Jump to content

RiskWare.IFEOHijack


Recommended Posts

So waking up this morning Malwarebytes  picked up a few RiskWare.IFEOHijack detections  so I placed them into quarantine Info of the scan below. After that I ran Adwclearner info from it will be added below  after restart I ran FarbarRecovery scan tool i and I made sure addition was clicked I have also attached Addition and the FRST64 .txt files are attached below. Now I'm not to sure if this was a legit or not. But if someone could help me out that would be great 

malwarbytes scan info.txt adwcleaner scan info.txt Addition.txt FRST.txt

Link to post
Share on other sites

  • Root Admin

Hello @turelium

You have an old compromised version of Java on your system. Please go to Control Panel, Programs, Add/Remove and uninstall Java. If possible try to user  your computer without Java, if you really have to have it though make sure to keep it up to date at all times.

I would also recommend considering uninstalling Bonjour

What exactly is mDNSResponder.exe?

https://www.groovypost.com/howto/howto/what-is-mdnsresponder-exe-and-why-is-it-running/

MDNSResponder, also known as Bonjour, is Apple’s native zero-configuration networking process for Mac that was ported over to Windows and associated with MDNSNSP.DLL.  On a Mac or iOS device, this program is used for networking nearly everything.  On Windows, this process is only necessary for sharing libraries via iTunes and other Mac applications like the Apple TV that were ported to Windows.  Bonjour allows different computers running iTunes to communicate with each other regardless of network configuration, this is because it enables automatic network discovery.

What Is mDNSResponder.exe / Bonjour and How Can I Uninstall or Remove It?
https://www.howtogeek.com/howto/6456/what-is-mdnsresponder.exe-bonjour-and-how-can-i-uninstall-or-remove-it/

 

Your computer is also reporting errors with the following

Error: (05/05/2020 05:37:31 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (3348,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

The following solution may prove useful in correcting that error.

Fix Tilerepository error
https://answers.microsoft.com/en-us/windows/forum/all/event-viewer-erro-esent-455-since-update-1903/624a2548-06e5-47f4-bb99-76d6412895a0

 

You may want to also review your use of CCleaner. Many experts no longer recommend the use of the product but make up your own mind.

https://helpdeskgeek.com/free-tools-review/why-you-shouldnt-download-ccleaner-for-windows-anymore/

https://www.howtogeek.com/361112/heres-what-you-should-use-instead-of-ccleaner/

 

You appear to also be running Apache but an old version with known exploits. If you're going to use it then I would recommend you check and if needed, update the program.

 

 

Please run the following fix. It will check and verify that all Microsoft operating system files are valid. It will remove some unwanted or invalid entries from the system as well as empty temp files and the recycle bin. It will also reboot the computer and run a disk check to verify data integrity. Depending on the speed of the computer it will take between 30 minutes to an hour to complete.

 

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

fixlist.txt

Thanks

 

Link to post
Share on other sites

  • Root Admin

From the logs

Windows Resource Protection found corrupt files and successfully repaired them.

 

As for Apache, I'm not sure. I've not used it for development in a few years. Can probably go to Control Panel, Programs, Add / Remove and uninstall if you're no longer using it.

The logs look good otherwise at this point you should be good.

Is there anything else I can assist you with?

 

Link to post
Share on other sites

Just now, AdvancedSetup said:

From the logs

Windows Resource Protection found corrupt files and successfully repaired them.

 

As for Apache, I'm not sure. I've not used it for development in a few years. Can probably go to Control Panel, Programs, Add / Remove and uninstall if you're no longer using it.

The logs look good otherwise at this point you should be good.

Is there anything else I can assist you with?

 

Should I run a scan via malwarebytes once more? And delete the files quarantine files or just leave them in there?

Link to post
Share on other sites

  • Root Admin

Normally I recommend that any files in quarantine be left there for a least a week or more just in case it is later decided it's a false positive and the file is not bad. It is safe in quarantine and cannot harm your system.

Go ahead and scan again with Malwarebytes. You can also do a secondary scan with the following.

 

Please download and run the following Kaspersky antivirus scanner to remove any found threats

Kaspersky Virus Removal Tool

Let me know if it finds anything or not

Link to post
Share on other sites

44 minutes ago, AdvancedSetup said:

Normally I recommend that any files in quarantine be left there for a least a week or more just in case it is later decided it's a false positive and the file is not bad. It is safe in quarantine and cannot harm your system.

Go ahead and scan again with Malwarebytes. You can also do a secondary scan with the following.

 

Please download and run the following Kaspersky antivirus scanner to remove any found threats

Kaspersky Virus Removal Tool

Let me know if it finds anything or not.

Done a full scan with Malwarebytes found nothing. The Kaspersky virus removal tool detected 3 objects what should I do next. I do know SPPEXTCOMOBJ.EXE IS is one of the issues malwarebytes picked up. SppExtComObjHook.dll is a new one. 

kaspersky results.jpg

Link to post
Share on other sites

2 minutes ago, AdvancedSetup said:

Yes, I removed the Registry entry. Kaspersky wants to remove the actual file. Go ahead and let Kaspersky remove all of them. If it's correct about the first one that was a nasty infection common a few years ago.

 

Just removed them all but for some reason Kaspersky just put the two into Quarantine should I delete these also ?

quarantine files.jpg

Link to post
Share on other sites

  • 1 month later...
  • Root Admin

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.