Jump to content

Recommended Posts

Hello,

I believe that the web browser (Chrome) form my parents' computer has been hijacked. The reason for this belief, is not only an unreasonable and unrelated amount of pop ups when opening web pages and some notifications about sexual enlargements and random dates near the task bar. This was following (in my mom's words) an attempt to find a place where she could download Prison Break season whatever... Moral reprimands aside, if you don't know where you're getting into, you don't get into it! otherwise this may happen.

Anyway, we have Kaspersky internet security, which sadly did very little to prevent the problem. Malware got into the system (the attached log proves it) but even after moving the 5 threats to quarantine, the problem persisted. Apologies for the log being in Portuguese, but it basically says: "deteção da verificação" Verification detection and further ahead "movido para quarentena" which means moved to quarantine. So I ran Farbar Scan and the results are also attached. Any help in solving this issue will be very welcome.

Thank you all in advance 

2.jpg

Addition.txt FRST.txt

Share this post


Link to post
Share on other sites

Hello Hatsuhime and :welcome:

My screen name is Android8888 but if you wish you can call me Rui which is my real name. I will be helping you with your malware issues. Please ask questions if anything is unclear.

For some reason your FRST.txt log is not complete, it was cut off. Please re-run FRST and attach the new logs (FRST.txt and Addition.txt).

Thank you.

Android8888

(Rui)

 

Share this post


Link to post
Share on other sites

Hello Hatsuhime.

I apologize for the delay in responding.

Please do the following in the order listed.


Warning: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to the operating system.

Now follow the instructions below to execute a script fix on your system using FRST, and provide the log in your next reply.

  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST64.exe executable is located); DO NOT open or modify that file!
  • Right-click on the FRST executable and select Run as Administrator;
  • Click on the Fix button;
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
  • Please attach the Fixlog.txt in your next reply;


Next,

  • Download AdwCleaner and move it to your computer Desktop;
  • Right-click on AdwCleaner.exe and select Run as Administrator;
  • Click Yes to accept the User Account Control security warning that may appear;
  • Click on the blue button 'I AGREE';
  • Click on the Scan Now button;
  • Let the scan complete. Once it's done, make sure that every item listed is checked and click on the Clean & Repair button;
  • Click on the Clean & Restart Now button;
  • After the restart, a log will open when logging in. Please attach that log in your next reply.


Next,

  • Open Malwarebytes;
  • On the left pane select Settings;
  • Select the Protection tab;
  • Scroll down to Scan Options and ensure Scan for Rootkits is 'On' and leave all other settings to default.
  • Go back to Dashboard and select the blue Scan Now tab; Note: The scan may take some time to finish, so please be patient.
  • When the scan completes if potential threats are detected, ensure to checkmark all the listed items, and click the Quarantine Selected button.
  • While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), give it a name and save it to your Desktop.
  • The log can also be viewed by clicking the log to select it, then clicking the View Report button.
  • Please attach the log in your next reply.


In your next reply please attach:
Fixlog.txt;
AdwCleaner clean log;
Malwarebytes log.

How is the computer running now? Are you still having the popups and Chrome issues? Please let me know.

Thank you.

Android8888

 

fixlist.txt

Share this post


Link to post
Share on other sites

Hello Hatsuhime.

Thank you for the logs. Your computer appears to be clean and free of malware. I'm glad to know that.:)

 

Now, let's remove AdwCleaner and FRST64.

 

Open AdwCleaner, on the left pane go to settings and then on the right menu tab scroll down until the end.

Click on Remove button.

 

To remove FRST64, right click on the icon and select Rename.

Type uninstall and click Enter. This will rename the tool.

Now, right-click uninstall and select Run as administrator, then click OK. The tool will be totally removed from the computer.

 

If all is running well,

To help keep malware off your system below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please consider using these ideas to help secure your computer.
 
Keep your Windows Operating System and Antivirus up-to-date. Always!
 
Please note: Many installer offer third-party downloads that are installed automatically when you do not uncheck certain check-boxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser.
 
Keep Malwarebytes Anti-Malware (MBAM) update and perform a regular scan to your system as it will make it harder for malware to reside on your computer.
A complete guide on using MBAM can be found here
 
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program with resident protection at a time.
 
Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure.
 
A similar category of programs is called "scareware" or Rogue programs. Rogue programs are active infections that will pop-up on your computer and tell you that you are infected when you are not. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible.
 
Another most feared threat at the moment is an infection by a Ransomware. A Ransomware infection is a program that ransoms the data or functionality of your computer until you perform an action. This action is typically to pay a ransom in the form of Bitcoins or another payment method. I advise you to read more info on this terrible threat here and here.
 
Please keep your programs up to date. This applies to most of the programs and all your Internet Browsers in particular. Vulnerabilities in the programs are often exploited in order to install malware on your PC.
 
Be careful with flash drives, as they can spread infections. See this post on USB/flash drive safety.
 
Stay away from P2P software; even with a clean P2P program, their networks are often riddled with malware.
 
Don't click on attachments or links in e-mail, and read your e-mail in text-only mode for the highest safety.
 
Don't click on links received in instant message programs.
 
A HOSTS file will prevent Internet Explorer from communicating with sites known to be associated with adware or spyware. A good regularly updated HOST file is MVPS HOSTS File, available here
 
For much more useful and complete information, please read the following links to fully understand PC Security and Best Practices:
 
So how did I get infected in the first place
Answers to common security questions - Best Practices
 
Hopefully these steps will help to keep you error and malware free. If you run into more difficulty, we will certainly do what we can to help.
 
Happy surfing and stay safe. :)
 
With my best regards.
 
Android8888
(Rui)

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.