Jump to content

PUP.Optional.InstallCore


Recommended Posts

  • Root Admin

Hello @mkrudyh and :welcome:

 

Please restart the computer first and then run the following steps and post back the logs when ready.

STEP 01
Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus

STEP 02

 

 

adwcleaner_new.png Fix with AdwCleaner

 

Please download AdwCleaner by Xplode and save the file to your Desktop.

  • Right-click on adwcleaner_new.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the Terms of use.
  • Wait until the database is updated.
  • Click Scan.
  • When finished, please click Clean.
  • Your PC should reboot now.
  • After reboot, logfile will be opened. Copy its content into your next reply.

Note: Reports will be saved in your system partition, usually at C:\Adwcleaner

STEP 03
Download Sophos Free Virus Removal Tool and save it to your desktop.
 

  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View Log file (bottom left-hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
  • If no threats were found, please confirm that result.

STEP 04
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here.
  • Please attach the Additions.txt log to your reply as well.

 

Thanks

Link to post
Share on other sites

  • 2 weeks later...

I'm so sorry for late reply on this topic.. I already sign out my old isp. And also format my pic to new again from win 10 to 7. But I still got a notebook vaio with the same symptoms or might be more worse... I suspect someone monitoring me... I hope not.... do you mind to help me on this machine... 

Link to post
Share on other sites

i still download all those file... just in case its a false scan... or something... i will attached the result:

i scan with virustotal for adwcleaner frst, sophos, farba and all of it contain virus... samething with mbam....

 

result for sophos scan is clean.. no virus at all

 

 

   
     
     
     

FRST.txt

Addition.txt

AdwCleaner[C0].txt

JRT.txt

Link to post
Share on other sites

  • Root Admin

Not sure what the second images says as it appears to possibly not be English. The others appear to be correct. We use Amazon Web Services to host our ISP forum software and that is a signed certificate from them.

On the other machine - the laptop. Please go into Control Panel, Programs, Add/Remove and uninstall ALL versions of Java. You're running old, compromised versions of Java.

What are these files? These don't appear to be normal files. Can you open one of them with Notepad or attach one of them so I can look at it?

 

2017-06-09 03:54 - 2017-06-09 03:54 - 00000156 _____ C:\WINDOWS\system32\netcfg-1236359.txt
2017-06-09 03:49 - 2017-06-09 03:50 - 00000156 _____ C:\WINDOWS\system32\netcfg-951218.txt
2017-06-09 03:44 - 2017-06-09 03:46 - 00004851 _____ C:\WINDOWS\system32\netcfg-677203.txt
2017-06-09 03:44 - 2017-06-09 03:44 - 00000156 _____ C:\WINDOWS\system32\netcfg-639531.txt
2017-06-09 03:35 - 2017-06-09 03:35 - 00001139 _____ C:\WINDOWS\system32\netcfg-126312.txt
2017-06-09 03:35 - 2017-06-09 03:35 - 00001135 _____ C:\WINDOWS\system32\netcfg-120734.txt
2017-06-09 02:51 - 2017-06-09 02:51 - 00001158 _____ C:\WINDOWS\system32\netcfg-529071062.txt
2017-06-09 02:50 - 2017-06-09 02:50 - 00000131 _____ C:\WINDOWS\system32\netcfg-529027125.txt
2017-06-05 22:56 - 2017-06-05 22:56 - 00001101 _____ C:\WINDOWS\system32\netcfg-255781437.txt
2017-06-05 22:56 - 2017-06-05 22:56 - 00000162 _____ C:\WINDOWS\system32\netcfg-255782453.txt
2017-06-05 21:39 - 2017-06-05 21:39 - 00000142 _____ C:\WINDOWS\system32\netcfg-251181234.txt
2017-06-05 21:39 - 2017-06-05 21:39 - 00000142 _____ C:\WINDOWS\system32\netcfg-251180968.txt
2017-06-05 21:37 - 2017-06-05 21:37 - 00001101 _____ C:\WINDOWS\system32\netcfg-251071031.txt
2017-06-05 21:37 - 2017-06-05 21:37 - 00000162 _____ C:\WINDOWS\system32\netcfg-251084171.txt
2017-06-05 20:10 - 2017-06-05 20:10 - 00000136 _____ C:\WINDOWS\system32\netcfg-245855312.txt
2017-06-05 20:10 - 2017-06-05 20:10 - 00000136 _____ C:\WINDOWS\system32\netcfg-245849046.txt
2017-06-05 20:01 - 2017-06-05 20:01 - 00001101 _____ C:\WINDOWS\system32\netcfg-245330125.txt
2017-06-05 20:01 - 2017-06-05 20:01 - 00001075 _____ C:\WINDOWS\system32\netcfg-245338093.txt
2017-06-05 20:01 - 2017-06-05 20:01 - 00000162 _____ C:\WINDOWS\system32\netcfg-245338546.txt
2017-06-05 19:49 - 2017-06-05 19:49 - 00000136 _____ C:\WINDOWS\system32\netcfg-244578296.txt
2017-06-05 19:39 - 2017-06-05 19:39 - 00000136 _____ C:\WINDOWS\system32\netcfg-243974250.txt
2017-06-05 19:20 - 2017-06-05 19:20 - 00000142 _____ C:\WINDOWS\system32\netcfg-242869718.txt
2017-06-05 19:20 - 2017-06-05 19:20 - 00000142 _____ C:\WINDOWS\system32\netcfg-242868859.txt
2017-06-02 23:26 - 2017-06-02 23:26 - 00000117 _____ C:\WINDOWS\system32\netcfg-70066468.txt
2017-06-02 23:26 - 2017-06-02 23:26 - 00000117 _____ C:\WINDOWS\system32\netcfg-70059734.txt
2017-06-02 23:20 - 2017-06-02 23:20 - 00000117 _____ C:\WINDOWS\system32\netcfg-69707390.txt
2017-06-02 22:53 - 2017-06-02 22:53 - 00000117 _____ C:\WINDOWS\system32\netcfg-68073093.txt
2017-06-02 22:53 - 2017-06-02 22:53 - 00000117 _____ C:\WINDOWS\system32\netcfg-68070078.txt
2017-06-02 22:51 - 2017-06-02 22:51 - 00000117 _____ C:\WINDOWS\system32\netcfg-67970734.txt
2017-06-02 22:51 - 2017-06-02 22:51 - 00000117 _____ C:\WINDOWS\system32\netcfg-67968046.txt
2017-06-02 22:51 - 2017-06-02 22:51 - 00000117 _____ C:\WINDOWS\system32\netcfg-67942328.txt
 

On the surface the laptop does not appear to really be infected. It may or may not be working well, but no real obvious nasty infections on it.

Let's go ahead and use a secondary antivirus scanning tool to confirm if it can find any infections. Please temporarily disable your current antivirus and run this scanner from Kaspersky and post back the log.

 

Please download and run the following tool to remove any found threats

Kaspersky Virus Removal Tool

Thanks

Ron

 

Link to post
Share on other sites

hello there

here are the txt

and kaspersky scan are clean.. no virus

actually i just wanna make sure... did someone monitoring me or not... this notebook... barely no virus... but always acting strange to me... its not an usual to me...

and also for my win 7 fresh clean ,, also prblem with dns.. :( .. well i might focus on notebook... thank you very much sir..

 

netcfg-1236359.txt

netcfg-67942328.txt

netcfg-245330125.txt

netcfg-529071062.txt

Link to post
Share on other sites

  • Root Admin

Looks to be a company that works with network drivers and installers for acceleration. Could be normal files.

https://www.riverbed.com/products/steelhead/index.html

In order to control a computer remotely, you need some type connection or entry point. I'm not seeing anything out of the ordinary or any real infection aside from those netcfg files.

Unless there is something else, just don't see any obvious issues with the system.

Ron

 

Link to post
Share on other sites

Do u think, they can remote all gadget that connect to this network? 

I have no idea about this thing. Im just a regular basis person using wifi and do some normal stuff... why would they want to remote all my gadget... and also im waiting for apple to give me some conclusions also.. 

 

would you help me ron.. what should i do next?

Link to post
Share on other sites

  • Root Admin

I don't see much real evidence that anyone is doing any remote control of your system.

We can check a few other things though.

Let me have you run the following for me.

Please download MiniToolBox save it to your desktop and run it.

Checkmark the following check-boxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files


Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using Reset FF Proxy Settings option Firefox should be closed.

 

These are the only listed Accounts on the computer. So unless someone were to have your password they would not be able to get on and do anything as only your account is enabled with Admin rights. Another sign that no one is attacking your computer or remote controlling it. One needs an account with Admin rights in order to do much.

Administrator (S-1-5-21-3430082619-1061388780-1109021309-500 - Administrator - Disabled)
Guest (S-1-5-21-3430082619-1061388780-1109021309-501 - Limited - Disabled)
john (S-1-5-21-3430082619-1061388780-1109021309-1002 - Administrator - Enabled) => C:\Users\john
UpdatusUser (S-1-5-21-3430082619-1061388780-1109021309-1001 - Limited - Enabled) => C:\Users\UpdatusUser

 

 

NEXT:

Start an elevated Command Prompt and type in the following exactly. It will create a text file on your Desktop named:  MyScheduledTasks.txt
Please post that file back as an attachment.

SCHTASKS /Query /FO LIST /V >"%USERPROFILE%\Desktop\MyScheduledTasks.txt"

 

 

NEXT:

Click on START - RUN and copy/paste the contents of the bold text below into the run box and hit OK

CMD /C DRIVERQUERY /FO TABLE /SI >"%USERPROFILE%\Desktop\DriversSigned.txt

Click on START - RUN and copy/paste the contents of the bold text below into the run box and hit OK

CMD /C driverquery.exe /FO TABLE /v >"%USERPROFILE%\Desktop\DriversGeneral.txt"

Then ATTACH the files from your Desktop named: DriversSigned.txt and DriversGeneral.txt  to your next reply please.

 

To also ensure that all the Operating System files are valid and from Microsoft

Please visit the following links on how to use the SFC tool to check and repair invalid Windows system files.

Using System File Checker (SFC) To Fix Issues
http://blogs.technet.com/askcore/archive/2007/12/18/using-system-file-checker-sfc-to-fix-issues.aspx

How to Repair Windows 7 System Files with System File Checker


System file check (SFC) Scan and Repair System Files & DISM to fix things SFC cannot
http://answers.microsoft.com/en-us/windows/wiki/windows_10-update/system-file-check-sfc-scan-and-repair-system-files/bc609315-da1f-4775-812c-695b60477a93


Thank you

Ron

 

Link to post
Share on other sites

  • Root Admin

Aside from some driver crashes and possibly broken Windows Search the logs all look ok. The network stack is local and don't see any maps in or out to unknown resources.

Our software is not finding an issue, FRST is not showing an infection, Kaspersky did not find anything either.

Please run a new Threat Scan with Malwarebytes and post back that new log.

Thanks

Ron

 

Link to post
Share on other sites

i see.. thanks ron... i scan with mbam... looks good also.. nothing to find.. i guess my notebook save.. or i might didnt use the same connection like i use to..

anyway thank you very much ron for helping me.. so glad being a premium user... :)

cheers

Link to post
Share on other sites

  • Root Admin

At this time there are no more signs of an infection on your system.
However if you are still seeing any signs of an infection please let me know.

Let's go ahead and remove the tools and logs we've used during this process.

Most of the tools used are potentially dangerous to use unsupervised or if ran at the wrong time.
They are often updated daily so if you went to use them again in the future they would be outdated anyways.

The following procedures will implement some cleanup procedures to remove these tools.
 
bwebb7v.jpgDownload Delfix from here and save it to your desktop. (you may already have this)

  • Ensure Remove disinfection tools is checked.
  • Click the Run button.
  • Reboot


Any other programs or logs that are still remaining, you can manually delete. (right click.....Delete)
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall.


 
If there are any other left over Folders, Files, Logs then you can delete them on your own.
 
Please visit the following link to see how to delete old System Restore Points. Please delete all of them and create a new one at this time.
How to Delete System Protection Restore Points in Windows 7 and Windows 8

Remove all but the most recent Restore Point on Windows XP


As Java seems to get exploited on a regular basis I advise not using Java if possible but to at least disable java in your web browsers
How do I disable Java in my web browser? - Disable Java

A lot of reading here but if you take the time to read a bit of it you'll see why/how infections and general damage are so easily inflicted on the computer. There is also advice on how to prevent it and keep the system working well. Don't forget about good, solid backups of your data to an external drive that is not connected except when backing up your data. If you leave a backup drive connected and you do get infected it can easily damage, encrypt, delete, or corrupt your backups as well and then you'd lose all data.
Nothing is 100% bulletproof but with a little bit of education you can certainly swing things in your favor.


If you're not currently using Malwarebytes Premium then you may want to consider purchasing the product which can also help greatly reduce the risk of a future infection.

 

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.