Need Help: Accounts getting Hacked [Solved]
#16
Posted 12 January 2015 - 05:15 AM
#17
Posted 12 January 2015 - 08:43 AM
Removed, then scanned again - the message didn't show up this time
MBAR scan came out clean, next step?
Edited by LegendOz, 12 January 2015 - 08:47 AM.
#18
Posted 12 January 2015 - 08:52 AM
#19
Posted 12 January 2015 - 09:38 AM
Logs Attached
Attached Files
#20
Posted 12 January 2015 - 10:47 PM
- Step #5 Scan with Malwarebytes' Anti-Malware
- Download Malwarebytes' Anti-Malware from the suitable link below --
- Double-click mbam-setup.exe to install the application.
- Before clicking Finish perform the following actions --
- Un-check the box beside Enable free trial of Malwarebytes Anti-Malware Premium.
- Check the box beside Launch Malwarebytes Anti-Malware
- Once the program has loaded, The MBAM dashboard will appear with an alert to update - click the green button Update Now;
- Click on Setting--
- Navigate to the tab Detection and Protection and check all the boxes under Detection Options
- From the Dashboard click on Scan Now;
- If threats are detected click on Apply actions. If the program asks to reboot your PC, let it do so;
- On completion of the scan click on View Detailed Log after that click on Export Button, select Text File and save the log to your Desktop;
- Copy and Paste the contents of the log in your next reply.
- Step #6 ESET Online Scanner
Disable your security programs which includes but not limited to anti-virus, anti-malware, anti-spyware et cetera. Peruse this for additional information.- Download esetsmartinstaller_enu.exe by clicking here.
- Right-click on the program and choose Run as administrator.
- Accept their terms and condition and proceed.
- Install Add-On/Active X if prompted.
- From the Computer Scan Setting check the following box --
- Enable detection for potentially unwanted programs
- Click on Advanced Setting --
- Uncheck the box beside Remove Found Threats;
- Check the box beside Scan archives
- Check the box beside Scan for potentially unsafe applications
- Check the box beside Enable Anti-Stealth Technology
- Click on Start and wait for the virus signature database to update.
- The online scan will begin automatically and can take several hours.
- Note: Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.
- After the Scan finishes --
- If no threats were found:
- Put a checkmark in Uninstall application on close.
- Close the program and report that nothing was found
- If threats were found:
- Open the file located in C:\Program Files\ESET\ESET Online Scanner\log.txt (32-bit) or C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt (64-bit).
- Copy and Paste contents of the log file in your next reply.
- If no threats were found:
- Required Log(s):
- Malwarebytes' Anti-Malware Log
- ESET Scan Log
Valinorum
#21
Posted 13 January 2015 - 07:47 AM
Both the scans came out clean
ESET did not produce any log
I have attached the MalwareBytes' AntiMalware Scan Log
Attached Files
#22
Posted 13 January 2015 - 11:37 AM
#23
Posted 13 January 2015 - 12:04 PM
Firstly, I would like to thank you Valinorum for being so helpful with this.
About the PC, I am not quite sure yet. The registry message which appeared while running MBAR re-appears every time I restart.
I have added the image to it below.
BitDefender, and Malware Bytes AntiMalware have been giving this pop-up.
It shows up every time I restart (even if I block it); and keeps coming up every 2 mins. or so
On looking up rubyw.exe belong to Private Internet Access.
However, it is not a software I installed and I cannot find it among installed programs in the control panel to remove it.
#24
Posted 13 January 2015 - 09:12 PM
#25
Posted 14 January 2015 - 07:44 AM
FARBAR logs attached
Not using a VPN right now (but I have used one by HMA in the past - not installed anymore)
rubyw.exe (not installed by me) is trying to connect to different IPs every couple of minutes
On opening FARBAR I got this message
The program still ran fine though and generated the logs.
Attached Files
#26
Posted 14 January 2015 - 12:44 PM
- Step #7 Fix with FRST
Make sure that you still have FRST.exe on your Desktop. If you do not have it, download the suitable version from here to your Desktop.- Open Notepad.exe. Do not use any other text editor software;
- Copy and Paste the contents inside the code-box to your Notepad --
Start CreateRestorePoint: CloseProcesses: HKLM-x32\...\Run: [] => [X] SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = C:\Users\Aditya\AppData\Local\Temp\ocr4D6E.tmp C:\Program Files\pia_manager\ Emptytemp: End
- Click on File > Save as...
- Inside the File Name box type fixlist.txt;
- From the Save as type drop down list, choose All Files
- Save the file to your Desktop;
- Re-run FRST.exe and click Fix;
- Note: If FRST advises there is a new updated version to be downloaded, do so/allow this.
- After the completion, a log will be produced;
- Copy and Paste the contents of the log in your next reply.
- Required Log(s):
- FRST Fix Log
Valinorum
#27
Posted 14 January 2015 - 01:45 PM
Fixlog attached.
The BitDefender and MalwareBytes' Anti Malware firewall pop-ups seem to have stopped.
The rubyw.exe seems to have gone too so looks like it worked.
Any idea what that error is when starting FRST, and the registry entry one while starting MBAR?
Attached Files
#28
Posted 15 January 2015 - 08:36 AM
Update (this happened on BitDefender not sure what caused it):
#29
Posted 16 January 2015 - 02:51 AM
#30
Posted 16 January 2015 - 09:43 AM
The BitDefender message, I have seen it twice before.
FRST and MBAR one are happening every time I start them.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users