Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Need Help: Accounts getting Hacked [Solved]


  • This topic is locked This topic is locked

#16
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,915 posts
No. FRST did not do this. Please choose 'Yes' and restart the tool. It should remove the value.
  • 0

Advertisements


#17
LegendOz

LegendOz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts

Removed, then scanned again - the message didn't show up this time

MBAR scan came out clean, next step?


Edited by LegendOz, 12 January 2015 - 08:47 AM.

  • 0

#18
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,915 posts
Please do not edit your post. If you need to post anything new; make a new reply instead. Provide me a fresh FRST scan log please.
  • 0

#19
LegendOz

LegendOz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts

Logs Attached

Attached Files


  • 0

#20
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,915 posts
  • Step #5 Scan with Malwarebytes' Anti-Malware
    • Download Malwarebytes' Anti-Malware from the suitable link below --
    • Double-click mbam-setup.exe to install the application.
    • Before clicking Finish perform the following actions --
      • Un-check the box beside Enable free trial of Malwarebytes Anti-Malware Premium.
      • Check the box beside Launch Malwarebytes Anti-Malware
    • Once the program has loaded, The MBAM dashboard will appear with an alert to update - click the green button Update Now;
    • Click on Setting--
      • Navigate to the tab Detection and Protection and check all the boxes under Detection Options
    • From the Dashboard click on Scan Now;
    • If threats are detected click on Apply actions. If the program asks to reboot your PC, let it do so;
    • On completion of the scan click on View Detailed Log after that click on Export Button, select Text File and save the log to your Desktop;
    • Copy and Paste the contents of the log in your next reply.
 
  • Step #6 ESET Online Scanner
    Disable your security programs which includes but not limited to anti-virus, anti-malware, anti-spyware et cetera. Peruse this for additional information.
    • Download esetsmartinstaller_enu.exe by clicking here.
    • Right-click on the program and choose Run as administrator.
    • Accept their terms and condition and proceed.
    • Install Add-On/Active X if prompted.
    • From the Computer Scan Setting check the following box --
      • Enable detection for potentially unwanted programs
    • Click on Advanced Setting --
      • Uncheck the box beside Remove Found Threats;
      • Check the box beside Scan archives
      • Check the box beside Scan for potentially unsafe applications
      • Check the box beside Enable Anti-Stealth Technology
    • Click on Start and wait for the virus signature database to update.
    • The online scan will begin automatically and can take several hours.
      • Note: Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.
    • After the Scan finishes --
      • If no threats were found:
        • Put a checkmark in Uninstall application on close.
        • Close the program and report that nothing was found
      • If threats were found:
        • Open the file located in C:\Program Files\ESET\ESET Online Scanner\log.txt (32-bit) or C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt (64-bit).
        • Copy and Paste contents of the log file in your next reply.
    Note: Enable your security programs afterwards.
 
  • Required Log(s):
    • Malwarebytes' Anti-Malware Log
    • ESET Scan Log
Regards,
Valinorum
  • 0

#21
LegendOz

LegendOz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts

Both the scans came out clean

ESET did not produce any log

I have attached the MalwareBytes' AntiMalware Scan Log

Attached Files


  • 0

#22
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,915 posts
How is your PC?
  • 0

#23
LegendOz

LegendOz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts

Firstly, I would like to thank you Valinorum for being so helpful with this.

 

About the PC, I am not quite sure yet. The registry message which appeared while running MBAR re-appears every time I restart.

I have added the image to it below.

 

3f460857039410837fc2ad420d9755cd.png

 

BitDefender, and Malware Bytes AntiMalware have been giving this pop-up.

It shows up every time I restart (even if I block it); and keeps coming up every 2 mins. or so

 

aa15582345bf954e9f8880faee67b64a.png

 

d5d1d5adbd80ae958d7142e9464722c4.png

 

On looking up rubyw.exe belong to Private Internet Access.

However, it is not a software I installed and I cannot find it among installed programs in the control panel to remove it.


  • 0

#24
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,915 posts
Post a fresh FRST scan log. It is time to remove that program. Before that, are you using any VPN software?
  • 0

#25
LegendOz

LegendOz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts

FARBAR logs attached

 

Not using a VPN right now (but I have used one by HMA in the past - not installed anymore)
rubyw.exe (not installed by me) is trying to connect to different IPs every couple of minutes

 

On opening FARBAR I got this message

 

0f62f2ed395514de13d04231c3e7e6b5.png

 

The program still ran fine though and generated the logs.

Attached Files


  • 0

Advertisements


#26
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,915 posts
I am incline to believe that you do not use Ruby on rails as well. Do not proceed with the fix if you believe otherwise.


 
  • Step #7 Fix with FRST
    Make sure that you still have FRST.exe on your Desktop. If you do not have it, download the suitable version from here to your Desktop.
    • Open Notepad.exe. Do not use any other text editor software;
    • Copy and Paste the contents inside the code-box to your Notepad --
      Start
      CreateRestorePoint:
      CloseProcesses:
      HKLM-x32\...\Run: [] => [X]
      SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
      SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
      SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
      C:\Users\Aditya\AppData\Local\Temp\ocr4D6E.tmp
      C:\Program Files\pia_manager\
      Emptytemp:
      End
    • Click on File > Save as...
      • Inside the File Name box type fixlist.txt;
      • From the Save as type drop down list, choose All Files
    • Save the file to your Desktop;
    • Re-run FRST.exe and click Fix;
      • Note: If FRST advises there is a new updated version to be downloaded, do so/allow this.
    • After the completion, a log will be produced;
    • Copy and Paste the contents of the log in your next reply.
 
  • Required Log(s):
    • FRST Fix Log
Regards,
Valinorum
  • 0

#27
LegendOz

LegendOz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts

Fixlog attached.

The BitDefender and MalwareBytes' Anti Malware firewall pop-ups seem to have stopped.

The rubyw.exe seems to have gone too so looks like it worked.

 

Any idea what that error is when starting FRST, and the registry entry one while starting MBAR?

Attached Files


  • 0

#28
LegendOz

LegendOz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts

Update (this happened on BitDefender not sure what caused it):

 

511a45210003b18adb3959f0c755dcd1.png


  • 0

#29
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,915 posts
Is the error persistent?
  • 0

#30
LegendOz

LegendOz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts

The BitDefender message, I have seen it twice before.

FRST and MBAR one are happening every time I start them.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP