Jump to content
kelizabeth

Am I Infected? Weird Download

Recommended Posts

Issue: File downloaded from website after popup happened, I'm guessing. 
Browser I used at the time: Google Chrome
File: something.htm from a site with xyz as the extension. Malwarebytes blocked me from visiting the site.
Happened: February 23rd at 10am.
Issues: Just worried if it could have infected my computer
Additional: My space saver came on, but I am not convinced they are related as I cleaned a few things out of my computer and now have more space.
What I Have Done: Ran scan with premium malwarebytes (threat) and adwcleaner. Turned off automatic downloads in Chrome.
Results: Found no issues or viruses/etc.
Additional Question: Do you know how to delete temporary files safely without losing any of my actual files? As I think that might be where all of the space is being taken up at.

I have attached the threat scan txt and the farbar scan FRST and Addition txt.

Thank you! ☺️

Addition.txt

FRST.txt

ThreatScan.txt

Share this post


Link to post
Share on other sites

When I say (threat), I mean the quick threat scan option in malwarebytes. Should I attach a different scan? A full one? Let me know :)

Thank you for any help! I am very grateful!

Share this post


Link to post
Share on other sites
Posted (edited)

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

ATTENTION: System Restore is disabled
Turn System Restore ON for Drives in Windows 10 - Immediately.
https://www.tenforums.com/tutorials/4533-system-protection-turn-off-drives-windows-10-a.html
===

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please post the Fixlog.txt and let me know what problem persists.

 

fixlist.txt

Edited by nasdaq

Share this post


Link to post
Share on other sites

Hi! Thank you so much for helping me!

I turned on system restore for both hard-drives on my computer. I chose 11gb for one and 18gb for the other, is this an okay option or should I make it higher/lower?

I have ran the fixlist and attached the fixlog!

The fixlist cleared up a good amount of space! And I haven't really noticed any problems so far. My display had a little glitch for a second but I think it's because the system was still booting up. I was mostly just worried I might have a virus, do you think I did?

Thank you so so so much!

Fixlog.txt

Share this post


Link to post
Share on other sites

Hi,

Quote

I turned on system restore for both hard-drives on my computer. I chose 11gb for one and 18gb for the other, is this an okay option or should I make it higher/lower?


It's good.

Your logs are clean.
For your peace of mind run this scan.

Sophos Virus Removal Tool

Please download Sophos Virus Removal Tool and save it to your computer's Desktop.

  • Right-click the icon and select Run as administrator.
  • Click Yes to accept any security warnings that may appear.
  • Click the Next button.
  • Select 'I accept the terms in the license agreement', then click Next twice.
  • Click the Install button and wait until the installation is complete.
  • Click the Finish button. The tool created a shortcut icon on the Desktop of your computer.
  • Now, double-click the Sophos Virus Removal Tool shortcut icon to run the tool.
  • Click Yes to accept any security warnings that may appear.
  • After it updates and a "Start Scanning" button appears in the lower right:
    • Disconnect from the Internet or physically unplug your Internet cable connection.
    • Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
    • Temporarily disable your anti-virus and real-time anti-spyware protection.



Windows Vista and above:
C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs\SophosVirusRemovalTool.log
 
Please post the contents of the log in your next reply and note any errors encountered.
===

Share this post


Link to post
Share on other sites
1 hour ago, nasdaq said:

Hi,

Glad we could help.

Thank you so much! This topic can be closed. I really appreciate it! :)

Share this post


Link to post
Share on other sites

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Share this post


Link to post
Share on other sites

When I visit a site that I currently run, it says I cannot visit due to a trojan? But myself and my host has checked and so far there's nothing. I'm thinking malwarebytes might be flagging it, I want to say as a false positive, unless it's a plugin. But everyone says they aren't getting any warnings and that the site is secure with the green lock. The url is in the attached screen capture.

I have also attached the files from a quickscan, FRST (and addition), ADWCleaner. And I ran a  scan with Sophos Virus Removal Tool and it said my computer was clean.

I have visited the site in both firefox and chrome.

 

screencap.png

AdwCleaner[C12].txt FRST.txt MWB Threat Scan.txt Addition.txt

Share this post


Link to post
Share on other sites

The IP in the malwarebytes popup warning at the bottom is the server IP that the site is currently hosted on.

Share this post


Link to post
Share on other sites

I'm not syncing on any devices. I have reset my firefox and it still persists. Do you think it's a false positive on the site? If it is - is there any way to have it removed from malwarebytes' list as an infected site?

I have ran a scan on the site itself, inside of the cpanel (since I run it), and there's no viruses.

 

Share this post


Link to post
Share on other sites

Hi,

Firefox may be compromised.

Remove and reinstall Firefox.

Before proceeding save your Bookmarks. (Export)
https://support.mozilla.org/en-US/kb/export-firefox-bookmarks-to-backup-or-transfer

Firefox Password manager - Import your passwords.
Password Manager - Remember, delete, change and import saved passwords in Firefox
https://support.mozilla.org/en-US/kb/password-manager-remember-delete-change-and-import#w_protecting-your-passwords

Clean the Firefox Cache.
https://kb.iu.edu/d/ahic#firefox

Remove Firefox using the instructions one this page.
https://support.mozilla.org/en-US/kb/uninstall-firefox-from-your-computer

Restart the computer normally.

Install the latest version of the application.
https://www.mozilla.org/en-US/firefox/new/

Import your Bookmarks. Same link as the Export function above.

Restart the computer normally.

Share this post


Link to post
Share on other sites

Hi! I really appreciate you helping me! I removed firefox and all files in roaming/program files/etc. Cleared the history and re-installed. But the problem is still there (attached)

image.thumb.png.9821ef27e47703cfe0d92b67f93a8d27.png

Share this post


Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.