Jump to content

Infected but can't find it


Recommended Posts

  • Replies 97
  • Created
  • Last Reply

Top Posters In This Topic

  • Staff

***This is an automated reply***

Hi,

Thanks for posting in the Malware Removal for Windows Help forum. Being infected is not fun and can be very frustrating to resolve, but don't worry because we have a team of experts here help you!!

Note: Please be patient. When the site is busy it can take up to 48 hours before a malware removal helper can assist you. If no one has replied to your new topic after 48 hours please contact a Moderator or Administrator to let them know.

 

First, if you haven't done so, please run a Threat Scan with the latest version of Malwarebytes. This may resolve your malware infection issue without the need for additional support. Click "Reveal Hidden Contents" below for details:

Spoiler

Malwarebytes can detect and remove most malware with no further actions required for free.

If you do not have Malwarebytes, please download it here and install. Be sure to post back the log as shown below.

  1. Open Malwarebytes for Windows
  2. To the left, click Scan > Scan Types.
    image.png
  3. Select Threat Scan. Threat Scan is the most thorough and recommended scan method available.
    image.png
  4. Click Start Scan

Next, if you're still experiencing issues after running Malwarebytes, then technical logs will be required to assist you. Click "Reveal Hidden Contents" below and follow the instructions to run the Farbar Recovery Scan Tool:

Spoiler

Don't use any temporary file cleaners unless requested - this can cause data loss and make a recovery difficult.

Please download the Farbar Recovery Scan Tool here and save it to your desktop. Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  1. Double-click to run it. When the tool opens click Yes to the disclaimer.
  2. Press the Scan button.
    _frst_scan.jpg.d10e66dc03e35ede4fdcba12b
  3. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  4. The first time the tool is run, it also makes another log (Addition.txt). If you've run it before it may not and you may need to select it manually.

Finally, attach the Malwarebytes Threat Scan, FRST.txt and Additional.txt logs to your reply. Before submitting your reply, be sure to enable "Notify me of replies" like so: notify me.jpeg

Click "Reveal Hidden Contents" below for details on how to add attachments to your post.
Note: If you are unable to attach files, please copy and past the contents of the requested files in your Reply instead. 

Spoiler

To save attachments, please click the link as shown below. You can click and drag the files to this bar or you can click the choose files, then browse to where your files are located, select them and click the Open button.

_mb_attach.jpg.a0465aaafd6cae688aa38ab16

Please Note the Following:

  • One of our expert helpers will give you one-on-one assistance when one becomes available.
  • Refrain from making any further changes to your computer (such as Install/Uninstall programs, using special fix tools, delete files, edit the registry, etc...) unless advised by a malware removal helper. Doing so can result in system changes which may hinder the attempts by a helper to clean your machine.
  • Do not 'bump' or add a reply to your topic once it is started. Topics which appear to have replies are considered to have a helper assisting them and may be overlooked, resulting in a longer waiting period for help
  • If you're using Peer 2 Peer software such as uTorrent or similar, please completely disable it from running while being assisted here.

Troubleshooting Tips

Link to post
Share on other sites

Possible virus was carried over from last computer, which was junked for hard drive and other failures.

I asked for the photo folder to be copied to my USB hard drive, but they imaged the whole hard drive onto it.

I then copied the photos to the new computer. Then made a Windows 10 recovery disc on a thumb drive.

So if there are additional instructions on cleaning these, please let me know. 

Link to post
Share on other sites

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Hi, Ditch67

If you still need help with this computer please post fresh FRST and Addition.txt logs for my review.

Wait for further instructions.


 

Link to post
Share on other sites

The red screencap was from last month, but I'd saved it. 

The white one is from a few minutes ago, tho I didn't see

helpful information on it. So attached is the specific log

for it.  I had just previously turned on the Malwarebytes 

option "collect enhanced event log data for support (not recommended)"

so hopefully that helps. 

BlockImage1.jpg

ChromeBlock1.jpg

TodaysThreat.txt

Link to post
Share on other sites

Hi,

Remove and reinstall Chrome using the following instructions.
Follow the instructions as listed.

step1.gif Remove Chrome from your Computer and reinstall a fresh copy later.

step2.gif Before you remove Chrome Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.

How To: http://ccm.net/faq/31791-how-to-backup-your-google-chrome-bookmarks

step3.gifIf you sync you account you must remove it before you save your bookmarks etc...
Delete Your Google Chrome Browser Sync Data if you sync with other defices. <- Important ...
https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/


step4.gif Clear your Chrome cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en


step5.gif Remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

step6.gif Re-install Chrome and the Bookmarks.
====

Let me know if the problem persists.

Link to post
Share on other sites

Chrome removed as instructed. However I've been using Edge whenever Chrome slowed 

down too much (100% CPU use while playing Words With Friends on Facebook).  Edge 

would also seem to show some of that symptom.  Should I completely remove Edge before 

installing the two browsers? If so, links to a page for that would be much appreciated. 

Link to post
Share on other sites

Edge just tried to jump pages from Facebook. MBytes blocked it. 

(Chrome was running at 100% again, so I had switched to Edge.)

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 5/23/18
Protection Event Time: 8:28 PM
Log File: 646fceb2-5ee9-11e8-881f-509a4cc94828.json
Administrator: Yes

-Software Information-
Version: 3.4.5.2467
Components Version: 1.0.342
Update Package Version: 1.0.5222
License: Premium

-System Information-
OS: Windows 10 (Build 17134.48)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0

-Website Data-
Category: Fraud
Domain: jcibj.com
IP Address: 104.20.136.14
Port: [61696]
Type: Outbound
File: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
 

 

Link to post
Share on other sites

Hi,

--RogueKiller--

  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or above, right-click the program file and select "Run as Administrator"
  • Accept the user agreements.
  • Execute the scan and wait until it has finished.
  • If a Windows opens to explain what [PUM's] are, read about it.
  • Click the RoguKiller icon on your taksbar to return to the report.
  • Click open the Report
  • Click Export TXT button
  • Save the file as ReportRogue.txt
  • Click the Remove button to delete the items in RED  
  • Click Finish and close the program.
  • Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.


=======
 

 

Link to post
Share on other sites

There are no items in RED. There are Gray and some Orange. Please advise...

RogueKiller V12.12.18.0 (x64) [May 22 2018] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.17134) 64 bits version
Started in : Normal mode
User : David [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 05/24/2018 13:46:01 (Duration : 00:21:35)
Switches : -refid

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 7 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-4263877736-4247832918-597116600-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://dell17win10.msn.com/?pc=DCTE  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-4263877736-4247832918-597116600-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://dell17win10.msn.com/?pc=DCTE  -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-4263877736-4247832918-597116600-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://dell17win10.msn.com/?pc=DCTE  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-4263877736-4247832918-597116600-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://dell17win10.msn.com/?pc=DCTE  -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {20B63612-4AD6-45D8-ABBE-FB49EF0E223A} : v2.27|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\David\AppData\Local\Temp\HouseCall\tmase\nmap\bonjour.exe|Name=bonjour4trend|Desc=bonjour4trend|EmbedCtxt=bonjour4trend|Edge=TRUE|Defer=App| [7] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {04235F64-A0BF-4812-8EF0-B5A67D149E16} : v2.27|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\David\AppData\Local\Temp\HouseCall\tmase\nmap\bonjour.exe|Name=bonjour4trend|Desc=bonjour4trend|EmbedCtxt=bonjour4trend|Edge=TRUE|Defer=App| [7] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {48EDD34D-3E4C-4310-A666-977A2815B3B3} : v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|App=C:\Users\David\AppData\Local\Temp\HouseCall\tmase\nmap\bonjour.exe|Name=bonjour4trend|Desc=bonjour4trend|EmbedCtxt=bonjour4trend|Edge=TRUE|Defer=App| [7] -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: SanDisk X400 M.2 2280 256GB +++++
--- User ---
[MBR] 6915a34fbfcc4bd0b9b3fc4028afeec0
[BSP] 3ac488d4e7f4db74637b407016cc14de : Empty|VT.Unknown MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 500 MB
1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1026048 | Size: 128 MB
2 - Basic data partition | Offset (sectors): 1288192 | Size: 229326 MB
3 - [SYSTEM][MAN-MOUNT]  | Offset (sectors): 470947840 | Size: 463 MB
4 - [SYSTEM][MAN-MOUNT]  | Offset (sectors): 471896064 | Size: 12692 MB
5 - [SYSTEM][MAN-MOUNT]  | Offset (sectors): 497891328 | Size: 1087 MB
User = LL1 ... OK
User = LL2 ... OK

Link to post
Share on other sites

Edge needed this block again.  (Still waiting to see on Chrome.)

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 5/25/18
Protection Event Time: 3:00 PM
Log File: e71c754e-604d-11e8-8d90-509a4cc94828.json
Administrator: Yes

-Software Information-
Version: 3.4.5.2467
Components Version: 1.0.342
Update Package Version: 1.0.5248
License: Premium

-System Information-
OS: Windows 10 (Build 17134.48)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0

-Website Data-
Category: Malware
Domain: freesoftwarestation.com
IP Address: 104.31.76.10
Port: [55135]
Type: Outbound
File: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

(end)

Link to post
Share on other sites

Did all the steps listed and then reloaded Windows 10. 

Chrome went to this page (the big red (fake) 'infected' warning page only lasted a second, so I don't have a cap):

https://ssdf.space/page/us/virus/virusKiller.php?clickid=20180528040824_542_r8KWwUND

When I reloaded Windows 10 I told it to leave my programs in place. It's all confusing since we already

deleted and reloaded Chrome. I don't know if Edge is still infected, but it still takes 100% cpu so far.

 

Link to post
Share on other sites

Hi,

Quote

Chrome went to this page (the big red (fake) 'infected' warning page only lasted a second, so I don't have a cap):

hXXps://ssdf.space/page/us/virus/virusKiller.php?clickid=20180528040824_542_r8KWwUND
My Norton protected me from that site. DO NOT GO GHERE.

If chrome is still redirecting your to that site please run the Farbar program and post a fresh FRST.txt log for my review.
===

Reset, Repair or Reinstall Edge browser in Windows 10
http://www.thewindowsclub.com/reset-microsoft-edge-browser-to-default-settings-in-windows-10
<<<>>>

Edited by nasdaq
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.