Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

malware/spyware issues affecting browser and video [Solved]


  • This topic is locked This topic is locked

#16
l3arefoot

l3arefoot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts

Here they are. Sorry for the delay,  was away till late last night. Thank you again for your help and patience!

 

 

 

ESET

 

[email protected] as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=8
# IEXPLORE.EXE=11.00.9600.16428 (winblue_gdr.131013-1700)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=9ffa5e3b1d3ad343ae352c5546170385
# engine=17591
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-03-24 10:20:03
# local_time=2014-03-24 06:20:03 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=772 16777213 83 80 259392 259514 0 0
# compatibility_mode=5893 16776573 100 94 0 147243053 0 0
# scanned=67032
# found=0
# cleaned=0
# scan_time=1414
# version=8
# IEXPLORE.EXE=11.00.9600.16428 (winblue_gdr.131013-1700)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=9ffa5e3b1d3ad343ae352c5546170385
# engine=17591
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-03-24 11:27:50
# local_time=2014-03-24 07:27:50 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=772 16777213 83 80 263459 263581 0 0
# compatibility_mode=5893 16776573 100 94 0 147247120 0 0
# scanned=203159
# found=1
# cleaned=0
# scan_time=3721
sh=D8339526811E264DA87727E3C59D508C3D2CFC62 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application" ac=I fn="C:\Users\Bears\AppData\Local\Downloaded Installations\{0710724E-1A91-4F52-ACCA-1B2BB24A0590}\The Weather Channel App.msi"

 

 

 

MBAM

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.24.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16521
Bears :: BEARS-1B [administrator]

3/24/2014 5:43:50 PM
mbam-log-2014-03-24 (17-43-50).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 216904
Time elapsed: 3 minute(s), 25 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 


  • 0

Advertisements


#17
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

Here they are. Sorry for the delay,  was away till late last night. Thank you again for your help and patience!


No worries, we work on the schedule that works best for you. :thumbsup:


Let's run a small OTL Fix to get rid of the one threat that ESET found.


Warning:  This fix is to be used on this system and this system ONLY.  Using this fix on any other machine other than yours can seriously damage it.

Be advised that when the fix commences, it will shut down all running processes and you may lose the desktop and icons, they will return on reboot.

Run OTL by double clicking it (Windows Vista, Windows 7, and 8, right click and select "Run as Administrator)
 

  • Copy the text in the quote box below (do not copy the word "quote") and paste in the in the box marked Custom Scans/Fixes as shown in the graphic below.

otlrunfix.jpg



:Commands
[createrestorepoint]

:Files
C:\Users\Bears\AppData\Local\Downloaded Installations\{0710724E-1A91-4F52-ACCA-1B2BB24A0590}\The Weather Channel App.msi

:Commands
[reboot]

                                                                                            
 

  • Click the Run Fix button at the top of the OTL control panel.
  • Let the program run until it's finished and then reboot the computer.
  • Once your machine has rebooted, a log will open.  If the log doesn't open, you can find a copy of it here:  C:\_OTL\MovedFiles   Please post that log in your next reply.

If you have any problems, questions, or need further explanation, please post a message in this thread and I will get back to you asap.
 


  • 0

#18
l3arefoot

l3arefoot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts

this looks a bit dubious. Also there are some hidden files visible on my desktop

 

 

 

========== COMMANDS ==========
Restore point Set: OTL Restore Point
Error: Unable to interpret < :Files> in the current context!
Error: Unable to interpret < C:\Users\Bears\AppData\Local\Downloaded Installations\{0710724E-1A91-4F52-ACCA-1B2BB24A0590}\The Weather Channel App.msi> in the current context!
Error: Unable to interpret < :Commands> in the current context!
 
OTL by OldTimer - Version 3.2.69.0 log created on 03242014_211613
 


  • 0

#19
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

this looks a bit dubious. Also there are some hidden files visible on my desktop

 

 

 

========== COMMANDS ==========
Restore point Set: OTL Restore Point
Error: Unable to interpret < :Files> in the current context!
Error: Unable to interpret < C:\Users\Bears\AppData\Local\Downloaded Installations\{0710724E-1A91-4F52-ACCA-1B2BB24A0590}\The Weather Channel App.msi> in the current context!
Error: Unable to interpret < :Commands> in the current context!
 
OTL by OldTimer - Version 3.2.69.0 log created on 03242014_211613
 

 

Hi, this error is given when the Run Scan button is pushed instead of the Run Fix button.  Please re-run the fix, and press the Run Fix button and that should take care of it.  Also, regarding the files, those appear during some of the fixes being run.  We'll re-hide them once your logs are clean. :thumbsup:


  • 0

#20
l3arefoot

l3arefoot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts

Same results. Positive I hit run fix


  • 0

#21
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

Same results. Positive I hit run fix

Ok, uninstall Malwarebytes Anti-Malware, and then try running the fix again.  MBAM can interfere with OTL fixes some times and this maybe one of those times.


  • 0

#22
l3arefoot

l3arefoot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
same results
  • 0

#23
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

Ok, run ESET again, and this time check the box that says Remove Found Threats and that should get rid of that pesky file. :)


  • 0

#24
l3arefoot

l3arefoot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
here is the new eset log. Should I run otl again?

[email protected] as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=8
# IEXPLORE.EXE=11.00.9600.16428 (winblue_gdr.131013-1700)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=9ffa5e3b1d3ad343ae352c5546170385
# engine=17591
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-03-24 10:20:03
# local_time=2014-03-24 06:20:03 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=772 16777213 83 80 259392 259514 0 0
# compatibility_mode=5893 16776573 100 94 0 147243053 0 0
# scanned=67032
# found=0
# cleaned=0
# scan_time=1414
# version=8
# IEXPLORE.EXE=11.00.9600.16428 (winblue_gdr.131013-1700)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=9ffa5e3b1d3ad343ae352c5546170385
# engine=17591
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-03-24 11:27:50
# local_time=2014-03-24 07:27:50 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=772 16777213 83 80 263459 263581 0 0
# compatibility_mode=5893 16776573 100 94 0 147247120 0 0
# scanned=203159
# found=1
# cleaned=0
# scan_time=3721
sh=D8339526811E264DA87727E3C59D508C3D2CFC62 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application" ac=I fn="C:\Users\Bears\AppData\Local\Downloaded Installations\{0710724E-1A91-4F52-ACCA-1B2BB24A0590}\The Weather Channel App.msi"
  • 0

#25
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

ESET is showing this program has Ask toolbar software included with it.    It's not active malware on your machine as your logs are clean, but if you decided to install the Weather Channel app, it would ask you if you wanted to install the Ask Toolbar.  We can leave it as it's not active.  If you do decide to install that app at some point, then make sure you go read each screen and not be "click happy"  And now...

 

 

Great news, your logs are CLEAN!  :thumbsup:  :), but we still have a few things we need to address namely:
 

  • I need to remove the tools we installed on your machine.
  • I have some tips, information, and protection against a new ransomware program called CryptoLocker.


Step 1:  OTL Tool Removal

Start OTL and press the Clean Up button.  OTL will empty out it's quarantined files and delete itself.

The hidden files that were visible should no longer be visible.  Please let me know if they are still visible.


Step 2:  Remove Remaining Tools with Delfix




  • Download Delfix from here
  • Ensure Remove disinfection tools is ticked
    Also tick:
    • Create registry backup
    • Purge system restore
    delfix.jpg
  • Click Run

You can uninstall ESET Online Scanner at this time.


Step 3:  Tips, Information, and protection against CryptoLocker


Watch what you open in your emails.  If you get an email from an unknown source with any attached files, do not open it.  

Be careful of the websites you visit.

When installing new programs, don't be "click happy" and click through the screens.  Many programs come with adware in them and are set to install them by default.  Several programs require that you uncheck or select no to prevent the installation.  Take you time and read each screen as you go. :)

To help protect yourself while on the web, I recommend you read  How did I get infected in the first place?  

A warning about CryptoLocker

CryptoLocker is a ransomware program that was released around the beginning of September 2013 that targets all versions of Windows including Windows XP, Windows Vista, Windows 7, and Windows 8. This ransomware will encrypt certain files using a mixture of RSA & AES encryption. When it has finished encrypting your files, it will display a CryptoLocker payment program that prompts you to send a ransom of either $100 or $300 in order to decrypt the files. This screen will also display a timer stating that you have 72 hours, or 4 days, to pay the ransom or it will delete your encryption key and you will not have any way to decrypt your files. This ransom must be paid using MoneyPak vouchers or Bitcoins. Once you send the payment and it is verified, the program will decrypt the files that it encrypted.

Please download and install CryptoPrevent to lock your machine down from this infection.

CryptoPrevent_zps1835f65d.jpg

Are there any further issues I can assist  you with?



 

 


  • 0

Advertisements


#26
l3arefoot

l3arefoot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
Thank you so much for your help with my machine. You share your expertise in a courteous and friendly manner! It really was a pleasure!

I was thinking about changing browsers to chrome. I have that on my mobile devices. any opinions on Chrome?
  • 0

#27
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

Thank you so much for your help with my machine. You share your expertise in a courteous and friendly manner! It really was a pleasure!

I was thinking about changing browsers to chrome. I have that on my mobile devices. any opinions on Chrome?

You're very much welcome :)  It's been a pleasure working with you as well :thumbsup:

 

Regarding Chrome:  I've not used it that much, I stick mostly to FF, so I can't really give you an accurate opinion.    But, I will tell you this:  one of the instructors that taught me *hates* that browser :)  On the flip side though, I've seen many people that really enjoy using it.


  • 0

#28
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP