it to your computer Desktop.
 
Right-click on mbam-clean.exe icon and select Run as administrator to start the tool.
It will ask you to reboot the machine - please do so.
Run the MBAM-clean tool again and reboot when complete. << DO NOT miss this step.

If you have lost the activation license key information it can be located here

Download Malwarebytes version 3.1.2.1733 from here and save it to your Desktop or anywhere else on your system since you know where is located.

Now double click on the installer and follow the prompts to install the program. If necessary select the Blue Help tab for video instructions.

When the install completes and the database is updated please restart the computer and test it for several hours to see if the issue remains.

Please keep me posted and let me know how you get on.

Thank you.

Rui

Link to post
Share on other sites

  • 4 weeks later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.