Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Adware infection [Solved]

adware dnsunlocker

  • This topic is locked This topic is locked

#16
Ornat

Ornat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

Hi :)

 

I performed the scan, and pasted the log below. Happily, I haven't encountered any issues, and there has been no sign of the adware. 

 

Did the scan reveal any traces of the adware, or does it look like my computer is indeed clean?

 

Thank you for all your help and support, I could not have gotten through this without your guidance :)

 

 

 

aswMBR version 1.0.1.2290 Copyright© 2014 AVAST Software
Run date: 2016-08-01 10:31:23
-----------------------------
10:31:23.043    OS Version: Windows x64 6.1.7601 Service Pack 1
10:31:23.043    Number of processors: 8 586 0x3A09
10:31:23.043    ComputerName: ORNA-PC  UserName: orna
10:31:25.539    Initialize success
10:31:26.943    VM: initialized successfully
10:31:26.959    VM: Intel CPU supported 
10:31:33.975    VM: supported disk I/O iaStorV.sys
10:35:15.993    AVAST engine defs: 16073100
10:35:28.925    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
10:35:28.941    Disk 0 Vendor: WDC_WD10 01.0 Size: 953869MB BusType: 8
10:35:28.941    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
10:35:28.941    Disk 1 Vendor: LITEONIT LWDA Size: 30533MB BusType: 8
10:35:29.065    VM: Disk 0 MBR read successfully
10:35:29.065    Disk 0 MBR scan
10:35:29.081    Disk 0 Windows 7 default MBR code
10:35:29.081    Disk 0 Partition 1 80 (A) 07      HPFS/NTFS NTFS          100 MB offset 2048
10:35:29.097    Disk 0 default boot code
10:35:29.097    Disk 0 Partition 2 00     07      HPFS/NTFS NTFS       204700 MB offset 206848
10:35:29.128    Disk 0 Partition 3 00     07      HPFS/NTFS NTFS       749067 MB offset 419432448
10:35:29.253    Disk 0 scanning C:\Windows\system32\drivers
10:35:38.925    Service scanning
10:36:16.365    Modules scanning
10:36:16.365    Disk 0 trace - called modules:
10:36:16.427    ntoskrnl.exe CLASSPNP.SYS disk.sys stdcfltn.sys iaStorV.sys hal.dll 
10:36:16.443    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8008346790]
10:36:16.443    3 CLASSPNP.SYS[fffff880017c843f] -> nt!IofCallDriver -> [0xfffffa80083c0cb0]
10:36:16.458    5 stdcfltn.sys[fffff88001be9d12] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8008347050]
10:36:17.098    AVAST engine scan C:\Windows
10:36:18.939    AVAST engine scan C:\Windows\system32
10:39:00.181    AVAST engine scan C:\Windows\system32\drivers
10:39:12.411    AVAST engine scan C:\Users\orna
10:42:07.459    AVAST engine scan C:\ProgramData
10:44:59.792    Disk 0 statistics 3836243/0/22 @ 4.54 MB/s
10:44:59.808    Scan finished successfully
10:45:45.360    Disk 0 MBR has been saved successfully to "C:\Users\orna\Desktop\MBR.dat"
10:45:45.360    The log file has been saved successfully to "C:\Users\orna\Desktop\aswMBR.txt"

  • 0

Advertisements


#17
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)
 

Thank you for all your help and support, I could not have gotten through this without your guidance :)

You're most welcome!

Congratulations your computer appears to be malware free!

Now I have some tasks for your good self to carry out as part of a clean up process and some advice about online safety.

Importance of Regular System Maintenance:

I advice you read both of the below listed topics as this will go a long way to keeping your Computer performing well.

Slow Computer/browser?

Also so is this:

What to do if your Computer is running slowly

Clean-Up with DelFix:

Please download DelFix to your desktop.
  • Right-click on delfix.exe and select Run as Administrator to launch the application.
  • Referring to the image below, select the three options denoted:
DF2.gif
  • Then click on Run.
  • Once it has finished processing, a notepad file named DelFix.txt will open. Post the contents in your next reply for my review.
  • The log can also be located at the root of the system drive, C:\DelFix.txt.
  • After you have posted the aforementioned DelFix.txt, delete it and empty the Recycle Bin.
Note: The above application/overall process will flush old System Restore points and create a new clean one. It should also clean up and remove the vast majority of scanners used and logs created etc.

Any left over merely delete yourself and empty the Recycle Bin.

Now some advice for on-line safety:

Malwarebyte's Anti-Malware:

This is a excellent application and I advise you keep this installed. Check for updates and run a scan at least once per week.

Other installed security software:

Your presently installed security application, Norton Security automatically checks for updates and downloads/installs them with every system reboot and or periodically if the machine is left running providing a internet connection is active.

I advise you also run a complete scan with this also at least once per week.

Keep Your System Updated:

Microsoft releases patches for Windows and other products regularly:
  • Click on Start(Windows 7 Orb) >> All Programs >> Windows Update.
  • In the navigation pane, click Check for updates.
  • After Windows Update has finished checking for updates, click View available updates.
  • Click to select the check box for any found, then click Install.
  • When completed Reboot(restart) your computer if not prompted to do so.
Plus check Automatic Updates is enabled.

Check your third party software is up to date:

Certain software such as Adobe related for example can be exploited by malware if it is not up-to date. I advise you consider downloading and installing Heimdal Free. Further information about this application can be read on the download page.

Be careful when opening attachments and downloading files:

1 - Never open email attachments, not even if they are from someone you know. If you need to open them, scan them with your antivirus program before opening.

2 - Never open emails from unknown senders.

4 - Beware of emails that warn about viruses that are spreading, especially those from antivirus vendors. These email addresses can be easily spoofed. Check the antivirus vendor websites to be sure.

5 - Be careful of what you download. Only download files from known sources. Also, avoid cracked programs. If you need a particular program that costs too much for you, try finding free alternatives on FileHippo or MajorGeeks

Stop malicious scripts:

Windows by default allow scripts (which is VBScript and JavaScript) to run and some of these scripts are malicious. Use Noscript by Symantec or Script Defender by AnalogX to handle these scripts.

Avoid Peer to Peer software:

P2P may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. It's really important, if you value your PC at all, to stay away from P2P file sharing programs, like utorrent, Bittorrent, Azureus, Limewire, Vuze. Criminals have "planted" thousands upon thousands of infections in the "free" shared files. Virtually all of these recent infections will compromise your Security, and some can turn your machine into a useless "doorstop".

I will further add; P2P software has the ability to create a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their infected dross onto your computer. Further to that, if your P2P software is not configured correctly you may be sharing more files than you realise. There have been cases where people's address books, passwords, other personal, private and financial details have been exposed to the file sharing network by a badly configured P2P applications

My friendly advice is to avoid these types of software applications.

Consider the below extra/layered security for your machine:

Custom Host File:

A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your computer will look up the website's IP address before you can view the website.

Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.

Here are some Hosts files:Only use one of the above!

CryptoPrevent Tool:

How to prevent your computer from becoming infected by CryptoLocker

WinPatrol:

WinPatrol alerts you about possible system hijacks, malware attacks and critical changes made to your computer without your permission.

Download it from here.

You can find information about how WinPatrol works here.

Next:

Any questions? Feel free to ask, if not stay safe!
  • 0

#18
Ornat

Ornat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

Hi, 

 

Thank you so much for the help! And wow, that is a lot of useful information - I will definitely take it to heart and implement these tools.

I ran DelFix, and have pasted the log below. I had to temporarily disable my AV first since it kept deleting the file, but once it was disabled it worked fine. 

 

Thank you for taking the time to help me deal with this, and for the expert advice on how to avoid such infections, I truly appreciate it :)

 

 

 

 

 

# DelFix v1.013 - Logfile created 01/08/2016 at 20:56:31
# Updated 17/04/2016 by Xplode
# Username : orna - ORNA-PC
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
 
~ Removing disinfection tools ...
 
Deleted : C:\FRST
Deleted : C:\zoek_backup
Deleted : C:\AdwCleaner
Deleted : C:\zoek-results.log
Deleted : C:\Users\orna\Desktop\Addition.txt
Deleted : C:\Users\orna\Desktop\AdwCleaner.exe
Deleted : C:\Users\orna\Desktop\aswmbr.exe
Deleted : C:\Users\orna\Desktop\aswMBR.txt
Deleted : C:\Users\orna\Desktop\Fixlog.txt
Deleted : C:\Users\orna\Desktop\FRST.txt
Deleted : C:\Users\orna\Desktop\FRST64 (1).exe
Deleted : C:\Users\orna\Desktop\MBR.dat
Deleted : C:\Users\orna\Desktop\zoek.exe
Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR
Deleted : HKLM\SYSTEM\CurrentControlSet\Services\aswMBR
 
~ Creating registry backup ... OK
 
~ Cleaning system restore ...
 
Deleted : RP #207 [Scheduled Checkpoint | 07/03/2016 16:05:48]
Deleted : RP #208 [Windows Update | 07/07/2016 18:15:48]
Deleted : RP #209 [Windows Update | 07/13/2016 17:41:54]
Deleted : RP #210 [Windows Update | 07/20/2016 14:30:42]
Deleted : RP #211 [Scheduled Checkpoint | 07/29/2016 10:54:21]
Deleted : RP #212 [Removed Java 8 Update 73 | 07/29/2016 12:58:50]
Deleted : RP #213 [Removed Java 8 Update 73 | 07/29/2016 13:00:19]
Deleted : RP #215 [Restore Point Created by FRST | 07/29/2016 13:04:52]
Deleted : RP #216 [zoek.exe restore point | 07/30/2016 16:20:11]
 
New restore point created !
 
########## - EOF - ##########

  • 0

#19
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Acknowledged and you're welcome! :)
  • 0

#20
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.


  • 0






Similar Topics


Also tagged with one or more of these keywords: adware, dnsunlocker

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP