It seems to be only in the browser. And the computer seemed to start acting up about 2 to 3 months ago.
IE starts with ads and no one on computer. [Solved]
Posted 13 April 2015 - 06:18 PM
Warning: Your machine has a back door infection! You should consider that of your passwords and sensitive security information have been looked at from an outside source. If your computer is/was used for online banking, has credit card information or any other sensitive data on it, you should immediately disconnect it from the Internet and stay disconnected until your system is cleaned.
Use another clean computer to change passwords on all sites you use, including those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised. Passwords should be changed by using a different computer; not the infected one.
Affected banking and credit card institutions should be notified of the possible security breach. Make sure you continue to monitor any banking and credit card accounts that you may have accessed with the infected machine.
If you want to continue cleaning the machine, you should know that there's no way to guarantee it is 100% trustworthy. Many security experts believe that a reinstall of the operating system is the only way to ensure the infection is gone.
I'll provide instructions for us to continue unless I hear otherwise from you.
Getting To Safe Mode From Within Windows 8
Press the Win+R key combination and type msconfig in the run box and hit enter.
Switch over to the boot tab, and click on the Safe Boot check box.
You can also choose the type of Safe Mode you want to boot into:
- Minimal is normal safe mode.
- Alternate Shell is safe mode with command prompt.
- Network is safe mode with networking. <=== Choose this one!
- The Active Directory option pertains to restoring a server that is a Domain Controller for your network. Once you have chosen your option click the ok button and restart your machine.
You PC will be booted into Safe Mode automatically.
Please uninstall the following programs:
- Google Chrome
- Run a FRST Fix
- Download the attached fixlist.txt file and save it to the Desktop.
(Note: It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.)
Notice: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.
- Run FRST/FRST64 from your Desktop and press the Fix button just once and wait.
- If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
- When finished FRST will generate a log on the Desktop named Fixlog.txt. Please post the contents of that log file into your next reply.
Reboot the computer to Normal Windows by following the instructions in the First step above, only this time un-checking the Safe boot check box.
Run Malwarebytes' Anti-Malware (already installed):
- Open it, select the Dashboard tab, and click on "Update Now":
- If a scan update is available, it will install it. Install any program updates it offers.
- Please reboot if you are asked to.
- Start Malwarebytes' Anti-Malware
- Now select the Settings tab, and check the box next to Scan for rootkits:
- Go back to the Dashboard tab, and click the Scan Now button:
- The scan may take some time to finish,so please be patient.
- When the scan is complete, it will show you the results:
- Make sure that everything is checked, and click Remove Selected (or similar).
- When disinfection is completed, a log may open in Notepad and you may be prompted to Restart. (See Extra Note below)
- The log is automatically saved by MBAM and can be viewed by going to the History tab and clicking on Application Logs.
- Choose the latest Scan Log:
- In the bottom of the Scanning History Log window that opens, you can click on Export > Save to Text file (*.txt). Save the report to your Desktop.
- Copy & Paste the entire contents of the report log in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
*** In your next reply, I need you to Copy&Paste the contents of the MBAM log file.
In your next reply, please copy/paste the contents of the following logs:
- FRST fixlog.txt
And confirm the uninstalls. How is the machine running at this point?
Posted 13 April 2015 - 09:28 PM
I think I would like to format the computer. This has me really scared. I have changed all my passwords but this computer is not working that well either. Before doing all the above please let me know if the format would work to get rid of this stuff. Thank you
Posted 13 April 2015 - 11:17 PM
Have you had any issues with identity theft or credit card fraud recently? It depends on what you do financially on this computer, and we have no way of determining what, if any, information may have been accessed.
I'm sorry if my news scared you. That was not my intention, and this is something I dread posting, believe me. But the fact is that we are required to explain the worst-case situation to you with infections like the W32.IRCBot back door one showing up now. There is other malware present, but this particular one can automatically download other malware behind the scenes... and it appears it has already installed a Development version of Google Chrome for you, which can allow browser extensions to be automatically installed.
To answer your question, yes, the format should get rid of the infections, as long as you don't restore backups that contain malware. If you have any portable or external drives it would be a good idea to scan them if they've been plugged into this computer in the past 3 months or so (according to when you said the issues started). If this were my own computer, I would perform a full (not Quick) Anti-Virus scan and a full (again, not Quick) Malwarebytes Anti-Malware scan on any and all external storage devices in question.
If you would like re-installation help, please visit our Windows 8 forum, although it looks like you have been there before with a different machine.
Please do let me know if you've committed to reformatting so I may wrap up the thread. If you do decide to continue, I'll provide the fixlist.txt file that was missing from my last post.
Posted 14 April 2015 - 05:34 AM
Posted 14 April 2015 - 01:59 PM
You are most welcome. There are unfortunately many opportunities for this to happen these days. Even the most careful can get compromised by malware, even myself when I first came here for help . I don't believe anyone is immune to this, but the potential for damage, fraud, and financial challenges is by far greater when running regularly with a user account with administrator privileges.
What I can offer for tips are these (you may be aware of all or some of them already):
- Make your "regular" user account a Limited User, and only use the Administrator account for installation/un-installation and maintenance tasks. This is by far the greatest security risk to computers I think. It applies to all users of a computer. It will limit the amount of damage that can be done since most malware can assume the privilege level of the user who is logged in and whose account becomes compromised.
- Create a separate "Admin" account for these maintenance tasks, which shoiuldn't be too often for daily use. If you have a new Windows installation to configure with new programs, etc., then logging into this account to set things up would make it easier than typing your administrator account password each time elevated privileges were required. Just make sure to log out and switch to your Limited User account when you're done.
- This admin account can be shared between you and your husband, but be careful who you give access to outside of immediate users.
- Never open an email link you aren't positive is legitimate. If you get email that looks authentic and gives you a link to log into your account on a site, avoid that and go directly to the company's web site to log in directly. Should you get such emails, be sure to report them to the company in question as most have fraud or spam investigation capability. By doing so, you could prevent another unsuspecting user from becoming compromised.
- Be careful which web sites you visit. In my list below, you can find a Firefox extension named NoScript. This blocks all scripting activity unless you approve it. I use it myself. I will say there is a training period for using it, during which you have to allow the most common sites you visit. There's a setting in the options to allow top-level sites opened from bookmarks, but you might be surprised to see the amount of advertising, data collecting, tracking, etc. script activity that comes up on some sites! Some of this is harmless, allowing a site to deliver you targeted content to your interests or location, which sites often pay for.
- Another Firefox extension I use is AdBlock Plus. It's free and can block annoying ads from web pages, resulting in a faster, safer and cleaner web browsing experience. Keep in mind that some ads generate
revenue for web sites at no cost to you.
- OpenDNS is a free DNS filtering service. Personal accounts are free and you can log into your account on their web site, and set up categories to block or allow on the Internet. There are per-site allow and block lists, but I think you are limited to 25 total. For me, the categories are good enough with my free account, as it keeps my family filtered from pornographic, drug-related, racist, tobacco and alcohol, known malicious, phishing and hacking web sites. One big advantage is that when one user is blocked or reports a site, it gets added to a blacklist database so that other users can benefit from the discovery of malicous behavior. Also my new Netgear router has a configuration page in it to access my OpenDNS account directly. Super cool!
Reset your Window 8 computer
If you want to recycle your PC, give it away or just start afresh, you can reset it completely.
Note: If you upgraded your PC from Windows 8 to Windows 8.1 and your PC has a Windows 8 recovery partition, resetting your PC will restore Windows 8. You’ll need to upgrade to Windows 8.1 after the reset has finished.
Warning: All your personal files will be deleted and your settings will be reset. All applications that you've installed will be removed. Only the applications that came with your PC will be reinstalled.
To reset your PC:Note:You'll be asked to choose whether you want to erase data quickly or thoroughly. If you choose to erase data quickly, some data might be recoverable using special software. If you choose to erase data thoroughly, this will take longer but it makes recovering data less likely.
How to reset windows 8..... http://windows.micro...efresh-reset-pc
Here is a list if things to consider keeping updated...
I highly recommend applying the CryptoPrevent tool, and reading through Tony Klein/SpySentinel's article at the end entitled "How did I get infected in the first place?"...
Automatic Updates for Windows 8
Another essential is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats, Microsoft releases security updates that help keep your computer from becoming vulnerable. It is best if you have these set to download automatically.
Turn ON Automatic Updates in Windows 8
Keep Java Updated
Warning: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java.
See this article
I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to disable Java in your web browser and How to unplug Java from the browser).
If you do need to keep Java then download JavaRa.
Run the program and select Remove Java Runtime. Uninstall all versions of Java present.
Once done then run it again and select Update Java runtime > Download and install Latest version.
Web Browser security
Most malware is exploiting Internet Explorer's vulnerabilities, with Firefox you will be more secure.
Note: If you are going to use Firefox, I would suggest the use of these add-ons:
- NoScript - for blocking ads and other potential website attacks.
- AdBlock Plus - block annoying ads that cost you expensive bandwith, with the added benefit of faster page loading.
- McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling.
Other Program updates
You should get the latest versions of Adobe software and keep them updated. Best of all, they are FREE.
Note: Make sure to uncheck the check box labelled "Yes, install McAfee Security Scan Plus - optional", or any other optional "features".
Anti Virus Programs
On to personal Anti Virus programs. One AV is a must have, but never more than one, as this can and will cause conflicts, system slow-downs, and false readings.
If you wish to keep using your current program, always make sure it is up to date and enabled.
- OR -
These FREE ones are as good as any paid subscription AV, as long as you allow them to update themselves:
- Microsoft Security Essentials
- Avast! Home Edition - a very good free AntiVirus.
- AVG Free Anti-virus - yet another good free AntiVirus
Anti Spyware Programs
Malwarebytes Anti-Malware is an excellent preventative program that will help to keep the nasties away. I would advise running this at least once a month. If you need to download it again, you can get it from here:
I have the paid version which has real-time monitoring and is has blocked outside attacks for me.
Almost done! If you like to use chat, MSN and Yahoo have vulnerabilities that can leave you open to infections. There are however a couple of very good, malware-free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN):
Finally, it is a good idea to clear out all your temp files every now and again. This will help keep your computer running optimally. It can detect registry errors, missing shortcuts, invalid files, etc. It also can assist in getting rid of files that may contain malicious code that could re-infect your computer.
- TFC by OldTimer is a free temporary file cleaner.
CryptoLocker is a particularly nasty infection which is becoming more prevalent...
Go here for information about CryptoLocker Ransomware. Learning about what is out there may help you prevent infection. The best protection against this infection is to backup your files often. If you're using an external drive, keep it unplugged from the computer when you're not backing up files or using it. This will prevent the infection from getting to your backed up files if you ever have the frustrating experience of contracting it.
It is suggested to Download CryptoPrevent, which is free for home use. It will help prevent CryptoLocker infection.
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this excellent article, originally written by Tony Klein, and updated by SpySentinel.
I will keep this log open for the next couple of days, so if you have any further problems, you can post another reply here.
OK, happy computing, and stay safe!
Please reply again to this thread to acknowledge you have read my last post. If you have no further questions, this thread will be closed to prevent others from posting here.
Posted 15 April 2015 - 09:19 AM
Are you all set at this point, or do you have any further questions?
Posted 15 April 2015 - 01:06 PM
Thank you very much I have formatted the computer and will try to be very vigilant. I appreciate all your help.
Posted 15 April 2015 - 03:21 PM
You are most welcome. Glad I could be of help.
Good luck and happy and safe computing!
Posted 16 April 2015 - 07:22 AM
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users