Dealsfactor malware infection (windows 8)
#1
Posted 28 March 2015 - 02:33 AM
#2
Posted 28 March 2015 - 09:14 AM
You can attach logs if necessary.
Thanks
Joe
#3
Posted 28 March 2015 - 01:33 PM
Hi Joe!
Thanks, I've attached the FRST and ADD logs
Attached Files
#4
Posted 28 March 2015 - 01:46 PM
Can you post the adwCleaner SO.txt log and the Malwarebytes log too.
Also;
Farber Recovery Scanner needs to be running fron the desktop. You have it in the downloads folder. Please move to desktop
To do that:
- Navagate to your downloads folder--> C:\Users\Angel\Downloads
- In the downloads folder find FRST (Farber recovery scan tool)
- Right click on it,Choose cut.
- Go back to the desktop.
- On an empty space right click, choose paste.
- Farber will now have been successfully moved to desktop.
Thanks
Joe
#5
Posted 28 March 2015 - 04:31 PM
Hi Joe!
Here are the logs-
Attached Files
#6
Posted 28 March 2015 - 04:35 PM
A few items to fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.
start CloseProcesses: CreateRestorePoint: HKU\S-1-5-21-3257919228-2720765789-3481981865-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://g.msn.com/1ewenusDefaultPack/U217_DefaultPack_DHP2 SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3257919228-2720765789-3481981865-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} CHR HKU\S-1-5-21-3257919228-2720765789-3481981865-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ncmdmcjifbkefpaijakdbgfjbpaonjhg] - No Path Or update_url value S3 AppObserver; \??\C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\appobserver64.sys [X] C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\appobserver64.sys C:\Users\Angel\AppData\Local\Temp\BrowserKill32.exe C:\Users\Angel\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphitafa.dll C:\Users\Angel\AppData\Local\Temp\Quarantine.exe C:\Users\Angel\AppData\Local\Temp\sqlite3.dll AlternateDataStreams: C:\Users\Angel\Desktop\2015-03-26 00.29.49.png:com.dropbox.attributes C:\Users\Angel\Desktop\2015-03-26 00.29.49.png:com.dropbox.attributes CMD: ipconfig /flushdns hosts: Emptytemp: endClick Format and ensure Wordwrap is unchecked.
Save as Fixlist.txt to your Desktop (Must be in this location)
Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.
In your next reply post;
Fixlog.txt, That log will be located on the desktop.
#7
Posted 28 March 2015 - 05:07 PM
Hey Joe-
Thanks for the help! Here's the log-
#8
Posted 28 March 2015 - 05:13 PM
Did you run ComboFix at anytime, I see it in your downloads folder,
2015-03-25 22:17 - 2015-03-25 22:17 - 05615749 _____ (Swearware) C:\Users\Angel\Downloads\ComboFix.exe
If you ran it, do you have the log file ? It would be located at C:\Combofix.txt
Thanks
Joe
#9
Posted 28 March 2015 - 05:58 PM
I haven't actually. I'm running windows 8.1 64bit but every time I try installing it here, I get an error telling me my laptop isn't compatible, while listing windows 8.1 64bit
Runs on another 8.1 64 bit laptop i have, but not this one.
#10
Posted 28 March 2015 - 06:06 PM
ComboFix isn't compatible with windows 8.1, I would suggest not using ComboFix unless instructed.
How is the computer ? Any issues Malware related ? If not we can remove the tools we used.
Thanks
Joe
#11
Posted 28 March 2015 - 06:08 PM
Everything seems good now, no pop ups, I've went through my browsers again, I see no issue currently, thank you!
#12
Posted 29 March 2015 - 10:37 AM
Lets clean up the tools I had you download. This exercise will remove all malware tools and log files from the desktop, it will clear out all restore points and create a new one.
Download DelFix by Xplode and save it to your desktop.
- Run the tool by right click on the icon and Run as administrator option.
- Make sure that these ones are checked:
- Remove disinfection tools
- Purge system restore
- Reset system settings
- Push Run.
- The program will run for a few seconds and display a notepad report.
Paste it for my review.
Joe
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users