qmsqc Posted June 30, 2018 ID:1253662 Share Posted June 30, 2018 Hi, I was recently on an apparent adf.ly site, but the search bar was coming up with clearload.bid. I did some research and found out that it is apparently malware? I have ran Malwarebytes and have found nothing I was wondering what I should do next? best regards - qmsqc Link to post Share on other sites More sharing options...
kevinf80 Posted June 30, 2018 ID:1253755 Share Posted June 30, 2018 Hello qmsqc and welcome to Malwarebytes, Continue with the following: If you do not have Malwarebytes installed do the following: Download Malwarebytes version 3 from the following link:https://www.malwarebytes.com/mwb-download/thankyou/ Double click on the installer and follow the prompts. If necessary select the Blue Help tab for video instructions.... When the install completes or Malwarebytes is already installed do the following: Open Malwarebytes, select > "settings" > "protection tab" Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on.... Go back to "DashBoard" select the Blue "Scan Now" tab...... When the scan completes deal with any found entries... To get the log from Malwarebytes do the following: Click on the Report tab > from main interface. Double click on the Scan log which shows the Date and time of the scan just performed. Click Export > From export you have two options:Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your replyText file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply… Next, Download Farbar Recovery Scan Tool and save it to your desktop. Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.htmlNote: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way... Be aware FRST must be run from an account with Administrator status... Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.) Make sure Addition.txt is checkmarked under "Optional scans" Press Scan button to run the tool.... It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The tool will also make a log named (Addition.txt) Please attach that log to your reply. Let me see those logs in your reply... Thank you, Kevin.... Link to post Share on other sites More sharing options...
qmsqc Posted July 1, 2018 Author ID:1253807 Share Posted July 1, 2018 (edited) Hi Kevinf80, I have attached the required information and the log of the scan here, thanks for the speedy reply, qmsqc Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 7/1/18 Scan Time: 10:38 AM Log File: 81633314-7d12-11e8-abdd-408d5cdfb464.json Administrator: Yes -Software Information- Version: 3.5.1.2522 Components Version: 1.0.374 Update Package Version: 1.0.5713 License: Free -System Information- OS: Windows 10 (Build 17134.112) CPU: x64 File System: NTFS User: DESKTOP-VBN65AJ\billy -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 318253 Threats Detected: 0 (No malicious items detected) Threats Quarantined: 0 (No malicious items detected) Time Elapsed: 12 min, 48 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) Addition.txt FRST.txt Edited July 1, 2018 by qmsqc Link to post Share on other sites More sharing options...
kevinf80 Posted July 1, 2018 ID:1253893 Share Posted July 1, 2018 (edited) hello qmsqc, Thanks for those logs, continue with the following: Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix" NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Open FRST and press the Fix button just once and wait. The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply. Next, Download AdwCleaner by Malwarebytes onto your Desktop. Or from this Mirror Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users) Accept the EULA (I accept), then click on Scan Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all the active processes Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply Next, Please download Zemana AntiMalware and save it to your Desktop. Install the program and once the installation is complete it will start automatically. Without changing any options, press Scan to begin. After the short scan is finished, if threats are detected press Next to remove them.Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please re-boot your computer manually. Open Zemana AntiMalware again. Click on icon and double click the latest report. Now click File > Save As and choose your Desktop before pressing Save. Attach saved report in your next message. Next, Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop Ensure to get the correct version for your system....https://www.microsoft.com/en-gb/download/malicious-software-removal-tool-details.aspx Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window In the "Scan Type" window, select Quick Scan Perform a scan and Click Finish when the scan is done. Retrieve the MSRT log as follows, and post it in your next reply: 1) Select the Windows key and R key together to open the "Run" function 2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:notepad c:\windows\debug\mrt.log The log will include log details for each time MSRT has run, we only need the most recent log by date and time.... Let me see those logs in your reply, also tell me if there are any remaining issues or concerns... Thank you, Kevin.. fixlist.txt Edited July 1, 2018 by kevinf80 Link to post Share on other sites More sharing options...
qmsqc Posted July 1, 2018 Author ID:1253908 Share Posted July 1, 2018 Hello kevinf80, I have successfully removed one item of adware when running Adwcleaner. I have also attached the logs of the response, Thanks so much for the help -qmsqc AdwCleaner[C00].txt 2018.07.01-16.38.26-i0-t92-d0.txt Fixlog.txt mrt.log Link to post Share on other sites More sharing options...
kevinf80 Posted July 1, 2018 ID:1253909 Share Posted July 1, 2018 How does your system respond now, any remaining issues or concerns...? Link to post Share on other sites More sharing options...
qmsqc Posted July 1, 2018 Author ID:1253911 Share Posted July 1, 2018 I have noticed that chrome opens faster, I believe my problem is solved! Thank you for the help, I greatly appreciate it! - qmsqc Link to post Share on other sites More sharing options...
kevinf80 Posted July 1, 2018 ID:1253926 Share Posted July 1, 2018 Thanks for the update qmsqc, continue to clean up: Uninstall Zemana http://www.askvg.com/how-to-completely-uninstall-remove-a-software-program-in-windows-without-using-3rd-party-software/ Next, Download "Delfix by Xplode" and save it to your desktop. Or use the following if first link is down:"Delfix link mirror" If your security program alerts to Delfix either, accept the alert or turn your security off. Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator Make Sure the following items are checked: Remove disinfection tools <----- this will remove tools we may have used. Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created. Reset system settings <--- this will reset any system settings back to default that were changed either by us during cleansing or malware/infection Now click on "Run" and wait patiently until the tool has completed. The tool will create a log when it has completed. We don't need you to post this. Any remnant files/logs from tools we have used can be deleted… Next, Read the following links to fully understand PC Security and Best Practices, you may find them useful....Answers to Common Security Questions and best PracticesDo I need a Registry Cleaner? Take care and surf safe Kevin... Link to post Share on other sites More sharing options...
qmsqc Posted July 1, 2018 Author ID:1253927 Share Posted July 1, 2018 Hi, I have successfully removed the programs and read the links I think the adware was due to me clicking on a fake notification popup, which I don't normally do. Thanks for all the help, your the best! -qmsqc Link to post Share on other sites More sharing options...
kevinf80 Posted July 1, 2018 ID:1253928 Share Posted July 1, 2018 Thank you for those kind words qmsqc, very much appreciated... Regards, Kevin... Link to post Share on other sites More sharing options...
qmsqc Posted July 1, 2018 Author ID:1253929 Share Posted July 1, 2018 Link to post Share on other sites More sharing options...
kevinf80 Posted July 1, 2018 ID:1253980 Share Posted July 1, 2018 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks Link to post Share on other sites More sharing options...
Recommended Posts