Jump to content

Recommended Posts

I went to the shop for 5 minutes and came back to about 5 programs installed and my google homepage changed.

I cant even launch malwarebytes. It tells my an administrator has blocked running this app.

Dont have a clue what to do im trying to do this atm and its telling me that 4 malware has been found

 

Link to post
Share on other sites

Its not a family member that did this if thats what you mean, the virus or whatever made its own account and made its self admin, and now im not in charge

I also cannot open windows defender, it tells me its disabled in group policy, this has happend before.

Link to post
Share on other sites

Hello Stephen720 and :welcome: Forums.

My screen name is Android8888 but if you wish you can call me Rui which is my real name. I will be helping you with your malware issues. Please ask questions if anything is unclear.

I suggest printing out each set of instructions or copy them to a Notepad file and reading the entire post before proceeding. It will make following them easier.

Read all of my instructions very carefully and bear in mind that any mistakes during the cleaning process may have serious consequences such as leaving the computer unbootable.

Please DO NOT run any tools on your own or make any other changes to your computer and follow the directions in the order listed during the malware removal process, otherwise you can worsen the situation rather than solve it.

Make sure to run all tools from the computer's Desktop and with Administrator privileges (i.e. right-click the tool icon and select Run as administrator).

Please run one scan at a time.

Once started the malware removal process has to be completed. Even if your computer appears to be running better, it may still be infected as some infections are difficult to remove and can leave remnants on the System.


That being said please proceed as follow:


Going over your logs I noticed that you have Torrent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.


It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall Torrent, however that choice is up to you. If you choose to remove these programs, you can do so via right-click on Start > Control Panel > Programs and Features
If you wish to keep it, please do not use it until your computer is cleaned.

 

Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.

  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located); DO NOT open or modify that file!
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Click on the Fix button;
    NYA5Cbr.png
    Credits: Aura
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
  • Please attach the fixlog.txt in your next reply;


Next,

Please download Malwarebytes Anti-Rootkit BETA and save it to your Desktop.

  • Right-click on the icon and select Run as administrator to start the extraction of the program;
  • Click Yes to accept the security warning that may appear;
  • Click OK to extract it to your Desktop (MBAR will be launched shortly after the extraction);
  • Click on Next, and then on the Update button to let it update its database. Once the database has been successfully updated, click on Next;
  • Make sure all the checkboxes are checked, then click on the Scan button, and let it completes its scan (this can take a while);
  • Once the scan is done, if threats are found, make sure that every item is checked, and click on the Cleanup button (a reboot might be required);
  • After that (and the reboot, if one was required), go back in the mbar folder and look for a text file called mbar-log-TODAY'S-DATE.txt;
  • Please attach that log in your next reply;


Please attach those logs in your next reply for my review and let me know how is the computer running at this point.

fixlist.txt

Link to post
Share on other sites

Hello Rui, I did a system reset so I dont have any threats anymore.

However, could you give me some tips on how to avoid viruses and things like that,

And could you name some programs to use to help keep my system clean and speedy.

Thanks

Edit: Someone told me to avoid using peer to peer as it is often used to spread malicious files.

And is it ok to use uTorrent and visit torrent sites?

Edited by Stephen720
Link to post
Share on other sites

Hello Stephen720.

I haven't forgotten you. I apologize for the delay but I have been very busy.

I'm glad to hear that you solved the problem by yourself.


Edit: Someone told me to avoid using peer to peer as it is often used to spread malicious files.

Yes that's true. What appears to be easy to get is not worth the risk that is associated with.

 

And is it ok to use uTorrent and visit torrent sites?

Not really.

In many cases P2P programs also represent a risk of infection from the program itself, as some have installed adware/spyware, or other programs without consent. Even if the program itself is clean, many P2P networks are riddled with malware, and it's often the newest, most difficult to remove malware. There are many risks associated with P2P programs, none are worth the risks. If you don't uninstall the P2P software, we will continue to clean your system, but realize that it's likely only a matter of time before you are infected again.

Peer-to-peer (P2P) programs represent a security threat to the information on your system as they allow others to access your system. Please read these short reports on the dangers of peer-to-peer programs and file sharing.
http://www.computerworld.com/article/2531271/security0/classified-data-on-president-s-helicopter-leaked-via-p2p--found-on-iranian-computer.html
Risks of File-Sharing Technology


For slow computer issues please consider reading the information in the following links:
Help! My computer is slow!
Slow Computer/browser? Check Here First - It May Not Be Malware
Is your PC running slow?


To help keep malware off your system below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please consider using these ideas to help secure your computer.

Keep your Windows Operating System and Antivirus up-to-date.

Most malware exploits the gaps and security vulnerabilities of the Operating System and programs to infect your computer. A good example of this was the "WannaCry" ransomware attack on a global scale on 12 May 2017.


Please note: Many installer offer third-party downloads that are installed automatically when you do not uncheck certain checkboxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser.

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:
Malwarebytes
Keep Malwarebytes Anti-Malware (MBAM) update and perform a regular scan to your system as it will make it harder for malware to reside on your computer.
A tutorial on using MBAM can be found here and a complete guide here

Please Note: Only the paid for version has real time capabilities. Please Note: Only the paid for version has real time capabilities. Please go here and scroll down to find a comparison list of the two versions.

A free non-resident utility to prevent the installation of ActiveX-based malware is JavaCool's SpywareBlaster, available here

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, DO NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure.

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Another most feared threat at the moment is an infection by a Ransomware. A Ransomware infection is a program that ransoms the data or functionality of your computer until you perform an action. This action is typically to pay a ransom in the form of Bitcoins or another payment method. I advise you to read more info on this terrible threat here and here.

Please keep your programs up to date. This applies to Adobe Flash Player, Adobe Reader, Java and all your Internet Browsers in particular. Vulnerabilities in these programs are often exploited in order to install malware on your PC.

Run a program like Personal Software Inspector (PSI) or FileHippo Update Checker to see what programs need to be updated.

Be careful with flash drives, as they can spread infections. See this post on USB/flash drive safety.

Stay away from P2P software; even with a clean P2P program, their networks are often riddled with malware.

Don't click on attachments or links in e-mail, and read your e-mail in text-only mode for the highest safety.

Don't click on links received in instant message programs.

A HOSTS file will prevent Internet Explorer from communicating with sites known to be associated with adware or spyware. A good regularly updated HOST file is MVPS HOSTS File, available here

For much more useful and complete information, please read the following links to fully understand PC Security and Best Practices:
So how did I get infected in the first place
Answers to common security questions - Best Practices

Hopefully these steps will help to keep you error and malware free. If you run into more difficulty, we will certainly do what we can to help.

Happy surfing and stay safe. default_cool.png

Android8888

Link to post
Share on other sites

Ok I'll read through it. Windows defender told me it found a trojan last night after the windows reset so i think the virus is still on the hard drive.

Btw the only programs i installed are things like steam discord mozilla and programs like that

Edited by Stephen720
Link to post
Share on other sites

Hello Stephen720.

 

3 hours ago, Stephen720 said:

Windows defender told me it found a trojan last night after the windows reset so i think the virus is still on the hard drive.

If you restore your computer to factory settings from scratch (wiping all the files), it is likely that any infection, if it existed, has been removed from the computer.
If you restore your computer to factory settings keeping your files, then there is the possibility that traces of infection can remain in your system.

If you want to make sure that the system is clean just let me know and we can scan your system to find malware.

Thank you.

Link to post
Share on other sites

Yeah i only reset the os.

I feel kind stupid that i didnt even think about that, the viruses have probably been there for quite a while and just didnt get found by defender.

I dont really know how viruses hide themselves and where they hide themselves, i thought they were in the os drive i didnt even think about other drives in the system

I would like to make sure the system is clean and safe and also get rid of this login bug sort of thing that I have if you wouldnt mine with helping with that too :) thank you

Link to post
Share on other sites

Hello Stephen720.

The infections can hide in many different parts of the System (in the Registry and files of the Operating System, Memory modules, Processes, Browsers, etc.). Your computer can be infected in many ways: by opening an e-mail with malicious attachment, navigating on certain websites with purpose and malicious contents, even without downloading files. Peer-to-peer websites and programs are also one of the best ways to get infected.

Let's start performing a scan with FRST to see what it can find in your System.

Follow the instructions below to download and execute a scan on your system with FRST, and provide the logs in your next reply.

  • Download the right version of FRST for your system:
    • FRST 32-bit
    • FRST 64-bit
      Note: Only the right version will run on your system, the other will throw an error message. So if you don't know what your system's version is, simply download both of them, and the one that works is the one you should be using.
  • Move the executable (FRST.exe or FRST64.exe) on your Desktop;
  • Right-click on the executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds;
  • Make sure the Addition.txt box is checked;
  • Click on the Scan button;
    KSJwAxg.png
    Credits: Aura
  • On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files;
  • Please attach both FRST.txt and Addition.txt files in your next reply for my review and wait for further instructions.

Thank you.

Rui

Link to post
Share on other sites

Hello Stephen720.

I do not see evidences of malware in your logs. I will ask you to run a fix with FRST only for tidy up. However FRST does not detect everything malicious so please run the following scans with AdwCleaner, Malwarebytes and ESET and post the logs for my review.

Please proceed as follow:

Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.

  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST64.exe executable is located); DO NOT open or modify that file!
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator;
  • Click on the Fix button;
    NYA5Cbr.png
    Credits: Aura
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
  • Please attach the fixlog.txt in your next reply;


Next,

  • Download AdwCleaner and move it to your Desktop;
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator;
  • Accept the EULA (I accept), let the database update, then click on Scan;
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Cleaning button. This will kill all the active processes;
    MV5ejgW.png
    Credits: Aura
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it;
  • After the restart, a log will open when logging in. Please attach that log in your next reply;


Next,

  • Open Malwarebytes;
  • On the left pane select Settings;
  • Select the Protection tab;
  • Scroll down to Scan Options and ensure Scan for Rootkits and Scan within Archives are both on and leave all other settings to default.
  • Go back to DashBoard and select the blue Scan Now tab; Note: The scan may take some time to finish, so please be patient.
  • When the scan completes if potential threats are detected, ensure to checkmark all the listed items, and click the Quarantine Selectedbutton.
  • While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), give it a name and save it to your Desktop.
  • The log can also be viewed by clicking the log to select it, then clicking the View Report button.
  • Please attach the log in your next reply.


Next,

Please scan your computer with ESET Online Scanner. This is a very thorough and complete scan and may take some time consuming but it's worth it to run it so please be patient.

  • Click on this link to open ESET Online Scanner in a new window.
    1. Click on the Scan Now button to download the esetonlinescanner_enu.exe file. Save it to your Desktop.
    2. Close all your programs and browsers and disconnect any USB flash drives from the computer.
    3. Please disable your antivirus program to avoid potential conflicts, improve the performance and speed up the scan.
    4. Double click on esetonlinescanner_enu.exe to start ESET Online Scanner. It will open a window with the Terms of Use.

  • Check mark Download latest version of ESET Online Scanner and click the Accept button.
  • Click Yes to accept any security warnings that may appear.
  • Under Computer scan settings, check mark Enable detection of potentially unwanted applications.
  • Then click Advanced settings and check mark the following options:
    • Enable detection of potentially unsafe applications
    • Clean threats automatically
  • Click the Scan button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats.
  • Click Export, and save the file to your Desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.


Note: If nothing is found, it will not produce a log.

Please re-enable your antivirus program.


To summarize, in your next reply please attach:
The fixlog.txt;
The AdwCleaner clean log;
The Malwarebytes log;
The ESET log (if it produced one).


Please tell me how is the computer running at this point.
Can you describe in detail what problem are you having with the log in?

Thank you.

Rui

fixlist.txt

Link to post
Share on other sites

HI

The windows login thing was just when I booted I didnt want to have to type my password, so I selected the option in netplwiz to not have to but it didnt work, I still had to log in manually, but i turned it off and back on and it seems to be fine.

The computer is running fine at the moment

The logs are below

ESETScan.txt

Fixlog.txt

AdwCleaner[C0].txt

Malwarebytes Log.txt

Link to post
Share on other sites

Hello.


Thank you for the logs. I'm glad to hear that your computer is running well.

Malwarebytes found nothing, AdwCleaner and ESET removed a few threats but they were just PUP (Potentially Unwanted Programs) so it's not considered malware by itself.

I can say that your computer appears to be clean and free of malware.


Now download, install and run a scan with a program like Personal Software Inspector (PSI) or FileHippo Update Checker to see what programs need to be updated.

Please continue reading the recommendations in my post ID:7 and try to keep your computer protected.

Are there any issues or concerns with the computer?

Link to post
Share on other sites

Thats good.

I tried to install PSI and got an error the first time but tried to use it anyway but it just wont open so i reinstalled it and it didnt give me the error but still wont open.

I will try FileHippo Update Checker

I will read through that earlier post

And I think everything is fine and dandy now with the computer

Link to post
Share on other sites

  • 4 weeks later...
  • Root Admin

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.