Jump to content

Need help with Malware Removal Please Maybe Spigot


Recommended Posts

  • 2 weeks later...
  • Root Admin

Hello @SHG and :welcome:

 

Please run the following steps and post back the logs as an attachment when ready.

STEP 01

  • If you're already running Malwarebytes 3 then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
  • If you don't have Malwarebytes 3 installed yet please download it from here and install it.
  • Once installed then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
  • Once the scan is completed click on the Export Summary button and save the file as a Text file to your desktop or other location you can find, and attach that log on your next reply.
  • If Malwarebytes won't run then please skip to the next step and let me know on your next reply.

STEP 02

Please download AdwCleaner by Malwarebytes and save the file to your Desktop.

  • Right-click on the program and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the Terms of use.
  • Wait until the database is updated.
  • Click Scan.
  • When finished, please click Clean.
  • Your PC should reboot now if any items were found.
  • After reboot, a log file will be opened. Copy its content into your next reply.

 

RESTART THE COMPUTER Before running Step 3

STEP 03
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here.
  • Please attach the Additions.txt log to your reply as well.

 

Thanks

Ron

 

Link to post
Share on other sites

Thank you for your response. I think the infection might be gone now. When the trouble first started, my browser was running very slowly and would not load graphics. Then nothing on the computer worked at all. I would boot it up, but I was unable to get online or even to open Windows Explorer to get to the control panel. I used system restore in safe mode to try to fix the computer. The system restore worked at first, but once I turned the computer off and tried to turn it back on again after the system restore, the same problem came back. Finally, system restore stopped working, and I could only run the computer in Safe Mode.

I ran multiple scans with Malwarebytes, ADWcleaner, and a couple of other applications that were recommended in some malware removal forums, both here and on Bleeping Computer. The scans would find malware, and the computer would work again, until the next time I turned it off. When I turned it back on, the problem would return, and I would go back to running the computer in Safe Mode and looking for solutions. During this time, the scans that I ran with Malwarebytes in Safe Mode would come up clean, even though the computer would not operate at all in Normal Mode. Finally, after a couple of days, the Optional.Spigot pup would show up again in the Malwarebyes scan. The last time this happened was on the evening of May 20th, when Malwarebytes once again found the Optional.Spigot pup in the registry.

Since that last scan, the computer seems to be running fine. Maybe the bug is finally gone, although I am still crossing my fingers.

The worst thing about it was that I think I may have picked up at least one bug on a site that was pretending to be Malwarebytes. A woman sent me a link to a website that was Malwarebytes.org, instead of Malwarebytes.com. I would ordinarily never click on a link in an e-mail unless it was from someone that I knew well, but I was familiar with Malwarebytes, and I was tired that night. I ended up clicking the link and downloaded an application that pretended to be Malwarebytes. Having now seen the real Malwarebytes application, I can tell you that whatever it was, it was a completely different user interface than the real Malwarebytes. It was after that download that the real trouble started.

This is the link that she sent me. I am adding some extra spaces to it, so that it will not function. This is where I picked up the malware: http:// www.malwarebytes.org/ mwb-download/

I am attaching copies of the scans from the different dates when Malwarebytes found the pup. The scans on the intervening days always came up clean.

Thanks for your time. I am hoping that the problem is now resolved. It went on so long, and I spent so many hours trying to fix it, that I was about to just give up and start over. I hope it is truly gone now.

I just thought you might be interested to know about the link and the fake download.

Malwarebytes 5-7-2018 second report.txt

Malwarebytes 5-17-2018.txt

Malwarebytes Report 5-4-2018.txt

Malwarebytes Report 5-7-2018.txt

Malwarebytes Report 5-10-2018.txt

Malwarebytes Report 5-20-2018.txt

Link to post
Share on other sites

  • Root Admin

Must have been a slightly different link. Malwarebytes.org is our original name that we switched over to Malwarebytes.com last year, however the .org should automatically redirect to .com

All in all as long as everything is working well now that's a good thing. I'll leave you a few links to read if you have time and wish you all the best.

 

As Java seems to get exploited on a regular basis I advise not using Java if possible but to at least disable java in your web browsers if you must keep it. Also always keep Java up to date if you do use it https://java.com
How do I disable Java in my web browser? - Disable Java

A lot of reading here but if you take the time to read a bit of it you'll see why/how infections and general damage are so easily inflicted on the computer. There is also advice on how to prevent it and keep the system working well. Don't forget about good, solid backups of your data to an external drive that is not connected except when backing up your data. If you leave a backup drive connected and you do get infected it can easily damage, encrypt, delete, or corrupt your backups as well and then you'd lose all data.
Nothing is 100% bulletproof but with a little bit of education, you can certainly swing things in your favor.


If you're not currently using Malwarebytes Premium then you may want to consider purchasing the product which can also help greatly reduce the risk of a future infection.

 

Thank you and take care

Ron

 

 

Edited by AdvancedSetup
Update link
Link to post
Share on other sites

Thank you. I read through the materials that you suggested. I also think I found the source of the infection. I tried to unsubscribe to a junk political e-mail from the following address: staff@maggiehassan.com. When I used the "unsubscribe" link at the bottom of the e-mail, and hit "unsubscribe" at the destination page, it shut down my computer, and when it restarted, Malwarebytes would no longer run. I reinstalled Malwarebytes and ran it, and it immediately found the Optional.Spigot pup back on my machine.

I know not to click on links in e-mails, but I guess it never occurred to me that someone would use the "unsubscribe" feature to distribute malware. I guess you learn something new every day.

I thought you might lbe interested.

Link to post
Share on other sites

  • Root Admin

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.