Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Bad File Installed - Pop-Ups Galore


  • Please log in to reply

#16
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,019 posts
  • MVP

Speccy says the PC is running nice and cool.  Not always the case with a laptop.  The hard drive is in perfect shape.  

 

This is however is odd:

 

12/30/1899  
12/30/1899  
12/30/1899  
12/30/1899  
12/30/1899  
12/30/1899  
12/30/1899  
12/30/1899  
12/30/1899  
12/30/1899  
12/30/1899  
12/30/1899  
12/30/1899  
12/30/1899  
12/30/1899  
12/30/1899  
12/30/1899  
12/30/1899  
12/30/1899  
12/30/1899  
12/30/1899  
12/30/1899  
12/30/1899  
12/30/1899  
12/30/1899  
12/30/1899  
12/30/1899  
12/30/1899  
12/30/1899  
12/30/1899  
12/30/1899  
12/30/1899  
12/30/1899  
12/30/1899  
12/30/1899  
12/30/1899  
12/30/1899  
12/30/1899  
12/30/1899  
12/30/1899  
12/30/1899  
12/30/1899  
12/30/1899  
12/30/1899  
12/30/1899  
12/30/1899  
12/30/1899  
12/30/1899  
12/30/1899  
12/30/1899  
12/30/1899  
12/30/1899  
12/30/1899  
12/30/1899  
12/30/1899  
12/30/1899  
12/30/1899  
12/30/1899  
12/30/1899  
Not Installed
 
 

 

 

This shows up in the middle of the list of installed programs.  I've never seen this before so not sure what to do about it.  If you make another speccy log does it show up?

 

Bring up FRST again and put 

18991230

in the Search box and hit Search Registry

 

It will take a few minutes to finish.  If it finds anything copy and paste the text from its log into a reply.


  • 0

Advertisements


#17
corn4ahead

corn4ahead

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 175 posts

Here are the new results for Speccy.

 

Attached File  Speccy results.txt   89.31KB   59 downloads

 

It found nothing with the FRST scan.


  • 0

#18
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,019 posts
  • MVP

Speccy still has the run of 1899 dates in the installed program section.  

Not sure where that is coming from if it's not in the registry.

 

Also it's getting a bit warm:

Dell Inc. 0NJT03 (CPU) 65 °C

 

Make sure it's on a hard surface.  Operating it on a softsurface like a bed will block the air vents and cause overheating.

 

See if you can get the free ESET online scan to run just to make sure that I am not missing anything.

 

Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner.  Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).  
 
# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.

  • 0

#19
corn4ahead

corn4ahead

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 175 posts

I tried to scan my computer with the ESET scanner. It was almost complete. It said there was 103 threats found but then the program froze and later closed do to an unexpected error. I tried to run it two times but both times it almost completed and then quit.


  • 0

#20
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,019 posts
  • MVP

Don't like to hear that.  Hopefully most of what it found is already in FRST's quarantine.  Since ESET failed and Panda doesn't seem to be able to handle this how about temporarily uninstalling it and replacing it with the free Avast?  Then we can let Avast run a boot-time scan tonight while you sleep and see what it finds.  It takes like 6 hours so I usually let it run at night.

 

Click on Download then choose the free version.
 
Uninstall Panda.  (If this is a pay version make sure you know how to reinstall it with your paid license)  Reboot.
 
Install Avast by right clicking and Run As Admin.  Uncheck any bonus offers like Google Chrome or Tool bar or Dropbox.  
 
Once it installs, make sure it is able to get its updates.  Then tonight while you sleep let it run a boot-time scan as follows.
 
Open Avast, Scan, Scan for Viruses, Change the Quick Scan (in the box in the center of the page) to Boot-time Scan.  Then at the bottom of the page click on Scan Settings.
 
Make sure both boxes are checked and click on the gray box to the right of the orange ones.  It should turn orange.  Change where it says "Fix Automatically" to "Move to
Chest."  OK.  Now click on Start and then close Avast.  Mute your speakers so it doesn't wake you up when Windows boots.
 
When you reboot you will see the scan start.  It will tell you where it saves its log.  Usually it's C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location.   This is a hidden location so you will need to tell Windows to let you see it:
 
 
Copy and paste the text from the log to a Reply when done.
 

  • 0

#21
corn4ahead

corn4ahead

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 175 posts

Well, the Avast scan only took like an hour and fifteen minutes.

 

Here is the log from that.

 

Attached File  aswBoot.txt   13.7KB   55 downloads


  • 0

#22
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,019 posts
  • MVP

Amazing.  You must have either a very fast PC or a small hard drive.  I ran it the other night and after 6 hours it was only 75% done but I have a 2 TB drive.  You have ionly a 500 GB and a lot faster PC than mine.

 

If you got the Microsoft Office Professional Plus 2010 from Microsoft then I expect these were false positives:

 

File C:\Users\Brad\Downloads\Microsoft Office Professional Plus 2010\Activators\KMSnano\KMSnano_setup.exe is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Brad\Downloads\Microsoft Office Professional Plus 2010\Activators\Microsoft Toolkit\Microsoft Toolkit.exe|>[Embedded_I#00132ba] is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Brad\Downloads\Microsoft Office Professional Plus 2010\Activators\Microsoft Toolkit\Microsoft Toolkit.exe|>$PLUGINSDIR\B is infected by Win32:Malware-gen, Moved to chest

 

 

 
 
This is one we didn't see 
 
File C:\Users\Brad\Downloads\SoftwareUpdater.exe is infected by Win32:Adware-gen [Adw], Moved to chest

 

 

 
but it wasn't active.
 
These are from 2 downloads that never completed: 
File C:\Users\Brad\Downloads\Unconfirmed 186495.crdownload|>disk1.cab|>itc3_d.dll is infected by Win32:Dropper-gen [Drp], Moved to chest
File C:\Users\Brad\Downloads\Unconfirmed 186495.crdownload|>disk1.cab|>itc3x64_d.dll is infected by Win64:Adware-gen [Adw], Moved to chest
File C:\Users\Brad\Downloads\Unconfirmed 186495.crdownload|>disk1.cab|>itc3xp_d.dll is infected by Win32:Adware-gen [Adw], Moved to chest
File C:\Users\Brad\Downloads\Unconfirmed 369901.crdownload|>disk1.cab|>itc3_d.dll is infected by Win32:Dropper-gen [Drp], Moved to chest
File C:\Users\Brad\Downloads\Unconfirmed 369901.crdownload|>disk1.cab|>itc3x64_d.dll is infected by Win64:Adware-gen [Adw], Moved to chest
File C:\Users\Brad\Downloads\Unconfirmed 369901.crdownload|>disk1.cab|>itc3xp_d.dll is infected by Win32:Adware-gen [Adw], Moved to chest

 

 

Everything else was already in quarantine so we did pretty good.
 
No idea where the 1899 dates came from.  Possibly a glitch in the hard drive.  
 
You might try your ESET scan again.  Perhaps Panda was interfering.
 
Also Kaspersky has a free scan too so try it out:
 

  • 0

#23
corn4ahead

corn4ahead

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 175 posts
I just did the Microsoft 2010 trial version. Not the full version. I have open office for my word processing. Should I uninstall the trial version now that I'm done with it?

And yes, my HDD is relatively new because the original HDD got fried. Lol. It's only a few months old.

Edited by corn4ahead, 26 June 2016 - 05:33 PM.

  • 0

#24
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,019 posts
  • MVP

Might as well.  It looks like we are pretty much done so we should clean up:

 

We usually clean up with Delfix.  This removes our tools and their logs and quarantines and also removes all but the latest System Restore point so there is no chance of the malware coming back with a system restore. Delfix has been a tad too aggressive recently and seems to dislike pdf files in the Downloads folder so if you have any you should move them to a different folder before running Delfix.
 
Ensure Remove disinfection tools is ticked
Also tick:
Create registry backup
Purge system restore
 
Click Run
The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply
 
 
Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.  Flash is now the most malware targeted program so it must be kept up to date.  Be careful with Adobe.  They are fond of offering optional downloads like yahoo or Ask toolbars or that worthless McAfee Security Scan.  Go slow and uncheck the optional stuff.
 
Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program.  There is an exploit out there now that can use it to get on your PC.  For Adobe Reader:  Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript.  OK Close program.  It's the same for Foxit reader except you uncheck Enable Javascript Actions. 
 
 
If you use Chrome/Firefox/IE then get the AdBlock Plus Add-on.  Go to adblockplus.org with each browser and get the add-on.  (It's actually a program for IE)
 
If Chrome/Firefox is slow loading make sure it only has the current Java add-on.  Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox.  Close Chrome/Firefox/Skpe. Hit Optimize.   You can run it any time that Chrome/Firefox seems slow starting..
 
Be warned:  If you use Limewire, utorrent or any of the other P2P programs you will probably be coming back to the Malware Removal forum.  If you must use P2P then submit any files you get to http://virustotal.combeforeyou open them.
 
Due to a recent rise in the number of Crytolocker infections I am now recommending you install:
 
CryptoPrevent
 
 
Last time I downloaded it you had to give them your IP address and they would send you the link to download it.  When it ran it asked if you were sure your PC was clean then it would try to allow everything on your PC to continue running.  The free version does not update on its own so you should check for updated versions once in a while.  If you have problems after installing CryptoPrevent you can just uninstall it.
 
If you have a router, log on to it today and change the default password!  If using a Wireless router you really should be using encryption on the link.  Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business.  See http://www.king5.com...0637284.htmlandhttp://www.seattlepi...ted-1344185.php for why encryption is important.  If you don't know how, visit the router maker's website.  They all have detailed step by step instructions or a wizard you can download.
 
Special note on Java.  Old Java versions should be removed after first clearing the Java Cache by following the instructions in:
Then remove the old versions by going to Control Panel, Programs and Features and Uninstall all Java programs which are not Java Version 7 update 25 or better.  These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE.  Get the latest version from Java.com.  They will usually attempt to foist some garbage like the Ask toolbar, Yahoo toolbar or McAfee Security Scan on you as part of the download.  Just uncheck the garbage before the download (or install) starts.  If you use a 64-bit browser and want the 64-bit version of Java you need to use it to visit java.com.
Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it.  IF that is the case then go to Control Panel, Java, Security and slide it up to the highest level.  OK.
 
 
My help is free but if you wish to show your appreciation, please donate to Kwiaht instead of me. It's an Orcas Island environmental organization that I volunteered with: http://www.kwiaht.org/donate.htm
(The name means something like "clean place" in one of the local native-American dialects)
 
Ron

  • 0

#25
corn4ahead

corn4ahead

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 175 posts

ESET still would not work. I received the same error as before.

 

Here is the Delfix log.

 

Attached File  DelFix.txt   854bytes   22 downloads


  • 0

Advertisements


#26
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,019 posts
  • MVP

You can try ESET using Firefox.  You have to install an extension and restart Firefox to make it work,


  • 0

#27
corn4ahead

corn4ahead

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 175 posts

You can try ESET using Firefox.  You have to install an extension and restart Firefox to make it work,

 

Where do I get the extension? What is the extension called?


  • 0

#28
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,019 posts
  • MVP

Just use Firefox to go to  http://eset.com/onlinescan and they will offer you the extension.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP