Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Spyware or Malware, getting bad, personal information could be comprom


  • This topic is locked This topic is locked

#16
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you run a Malwarebytes scan please and post the log
  • 0

Advertisements


#17
Destiny000

Destiny000

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 130 posts

Here it is.

Attached Files

  • Attached File  scan.txt   1.02KB   90 downloads

  • 0

#18
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you run Chrome in incognito mode and let me know if you still get the alerts https://support.goog.../95464?hl=en-GB
  • 0

#19
Destiny000

Destiny000

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 130 posts

Sadly even in incognito mode I still get them. :(


  • 0

#20
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK it is just the MBAM warning that you are now receiving is that correct ?

I will need to check the IP further as it appears to be in the US
  • 0

#21
Destiny000

Destiny000

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 130 posts

I still get everything, malware bytes blocking warning and pop ups, sometimes it opens a new window sometimes on the page i'm on and sometimes it opens a new tab and redirects the current tab i was on as well. It always requires me to click  somewhere, anywhere on the browser page. It's random when it happens, not always, sometimes constantly 0.0 sometimes just a little.


  • 0

#22
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK I would like you to uninstall Chrome and then test out using IE to see if the problem is still there


1. If you have bookmarks, let's save them by exporting them - Export Bookmarks
2. Then I need you to go Google Sync and sign into your account
3. Scroll down until you see the "Stop and Clear" button and click on the button. At the prompt click on "Ok"
4. Now we need to uninstall chrome.
Note: When asked about user data or settings you must remove this also so please check the box.
5.Now reboot and use IE to get online is the alert still occuring ?
  • 0

#23
Destiny000

Destiny000

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 130 posts

Yeah still, before I was using chrome I got them in Firefox and Microsoft Edge then switched over to chrome because i liked it's settings better. I was using both firefox and Microsoft Edge at the same time comparing the two browsers since ME is new and was learning it's pitfalls.


  • 0

#24
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK so we are looking at it affecting all browsers which means the infections area is within the network config.. So lets tidy that up

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
Reg: reg delete "HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad" /f
Reg: reg delete "HKEY_USERS\S-1-5-21-3016000360-1041427054-1883944200-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad" /f
Reg: reg add "HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad" /f
Reg: reg add "HKEY_USERS\S-1-5-21-3016000360-1041427054-1883944200-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad" /f
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
  • 0

#25
Destiny000

Destiny000

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 130 posts

0.0 . . . . . Thus far no popups . . . . no malware bytes blocking things . . . . so far so good. 

 

Attached file.

 

So when it's within the network config, where exactly has it been working from within that? And how was it doing that? I'm curious as to how this thing worked. 

 

And i'm guessing from all other scans, i had nothing else hiding on my laptop running in the background?

 

Thank you sooo much for your help thus far!

 

Blessings!!!

Attached Files


  • 0

Advertisements


#26
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
My initial thought is that it was hiding in the WPAD are.. But, lets see
  • 0

#27
Destiny000

Destiny000

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 130 posts

Note sure if you had more to say above or not as it seemed like your sentence got cut off there.

 

I'm getting some redirects, rarely but is happening. This time thus far is only when when in incognito mode in chrome.


Edited by Destiny000, 12 November 2015 - 05:05 PM.

  • 0

#28
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Hmm there does appear to be something missing, any ways

 

What redirects are you getting in Chrome ?  Has MBAM been keeping quiet


  • 0

#29
Destiny000

Destiny000

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 130 posts

Malware Bytes is quiet. the redirect I keep getting is from this one which then redirects a different tab to various different pages where when you x out of the tab it asks if your sure you want to leave this page. The page that seems to do the redirect is this url: http://www.utrack.pw/sh/


  • 0

#30
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could I have a fresh FRST scan please as I would like to look at the chrome settings
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP