Jump to content
evanw

ASUS notebook infected

Recommended Posts

I restarted an ASUS Notebook PC from 2013 which has been on a shelf since summer 2016. It is running Windows 8.1.

It became clear that the PC was infected with adware and Trojans, and had multiple browsers etc. I uninstalled a bunch of programs and now only have Internet Explorer loaded.

I ran MalwareBytes several times, the latest today. The log file is below. Should I be concerned that the software is only quarantining 1 of 5 items? What should I do next?

Evan

Malwarebytes Tuesday 16th April 2019.txt

Share this post


Link to post
Share on other sites

I had a message linked to my request yesterday to provide more log files, I could not see how to reply to that thread so as instructed sending a new topic.

I attach a Threat Scan, and the FRST files requested all run this morning.

 

Original text:

I restarted an ASUS Notebook PC from 2013 which has been on a shelf since summer 2016. It is running Windows 8.1.

It became clear that the PC was infected with adware and Trojans, and had multiple browsers etc. I uninstalled a bunch of programs and now only have Internet Explorer loaded.

I ran MalwareBytes several times, the latest today. The log file is below. Should I be concerned that the software is only quarantining 1 of 5 items? What should I do next?

 

EvanW

Malwarebytes threat scan 17 April EvanW.txt Malwarebytes threat scan Quarantine removal report 17 April EvanW.txt FRST.txt Addition.txt

Share this post


Link to post
Share on other sites

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the Farbar Recovery Scan Tool (FRST).
Choose the 32 or 64 bit version for your system.
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.
Click Attach this file.
Click the Add reply button.
===

Please post the logs  for my review.

Wait for further instructions
===

Share this post


Link to post
Share on other sites

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

You are predently using INTERNET EXPLORER

Reset Internet Explorer:
Menu > Tools > Internet Options > Advanced Tab.
Click the Reset button on the bottom of the pane.
Click the Apply button.
Close IE.
===

Is Chrome used on this computer?

Is Malwarebytes always reporting these items event after they have been deleted?

=======

Please post the Fixlog.txt and let me know what problem persists.

fixlist.txt

Share this post


Link to post
Share on other sites

Attached the fix log file after I ran the FRST64 application.

I performed the reset on IE.

The computer did have, Chrome and Opera installed which I recently uninstalled. There is also an application from Baidu which when I try to run uninstall it provides a rising sun image and options in Chinese text.

There is a small logo that appears top left of the screen and all the text is in Chinese. I took a screen shot also attached.

Evan

Screenshot (1).png

Fixlog.txt

Share this post


Link to post
Share on other sites

Hi,

There are may entries in your logs referring to Baidu should we remove them all.

Are you using the service?

I can remove them all is you wish.

Share this post


Link to post
Share on other sites

Yes please I would like all the Baidu removed.

I am not using the service.

EvanW

Share this post


Link to post
Share on other sites

Hi,

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please post the Fixlog.txt and let me know what problem persists.

fixlist.txt

Share this post


Link to post
Share on other sites

Hi,

Your copy of Chrome has been compromised

step1.gif Remove Chrome from your Computer and reinstall a fresh copy later.

step2.gifIf you remove the syncing of your account you must remove it before you save your bookmarks etc...
Delete Your Google Chrome Browser Sync Data if you sync with other devices. <- Important ...
https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/

step3.gif Before you remove Chrome Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.
How To: http://ccm.net/faq/31791-how-to-backup-your-google-chrome-bookmarks

step4.gif Before you remove Chrome Export your Passwords
How to export your saved passwords from Chrome
https://betanews.com/2018/03/09/export-chrome-passwords/

step5.gif Clear your Chrome cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

step6.gif Remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

step7.gif Re-install Chrome and the Bookmarks.
<<<>>

Keep me posted.

Share this post


Link to post
Share on other sites

I had already uninstalled Chrome and Opera, so I cannot uninstall. I did a file search for Chrome and deleted the remaining files. Not all of them would delete (permissions, although I am an administrator).

The scan log from this morning is down to one threat that comes up as removal failed.

Should I reinstall Chrome? it is my preferred browser.

EvanW



Share this post


Link to post
Share on other sites

I can no longer attach files to this thread. This mornings scan log is pasted below.

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 21/04/2019
Scan Time: 12:17
Log File: a65ef038-641e-11e9-8ab5-74d02b1e9580.json

-Software Information-
Version: 3.7.1.2839
Components Version: 1.0.563
Update Package Version: 1.0.10260
Licence: Trial

-System Information-
OS: Windows 8.1
CPU: x64
File System: NTFS
User: System

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Scheduler
Result: Completed
Objects Scanned: 264767
Threats Detected: 1
Threats Quarantined: 0
Time Elapsed: 17 min, 18 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 1
PUP.Optional.HTTPBreaker, C:\USERS\EVANW_000\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Removal Failed, [402], [455245],1.0.10260

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)

Share this post


Link to post
Share on other sites

Hi,

Refer to post No. 12.

For now just remove the Sync (no 2)  as suggested.

Restart the computer normally.

If MBAM still report the  PUP.Optional.HTTPBreaker then to remove what is in Chrome Preferences you will have to follow my directives to remove Chrome completely.

p.s.
If the MBAM does not report the PUP then you should be good.

Share this post


Link to post
Share on other sites

So having restarted the computer and done another scan it had come up with zero threats.

I will now reinstall Chrome and check everything is stable in the coming days.

Many thanks for your help so far.

EvanW

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.