Jump to content

Clicked a link now wondering If I might have gotten a virus🤔


Go to solution Solved by kevinf80,

Recommended Posts

So I was looking at some website and I clicked this super fishy link like a idiot and I think I have a virus because when I clicked it I did some looking up and found that clicking links like that can give you a virus so now im paranoid I have virus.

Link to post
Share on other sites
Hello AllanR and welcome to Malwarebytes,

Lets grab some logs and see whats going on, continue with the following:

If you do not have Malwarebytes installed do the following:

Download Malwarebytes version 4 from the following link:

https://www.malwarebytes.com/mwb-download/thankyou/

Double click on the installer and follow the prompts.

When the install completes or Malwarebytes is already installed do the following:

Open Malwarebytes, select > small cog wheel top right hand corner, that will open "settings" from there select "Security" tab.

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Close out the settings window, this will take you back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes quarantine any found entries...

To get the log from Malwarebytes do the following:
 
  • Click on the Detection History tab > from main interface.
  • Then click on "History" that will open to a historical list
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have two options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

     
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


Next,

Download AdwCleaner by Malwarebytes onto your Desktop.

Or from this Mirror
 
  • Right-click on AdwCleaner.exe and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Quarantine button. This will kill all the active processes
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply


Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status... If English is not your primary language Right click on FRST/FRST64 and rename FRSTEnglish/FRST64English

 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
    user posted image
     
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


Let me see those logs in your reply...

Thank you,

Kevin....
Link to post
Share on other sites

Hiya AllanR,

I do not see any evidence of Malware or Infection in your logs. Can you expand on the DNS issue, can you post a screen shot or give more information...

Thank you,

Kevin..

Link to post
Share on other sites

So I went to take a shower and turned off my pc and when I turned it on I waited till my startup apps started because they take a while and when I clicked on google to go to malwarebytes forums  to see if you had responded it gave me a dns error and then I refreshed and it gave me another error but this time it said something about my fire wall and on the third refresh it worked I’m guessing it happened because I had just started my computer but are there any other scans I might be able to do just to double check because I just remembered that not to long ago I had these ips that kept appearing on tcpview and they had a good amount or bad reports on this ip report website I remember some of  the domain name’s  one was Verizon another was amazon and also  Microsoft azure and also something called level 3 communications and others too but I didn’t think nothing of it because all my malwarebytes scans came back clean but I haven’t checked tcp view in a while to I don’t know if they might still appear and some comments on the ips were that they had been ddosd and some dns poisoning and other type of stuff but one ip that really caught my eye was one that had a whole YouTube video based on it on how it was connected to a botnet and that got me thinking but I remembered I had antivirus and did some scans with malwarebytes so I thought nothing of it but actually now that I think about it my pc did decrease in speed a little after that incident.🤔

Link to post
Share on other sites
You could try "CurrPorts" and monitor what is happening yourself, it is a portable tool no installation necessary. Download from the following link and unzip the contents to your Desktop.

http://www.nirsoft.net/utils/cports-x64.zip <------ 64 bit

http://www.nirsoft.net/utils/cports.zip <------32 bit

Read the contained instructions for a basic understanding, it is very easy to use..... Right click on the tool and select "Run as Administrator"

When opened you will see your network activity. The easiest way to check what is happening is to "Right click" direct anywhere in the field and select "HTML report - All Items"
That will open the report in an easier to read fomat, have a look at the connections check the "Established" entries, are any suspicious and not known or recognized by your self.
Make a note of any unusual or suspicious IP addresses, you can send in reply for me to check or check them yourself at the following link:

http://whois.domaintools.com/

Does that help, is anything obvious found with currports....
Link to post
Share on other sites

I’ll download it tomorrow it is currently 2:44 so I got to get going I got school tomorrow but I’ll post a reply tomorrow if I find any ips that are suspicious 

Link to post
Share on other sites

ok so I got some connections that I looked up I couldn't do all of them because they kept changing also some of the ips were connecting to procces names thats said unkown and I linked the website to each ip I wrote down and i also wrote down why they were on the ip abuse and also the isp and report status also the unkown procceses are kinda raising the thought that I might have malicous content on my pc so can we run some more scans with other tools?

Note.txt

Link to post
Share on other sites
Download Kaspersky Virus Removal Tool (KVRT) from here: https://www.kaspersky.com/downloads/thank-you/free-virus-removal-tool and save to your Desktop.

Select the Windows Key and R Key together, the "Run" box should open.

user posted image

Drag and Drop KVRT.exe into the Run Box.

user posted image

C:\Users\{your user name}\DESKTOP\KVRT.exe will now show in the run box.

user posted image

add -dontcryptsupportinfo Note the space between KVRT.exe and -dontcryptsupportinfo

C:\Users\{your user name}\DESKTOP\KVRT.exe -dontcryptsupportinfo should now show in the Run box.

user posted image

That addendum to the run command is very important, when the scan does eventually complete the resultant report is normally encrypted, with the extra command it is saved as a readable file.

Reports are saved here C:\KVRT_data\Reports and look similar to this report_20200727_103821.klr Right click direct onto that report, select > open with > Notepad. Save that file and attach to your reply.

To start the scan select OK in the "Run" box.

user posted image

The Windows Protected your PC window will open, select "More Info"

user posted image

A new Window will open, select "Run anyway"

user posted image

A EULA window will open, tick both confirmation boxes then select "Accept"

user posted image

In the new window select "Change Parameters"

user posted image

In the new window ensure all selection boxes are ticked, then select "OK" The scan should now start...

user posted image

When complete if entries are found there will be options, if "Cure" is offered leave as is. For any other options change to "Delete" then select "Continue"

user posted image

When complete, or if nothing was found select "Close"

user posted image

Attach the report information as previously instructed....
Link to post
Share on other sites

Not sure why you see that meassage, those are available switches to use when running KVRT.. Can you continue and run KVRT as per the instructions..

Link to post
Share on other sites

If the report is encrypted then the run box instruction has not been listed correctly. It definitely does work and produces an unencrypted report, I use that scanner several times a week on infected PC`s with readable results...

Where are we at with your PC, do you have any remaining issues or concerns..

Link to post
Share on other sites

Well my only worries is that my pc is a little slow may I run rougekiller to see if it finds anything as a final scan since the kvrt didn’t go as planned.

Link to post
Share on other sites
Please download the correct portable version (32-bit or 64-bit) of RogueKiller for your system and save the file to your computer Desktop.
 
  • Right-click on the RogueKiller file and select Run as administrator to start the tool.
  • Click Yes to accept the UAC security warning that may appear.
  • Click Accept to agree with the EULA (End User License Agreement) and close the browser tab it will open.
  • Now click the Scan blue button and under the Standard Scan (recommended) click on the Scan button.
  • When the scan is complete, click on Results button. NOTE: DO NOT delete any found entries. All listed entries will be carefully analyzed.
  • Then click on Report button.
  • Click Export button and select "Text file".
  • Give a name to the file such as RKlog.txt and save it to the Desktop or in a location where you can easily find it.
  • Click the Finish button and close RogueKiller window.
  • Copy and paste the entire contents of that log into your next reply.
Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.