Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Stormfall (and other?) ad window popping up in Chrome [Solved]

stormfall adware camstudio chrome

  • This topic is locked This topic is locked

#16
drmomentum

drmomentum

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

OK, I guess there's still some concerning stuff here. One problem: the logfile that ESET created has almost zero information in it, but I happened to export the threat list it created, so I'm including that as well.

 

----------------------------------------------------------------------------

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 10/4/2014
Scan Time: 7:59:48 AM
Logfile: mbytes.log
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.10.04.08
Rootkit Database: v2014.09.19.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: James
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 420446
Time Elapsed: 20 min, 28 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 2
PUP.Optional.StmSetup, C:\Users\James\AppData\Local\Temp\Temp1_CamStudioSetup_v2.7.2.zip\CamStudioSetup_v2.7.2.exe, Quarantined, [1273608fafcc340210458177cf35e51b], 
PUP.Optional.StmSetup, C:\Users\James\Downloads\CamStudioSetup_v2.7.2.zip, Quarantined, [166fc629c3b8f442d580ae4a59abdc24], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
log.txt from ESET:

[email protected] as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
 
ESET_SCAN exported file list:

C:\Program Files\CamStudio 2.7\BunndleOfferManager.exe a variant of Win32/Bunndle potentially unsafe application
C:\Users\James\AppData\Local\Temp\optprosetup.exe multiple threats
C:\Users\James\AppData\Local\Temp\is1955396272\43BD3C70_stp.EXE a variant of Win32/Bunndle potentially unsafe application
C:\Users\James\AppData\Local\Temp\is1955396272\40CAB6DA_stp\OptimizerPro3108.exe a variant of Win32/AdWare.SpeedingUpMyPC.N application
C:\Users\James\Downloads\advanced-systemcare-setup.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application
C:\Users\James\Downloads\asc-setup-v5.exe Win32/ELEX.AH potentially unwanted application
C:\Users\James\Downloads\cbsidlm-cbsi134-Some_PDF_Images_Extract-SEO-10836441.exe a variant of Win32/CNETInstaller.B potentially unwanted application
C:\Users\James\Downloads\cbsidlm-cbsi176-PeerBlock-SEO-75328692.exe a variant of Win32/CNETInstaller.B potentially unwanted application
C:\Users\James\Downloads\cbsidlm-tr1_10a-Spotify-SEO-10912348.exe Win32/DownloadAdmin.G potentially unwanted application
C:\Users\James\Downloads\cbsidlm-tr1_7-Edraw_Mind_Map-SEO2-197599.exe Win32/DownloadAdmin.D potentially unwanted application
C:\Users\James\Downloads\cbsidlm-tr1_7-Freeplane-SEO2-75445848.exe Win32/DownloadAdmin.D potentially unwanted application
C:\Users\James\Downloads\ccsetup407.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\James\Downloads\ccsetup411.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\James\Downloads\cnet_SyncBack_Setup_zip.exe a variant of Win32/InstallCore.D potentially unwanted application
C:\Users\James\Downloads\FoxitReader502.0718_enu_Setup.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Users\James\Downloads\FoxitReader543.0920_enu_Setup.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Users\James\Downloads\FreeVideoToAudioConverter.exe Win32/OpenCandy potentially unsafe application
C:\Users\James\Downloads\TuneUpInst-3.0.5.0.exe Win32/OpenCandy potentially unsafe application
E:\My Documents Old\Downloads\is360setup.exe a variant of Win32/Toolbar.Widgi potentially unwanted application
 
 
 
-James

  • 0

Advertisements


#17
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

OK, I guess there's still some concerning stuff here.

 

Don't worry, we'll get it all :)

 

 

One problem: the logfile that ESET created has almost zero information in it, but I happened to export the threat list it created, so I'm including that as well.

 

Excellent "catch" on your part!

 

5204fb054866c-TFC_nieuw_25x25.png Clean Temporary Files with TFC

Please download TFC by OldTimer and save it to your desktop.

  • Right-click on 5204fb054866c-TFC_nieuw_25x25.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Close any open programs and save your current work.
  • Click the Start button to begin. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a couple of minutes.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

This tool doesn't generate any report. Instead I recommend to keep it for good maintenance of your machine.

 

 

ESETOnline.png Scan with ESET Online Scanner

This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
Please visit ESET Online Scanner website.
Click there Run ESET Online Scanner.

If using Internet Explorer:
  • Accept the Terms of Use and click Start.
  • Allow the running of add-on.
If using Mozilla Firefox or Google Chrome:
  • Download esetsmartinstaller_enu.exe that you'll be given link to.
  • Double click esetsmartinstaller_enu.exe.
  • Allow the Terms of Use and click Start.
To perform the scan:
  • Make sure that Remove found threats is checked. (Different than last time)
  • Scan archives is checked.
  • In Advanced Settings: Scan for potentially unwanted applications, Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked.
  • Click Start
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan.
  • When the scan is done, click Finish.
  • A logfile will be created at C:\Program Files\ESET\ESET Online Scanner. Open it using Notepad.
Please include this logfile in your next reply.

Don't forget to re-enable previously switched-off protection software!


  • 0

#18
drmomentum

drmomentum

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

ESET did the same thing as before, no logfile written out. I saved out the Found Threats, though (see below).

 

The other tool cleaned up quite a bit of temporary file "cruft." 

 

--------------------------------------------------------------

 

C:\Program Files\CamStudio 2.7\BunndleOfferManager.exe a variant of Win32/Bunndle potentially unsafe application deleted - quarantined
C:\Users\James\Downloads\advanced-systemcare-setup.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application deleted - quarantined
C:\Users\James\Downloads\asc-setup-v5.exe Win32/ELEX.AH potentially unwanted application deleted - quarantined
C:\Users\James\Downloads\cbsidlm-cbsi134-Some_PDF_Images_Extract-SEO-10836441.exe a variant of Win32/CNETInstaller.B potentially unwanted application deleted - quarantined
C:\Users\James\Downloads\cbsidlm-cbsi176-PeerBlock-SEO-75328692.exe a variant of Win32/CNETInstaller.B potentially unwanted application deleted - quarantined
C:\Users\James\Downloads\cbsidlm-tr1_10a-Spotify-SEO-10912348.exe Win32/DownloadAdmin.G potentially unwanted application deleted - quarantined
C:\Users\James\Downloads\cbsidlm-tr1_7-Edraw_Mind_Map-SEO2-197599.exe Win32/DownloadAdmin.D potentially unwanted application deleted - quarantined
C:\Users\James\Downloads\cbsidlm-tr1_7-Freeplane-SEO2-75445848.exe Win32/DownloadAdmin.D potentially unwanted application deleted - quarantined
C:\Users\James\Downloads\ccsetup407.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\James\Downloads\ccsetup411.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\James\Downloads\cnet_SyncBack_Setup_zip.exe a variant of Win32/InstallCore.D potentially unwanted application deleted - quarantined
C:\Users\James\Downloads\FoxitReader502.0718_enu_Setup.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application deleted - quarantined
C:\Users\James\Downloads\FoxitReader543.0920_enu_Setup.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application deleted - quarantined
C:\Users\James\Downloads\FreeVideoToAudioConverter.exe Win32/OpenCandy potentially unsafe application deleted - quarantined
C:\Users\James\Downloads\TuneUpInst-3.0.5.0.exe Win32/OpenCandy potentially unsafe application deleted - quarantined
E:\My Documents Old\Downloads\is360setup.exe a variant of Win32/Toolbar.Widgi potentially unwanted application deleted - quarantined

  • 0

#19
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

ESET did the same thing as before,

 

Not exactly the same. This time it quarantined and/or deleted what we needed it to, so we're good there. :)

 

 

no logfile written out. I saved out the Found Threats, though (see below).

 

Glad that you saved the file. I need to update that set of instructions. My other set indicates that the user has to do what you did. :thumbsup:

 

 

The other tool cleaned up quite a bit of temporary file "cruft."

 

Yup, it does a good job!

 

Alright, from my perspective we're pretty close to the finish line. How about you? Questions for me or issues with the machine?


  • 0

#20
drmomentum

drmomentum

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

It looks really good!

 

I am interested in preventing future infections, and I'm particularly worried about problems like Cryptolocker and Cryptowall. Especially because if anyone in my family becomes infected, our shared NAS will be hit.

 

So, two questions: 

 

1) Aside from the usual behavioral recommendations to not click strange links in emails and stay off suspicious websites, are there useful precautions I can take (and help my family take) against ransomware infections?

2) I'm using avast for anti-virus but plan on switching to a Symantec product soon. I'm worried about protection, but I also worry about impacting performance, since some of the hardware my family uses is already slow-ish. What is a sensible choice for antivirus/antimalware protection that people use if they're also concerned about performance?

 

Feel free to PM me if you want to get speculative and off the record with your answer.

 

Cheers and thanks for the help.

 

-James


  • 0

#21
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Hi James,

 

Here my Prevention information.

 

Importance of Regular System Maintenance:

I advise you read both of the topics listed below. The suggestions contained them, if followed, will go a long way toward keeping your Computer performing well.

Help! My computer is slow!

Also so is this:

What to do if your Computer is running slowly

Further reading/resources:

This is a very helpful/useful set of advice from Microsoft: Microsoft Safety & Security Center

As is this: Computer Security - a short guide to staying safer online

And these are worth reading also: Understanding Windows Firewall settings, Securing Your Web Browser and Securing Your Router.

Keep Your System Updated:

Microsoft releases patches for Windows and other products regularly:

 

  • Click on Start(Windows 7) >> All Programs >> Windows Update.
  • In the navigation pane, click Check for updates.
  • After Windows Update has finished checking for updates, click View available updates.
  • Click to select the check box for any found, then click Install.
  • When completed Reboot(restart) your computer if not prompted to do so.

Plus check Automatic Updates is enabled.

Be careful when opening attachments and downloading files:

1 - Never open email attachments, not even if they are from someone you know. If you need to open them, scan them with your antivirus program before opening.

2 - Never open emails from unknown senders.

4 - Beware of emails that warn about viruses that are spreading, especially those from antivirus vendors. These email addresses can be easily spoofed. Check the antivirus vendor websites to be sure.

5 - Be careful of what you download. Only download files from known sources. Also, avoid cracked programs. If you need a particular program that costs too much for you, try finding free alternatives on FileHippo or MajorGeeks

Stop malicious scripts:

Windows by default allow scripts (which is VBScript and JavaScript) to run and some of these scripts are malicious. Use Noscript by Symantec or Script Defender by AnalogX to handle these scripts.

Avoid Peer to Peer software:

P2P may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. It's really important, if you value your PC at all, to stay away from P2P file sharing programs, like utorrent, Bittorrent, Azureus, Limewire, Vuze. Criminals have "planted" thousands upon thousands of infections in the "free" shared files. Virtually all of these recent infections will compromise your Security, and some can turn your machine into a useless "doorstop".

I will further add; P2P software has the ability to create a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their infected dross onto your computer. Further to that, if your P2P software is not configured correctly you may be sharing more files than you realise. There have been cases where people's address books, passwords, other personal, private and financial details have been exposed to the file sharing network by a badly configured P2P applications

My friendly advice is to avoid these types of software applications.

Consider the below extra/layered security for your machine:

Custom Host File:

A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your computer will look up the website's IP address before you can view the website.

Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.

Here are some Hosts files:
 

Only use one of the above!

CryptoPrevent Tool:

How to prevent your computer from becoming infected by CryptoLocker

WinPatrol:

WinPatrol alerts you about possible system hijacks, malware attacks and critical changes made to your computer without your permission.

Download it from here.

You can find information about how WinPatrol works here.


  • 0

#22
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Alright, we seem to be done :)

 

Run Delfix at your leisure. You have the instructions in a previous post. Run MBAM and ESET every few weeks. You've already got protection for the Crypto stuff, so you're good there. :thumbsup:

 

I'll keep this topic on for a day or so on the chance that you need me for something. Otherwise. Take care!! It's been a pleasure :wave:


  • 0

#23
drmomentum

drmomentum

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

You've been super helpful. Thanks so much for your time and advice!


  • 0

#24
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics


Also tagged with one or more of these keywords: stormfall, adware, camstudio, chrome

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP