Jump to content

Possible Malware or Infection


1PJohn

Recommended Posts

As recommended by Durew I am posting attached files in the hope that this issue can be resolved.

I am running Malwarebytes Premium on Windows XP. My Internet access is through Google Chrome.

My MWB has been very busy blocking a website.

The first 2 files (JRT and MWB Report 2) are from MWB.

The last 2 files (Addition and FRST) are from a scanning tool recommended by Durew in the main forum. 

Thanks for any help.

John

JRT.txt

MWB Report 2.txt

Addition.txt

FRST.txt

Link to post
Share on other sites

  • Root Admin

Hello @1PJohn

Let me have you run the following please.

 

Please visit this web page and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
  • Please attach that log file to your next reply.
  • If needed the file can be located here:  C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.

Thanks

Ron

 

Link to post
Share on other sites

Hello again. 

I ran Combofix and a Combofix.txt was created and is now on my desk top and ready to be sent to you. 

The problem I'm having now is I am not being allowed to connect to the internet using Chrome or I.E.  

my machine is connected as shown in the bottomTask Bar. 

I have removed Chrome and did a reinstall. That didn't work. 

Any ideas on how this issue can be corrected?

When I'm able to connect to the Internet I'll send the Combofix.txt file. 

Back to work. :)

John

Link to post
Share on other sites

  • Root Admin

Great, that looks like quite a bit was removed.

 

Please run the following steps and post back the logs as an attachment when ready.

STEP 01

  • If you're already running Malwarebytes 3 then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
  • If you don't have Malwarebytes 3 installed yet please download it from here and install it.
  • Once installed then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
  • Once the scan is completed click on the Export Summary button and save the file as a Text file to your desktop or other location you can find, and attach that log on your next reply.
  • If Malwarebytes won't run then please skip to the next step and let me know on your next reply.

STEP 02

Please download AdwCleaner by Malwarebytes and save the file to your Desktop.

  • Right-click on the program and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the Terms of use.
  • Wait until the database is updated.
  • Click Scan.
  • When finished, please click Clean.
  • Your PC should reboot now if any items were found.
  • After reboot, a log file will be opened. Copy its content into your next reply.

STEP 03
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here.
  • Please attach the Additions.txt log to your reply as well.

 

Thanks

Ron

 

Link to post
Share on other sites

2 hours ago, AdvancedSetup said:

Great, that looks like quite a bit was removed.

 

Please run the following steps and post back the logs as an attachment when ready.

STEP 01

  • If you're already running Malwarebytes 3 then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
  • If you don't have Malwarebytes 3 installed yet please download it from here and install it.
  • Once installed then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
  • Once the scan is completed click on the Export Summary button and save the file as a Text file to your desktop or other location you can find, and attach that log on your next reply.
  • If Malwarebytes won't run then please skip to the next step and let me know on your next reply.

STEP 02

Please download AdwCleaner by Malwarebytes and save the file to your Desktop.

  • Right-click on the program and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the Terms of use.
  • Wait until the database is updated.
  • Click Scan.
  • When finished, please click Clean.
  • Your PC should reboot now if any items were found.
  • After reboot, a log file will be opened. Copy its content into your next reply.

STEP 03
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here.
  • Please attach the Additions.txt log to your reply as well.

 

Thanks

Ron

 

Will do.

Thank you.

John

 

 

Link to post
Share on other sites

Updated Malwarebytes 3.2.2 and ran the threat scan. Attached see the MWB Export Summary.

Tried to run Adwcleaner and got his message when I trying to open it:

"Adwcleaner 7.0.3.1.exe is not a valid Win 32 application."  I didn't see anywhere on the download site that I had a choice.

Do I by any chance need to close all of my open malware programs before running Adwcleaner?

I did not move to Step 3

I'll wait for further instructions.

Thanks

John

MWB 3.2.2 Export Summary.txt

Link to post
Share on other sites

  • Root Admin

Oh,,, I'm sorry. I see the issue. I forgot you're on Windows XP Service Pack 3 - AdwCleaner does not support XP anymore.

That's okay though. It was just a secondary scanner for us.

How is the computer running now?

Are you still seeing any signs of an infection or issue?

 

Link to post
Share on other sites

Yes I am. I can not open Google Chrome, IE or FireFox from an idle computer. The only way to open FF is to reboot the machine and while the machine is rebooting click on FF, then it will open eventually.

Never had this issue before. Any ideas?

Other than that I haven't seen anything weird. :)

Thanks

John

Link to post
Share on other sites

  • Root Admin

Let's try resetting your browsers to factory default.

 

Please visit each of the following sites and let's reset all of your browsers back to defaults to prevent unexpected issues.
If you are not using one of the browsers but it is installed then you may want to consider uninstalling it as older versions of some software can pose an increase in the potential for an infection to get in.

Internet Explorer
How to reset Internet Explorer settings

Firefox
Click on Help / Troubleshooting Information then click on the Refresh Firefox button.

Chrome
Reset Chrome back to defaults to completely clear out issues with Chrome.

  • First, go to >> Google Sync << and sign into your account. Make sure you know your password as this will clear it from the browser.
  • Scroll down until you see the  reset_chrome_sync.png "reset sync" button to clear your data from the server and remove your passphrase.
  • Now, close all Chrome windows. Chrome cannot be running for the next step. If needed, print this information or use another browser to read the information.
  • Press the Windows key + R at the same time, to bring up the run dialog box.
    • run_command.png
  • Type in (or copy/paste) the following and press Enter:     %localappdata%\Google\Chrome\User Data\Default\
  1. Press Ctrl + A to select all the files and folders.
  2. Hold down Ctrl + A and click once on the files "Bookmarks" and "Bookmarks.bak". This will unselect them.
  3. With all the files selected (except for your Bookmarks), press the Delete key and click Yes to delete the files and folders.
  4. Example of all files and folders selected, except Bookmarks

chrome_files_folders.png

 

Restart your computer now and make sure there are no longer any redirects or other browser issues. 

 

Edited by AdvancedSetup
Link to post
Share on other sites

Didn't want to leave you hanging out there.

Machine seems to be running fine now.

Since MS doesn't support XP any more and I don't use IE I went into Services and disabled "Automatic Updates". Svchost.exe was always running at 100%.

Also opened Process Explorer and deleted a file that had been shown as 92% dangerous.( I didn't write down the name of the file)

So, all is good here, thanks for your help Ron.

Have a good day

John

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.