Jump to content

Redirect Malware

DayofJustice
 Share

Recommended Posts

DayofJustice

DayofJustice

Posted
Posted (edited)

Hi this is my first post so I hope I understood the instructions correctly and I thank you for any help you may provide.

My computer which is running Windows 10 - 64 Bit, was recently infected with malware that would occasionally open up a new tab in my Google Chrome browser going to a domain m4g70.voluumtrk.com as well as a Ragnarok Online! web browser game.  As soon as it began happening I immediately ran Windows Virus Scan and came back with no results.  I then proceeded to download Malwarebytes where I was able to find some results and the popups were being stopped by Malwarebytes from there out.  However, the popups are still happening, they are just being blocked by Mbytes, so something is still hijacking the browser.  I tried numerous anti Spyware/Adware programs that I knew to be reputable, uninstalling and reinstalling anti-viruses to avoid conflict.

And now I am here, back to Mbytes, which is atleast stopping the pages from loading.  I have included the requested logs from Mbytes scan, as well as FRST and Addition. 

Let me know if any additional information is needed and thank you for the help.

edit: I forgot to include that Malwarebytes has also been stopping threat Adware.FileTour - Type:File - Location is Users/xxx/AppData/Local/Temp/xxx/Bootperformance.bin and has been quarantined, but occasionally still pops up as being blocked again by Mbytes.  I hope this isnt considered a bump, I just wanted to include all information I had regarding my issue.

Malwarebytes Scan.txt

FRST.txt

Addition.txt

Edited by DayofJustice
Link to post
Share on other sites
  • Staff
Malwarebytes

Malwarebytes

Posted
  • Staff
Posted

***This is an automated reply***

Hi,

Thanks for posting in the Malware Removal for Windows Help forum. Being infected is not fun and can be very frustrating to resolve, but don't worry because we have a team of experts here help you!!

Note: Please be patient. When the site is busy it can take up to 48 hours before a malware removal helper can assist you. If no one has replied to your new topic after 48 hours please contact a Moderator or Administrator to let them know.

 

First, if you haven't done so, please run a Threat Scan with the latest version of Malwarebytes. This may resolve your malware infection issue without the need for additional support. Click "Reveal Hidden Contents" below for details:

Spoiler

Malwarebytes can detect and remove most malware with no further actions required for free.

If you do not have Malwarebytes, please download it here and install. Be sure to post back the log as shown below.

  1. Open Malwarebytes for Windows
  2. To the left, click Scan > Scan Types.
    image.png
  3. Select Threat Scan. Threat Scan is the most thorough and recommended scan method available.
    image.png
  4. Click Start Scan

Next, if you're still experiencing issues after running Malwarebytes, then technical logs will be required to assist you. Click "Reveal Hidden Contents" below and follow the instructions to run the Farbar Recovery Scan Tool:

Spoiler

Don't use any temporary file cleaners unless requested - this can cause data loss and make a recovery difficult.

Please download the Farbar Recovery Scan Tool here and save it to your desktop. Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  1. Double-click to run it. When the tool opens click Yes to the disclaimer.
  2. Press the Scan button.
    _frst_scan.jpg.d10e66dc03e35ede4fdcba12b
  3. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  4. The first time the tool is run, it also makes another log (Addition.txt). If you've run it before it may not and you may need to select it manually.

Finally, attach the Malwarebytes Threat Scan, FRST.txt and Additional.txt logs to your reply. Before submitting your reply, be sure to enable "Notify me of replies" like so: notify me.jpeg

Click "Reveal Hidden Contents" below for details on how to add attachments to your post.
Note: If you are unable to attach files, please copy and past the contents of the requested files in your Reply instead. 

Spoiler

To save attachments, please click the link as shown below. You can click and drag the files to this bar or you can click the choose files, then browse to where your files are located, select them and click the Open button.

_mb_attach.jpg.a0465aaafd6cae688aa38ab16

Please Note the Following:

  • One of our expert helpers will give you one-on-one assistance when one becomes available.
  • Refrain from making any further changes to your computer (such as Install/Uninstall programs, using special fix tools, delete files, edit the registry, etc...) unless advised by a malware removal helper. Doing so can result in system changes which may hinder the attempts by a helper to clean your machine.
  • Do not 'bump' or add a reply to your topic once it is started. Topics which appear to have replies are considered to have a helper assisting them and may be overlooked, resulting in a longer waiting period for help
  • If you're using Peer 2 Peer software such as uTorrent or similar, please completely disable it from running while being assisted here.

Troubleshooting Tips

Link to post
Share on other sites
Evan24

Evan24

Posted
Posted

And if you dont stop the bootperformance.bin, you wont be able to use the words: "adware" "adw" "rogue" in any search method, even in your files with explorer.exe or any browser cant search, cause it crash it, and get your svchost.exe expending CPU resourse like crazy.

 

Honestly I know where i get it, a couse download the file from this torrent and execute the .exe file to download the game torrent, but from then, the malware is infecting my pc, I deleted everything related to it, but still have it.

http://skidrowgamedownloaded.com/?fi=2018&fn=hollow-knight-v1_3_1_5-3-dlc.torrent&fu=https%3A%2F%2Fskidrowgamereloaded.com%2Fengine%2Fdownload.php%3Fid%3D2198

I created an account just to say I am exactly having the same issue.

Link to post
Share on other sites
nasdaq

nasdaq

Posted
Posted

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

This answers is for DayofJustice only.

Note to : Evan24
Sorry but you are not authorized to post in someone else log.
If you need help start you own topic.
===

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png or the 3 vertical dots located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
<<<>>>

Please post the log and let me know of any remaining issues.


 

fixlist.txt

Link to post
Share on other sites
DayofJustice

DayofJustice

Posted
  • Author
Posted

Thank you nasdaq

At the moment I haven't had any notifications from MWB nor have I had any popups yet.  I would typically receive a popup or two within an hour, so for the moment things seem to be working without issue.  If any further issues occur I will post another reply tonight.

I think that Evan24 was correct though in the cause of the issue.  My 14 year old son wanted me to buy him a game and when I said no I guess he took it upon himself to try and find it for free.  Needless to say, there are some changes being made to what he has access to until he learns what's right and wrong.

Again Thank You so much for all the help.  I'll be sure to let you know of any suspicious activity if it surfaces.

Fixlog.txt

Link to post
Share on other sites
nasdaq

nasdaq

Posted
Posted

Hi,

Are you Syncing Chrome with other devices?

If applicable follow these instructions.
To remove it you will have to reset the Sync in Chrome.

Read this article and proceed.

Chrome Secure Preferences detection always comes back

Restart the computer normally when completed.

Keep me posted.

Link to post
Share on other sites
nasdaq

nasdaq

Posted
Posted

Hi,

Glad we could help.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===

Re sync when you are confident that all is well.

 

Link to post
Share on other sites
  • 4 weeks later...
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.