Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Server could not be found (for one site only)


  • Please log in to reply

#16
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

So that fixed the problem?

 

I think something up the line did not want you to go to tagged.  Is this PC at a school or at a company where you work?  It's an odd way to block something tho.  Usually they stop all traffic to a site and divert it to a blocked warning.  (When I was working I was in charge of a device that did it that way.)  First time I've seen them block access to a site by intercepting DNS calls.


  • 0

Advertisements


#17
Andro

Andro

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 228 posts

Since I added that address I can open Tagged again so I would say the problem is fixed :)

 

This is a home PC so I don't have a clue how this actually happened.


  • 0

#18
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Glad it's working anyway.  I suppose if you really wanted to know what is happening you would have to ask your ISP.  Something is blocking the request somewhere upstream.


  • 0

#19
Andro

Andro

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 228 posts

Yeah me too. I will call them and ask. Am I clean now or is there something else we have to do ? I have a few questions if I can ask you ?

 

1. I did a full scan with MBAM and found this

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 4/1/17
Scan Time: 10:17 PM
Logfile: MBAM.txt
Administrator: Yes

-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.75
Update Package Version: 1.0.1642
License: Premium

-System Information-
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: BestInTheWorld\Andro

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 270786
Time Elapsed: 20 min, 27 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Disabled
PUM: Disabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 2
PUP.Optional.AuslogicsDiskDefrag, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1, Quarantined, [2307], [350020],1.0.1642
PUP.Optional.AuslogicsDiskDefrag, HKLM\SOFTWARE\AUSLOGICS\DISK DEFRAG, Quarantined, [2307], [350021],1.0.1642

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 2
PUP.Optional.AuslogicsDiskDefrag, C:\USERS\ANDRO\DESKTOP\Auslogics Disk Defrag.lnk, Quarantined, [2307], [350022],1.0.1642
PUP.Optional.Linkury.Generic, C:\PROGRAM FILES\COMMON FILES\SPC500NC\SPC_ClearFile.exe, Quarantined, [2398], [357147],1.0.1642

Physical Sector: 0
(No malicious items detected)


(end)

 

I put those files in Quarantine. They are detected as PUP. Should I erase them for good or keep them ? I'm asking you because Auslogics Disk Defrag supposed to be a safe program.

 

2. What about Rogue Killer, is still necesarry to run it ?

3. What to do with those DNS addresses I set for ipv4 and ipv6 ? Should I keep them ?


  • 0

#20
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

As far as I know, Auslogics Disk Defrag is safe.  MBAM seems to consider it a PUP (Potentially Unwanted Program) but I think that's probably a false positive.

 

The other file:

 

PUP.Optional.Linkury.Generic, C:\PROGRAM FILES\COMMON FILES\SPC500NC\SPC_ClearFile.exe, Quarantined, [2398], [357147],1.0.1642

 

Looks like it may be part of SPC 610NC Laptop Camera (en) Driver so probably also a false positive.  You can submit the SPC_ClearFile.exe file to virustotal.com and see what they think of it.  I don't see an exe file for auslogic.

 

It wouldn't hurt to run Rogue Killer just to make sure there is nothing else hiding.  Rogue Killer is also prone to False Positives so don't let it remove anything until I look at its report.  Just leave it minimized until I get back to you.

 

You can go back to your original DNS settings if you like.  It's probably a long way to 8.8.8.8 from where you are so should be faster using the one they assign you.


  • 0

#21
Andro

Andro

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 228 posts

I also think Disk Defrag is safe that's why I asked you. I submitted SPC to virustotal page and it's safe too. I attached MBAM exclusions, please tell me if I should remove somehing.

 

MBAM Exclusions.jpg

 

Here is RK log

 

RogueKiller V12.10.3.0 [Apr  3 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.co...ad/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Andro [Administrator]
Started from : C:\Users\Andro\Desktop\RogueKiller.exe
Mode : Scan -- Date : 04/04/2017 17:36:27 (Duration : 00:38:20)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 2 ¤¤¤
[PUP.Gen1][Folder] C:\ProgramData\APN -> Found
[PUP.Gen1][Folder] C:\ProgramData\APN -> Found

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD2500JS-60MHB5 ATA Device +++++
--- User ---
[MBR] e95b39c7b8d893d42b14819413809e3b
[BSP] fe3d657473a7aa9e0b57b4a029c3d7c1 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 238373 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2: Generic- SM/xD-Picture USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3: Generic- SD/MMC USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4: Generic- MS/MS-Pro USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )


  • 0

#22
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

MBAM exclusions look OK.

 

[PUP.Gen1][Folder] C:\ProgramData\APN -> Found
[PUP.Gen1][Folder] C:\ProgramData\APN -> Found

 

I think the folders are leftover from the ask PUP so you can let Rogue Killer remove them.


  • 0

#23
Andro

Andro

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 228 posts

RK successfully removed those folders.


  • 0

#24
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

I don't think there is anything on your PC that could cause your problem.  I think we can cleanup:

 

 Time to clean up:

 
To delete the Quarantine Folder used by FRST create a fixlist.txt file with just the following line:
 
DeleteQuarantine:
 
Save the fixlist.txt to the same folder as FRST then run FRST and hit Fix.  You can easily delete any other folders and logs.
 
If we installed Speccy it needs to be uninstalled.  Process Explorer, VEW, AdwCleaner, JRT  and their logs and Speccy's log can just be deleted.
 
Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.  Flash is now the most malware targeted program so it must be kept up to date.  Be careful with Adobe.  They are fond of offering optional downloads like yahoo or Ask toolbars or that worthless McAfee Security Scan.  Go slow and uncheck the optional stuff.
 
Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program.  There is an exploit out there now that can use it to get on your PC.  For Adobe Reader:  Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript.  OK Close program.  It's the same for Foxit reader except you uncheck Enable Javascript Actions. 
 
 
If you use Chrome/Firefox/IE then get the AdBlock Plus Add-on.  Go to adblockplus.org with each browser and get the add-on.  (It's actually a program for IE)
 
If Chrome/Firefox is slow loading make sure it only has the current Java add-on.  Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox.  Close Chrome/Firefox/Skpe. Hit Optimize.   You can run it any time that Chrome/Firefox seems slow starting..
 
If you are a Facebook user get the FB Purity extension for your browser:
This will stop all of the suggested pages and ads so that Facebook loads much quicker.
 
 
Be warned:  If you use Limewire, utorrent or any of the other P2P programs you will probably be coming back to the Malware Removal forum.  If you must use P2P then submit any files you get to http://virustotal.combeforeyou open them.
 
Due to a recent rise in the number of Crytolocker infections I am now recommending you install:
 
CryptoPrevent
 
 
The free version does not update on its own so you should check for updated versions once in a while. When you install it the default is NONE which is kind of worthless so change it to Standard or default. If you have problems after installing CryptoPrevent you can just uninstall it.
 
If you have a router, log on to it today and change the default password!  If using a Wireless router you really should be using encryption on the link.  Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business.  See http://www.king5.com...0637284.htmlandhttp://www.seattlepi...ted-1344185.php for why encryption is important.  If you don't know how, visit the router maker's website.  They all have detailed step by step instructions or a wizard you can download.
 
Special note on Java.  Old Java versions should be removed after first clearing the Java Cache by following the instructions in:
Then remove the old versions by going to Control Panel, Programs and Features and Uninstall all Java programs which are not Java Version 7 update 25 or better.  These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE.  Get the latest version from Java.com.  They will usually attempt to foist some garbage like the Ask toolbar, Yahoo toolbar or McAfee Security Scan on you as part of the download.  Just uncheck the garbage before the download (or install) starts.  If you use a 64-bit browser and want the 64-bit version of Java you need to use it to visit java.com.
Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it.  IF that is the case then go to Control Panel, Java, Security and slide it up to the highest level.  OK.

  • 0

#25
Andro

Andro

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 228 posts

I did everything you recommended.

 

Thank you very much for all your help & advices, my PC is safe again ! :)


  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP