[flowerchild552008]

Thank you in advance for your assistance.  As stated in my topic title, I was alerted with the above message and phone number to call that I am sure is not Microsoft as they say.  I was able to close out the system and reboot but want to make sure that I really have not ben infected.  After reading about this, I am under the impression that is a scam for payment but would like to make sure.  My system is Windows10 x64.

 

Below are the FRST logs.

 

Thanks again,

 

Deb

Attached Files

•  FRST.txt   87.15KB   183 downloads
•  Addition.txt   34.86KB   200 downloads

[Advertisements]

Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions!

You're the second person to have this, it's called a tech support pop up scam.

Let me review your logs and I'll get back to you.

Just a few things to fix, nothing related to the pop up.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.

start
CloseProcesses:
CreateRestorePoint:
S3 WsDrvInst; "C:\Program Files (x86)\Wondershare\MobileTrans\DriverInstall.exe" [X]
Task: {87E4EFE7-D153-4E8B-A678-8B4DC87A075B} - \WPD\SqmUpload_S-1-5-21-1298665756-2822785880-394653188-1001 -> No File <==== ATTENTION
CMD: ipconfig /flushdns
Emptytemp:

• Click Format and ensure Wordwrap is unchecked.
• Save as Fixlist.txt to your Desktop (Must be in this location)
• Run FRST/FRST64 and press the Fix button just once and wait.
• If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
• The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
• Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.
  
  Next
  
  Download AdwCleaner from here. Save the file to the desktop.
  NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.
  Close all open windows and browsers.
  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:
  
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
  • Click the Clean button.
  • Everything checked will be moved to Quarantine.
  • When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this
  
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C0].txt

[zep516]

Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions!

You're the second person to have this, it's called a tech support pop up scam.

Let me review your logs and I'll get back to you.

Just a few things to fix, nothing related to the pop up.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.

start
CloseProcesses:
CreateRestorePoint:
S3 WsDrvInst; "C:\Program Files (x86)\Wondershare\MobileTrans\DriverInstall.exe" [X]
Task: {87E4EFE7-D153-4E8B-A678-8B4DC87A075B} - \WPD\SqmUpload_S-1-5-21-1298665756-2822785880-394653188-1001 -> No File <==== ATTENTION
CMD: ipconfig /flushdns
Emptytemp:

• Click Format and ensure Wordwrap is unchecked.
• Save as Fixlist.txt to your Desktop (Must be in this location)
• Run FRST/FRST64 and press the Fix button just once and wait.
• If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
• The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
• Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.
  
  Next
  
  Download AdwCleaner from here. Save the file to the desktop.
  NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.
  Close all open windows and browsers.
  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:
  
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
  • Click the Clean button.
  • Everything checked will be moved to Quarantine.
  • When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this
  
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C0].txt

[flowerchild552008]

Hi Zep!

 

I have attached the Fixlog but was unable to attach the AdwCleaner log.  Now I can't locate it.  Please let me know where I might find it.  It ran fine and was there but I cannot locate it.

 

Thanks,

 

Deb

Attached Files

•  Fixlog.txt   2.15KB   150 downloads

[zep516]

Hello,

C:\AdwCleaner\AdwCleaner[C0].txt

[flowerchild552008]

Ah, it was hiding!

 

Thanks!

 

 

Attached Files

•  AdwCleanerC0.txt   4.3KB   197 downloads

[zep516]

Hello,

Have you run a regular Malwarebytes scan ?

I think this pop up was website related.

[flowerchild552008]

Yes, I ran that first before I posted here. Here is the log.

Attached Files

•  malwarebytes 5252017.txt   2.76KB   163 downloads

[zep516]

Hello,

Malwarebytes shows No Action By User ! That means you did not quarantine any of the malware.

• When the scan is complete , make sure that that all Threats are selected, and click Remove Selected.

[flowerchild552008]

Hi Zep,

 

After running the original Malwarebytes I wasn't sure about deleting those files which was one reason I posted here.  I've just run another Malwarebytes and  think that the Adwcleaner must have gotten rid of those first files.  Attached is all that shows in the report after re-running Malwarebytes.

 

Thanks,

 

Deb

Attached Files

•  malwarebytes 5252017 2.txt   1.3KB   141 downloads

Edited by flowerchild552008, 25 May 2017 - 09:04 PM.

[zep516]

Hello,

1 more scan to double check things,

Next

• Please download Junkware Removal Tool to your Desktop.
• Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
• Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete, depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
• Please post the contents of JRT.txt into your reply.

[flowerchild552008]

Ok.... here is the log for JRT.  Hopefully this will take care of things.

Attached Files

•  JRT.txt   718bytes   171 downloads

[zep516]

Thanks,

I'll leave the topic open a few days in case.

Thanks
Joe

[flowerchild552008]

Joe,

 

Thank you so much for your assistance. Everything seems to be back to normal now.  I am very grateful for all of you at Geeks To Go. 

 

Deb

[zep516]

You usually get infected because your security settings are too low.

Here are a number of recommendations that will help tighten them, and which will contribute to making you a less likely victim:

Safe Computing Practices please read Here


Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

Thanks
Joe