Jump to content

Windows Process Manager (32 bit)


Javi21

Recommended Posts

19 minutes ago, Javi21 said:

Hello Kevin. I an experiencing the same issue as Xabarax. I got infected with a virus while trying to get subtitles for a film. There is a process in my Task Manager called "Windows Process Manager (32 bit)"  it is not linked to a System32 file, it is actually linked to a folder which I cannot delete and I cannot override the folder as an administrator. When I right click on the process and select "Open file location" it gives me a message that access is denied. The folder is titled "sccgonh"  I am 90% certain I have the same issue as Xabarax. 

When I try the fix through the recovery environment, I follow every step exactly and nothing happens. The shady folder still there and the process runs again.

The only difference I have to Xabarax is the Windows version. I have Windows 8.1, would the fixlist be different from the one posted above in post #7?

Also, a differing step occurs in this step.

I don't get a disclaimer. Is it because I have used FRST on the PC before?

 

 

I would greatly appreciate your help, Thank you.

Here are the files asked for. 

mbar-log-2017-12-18 (22-05-30).txt

system-log.txt

Fixlog.txt

Link to post
Share on other sites

Hello Javi21 and welcome to Malwarebytes,

Yes you are correct, the disclaimer is not shown on subsequent runs of FRST... can you run and post both logs..

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer. (If applicable)(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.

Thanks,

Kevin....

Link to post
Share on other sites

Thank you so much for your help. I truly appreciate it. 

I also have a USB drive greater than 4 GB, and a spare machine [hopefully a chromebook works just as well.] to format the USB. (I'm not sure if I need to use it like in Xabarax's case.) I just wanted to let you know that I have it handy if I do need it.

Here are the files after scanning with FRST64:

 

 

 

Addition.txt

FRST.txt

Link to post
Share on other sites

Hello again Javi21,

Bit of a change now, do this please: Boot up your spare PC plug in the flash drive and carry out quick format option...

Next,

Download FRST and save to same flash drive:

https://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

Do not plug the flash drive into sick PC until Recovery Environment is activated..

Next,

Boot sick PC to Recovery Environment, if you are unsure of that action have a read at the following link, maybe bookmark for future reference...

https://www.tenforums.com/tutorials/2294-boot-advanced-startup-options-windows-10-a.html

Next,

From the Windows 10 Tutorial you should get access to the Advanced Startup Options at boot for Windows 10

RE%202.jpg


From that window select "Troubleshoot"


RE%203.jpg


From the next window select "Advance Options"


RE%204.jpg


From that Window select "Command Prompt"

Ensure to plug the flash drive into a USB port... You should now be in Recovery Environment with the Command Prompt Window open......

Continue with the following:

  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" or "My PC" and find your flash drive letter and close the notepad.
  • In the command window type  E:\frst64 or E:\frst depending on your version. Press Enter
    Note: Replace letter E with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Next,

Boot back to Normal Windows, now run Malwarebytes as follows:

Open Malwarebytes Anti-Malware.

  • On the Settings tab > Protection Scroll to and make sure the following are selected: Scroll to and make sure the following are selected:

    Scan for Rootkits
    Scan within Archives

  • Scroll further to Potential Threat Protection make sure the following are set as follows:

    Potentially Unwanted Programs (PUP`s)         set as :- Always detect PUP`s (recommended)
    Potentially Unwanted Modifications (PUM`s)  set as :- Alwaysdetect PUM`s (recommended)

  • Click on the Scan make sure Threat Scan is selected,

  • A Threat Scan will begin.

  • When the scan is complete if anything is found make sure that the first checkbox at the top is checked (that will automatically check all detected items), then click on the Quarantine Selected Tab

  • If asked to restart your computer to complete the removal, please do so

  • When complete click on Export Summary after deletion (bottom-left corner) and select Copy to Clipboard.

  • Wait for the prompt to restart the computer to appear, then click on Yes.

  • After the restart once you are back at your desktop, open MBAM once more to retrieve the log.

To get the log from Malwarebytes do the following:

  • Click on the Reports tab > from main interface.
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have two options: > From export you have two options:

      Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
      Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
     

  • Use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…

Let me see those two logs in your reply..

Thank you,

Kevin.

 

Edited by kevinf80
had to change link
Link to post
Share on other sites

Here are the logs.

 

I have a few not-so-important questions. 

Is this virus the infected me the so-called "s5mark"?

and what is it doing, is it spyware, strictly adware? 

BELLOW IS THE EXPORTSUMMARY:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 12/19/17
Scan Time: 7:55 AM
Log File: 9e8e7946-e4cc-11e7-ae6a-fcaa14576a43.json
Administrator: Yes

-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.262
Update Package Version: 1.0.3521
License: Free

-System Information-
OS: Windows 8.1
CPU: x64
File System: NTFS
User: JAVIERSPC\JavierEsquedaH

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 260890
Threats Detected: 5
Threats Quarantined: 5
Time Elapsed: 1 min, 46 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 1
Adware.Wajam, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, Quarantined, [452], [-1],0.0.0

Registry Value: 3
Adware.Wajam, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [452], [-1],0.0.0
Adware.Wajam, HKU\S-1-5-21-3177479126-454972335-2971366226-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [452], [-1],0.0.0
Adware.Wajam, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [452], [-1],0.0.0

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 1
Adware.Wajam, C:\WINDOWS\TEMP\WJM2083.TMP\UPDATE.EXE, Quarantined, [452], [471140],1.0.3521

Physical Sector: 0
(No malicious items detected)


(end)

BELLOW IS THE MBAM LOG:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 12/19/17
Scan Time: 7:55 AM
Log File: 9e8e7946-e4cc-11e7-ae6a-fcaa14576a43.json
Administrator: Yes

-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.262
Update Package Version: 1.0.3521
License: Free

-System Information-
OS: Windows 8.1
CPU: x64
File System: NTFS
User: JAVIERSPC\JavierEsquedaH

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 260890
Threats Detected: 5
Threats Quarantined: 5
Time Elapsed: 1 min, 46 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 1
Adware.Wajam, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, Quarantined, [452], [-1],0.0.0

Registry Value: 3
Adware.Wajam, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [452], [-1],0.0.0
Adware.Wajam, HKU\S-1-5-21-3177479126-454972335-2971366226-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [452], [-1],0.0.0
Adware.Wajam, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [452], [-1],0.0.0

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 1
Adware.Wajam, C:\WINDOWS\TEMP\WJM2083.TMP\UPDATE.EXE, Quarantined, [452], [471140],1.0.3521

Physical Sector: 0
(No malicious items detected)


(end)

Not sure if these are different, but they were acquired from the methods in #5.

Again, thank you for your help.

FRST.txt

Link to post
Share on other sites

Hiya Javi21,

You can keep your system in Normal mode now, continue with the following:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Next,

Open Malwarebytes Anti-Malware again.
 
  • On the Settings tab > Protection Scroll to and make sure the following are selected:
    Scan for Rootkits
    Scan within Archives
     
  • Scroll further to Potential Threat Protection make sure the following are set as follows:
    Potentially Unwanted Programs (PUP`s) set as :- Always detect PUP`s (recommended)
    Potentially Unwanted Modifications (PUM`s) set as :- Alwaysdetect PUM`s (recommended)
     
  • Click on the Scan make sure Threat Scan is selected,
  • A Threat Scan will begin.
  • When the scan is complete if anything is found make sure that the first checkbox at the top is checked (that will automatically check all detected items), then click on the Quarantine Selected Tab
  • If asked to restart your computer to complete the removal, please do so
  • When complete click on Export Summary after deletion (bottom-left corner) and select Copy to Clipboard.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more to retrieve the log.


To get the log from Malwarebytes do the following:
 
  • Click on the Reports tab > from main interface.
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have two options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

     
  • Use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…



Next,

Download AdwCleaner by Malwarebytes onto your Desktop.

Or from this Mirror
 
  • Right-click on AdwCleaner.exe and select user posted imageRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all the active processes
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply


Next,

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

https://www.microsoft.com/en-gb/download/malicious-software-removal-tool-details.aspx


Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window
In the "Scan Type" window, select Quick Scan
Perform a scan and Click Finish when the scan is done.


Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

notepad c:\windows\debug\mrt.log

The log will include log details for each time MSRT has run, we only need the most recent log by date and time....

let me see those logs in your reply, also give an update on any remaining issues or concerns..

Thank you,

Kevin...

 

fixlist.txt

Link to post
Share on other sites

Hey Kevin. Here are the logs requested.

EXPORT SUMMARY:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 12/19/17
Scan Time: 6:09 PM
Log File: 7f34f827-e522-11e7-b9ca-fcaa14576a43.json
Administrator: Yes

-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.262
Update Package Version: 1.0.3523
License: Free

-System Information-
OS: Windows 8.1
CPU: x64
File System: NTFS
User: JAVIERSPC\JavierEsquedaH

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 260989
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 1 min, 47 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)

MBAM LOG:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 12/19/17
Scan Time: 6:09 PM
Log File: 7f34f827-e522-11e7-b9ca-fcaa14576a43.json
Administrator: Yes

-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.262
Update Package Version: 1.0.3523
License: Free

-System Information-
OS: Windows 8.1
CPU: x64
File System: NTFS
User: JAVIERSPC\JavierEsquedaH

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 260989
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 1 min, 47 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)

ADWCLEANER LOG:

# AdwCleaner 7.0.5.0 - Logfile created on Wed Dec 20 01:15:48 2017
# Updated on 2017/29/11 by Malwarebytes 
# Database: 12-19-2017.1
# Running on Windows 8.1 Pro (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************

C:/AdwCleaner/AdwCleaner[C0].txt - [1993 B] - [2017/12/18 21:36:25]
C:/AdwCleaner/AdwCleaner[S0].txt - [1996 B] - [2017/12/18 21:36:1]


########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt ##########\

MSRT LOG:


---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.55, December 2017 (build 5.55.14421.1)
Started On Tue Dec 19 18:18:53 2017

Engine: 1.1.14405.2
Signatures: 1.257.1160.0
Run Mode: Interactive Graphical Mode

Quick Scan Results:
-------------------
Threat Detected: BrowserModifier:Win32/Soctuseer!excl and Removed!
  Action: Remove, Result: 0x00000000
    regkeyvalue://HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\\C:\Windows\26325214ac02082f69ec05413f5dc897.exe
        SigSeq: 0x000005554A1D9F60
    regkeyvalue://HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\\c:\program files\4c26469f829b7e888ce0cc73ec4158e0\
        SigSeq: 0x000005554A1D9F60

Results Summary:
----------------
Found BrowserModifier:Win32/Soctuseer!excl and Removed!
Microsoft Windows Malicious Software Removal Tool Finished On Tue Dec 19 18:21:36 2017


Return code: 6 (0x6)
 

 

I Have a question, in the top of the previous post, you had me put the fixlist file into the same folder as FRST. But it did not say that I should run the program. Should I open FRST and run the fix? or is that not a part of the fix.

By the way, it seems that I now have full access to the two folders titled "reconhb" and "sccgonh." (The folders that I could not access before and were the origin of the "Windows Process Manager (32 bit).") I believe I should delete these, correct?

 

Link to post
Share on other sites

Also, when I open task manager and click on the "startup" tab there are still .exe files listed.

"Irredeemable" and "Rhymed" amd "Lecherous." These were executables/adware running sound ads when I first got infected with the virus. When I go to right click them, some say disable and some say enable. What should I do with these? Is there a way to remove them completely?

 

Screenshot (13).png

Screenshot (14).png

Screenshot (15).png

Screenshot (16).png

Link to post
Share on other sites

Apologies, yes you need to run FRST again and select the "Fix" option, not sure why that part of the c/r did not copy to my reply correctly... If you open the file "fixlist.txt" you will see that those files you mention, and several other are listed to be moved. Make sure the file is closed before selecting "Fix"

Post that log when complete, also let me know if there are any remaining issues or concerns....

Thank you,

Kevin...

Link to post
Share on other sites

Thanks for those logs, run the following:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Download RogueKiller and save it on your desktop, ensure to download correct version..

RogueKiller (X86)

RogueKiller (x64)
 
  • Exit all running applications.
  • Double-click on RogueKiller.exe to launch the tool. On its first execution, RogueKiller will disply the software license (EULA), click on "Accept" to continue.
  • If RogueKiller is unable to load, do not hesitate to try launching it several times or rename it winlogon.
  • Click "Start Scan" to begin the analysis. This may take some time.
  • Once the scan is complete, click the "Open TXT" button to display the scan report.
  • Copy/Paste it's content in your next reply.



Do not use the Remove Selected option until i`ve had a look at the log..

Thanks,

Kevin.

 

fixlist.txt

Edited by kevinf80
Link to post
Share on other sites

Here are the logs requested.

ROGUEKILLER LOG:

RogueKiller V12.11.29.0 (x64) [Dec 18 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8.1 (6.3.9600) 64 bits version
Started in : Normal mode
User : JavierEsquedaH [Administrator]
Started from : C:\Users\JavierEsquedaH\Downloads\RogueKiller_portable64.exe
Mode : Scan -- Date : 12/20/2017 12:18:35 (Duration : 00:10:51)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD10EZEX-08WN4A0 +++++
--- User ---
[MBR] 09f761b9bf260de84d212189eb6c669a
[BSP] 2f264f9f04296da269ebdc8892ef0fd7 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 350 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 718848 | Size: 953516 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: SanDisk SDSSDA240G +++++
--- User ---
[MBR] 3bd601101a50915ec7e6eb5e09829fc6
[BSP] 5369aa481ad8f8909e57952d49ada50f : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 228934 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

 

 

Also, It seems that the only executable remaining is NvstLink. That seems to be a Nvidia executable but it does not have a publisher. Should I be worried? Or is it legitamate?

Fixlog.txt

Screenshot (18).png

Edited by Javi21
Adding Info.
Link to post
Share on other sites

No redirects at all. Although it seems that I have been logged out of websites after the fix. (I am assuming that is part of the fix.) Everything seems to be fine now. Thank you so much for your time and help. I'll be sending a donation soon for your help. Again, I really do appreciate the help.

Thank you.

Javier.

Link to post
Share on other sites

Yes I believe we`ve shifted all malicious dross related to smartservice infection. Regarding websites, your internet was through rogue IP address 8.8.8.8 that has been removed as part of the last fix. Usually Open DNS uses 8.8.8.8 and 8.8.4.4 so when you see the IP as 8.8.8.8 on its own it looks legitimate, it aint..

https://www.virustotal.com/en/ip-address/8.8.8.8/information/:

Unless you have any other issues/concerns run the following to clean up:

You can delete RogueKiller folder, it is portable so was not installed. Also delete this folder if present  C:\ProgramData\RogueKiller

Next,

Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

If your security program alerts to Delfix either, accept the alert or turn your security off.

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:

 
  • Remove disinfection tools <----- this will remove tools we may have used.
  • Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created.
  • Reset system settings <--- this will reset any system settings back to default that were changed either by us during cleansing or malware/infection


Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted…

Next,

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin... user posted image

 

 

Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.