Jump to content

Recommended Posts

Okay, so I recently had my passwords changed to important accounts through my Yahoo Mail. This was quite a shock, and I started looking into it. All the "Recent Activity" in my Yahoo account is only from my IP address, which worries me. After opening a ticket with Yahoo, they assure me that all login activity would be documented there, which means that this illegal login had to have been done from my computer, right?

I'm not sure where to start at finding what could be causing this, as I'm using old hard drives, from when I was young and stupid, which used to have - or still have, lots of questionable programs on them. I understand how stupid it is to have connected them to my PC, along with all my other hard drives, but it's too late now. I'm planning on removing the older hard drive, which I feel could be holding the malicious programs. I'm unsure if all my hard drives could be infected, and if it would be best to just purge all of them, though I would prefer to refrain from doing that, as a few of them hold lots of personal and important information. 
 

I am currently scanning my device with MalwareBytes, and the program is still running with nearly 1,500,000 items scanned, and 15 detections, which is way too much to keep track of, and reason enough to get rid of some of these drives. Even when the program finishes scanning everything, I still don't think I'll feel safe, and am worried that the malicious programs may still be hiding somewhere.

Could anyone give me any advise or support? Should I just remove all my hard drives and start fresh - and if I should, would it be okay to transfer some of my files and programs, such as my terrabytes of Steam games without risk of getting re-infected? My network is really, really slow - and very rarely runs at anything above 800kbps, which makes me absolutely dread redownloading everything (1gig can take up to 3 hours or more). I've run netstat -b through CMD in attempt to find any malicious IP's, but really just can't make any sense of it. If someone would be willing to look through it, I'd be glad to provide the log. 

Any support at all would be wholeheartedly appreciated!

-Andy

Link to post
Share on other sites

Okay, go ahead and stop it. There is no need to do a Full Scan. You can have it remove what it has found so far though.

It might take a couple minutes to stop. Then quit Malwarebytes and wait a couple minutes. Then follow the directions below running just a normal Threat Scan and I'll assist you. It is very late for me though so I may have to follow up with you in the morning.

 

Please run the following steps and post back the logs as an attachment when ready.
Temporarily disable your antivirus or other security software first. Make sure to turn it back on once the scans are completed.
Temporarily disable Microsoft SmartScreen to download software below if needed. Make sure to turn it back on once the scans are completed.
If you still have trouble downloading the software please click on Reveal Hidden Contents below for examples of how to allow the download.

 

Spoiler
 
 
 
 
Spoiler

When downloading with some browsers you may see a different style of screens that may block FRST from downloading. The program is safe and used hundreds of times a week by many users.

Example of Microsoft Edge blocking the download

image.png

image.png

image.png

 



STEP 01

  • If you already have Malwarebytes installed then open Malwarebytes and click on the Scan button. It will automatically check for updates and run a Threat Scan.
  • If you don't have Malwarebytes installed yet please download it from here and install it.
  • Once installed then open Malwarebytes and select Scan and let it run.
  • Once the scan is completed make sure you have it quarantine any detections it finds.
  • If no detections were found click on the Save results drop-down, then the Export to TXT  button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If there were detections then once the quarantine has completed click on the View report button, Then click the Export drop-down, then the Export to TXT  button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If the computer restarted to quarantine you can access the logs from the Detection History, then the History tab. Highlight the most recent scan and double-click to open it. Then click the Export drop-down, then the Export to TXT  button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If Malwarebytes won't run then please skip to the next step and let me know in your next reply that the scanner would not run.

STEP 02

Please download AdwCleaner by Malwarebytes and save the file to your Desktop.

  • Double-click to run the program
  • Accept the End User License Agreement.
  • Wait until the database is updated.
  • Click Scan Now.
  • When finished, if items are found please click Quarantine.
  • Your PC should reboot now if any items were found.
  • After reboot, a log file will be opened. Attach or Copy its content into your next reply.

RESTART THE COMPUTER Before running Step 3

STEP 03
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here each time
  • Please attach the Additions.txt log to your reply as well.
  • On your next reply, you should be attaching frst.txt and additions.txt to your post, every time.

 

Thanks

Link to post
Share on other sites

Thank you so much for taking the time to help me! Please, get some sleep. I was just planning on doing the same, before I seen your reply.

I grabbed the log files for the fullscan and a normal scan I did before the fullscan, as well.

 

The firstscan.txt is the first, normal scan I did

fullscan.txt is the partial fullscan that you had me cancel

newscan.txt is the scan I did in according to your request

 

Looking forward to hearing back from you tomorrow! Thanks again for the support!

Addition.txt AdwCleaner[C00].txt firstscan.txt FRST.txt fullscan.txt newscan.txt

Link to post
Share on other sites

Here is a clean up script as well, once you're done cleaning up Google Chrome.

 

Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from.
NOTE. It's important that both files, FRST or FRST64, and fixlist.txt are in the same location or the fix will not work.

Please make sure you disable any real time antivirus or security software before running this script. Once completed make sure you re-enable it.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

NOTE-1:  This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity. Depending on the speed of your computer this fix may take 30 minutes or more.

NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed. The use of an external password manager is highly recommended instead of using your browser to store passwords.

The following directories are emptied:

  • Windows Temp
  • Users Temp folders
  • Edge, IE, FF, Chrome and Opera caches, HTML5 storages, Cookies and History
  • Recently opened files cache
  • Flash Player cache
  • Java cache
  • Steam HTML cache
  • Explorer thumbnail and icon cache
  • BITS transfer queue (qmgr*.dat files)
  • Recycle Bin

Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.

The system will be rebooted after the fix has run.

fixlist.txt

Thanks

 

Link to post
Share on other sites

You're quite welcome. @kittyandy

Most of the log went well, but there was one section that did not complete fully, so we'll need to run that again.

Windows Resource Protection found corrupt files but was unable to fix some of them.

Same thing, save the fixlist.txt file to the same folder location where you have FRST saved. Then run FRST and click the FIX button

fixlist.txt

Once completed, post back the new Fixlog.txt file.

Thanks

 

Link to post
Share on other sites

Good, good. There we go.


Windows Resource Protection found corrupt files and successfully repaired them.

 

Let me have you run a different scanner to double-check. I don't expect it to find anything, but no harm in checking.

I would suggest a free scan with the ESET Online Scanner

Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe

  • It will start a download of "esetonlinescanner.exe"
  • Save the file to your system, such as the Downloads folder, or else to the Desktop.
  • Go to the saved file, and double click it to get it started. 
  • When presented with the initial ESET options, click on "Computer Scan".
  • Next, when prompted by Windows, allow it to start by clicking Yes 
  • When prompted for scan type, Click on Full scan 
  • Look at & tick  ( select )   the radio selection "Enable ESET to detect and quarantine potentially unwanted applications"   and click on Start scan button.
  • Have patience.  The entire process may take an hour or more. There is an initial update download.
  • There is a progress window display.
  • You should ignore all prompts to get the ESET antivirus software program.   ( e.g.  their standard program).   You do not need to buy or get or install anything else.
  • When the scan is completed, if something was found, it will show a screen with the number of detected items.  If so, click the button marked “View detected results”.
  • Click The blue “Save scan log” to save the log.
  • If something was removed and you know it is a false finding, you may click on the blue ”Restore cleaned files”  ( in blue, at bottom).
  • Press Continue when all done.  You should click to off the offer for “periodic scanning”.

 

 

Link to post
Share on other sites

Having lots of trouble trying to download the modules. The download has failed three times now, due to my slow internet connection. The download reaches about 90% after two hours, then fails. Getting about 500kbps today 😕
0d10b127170612d78221d6d1962da82b.png
a968d5c7d81d0d1c3f6069158530b5b5.png

Link to post
Share on other sites

I actually finally got it to install a little over an hour ago. It is currently in the process of scanning my files, and has 11 detected objects thus far. I doubt it will finish scanning anytime soon, though. I will also run the Kaspersky tool tomorrow, after this scan has finished, and reply with both the logs.
 

I'm rather tired, and gonna head to sleep while the scan runs. Have a goodnight! 

Link to post
Share on other sites

Okay, so I have removed my F: drive, only moving my Steam games from that drive to my new G: drive. This drive was the most suspicious drive, with many random and suspicious programs that I haven't used in years. If anything, it's just an absolute mess of files of programs. After being sure there's nothing more I may need from that drive, I imagine I should be able to reformat the drive and use it like new.

I have finished both tests from Kaspersky and ESET. ESET found many PUPs, all on my F: drive. A few of them looked very suspicious, while a couple were false positives (though I removed them anyway). 

The virus scanners don't seem to be finding anything on my C drive, and I really hope this is the case. I just can't get the thought of something still hiding in there out of my mind, especially after losing such a large sum of money. 

Nevertheless, I have attached the log of the ESET scan.

scan.txt

Link to post
Share on other sites

Yes, mostly just garbage files more so than real dangerous threats. Let me have you run the following as well please.

 

The Microsoft Safety Scanner  is a free Microsoft stand-alone virus scanner that  can be used to scan for & remove malware or potentially unwanted software from a system.

The download links & the how-to-run-the tool are at this link at Microsoft

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download

Please let me know the results of this scan.

The log is named MSERT.log 

the log will be at  %SYSTEMROOT%\debug\msert.log   which in most cases is

C:\Windows\debug\msert.log

Please attach that log with your next reply.

 

 

Link to post
Share on other sites

Yes, that looks good too. Just a normal setting on Tamper that is often detected and corrected.

Unless there is something else the computer is not showing anymore signs of infection.

 

SecurityCheck by glax24              

I would like you to run a tool named SecurityCheck to inquire about the current-security-update status of some applications.

  • Download SecurityCheck by glax24 from here  https://tools.safezone.cc/glax24/SecurityCheck/SecurityCheck.exe
  • and save the tool on the desktop.
  • If Windows's  SmartScreen block that with a message-window, then
  • Click on the MORE INFO spot and over-ride that and allow it to proceed.
  • This tool is safe.   Smartscreen is overly sensitive.
  • Right-click  with your mouse on the Securitycheck.exe  and select "Run as administrator"   and reply YES to allow to run & go forward
  • Wait for the scan to finish. It will open in a text file named SecurityType.txt. Close the file.  Attach it with your next reply.
  • You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt

 

Link to post
Share on other sites

Thanks,

Please update accordingly


------------------------------- [ Windows ] -------------------------------
Internet Explorer 11.885.17134.0 Warning! Download Update


--------------------------- [ OtherUtilities ] ----------------------------
NVIDIA GeForce Experience 3.20.3.63 v.3.20.3.63 Warning! Download Update

FileZilla Client 3.41.2 v.3.41.2 Warning! Download Update

-------------------------------- [ Arch ] ---------------------------------
WinRAR 5.61 (64-bit) v.5.61.0 Warning! Download Update

 

-------------------------------- [ Java ] ---------------------------------
Java 8 Update 251 (64-bit) v.8.0.2510.8 Warning! Download Update
Uninstall old version and install new one (jre-8u261-windows-x64.exe).

 

 

Link to post
Share on other sites

I should be set! I want to personally thank you for the top notch support! It's been a long time since I've seen such amazing and thorough support, especially at no cost! I've gotten support from paid subscriptions that aren't even half as detailed or courteous as you have been!

I will definitely be purchasing a subscription to Malwarebytes as my to go antivirus, especially after seeing how serious and helpful the staff are! You have my full support and recommendation!

Is there any way I could show my support and gratitude to you directly - such as a referral to my purchase?

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.