Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malicious File Download 12 Help [Solved]


  • This topic is locked This topic is locked

#16
Azreide

Azreide

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

Okay, so the next time I reset my computer AFTER that, it bluescreened saying something like

DRIVER_IRQL_NOT_LESS_OR_EQUAL

 

Something like that.


  • 0

Advertisements


#17
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Does this occur on every boot or was it just a one off ?

Are the redirects still occurring
  • 0

#18
Azreide

Azreide

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

I system restored because yes, it was reocurring. If the fix did fix it, then I don't know, because of the restore.


  • 0

#19
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Are the redirects still evident ?
  • 0

#20
Azreide

Azreide

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

Yes, and now I suddenly got a redirect from Malicious File Download 24 .__.

 

It's power has doubled, apparently. I'm assuming that that isn't a coincedence.


  • 0

#21
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
That was probably due to the system restore

Could you run a frest FRST scan please
  • 0

#22
Azreide

Azreide

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

You know, if you really can't fix it, that's okay :s

 

Odd thing is, sometimes it just happens like, every time I click to the next page, and sometimes it doesn't for entire minutes.

Attached Files


Edited by Azreide, 12 January 2015 - 02:12 PM.

  • 0

#23
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I have a feeling it may be related to desura however, that is part of a game validation system

A few registry entries were returned so I will kill them now. Could you let me know how it is behaving after this

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-40517483-3242870874-2281284425-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
2015-01-10 07:16 - 2015-01-10 07:16 - 00003106 _____ () C:\Windows\System32\Tasks\{C8F582DE-70F6-4F24-A5B8-186E88515E4A}
2015-01-11 01:20 - 2014-05-18 16:00 - 00000000 ____D () C:\Program Files (x86)\sweetpacks bundle uninstaller_WinRAR_1539813
EmptyTemp:
Hosts:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

  • 0

#24
Azreide

Azreide

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

I installed Norton specifically for the purpose of this redirecting bug, and Desura was installed 2 days after Norton, plenty of people use it too, so yeah, I doubt it's desura that caused it. Also, after doing the FRST fix, it seems my password for my internet connection was reset (not the connection itself, but the automatic login), this didn't happen with the others so is that normal? Online passwords, history and such had been reset, but not my password for my connection before.

 

Already had AdwCleaner, and had used it before.

Attached Files


Edited by Azreide, 13 January 2015 - 05:39 PM.

  • 0

#25
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No, nothing was touched in that area ... Are the redirects still occurring ?
  • 0

Advertisements


#26
Azreide

Azreide

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

It seems not, strangely enough. Though as I've said before, it sometimes just delays it. What do you think you did differently this time that stopped it? o.O


  • 0

#27
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I removed 2 possible suspects that did not show before

Could you run as normal for a day or so to ensure that they have gone
  • 0

#28
Azreide

Azreide

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

Will do, I'll reply to this tomorrow if nothing happened, or if something did.


  • 0

#29
Azreide

Azreide

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

Pretty sure it worked! Thank you.


  • 0

#30
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Remove tools

Download and run Delfix

delfix.JPG


: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article

I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

If you do need to keep Java then download JavaRa
Run the programme and select Remove Java Runtime. Uninstall all versions of Java present
Once done then run it again and select Update Java runtime > Download and install Latest version
javara.JPG


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware

CryptoPrevent.JPG

Malwarebytes.

Update and run weekly to keep your system clean

Unchecky

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme ;)

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe :wave:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP