Jump to content
cvan

I think I have a malware that is sending out my internet traffic

Recommended Posts

I have done all the steps you have mentioned and Malwarebytes is not showing any threat. Other than that I dont have any other way to know whether my computer is still infected or not.

I will run the farbar program later today and post the results.

Share this post


Link to post
Share on other sites

For your peace of mind run this scan.

Sophos Virus Removal Tool

Please download Sophos Virus Removal Tool and save it to your computer's Desktop.

  • Right-click the icon and select Run as administrator.
  • Click Yes to accept any security warnings that may appear.
  • Click the Next button.
  • Select 'I accept the terms in the license agreement', then click Next twice.
  • Click the Install button and wait until the installation is complete.
  • Click the Finish button. The tool created a shortcut icon on the Desktop of your computer.
  • Now, double-click the Sophos Virus Removal Tool shortcut icon to run the tool.
  • Click Yes to accept any security warnings that may appear.
  • After it updates and a "Start Scanning" button appears in the lower right:
    • Disconnect from the Internet or physically unplug your Internet cable connection.
    • Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
    • Temporarily disable your anti-virus and real-time anti-spyware protection.



Windows Vista and above:
C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs\SophosVirusRemovalTool.log
 
Please post the contents of the log in your next reply and note any errors encountered.
===

Share this post


Link to post
Share on other sites

Your copy of Chrome may have been compromised

step1.gif Remove Chrome from your Computer and reinstall a fresh copy later.

step2.gifIf you remove the syncing of your account you must remove it before you save your bookmarks etc...
Delete Your Google Chrome Browser Sync Data if you sync with other devices. <- Important ...
https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/

step3.gif Before you remove Chrome Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.
How To: http://ccm.net/faq/31791-how-to-backup-your-google-chrome-bookmarks

step4.gif Before you remove Chrome Export your Passwords
How to export your saved passwords from Chrome
https://betanews.com/2018/03/09/export-chrome-passwords/

step5.gif Clear your Chrome cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

step6.gif Remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

step7.gif Re-install Chrome and the Bookmarks.
<<<>>>

Keep me posted.

Share this post


Link to post
Share on other sites

I have reinstalled Chrome following the steps mentioned above. Please let me know the next steps.

Share this post


Link to post
Share on other sites

Malwarebytes scan shows 0 threats. Shall I run any of the other tools above for validation?

Share this post


Link to post
Share on other sites

Another thing is, I am unable to run farbar tool anymore. As mentioned earlier, it goes into an infinite loop of updating itself again and again. I have run it from both desktop and documents folder with "run as administrator". 

Share this post


Link to post
Share on other sites

Ran from Desktop as administrator. Same problem.

Share this post


Link to post
Share on other sites

HI,

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zoek tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator 
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:

createsrpoint;
autoclean;
emptyalltemp;
ipconfig /flushdns;b

Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.

Also, please provide an update on how the computer is behaving after running the above script.
 

Share this post


Link to post
Share on other sites

Thanks, will do the same. Is there a "b" at the end of 

ipconfig /flushdns;b

 

Share this post


Link to post
Share on other sites

Please find attached.

I dont see any visible difference as such. None of the AV programs reported any issues till now.

zoek-results.log

Share this post


Link to post
Share on other sites

Windows defender just quarantined zoek.exe as Trojan!!

Share this post


Link to post
Share on other sites

Hi,

I'm not surprise, we do not use that tool often.

Some commands in the program could be harmful to the computer. Safe when run with Zoek.

Any remaining issues?

Can you now run the Farbar program and post the logs?

Share this post


Link to post
Share on other sites

Farbar still has the same problem. Ran as admin from desktop. It goes into "New update found" loop and keeps updating itself again and again. I downloaded it the last time you asked me to.

Share this post


Link to post
Share on other sites

Looks line Windows Defender is also not accepting this program.

Disable it just the time you try to download the tool.

Share this post


Link to post
Share on other sites

Hi,

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please post the Fixlog.txt and let me know what problem persists.

fixlist.txt

Share this post


Link to post
Share on other sites

I think so. Thank you very much for all the help that you have provided. Really appreciate it.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.