Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Possible Virus - Chrome/Youtube Slow and maybe Zeroaccess Virus [Solve


  • This topic is locked This topic is locked

#16
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

Didnt do as you described for Chrome as it seems to perform correctly now so ran the TDSSKiller and it found no threats, below is log:


Ok, no worries then on Chrome. :thumbsup: Let's run some scans for orphans and remnants.


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Scan with Malwarebytes


Start the progam and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings_zpsb6b9ada0.jpg

Go back to the Dashboard and select Scan Now

mbam21-console_zpslhr5hawa.jpg

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot_zps9089ab30.jpg

MBAMLog_zpsade07f42.jpg

On completion of the scan (or after the reboot), start MBAM,

Click History, then Application Logs, then check the Select box by the first Scan Log in the list and then click on the log to highlight it.

Click Export, select text file and save to the desktop as MBAM.txt and post in your next reply.



Step 2: Scan with ESET Online Scanner


Please note: You can use Internet Explorer or Firefox for this step. Either browser used will have to be ran in admin mode.

Right click on either the Internet Explorer icon or the Firefox icon in the Start Menu or Quick Launch Bar on the Task bar and select Run as Administrator from the menu.

If you use Firefox, you will be prompted to download esetsmartinstaller_enu.exe. Please do so, then double click it to install it.

Please click on this link and then click the ESET Online Scanner bar ---->esetbar_zps93905f48.jpg
  • Select the option YES, I accept the Terms of Use then click on Start
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • Now click on Finish
  • Use notepad to open the logfile located at C:\Program Files(x86)\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Step 3: SecurityCheck Scan


Download Security Checksecuritycheck_zpsb7736812.jpg by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Things I need to see in your next post:
  • ESET Scan Log
  • MBAM Log
  • SecurityCheck Log

  • 0

Advertisements


#17
Pete677

Pete677

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts

Here is the MBAM log

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 9/5/2015
Scan Time: 10:01:13 AM
Logfile: MBAM.txt
Administrator: Yes
 
Version: 2.1.8.1057
Malware Database: v2015.09.05.04
Rootkit Database: v2015.08.16.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows Vista Service Pack 2
CPU: x64
File System: NTFS
User: pete626
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 393363
Time Elapsed: 30 min, 5 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

  • 0

#18
Pete677

Pete677

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts

Here is the ESET log

 

[email protected] as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=bb9014e8202a574dac8d616d7b330d5a
# end=init
# utc_time=2015-09-05 07:21:44
# local_time=2015-09-05 02:21:44 (-0600, Central Daylight Time)
# country="United States"
# osver=6.0.6002 NT Service Pack 2
[email protected] as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=bb9014e8202a574dac8d616d7b330d5a
# end=init
# utc_time=2015-09-05 07:23:19
# local_time=2015-09-05 02:23:19 (-0600, Central Daylight Time)
# country="United States"
# osver=6.0.6002 NT Service Pack 2
Update Init
Update Download
Update Finalize
Updated modules version: 25622
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=bb9014e8202a574dac8d616d7b330d5a
# end=updated
# utc_time=2015-09-05 07:25:55
# local_time=2015-09-05 02:25:55 (-0600, Central Daylight Time)
# country="United States"
# osver=6.0.6002 NT Service Pack 2
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=bb9014e8202a574dac8d616d7b330d5a
# engine=25622
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-09-05 09:10:46
# local_time=2015-09-05 04:10:46 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1=''
# compatibility_mode=5892 16776573 100 100 0 278086152 0 0
# scanned=354928
# found=5
# cleaned=0
# scan_time=6290
sh=D2667051D298A5A5437876B378A66A03BD1165C4 ft=0 fh=0000000000000000 vn="JS/Redirector.NCG trojan" ac=I fn="C:\Users\pete626\AppData\Local\ae0e8845-86ce-4d69-ab32-458c19632b17.crx"
sh=D2BA2CD5ADB9069C3DAA4C297CD72478430C1A1F ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2012-5076.AG trojan" ac=I fn="C:\Users\pete626\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\54f6ffe4-3bf7c440"
sh=D2BA2CD5ADB9069C3DAA4C297CD72478430C1A1F ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2012-5076.AG trojan" ac=I fn="C:\Users\pete626\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\54f6ffe4-64952f14"
sh=3B81EC417070451946E80D161DCAF707D2905BF1 ft=0 fh=0000000000000000 vn="Java/Agent.EI trojan" ac=I fn="C:\Users\pete626\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\3a540fc9-491e6761"
sh=3D84C7C0E316EAD02DD7A59E746EC798DAB8BC0C ft=1 fh=ce50a11e70bad71c vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\pete626\Downloads\ccsetup328.exe"

  • 0

#19
Pete677

Pete677

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts

Here is the Security Check log

 

 Results of screen317's Security Check version 1.008  
 Windows Vista Service Pack 2 x64 (UAC is enabled)  
 Internet Explorer 9  
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Out of date HijackThis  installed! 
 SUPERAntiSpyware Free Edition   
 HijackThis 2.0.2    
 Java 8 Update 51  
 Java 8 Update 60  
  Adobe Flash Player 11.1.102.63 Flash Player out of Date!  
 Adobe Reader 9 Adobe Reader out of Date! 
 Google Chrome (44.0.2403.157) 
 Google Chrome (45.0.2454.85) 
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0 % 
````````````````````End of Log`````````````````````` 

  • 0

#20
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello :)

Excellent, only 5 items to remove and only a couple of programs to update. :thumbsup:

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Fix with FRST
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

    NOTE: It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

Start
CreateRestorePoint:
C:\Users\pete626\AppData\Local\ae0e8845-86ce-4d69-ab32-458c19632b17.crx
C:\Users\pete626\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\54f6ffe4-3bf7c440
C:\Users\pete626\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\54f6ffe4-64952f14
C:\Users\pete626\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\3a540fc9-491e6761
C:\Users\pete626\Downloads\ccsetup328.exe
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Step 2: Program Updates

Update Adobe flash Player
  • Your current version of Adobe Flash is out of date. Please update it by clicking the link below.
  • Also, make sure you Uncheck the box to install the McAfee Security Scan Plus software.
http://get.adobe.com/flashplayer/


Updating Adobe Reader
  • Malware will exploit any vulnerabilities it can find in outdated software. If you are using Adobe Reader for reading pdf files, try using FoxIt Reader. It is a very capable alternative to Adobe.
  • Please click here to download FoxIt Reader.
  • If you wish to continue to use Adobe Reader, then please update it by clicking here.
  • Please remember to uncheck the option to install McAfee's Security Suite.
Things I need to see in your next post:

Fixlog.txt Log

  • 0

#21
Pete677

Pete677

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts

I went ahead and uninstalled Adobe Reader 9.1 with Foxit Reader, updated the Flash Player and here is the Fixlog:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:31-08-2015
Ran by pete626 (2015-09-05 21:37:50) Run:3
Running from C:\Users\pete626\Desktop
Loaded Profiles: pete626 (Available Profiles: pete626)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
CreateRestorePoint:
C:\Users\pete626\AppData\Local\ae0e8845-86ce-4d69-ab32-458c19632b17.crx
C:\Users\pete626\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\54f6ffe4-3bf7c440
C:\Users\pete626\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\54f6ffe4-64952f14
C:\Users\pete626\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\3a540fc9-491e6761
C:\Users\pete626\Downloads\ccsetup328.exe
End
*****************
 
Restore point was successfully created.
C:\Users\pete626\AppData\Local\ae0e8845-86ce-4d69-ab32-458c19632b17.crx => moved successfully
C:\Users\pete626\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\54f6ffe4-3bf7c440 => moved successfully
C:\Users\pete626\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\54f6ffe4-64952f14 => moved successfully
C:\Users\pete626\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\3a540fc9-491e6761 => moved successfully
C:\Users\pete626\Downloads\ccsetup328.exe => moved successfully
 
==== End of Fixlog 21:38:11 ====

  • 0

#22
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

I went ahead and uninstalled Adobe Reader 9.1 with Foxit Reader, updated the Flash Player and here is the Fixlog:


:thumbsup: Looks good, subject to no further problems, let's remove my tools and create a new clean restore point on the machine. I also have some tips and information to help protect you in the future.


Step 1: Tool Removal with Delfix and Creation of a clean restore point
  • Download Delfix from here
  • Ensure Remove disinfection tools is ticked
    Also tick:
    • Create registry backup
    • Purge system restore
    • Reset System Settings
    delfix.jpg
  • Click Run
The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.
  • You can uninstall ESET Online Scanner at this time.
  • I recommend keeping Malwarebytes Anti-Malware installed. Make sure to update it and run it at least once a week. If it finds things such as PUP's (Potentially Unwanted Programs) you can delete those with no worries. However, if it finds something like a trojan, come see us.
Step 2: Tips, Information, and Optional Installation of Unchecky
  • Watch what you open in your emails. If you get an email from an unknown source with any attached files, do not open it.
  • Install and keep only one anti-virus on your machine. Update it and scan your machine with it at least once a week.
  • Be careful of the websites you visit.
  • When installing new programs, don't be "click happy" and click through the screens. Many programs come with adware in them and are set to install them by default. Several programs require that you uncheck or select no to prevent the installation. Take your time and read each screen as you go. :)
To help protect yourself while on the web, I recommend you read How did I get infected in the first place?

Installation of Unchecky

This is a very good little program that will automatically uncheck any boxes during a software installation. This helps prevent the software from installing any malware that is by default checked while the program is being installed.
  • Click here to be taken to Unchecky.com
  • Click the very large Download button.
  • Click Save
  • Once downloaded, double click the program (Vista, Win 7, and 8, right click and Run as Administrator)
  • Once open, click the Install button.
unchecky1_zps667e512d.jpg


Then click Finish

unchecky2_zpsca4e7d0d.jpg


Unchecky is now installed and will help you keep unwanted check boxes unchecked. :thumbsup:


Things I need to see in your next post

Delfix Log

  • 0

#23
Pete677

Pete677

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts

Here is the DelFix log

 

# DelFix v1.010 - Logfile created 06/09/2015 at 10:01:42
# Updated 26/04/2015 by Xplode
# Username : pete626 - PETE626-PC
# Operating System : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
 
~ Removing disinfection tools ...
 
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hijackthis
Deleted : C:\Program Files (x86)\Trend Micro\Hijackthis
Deleted : C:\rkill.log
Deleted : C:\TDSSKiller.3.1.0.5_05.09.2015_09.28.38_log.txt
Deleted : C:\Users\pete626\Desktop\Addition.txt
Deleted : C:\Users\pete626\Desktop\AdwCleaner.exe
Deleted : C:\Users\pete626\Desktop\Fixlog.txt
Deleted : C:\Users\pete626\Desktop\FRST.txt
Deleted : C:\Users\pete626\Desktop\FRST64.exe
Deleted : C:\Users\pete626\Desktop\JRT.exe
Deleted : C:\Users\pete626\Desktop\JRT.txt
Deleted : C:\Users\pete626\Desktop\SecurityCheck.exe
Deleted : C:\Users\pete626\Desktop\tdsskiller.exe
Deleted : C:\Users\pete626\Downloads\esetsmartinstaller_enu (1).exe
Deleted : C:\Users\pete626\Downloads\esetsmartinstaller_enu (2).exe
Deleted : C:\Users\pete626\Downloads\esetsmartinstaller_enu (3).exe
Deleted : C:\Users\pete626\Downloads\esetsmartinstaller_enu.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Hijackthis
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\HijackThis.exe
 
~ Creating registry backup ... OK
 
~ Cleaning system restore ...
 
 
New restore point created !
 
~ Resetting system settings ... OK
 
########## - EOF - ##########

  • 0

#24
Pete677

Pete677

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts

Thank you so much pystryker for getting my pc back up to speed, yes it was an email attachment via an excel sheet that I believe caused this now that I remember it.

 

What Antivirus would you recommend to install currently?


  • 0

#25
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

Thank you so much pystryker for getting my pc back up to speed, yes it was an email attachment via an excel sheet that I believe caused this now that I remember it.
 
What Antivirus would you recommend to install currently?


You're very welcome, it's my pleasure. :) I recommend using Avast antivirus. It has a free version so that all you have to do is register with an email address and they'll send you a key. Enter the key and you're good for a whole year. You can also upgrade it if you like. My setup includes weekly scans with Malwarebytes and Avast. :thumbsup:

http://www.avast.com
  • 0

Advertisements


#26
Pete677

Pete677

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts

Got avast installed now also, thanks again  :cheers:


  • 0

#27
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

Got avast installed now also, thanks again  :cheers:


You're very welcome, if you need us again, please don't hesitate to come back and see us. :)

Safe surfing!

Pystryker :wave:
  • 0

#28
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP