Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

[Wolf-990FX] Think I may have gotten something.

Started by Wolfie , Aug 21 2012 09:42 PM

  • Please log in to reply

#1
Wolfie
Posted 21 August 2012 - 09:42 PM

Wolfie

    Member

  • Member
  • PipPip
  • 74 posts
Recently, noticed that when I go to my banks site, when I enter my user name, a security picture shows the word 'fraud' instead of the picture I chose to appear. That's on FireFox. On other browsers or a different computer, it loads fine. Might just be an extension or a setting or something thinking that something else might be going on. Just a few minutes ago, MalwareBytes reported to me that it blocked an outgoing connection to 93.114.41.110:63941 (via FireFox). Also been noticing that when I open MWB and then close it, Win7 reports an error and asks what I'd like to do (close, check for a solution, etc). Maybe it's nothing but that's three things that have me suspicious.


I've put up a log in the past but ignore that one as I've reinstalled Win7 so that log file is outdated. Here's one that I had running as I was starting this topic.

Spoiler


Edit made: Added spoiler tags around included log (no other changes made)

Edited by Wolfie, 25 August 2012 - 02:08 PM.

  • 0

Advertisements

#2
Gammo
Posted 25 August 2012 - 09:05 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Hello and welcome to Geekstogo!

We apologize for the delay in responding to your request for help.
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

If you haven't done so yet, please go to Malware and Spyware Cleaning Guide and follow the steps instructed there. If you have already done this, we still need a new log to see what has changed since you originally posted your problem.

We need to create an OTL Report
Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Check the box that says Scan All Users.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.
  • Note: the Extras.txt file only gets created on OTL's first run.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.
  • 0

#3
Wolfie
Posted 25 August 2012 - 02:39 PM

Wolfie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
Issue on FireFox - I managed to correct the issue I was having on my banks site. I created a new profile and narrowed it down to the prefs.js file. I haven't fully analyzed both files yet. I got rather motivated to find the cause when I noticed that NewEgg was suddenly using captcha when I would go to sign in using FF but wouldn't when I used a different browser.

External connection via FireFox - Only saw the notification one time but still unsure of the cause for the attempted connection.

MalWareByes - Short while ago when I tried it, no problems. Just a moment ago, it's happening again. When I double click on the 'M', it opens. When I click 'Exit', windows pops up a window saying, "Malwarebytes Anti-Maleware has stopped working" and gives the options to 'check for a solution' and 'close the program'. Could just be an issue with MWB and I need to find a solution from them, but since I've had a couple of other 'red flags', I want to ensure that I'm clean first.


OTL.txt
Spoiler




Extras.txt
This one is dated 2012/08/21, as that was the first run of OTL. I tried multiple times to generate a newer copy but OTL wouldn't produce one despite selecting 'Use safelist' in the 'Extra Registry' section.
Spoiler

  • 0

#4
Gammo
Posted 30 August 2012 - 09:56 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Iminent\[email protected]
[2012-08-05 04:00:01 | 000,000,278 | ---- | M] () -- C:\Users\Public\Desktop\Scan for System Errors.URL
[2012-08-05 04:00:01 | 000,000,276 | ---- | M] () -- C:\Users\Public\Desktop\Scan for Outdated Drivers.URL
[2012-08-05 04:00:01 | 000,000,274 | ---- | M] () -- C:\Users\Public\Desktop\Improve System Performance.URL

:Services

:Reg

:Files
ipconfig /flushdns /c
C:\Program Files (x86)\Iminent

:Commands
[purity]
[resethosts]
[emptytemp]
[emptyflash]
[createrestorepoint]
[reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done



Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#5
Wolfie
Posted 02 September 2012 - 09:01 AM

Wolfie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
Could you provide me with information (link perhaps) for what was found from the logs? I'm usually really good at keeping my system clean, so would like to know what crawled in and possibly how so I can be more aware in the future.

As said in my previous reply, got the issue regarding my bank site cleared up. The issue with MalwareBytes still remained and I believe the inconsistency (working fine then problems) might be based on the number of times I opened it. Open and close once, no problem. Multiple times, encounters an issue. Just tried it a few times and so far seems to be cleared up, will try it again in a few hours and after a day or so to be sure. I'll try to respond back in a few days. Until then, thank you for your help.


OTL log (from code you supplied)
Spoiler



ComboFix log
Spoiler

  • 0

#6
Gammo
Posted 04 September 2012 - 07:41 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Run Malwarebytes Anti-Malware
  • Once the program has loaded, click the "Update" tab and click the "Check For updates" button.
  • Once the updates were downloaded, click the "Scanner" tab, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
  • 0

#7
Wolfie
Posted 04 September 2012 - 08:18 AM

Wolfie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
Did that and when I clicked 'exit' on MBAM, I got the 'stopped working' issue again. The scan reported no issues (notepad log is below).

Spoiler

  • 0

#8
Gammo
Posted 04 September 2012 - 11:00 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
I don't think the 'stopped working' problem is caused by malware.

Your logs appear to be clean now. There is only a bit of cleanup that we will deal with in this post, as well as prevention from future infections. ^_^

Remove Combofix now that we're done with it.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
    Posted Image
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • Download OTC to your desktop and run it
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep a backup of your important files
Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Make proper use of your anti-virus and firewall
You should keep your anti-virus and firewall guard enabled at all times, don't shut them off unless there's a specific reason to do so.

Also, regularly performing a full system scan with your anti-virus program is a good idea to make sure nothing has slipped through your protection. Once every two weeks works well for many people. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

Keep in mind that anti-virus programs are far from perfect. They don't protect you against every piece of malware that's out there, so don't trust them blindly. If an anti-virus reports a file as 'clean' then it's doesn't necessarily has to mean it is.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep all your software updated
It is important to keep up on system updates from Microsoft by regularly checking their website at: http://windowsupdate.microsoft.com/, as these patch critical security vulnerabilities and help to keep you safe.

It's also important to keep programs up to date so that malware doesn't exploit any old security flaws. FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Java and Adobe Reader are two of the main security vulnerabilities. You can find the latest version of Java here, you will want the Java SE Runtime Environment (JRE) one. You can find the latest version of Adobe Reader here.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Use a safer web browser
Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a couple good free alternatives: Google Chrome and Opera. Both are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these.

The WOT add-on will nicely help to enhance your security, no matter which web browser you use. This add-on tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Some other security programs

It is wise these days to have a few security programs installed and running on your machine except from just an anti-virus and a firewall. I will list some of them.
  • A good anti-spyware program installed on your pc is very important to help remove any spyware that may have gotten on your computer. I highly recommend Malwarebytes' Anti-Malware.
  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites in the future.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Be careful
Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to exercise common sense. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully to make sure that you know what you're getting.

Using peer-to-peer programs (eg: LimeWire, BitTorrent, uTorrent, Kazaa) or downloading cracks and keygens is something else to avoid. These are the most common way to get infected. Malware writers use these programs to spread infections as it is the easiest way for them. The majority of infections we see in the Malware Removal forum are due to people using p2p programs to download cracks/keygens/warez. These are not only illegal, but will always contain some form of malware. You have no way of verifying that the things you download are legitimate or that they don't contain malware. Even with an up to date anti-virus and firewall, some of these things will still infect you. It is highly recommend that you uninstall all peer-to-peer programs. It just isn't worth it.

Other common ways of getting infected are dis-reputable sites forcing you to download and install a codec. Or viruses using Instant Messaging programs (Windows Live Messenger, MSN Messenger, AIM) to send a file claiming it to be "photos" from a friend, only for it to turn out to be a virus.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Slow computer?
If your computer begins to slow down in the future for no particular reason, your first step should not be to come to the malware forum. As your computer ages and is used, it's parts wear, files and programs accumulate, and its performance can decrease. To restore your computer's performance to its best possible level, follow the steps in this page written by malware expert Miekiemoes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I'll leave this thread open for a couple days in case you come across any lingering problems that need fixing, then I'll close it up. If you need it reopened for any reason just shoot me a PM. It's been a pleasure working with you, now best of luck!

Cheers,
Gammo :cool:
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP