Jump to content

Cloud1 infection


Recommended Posts

Hello vparkinson47 and welcome to Malwarebytes,

Continue please:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

user posted image

Next,

Please download Zemana AntiMalware and save it to your Desktop.
 
  • Install the program and once the installation is complete it will start automatically.
  • Without changing any options, press Scan to begin.
  • After the short scan is finished, if threats are detected press Next to remove them.
    Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please re-boot your computer manually.
     
  • Open Zemana AntiMalware again.
  • Click on 3 chimney icon (top right hand corner) and double click the latest report.
  • Now click File > Save As and choose your Desktop before pressing Save.
  • Attach saved report in your next message.


Next,

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

https://www.microsoft.com/en-gb/download/malicious-software-removal-tool-details.aspx


Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window
In the "Scan Type" window, select Quick Scan
Perform a scan and Click Finish when the scan is done.


Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

notepad c:\windows\debug\mrt.log

The log will include log details for each time MSRT has run, we only need the most recent log by date and time....

Let me see those logs in your reply, also tell me if there are any remaining issues or concerns...

Thank you,

Kevin..

fixlist.txt

Link to post
Share on other sites

All the log files are attached. Unfortunately the cloud1.pw notification popups are still occurring.

Fixlog.txtzemana log.txt

Here is the MSRT log:

 

Microsoft Windows Malicious Software Removal Tool v5.75, August 2019 (build 5.75.16236.1)
Started On Thu Sep 19 19:42:42 2019

Engine: 1.1.16200.1
Signatures: 1.299.474.0
MpGear: 1.1.15747.1
Run Mode: Interactive Graphical Mode

Results Summary:
----------------
No infection found.
Successfully Submitted Heartbeat Report
Microsoft Windows Malicious Software Removal Tool Finished On Thu Sep 19 19:46:15 2019


Return code: 0 (0x0)

Link to post
Share on other sites

Hello vparkinson47,

Continue please:

IMPORTANT: Please remove any usb or external drives from the computer and close all running programs before you run this scan!

Download RogueKiller and save to your desktop...

RogueKiller (X86)

RogueKiller (x64)
 
  • Exit all running applications.
  • Double-click on RogueKiller.exe to launch the tool.
  • If RogueKiller is unable to load, do not hesitate to try launching it several times or rename it winlogon.
  • Click "Scan" then Start under ‘Standard Scan (recommended)’
  • On completion, the results will be displayed
  • Make sure all found entries in the red zone are Checkmarked
  • click on the Remove Selected button
  • On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
  • This will open the report in Notepad. Copy/paste its content in your next reply....


Post that log, also let me know if thre are any remaining issues or concerns...

If iCloud popup still happens is this only when you use Chrome browser, or other browsers. Does Malwarebytes make a block, if so let me see last three block logs..

Open Malwarebytes, select > Reports > then checkmark (tick) most recent "Website Block" entry > then select "View Report" > "Export" > Text File (*.txt) name and save that file to Desktop or somewhere of your choice, attach to your reply...

Thanks,

Kevin..

 

Link to post
Share on other sites

Kevin,

Sorry it took longer this time. I ran RogueKiller and it deleted four things. The log is attached. After that, I let my computer sit for a while without chrome open, and during that time I did not see any of these cloud1.pw popups. Some time after re-opening chrome, I did get one again.

Malwarebytes did not show any website blocks.

roguekiller log.txt

Link to post
Share on other sites

What you describe suggests Chrome is at fault for your issue, lets make a fresh clean install..

If your Chrome Bookmarks are important do this first:

Go to this link: http://www.wikihow.com/Export-Bookmarks-from-Chrome follow the instructions and Export your Bookmarks from Chrome, save to your Desktop or similar. Note the instructions can also be used to Import the bookmarks.....

For your Passwords go here:

https://www.intowindows.com/how-to-backup-saved-passwords-in-google-chrome-browser/

Continue for a clean install:

Download Chrome installer and save to install later: https://www.google.com/intl/en_uk/chrome/browser/desktop/index.html https://www.google.com/intl/en_usa/chrome/browser/desktop/index.html

Next,

Open Chrome and sign into your account, open a new tab and type or copy paste chrome://settings/syncSetup hit enter...

In the new window that opens "Sync everthing" will probably be selected, scroll down to and select "Managed sync data on Google Dashboard"

A new window will open, scroll down to and select "Reset Sync" that will clear synced data from Google Server...

Continue to next step to completely Uninstall Chrome....

Next.

Uninstall Chrome: https://support.google.com/chrome/answer/95319?hl=en-GB follow those instructions, ensure the option to "Also delete your browsing data" is selected. <<--- Very important!!

Navigate to C:\Users\Your user name\Appdata\Local from that folder delete the folder named Google (you will need to show hidden files/folders to see the folder Appdata)

For XP that will be My Computer > C:\ Documents and Settings\Your User Name\Application Data\Roaming

How to show hidden files and folders for windows: http://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/

Next,

Install Google Chrome :

Next,

Import your Bookmarks... (instructions in the first step)

Import Passwords... (instructions in second step above)

Next,

Install Malwarebytes Browser Extension (Free) https://chrome.google.com/webstore/detail/malwarebytes-browser-exte/ihcjicgdanjaechkgeegckofjjedodee

Next,

Install uBlock Origin for Chrome: https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm?hl=en

Does that clear the issue...?
Link to post
Share on other sites

Thanks for the update vparkinson47, good to hear your issue is cleared...

Continue:

Uninstall the following program:

Zemana

http://www.askvg.com/how-to-completely-uninstall-remove-a-software-program-in-windows-without-using-3rd-party-software/

Next,

Delete RogueKiller portable from this folder C:\Users\spatialwarp\Desktop\ also delete this folder if present: C:\ProgramData\RogueKiller

Next,

Right click on FRST here: C:\Users\spatialwarp\Downloads\FRST64.exe and rename uninstall.exe when complete right click on uninstall.exe and select "Run as Administrator"

If you do not see the .exe appended that is because file extensions are hidden, in that case just rename FRST64 to uninstall

That action will remove FRST and all created files and folders...

Next,

Remove all System Restore Points: https://www.tenforums.com/tutorials/33593-delete-system-restore-points-windows-10-a.html#option2

Create clean fresh Restore Point: http://www.thewindowsclub.com/create-system-restore-point

Run Windows Disk Clean Up Utility - https://neosmart.net/wiki/disk-cleanup/

From there you should be good to go...

Next,

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin... user posted image
Link to post
Share on other sites

  • Root Admin

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.