Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Screen popped up stating I am infected with RDN/TrojanWorm!055BCCA


  • This topic is locked This topic is locked

#1
flowerchild552008

flowerchild552008

    Member

  • Member
  • PipPipPip
  • 123 posts

Thank you in advance for your assistance.  As stated in my topic title, I was alerted with the above message and phone number to call that I am sure is not Microsoft as they say.  I was able to close out the system and reboot but want to make sure that I really have not ben infected.  After reading about this, I am under the impression that is a scam for payment but would like to make sure.  My system is Windows10 x64.

 

Below are the FRST logs.

 

Thanks again,

 

Deb

Attached Files


  • 0

Advertisements


#2
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 7,701 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)

You're the second person to have this, it's called a tech support pop up scam.

Let me review your logs and I'll get back to you.

Just a few things to fix, nothing related to the pop up.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.

start
CloseProcesses:
CreateRestorePoint:
S3 WsDrvInst; "C:\Program Files (x86)\Wondershare\MobileTrans\DriverInstall.exe" [X]
Task: {87E4EFE7-D153-4E8B-A678-8B4DC87A075B} - \WPD\SqmUpload_S-1-5-21-1298665756-2822785880-394653188-1001 -> No File <==== ATTENTION
CMD: ipconfig /flushdns
Emptytemp:
  • Click Format and ensure Wordwrap is unchecked.
  • Save as Fixlist.txt to your Desktop (Must be in this location)
  • Run FRST/FRST64 and press the Fix button just once and wait.
  • If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
  • The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
  • Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

    Next

    Download AdwCleaner from here. Save the file to the desktop.
    NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.
    Close all open windows and browsers.
    • XP users: Double click the AdwCleaner icon to start the program.
    • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
      You will see the following console:
    iO5EZayK.png
    • Click the Scan button and wait for the scan to finish.
    • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
    • Click the Clean button.
    • Everything checked will be moved to Quarantine.
    • When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this
    adwcleaner_delete_restart.jpg
    • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C0].txt

  • 0

#3
flowerchild552008

flowerchild552008

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 123 posts

Hi Zep!

 

I have attached the Fixlog but was unable to attach the AdwCleaner log.  Now I can't locate it.  Please let me know where I might find it.  It ran fine and was there but I cannot locate it.

 

Thanks,

 

Deb

Attached Files


  • 0

#4
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 7,701 posts
Hello,

C:\AdwCleaner\AdwCleaner[C0].txt
  • 0

#5
flowerchild552008

flowerchild552008

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 123 posts

Ah, it was hiding!

 

Thanks!

 

 

Attached Files


  • 0

#6
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 7,701 posts
Hello,

Have you run a regular Malwarebytes scan ?

I think this pop up was website related.
  • 0

#7
flowerchild552008

flowerchild552008

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 123 posts

Yes, I ran that first before I posted here. Here is the log.

Attached Files


  • 0

#8
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 7,701 posts
Hello,

Malwarebytes shows No Action By User ! That means you did not quarantine any of the malware.
  • When the scan is complete , make sure that that all Threats are selected, and click Remove Selected.

  • 0

#9
flowerchild552008

flowerchild552008

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 123 posts

Hi Zep,

 

After running the original Malwarebytes I wasn't sure about deleting those files which was one reason I posted here.  I've just run another Malwarebytes and  think that the Adwcleaner must have gotten rid of those first files.  Attached is all that shows in the report after re-running Malwarebytes.

 

Thanks,

 

Deb

Attached Files


Edited by flowerchild552008, 25 May 2017 - 09:04 PM.

  • 0

#10
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 7,701 posts
Hello,

1 more scan to double check things,

Next
  • Please download Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.

  • 0

#11
flowerchild552008

flowerchild552008

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 123 posts

Ok.... here is the log for JRT.  Hopefully this will take care of things.

Attached Files

  • Attached File  JRT.txt   718bytes   103 downloads

  • 0

#12
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 7,701 posts
Thanks,

I'll leave the topic open a few days in case.

Thanks
Joe
  • 0

#13
flowerchild552008

flowerchild552008

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 123 posts

Joe,

 

Thank you so much for your assistance. Everything seems to be back to normal now.  I am very grateful for all of you at Geeks To Go. 

 

Deb


  • 0

#14
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 7,701 posts
You usually get infected because your security settings are too low.

Here are a number of recommendations that will help tighten them, and which will contribute to making you a less likely victim:

Safe Computing Practices please read Here


Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

Thanks
Joe :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP