Jump to content

I got fooled by firefox critical patch

Iwasdumb
 Share

Recommended Posts

Iwasdumb

Iwasdumb

Posted
Posted (edited)

A month or so ago, Malwarebytes prompted me to install an upgrade. After running the upgrade, Malwarebyte was completely gone. I reinstalled and was never able to open the control panel. At some point it completely disappeared from the system again and I unwisely thought I would tackle that issue later.

A couple days ago, I clicked on a news story from CNN from google news. CNN asked me nicely to whitewash them with my adblocker. I did so and a bit later firefox popped up with an urgent security update which I agreed to. As it installed I noticed it was javascript and had a weird installer running and I knew then I screwed up. I then installed malwarebytes and as before it's running, blocking traffic, but I can't open the control panel to run a scan. I did run superantispyware which only found tracking cookies. At this point I thought I asked for help on reddit and got the instructions to come here. Malwarebytes ran a scan on its own last night and said it found threats, so it is sort of running. I tried the 2nd step, the click here for the fubar tool and my computer went into shutdown. When it booted up, I could access the control panel for malwarebytes and got a log of the scan which I will attach. I tried the fubar link again and it caused a shutdown. This is not a crash as it says windows is shutting down. This time on booting back up, I am again unable to get into malwarebytes control panel. I found this error in event viewer.

- <System>
  <Provider Name="Application Error" />
  <EventID Qualifiers="0">1000</EventID>
  <Level>2</Level>
  <Task>100</Task>
  <Keywords>0x80000000000000</Keywords>
  <TimeCreated SystemTime="2017-10-01T08:49:39.000000000Z" />
  <EventRecordID>38854</EventRecordID>
  <Channel>Application</Channel>
  <Computer>JeffandMary-PC</Computer>
  <Security />
  </System>
- <EventData>
  <Data>mbamservice.exe</Data>
  <Data>3.1.0.556</Data>
  <Data>5988c3f1</Data>
  <Data>mbamservice.exe</Data>
  <Data>3.1.0.556</Data>
  <Data>5988c3f1</Data>
  <Data>c0000005</Data>
  <Data>00000000001b6596</Data>
  <Data>1190</Data>
  <Data>01d33a9236772f43</Data>
  <Data>C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe</Data>
  <Data>C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe</Data>
  <Data>74f63811-a685-11e7-9ac9-00241d864c68</Data>
  </EventData>
  </Event>

I may need some time to complete all the directions as the vga on my video card is dead and I'm using HDMI, and am unable to have a display until windows boots. I'm a bit disabled at the moment, so if you need me to do anything in safe mode, it will have to wait for someone willing to climb under the roll top desk it's in and see if I have onboard video I can use. I'm running 64bit windows7.

Weird, It said it found threats but the lof seems to show nothing

scan.txt

Edited by Iwasdumb
Link to post
Share on other sites
Iwasdumb

Iwasdumb

Posted
  • Author
Posted

I tried the fubar link again and again windows shut down. Upon boot up, I was able to get into malwarebytes control panel and ran a scan and it found 3 threats which ARE listed in the log above. (was bind, but now I see). I'm sitting here with the window open as if I close it, I may never see it again.

Link to post
Share on other sites
Iwasdumb

Iwasdumb

Posted
  • Author
Posted

I started trying to get help in Reddit. I was referred here to a page on how to start with logs and such. It has a link to click for fubar and I would assume it would open a web page, but in my case it caused an immediate shut down. Whatever it is blocked access to malwarebytes control panel and made the computer shut down (not crash or bsod) just as if I requested a shut down. After several tries for the fubar tool, I was able to get into the malwarebytes control panel after one of the restarts of my computer and run a scan. It found 3 items,  rootkit.fileless.MTGen had 2 registry entries and trojan.fileless.MTG registry entry. I went ahead an quarenteened at that time, thinking If I closed malwarebytes that I would never again have access to it. I rebooted as malwarebytes requested and now malwarebytes seems to work properly. I ran a virus scan with microsft security essentials and it found Trojandownloaderjs/nemucod. I am now able to click the link to the fubar tool and not shut down.

Maybe I have had this problem for a while and didn't know it because I use an ad blocker and maybe it supressed seeing pop ups from the malware and when CNN requested the whitelist I became vulnerable to seeing the malicious ads. I didn't have many symptoms, the computer would sort of be slow opening windows on occasion and I have had an incorrect icon for my wifi that is now back to normal. I may be all cleaned up, but would appreciate someone looking at new logs and verify I'm good to go.

Thanks

last scan.txt

FRST.txt

Addition.txt

Link to post
Share on other sites
TwinHeadedEagle

TwinHeadedEagle

Posted
Posted

Yup, your computer seems clean now :)

I need one more information from your computer:

 

FRST.gif Fix with Farbar Recovery Scan Tool

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif


icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finishes FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

 

 

After you finish this fix, please upload Date_Time.zip archive from your Desktop along with fixlist.txt

fixlist.txt

Link to post
Share on other sites
  • 2 weeks later...
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept