Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Virus or Not? [Solved]


  • This topic is locked This topic is locked

#31
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,150 posts

Hi, Mark.

 

I'm glad the computer seems to work better now.

 

Some last comments:

 

1. qBitTorrent
 
Signs of qBitTorrent continue to be present. Please, have in mind, and also let your son know that this is a P2P program. P2P programs form a direct conduit on to a computer. They have always been a target of malware writers and are increasingly so of late. P2P security measures are easily circumvented and if your P2P program is not configured correctly, you may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured program. Now, we will remove the remnants. But using it again, or just downloading from pages that are using it, or any other torrent, your computer will probably get infected again.
 
 
2. FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Start::
CreateRestorePoint:
CloseProcesses:
FirewallRules: [UDP Query User{482FC0C1-F375-4FA3-A68F-556051F318C8}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe => No File
FirewallRules: [TCP Query User{410746F1-D982-4433-B156-804FFF31F7CF}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe => No File
2021-08-06 23:58 - 2021-08-09 12:10 - 000000000 ____D C:\Users\moond\AppData\Roaming\qBittorrent
2021-08-06 23:58 - 2021-08-06 23:58 - 000000000 ____D C:\Users\moond\AppData\Local\qBittorrent
EmptyTemp:
End::
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.

 

3. Change a Malwarebytes setting
 
I asked you to do that before, but perhaps you didn't see it.

  • Open Malwarebytes.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Under the title Scan Options, all the options are checked.
    Under the title Windows Security Center (Premium only) the option is NOT checked.
    Under the title Potentially unwanted items all options are set to Always.

 

4. Scan and fix Drive Z

 

There were signs that this drive has errors. You can fix them for now, but please make sure to save the content of it somewhere else, in case it permanently fails. 

 

How to proceed:

  • Insert the drive in the computer and open it.
  • Select all the content of the drive and copy it.
  • Paste the content of the drive either on a folder in your computer or in another good drive.
  • Unplug the drive and insert it again. 
  • When you get the message that you need to scan and fix it, agree and proceed. 
  • Unplug the drive, insert it again and check if the warning message appears again. If not, then copy and paste your files in it again. If yes, then you need another drive. If the warning appears after a while, then again, you need to buy another drive.

 

In your next reply please post :

  1. The fixlog.txt
  2. Any remaining question

  • 0

Advertisements


#32
moondog830

moondog830

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 775 posts
Changed the Malwarebytes settings to what you said to.
 
I will get to drive Z later or first thing in the morning
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 08-08-2021
Ran by moond (09-08-2021 18:06:45) Run:2
Running from C:\Users\moond\Desktop
Loaded Profiles: moond
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
FirewallRules: [UDP Query User{482FC0C1-F375-4FA3-A68F-556051F318C8}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe => No File
FirewallRules: [TCP Query User{410746F1-D982-4433-B156-804FFF31F7CF}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe => No File
2021-08-06 23:58 - 2021-08-09 12:10 - 000000000 ____D C:\Users\moond\AppData\Roaming\qBittorrent
2021-08-06 23:58 - 2021-08-06 23:58 - 000000000 ____D C:\Users\moond\AppData\Local\qBittorrent
EmptyTemp:
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{482FC0C1-F375-4FA3-A68F-556051F318C8}C:\program files\qbittorrent\qbittorrent.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{410746F1-D982-4433-B156-804FFF31F7CF}C:\program files\qbittorrent\qbittorrent.exe" => removed successfully
C:\Users\moond\AppData\Roaming\qBittorrent => moved successfully
C:\Users\moond\AppData\Local\qBittorrent => moved successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 10510336 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 26352582 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 1620120 B
Edge => 0 B
Chrome => 0 B
Brave => 425923287 B
Firefox => 77662446 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 19722 B
NetworkService => 19722 B
moond => 9562604 B
 
RecycleBin => 2703822 B
EmptyTemp: => 528.7 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 18:07:17 ====

  • 0

#33
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,150 posts

Hi, Mark.
 
Let's finish it. :)

The following tool will remove the tools we used as well as reset system restore points:

Download KpRm by kernel-panik and save it to your desktop.

  • Right-click kprm_(version).exe and select Run as Administrator.
  • Read and accept the disclaimer.
  • When the tool opens, ensure all boxes under Actions are checked.
  • Under Delete Quarantines select Delete Now, then click Run.
  • Once complete, click OK.
  • A log will open in Notepad titled kprm-(date).txt.
  • Please copy and paste its contents in your next reply.

  • 0

#34
moondog830

moondog830

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 775 posts
As for Drive Z ... no error message ... nothing pops up on it when I connect it. Thanks for all your help ... one question left ... in one of your latest posts, you mentioned that torrents are a pipeline for hackers etc ... The game I play "World of Tanks" uses torrent technology ... is this also a risk?
 
 
# Run at 8/10/2021 2:13:03 PM
# KpRm (Kernel-panik) version 2.9.2
# Run by moond from C:\Users\moond\Desktop
# Computer Name: DESKTOP-906HTT3
# OS: Windows 10 X64 (19043) 
# Number of passes: 1
 
- Checked options -
 
    ~ Registry Backup
    ~ Delete Tools
    ~ Restore System Settings
    ~ UAC Restore
    ~ Delete Restore Points
    ~ Create Restore Point
    ~ Delete Quarantines
 
- Create Registry Backup -
 
   ~ [OK] Hive C:\WINDOWS\System32\config\SOFTWARE backed up
   ~ [OK] Hive C:\Users\moond\NTUSER.dat backed up
 
     [OK] Registry Backup: C:\KPRM\backup\2021-08-10-14-13-03
 
- Delete Tools -
 
 
  ## AdwCleaner
     [OK] C:\Users\moond\Desktop\AdwCleaner.exe deleted
     [OK] C:\AdwCleaner deleted
 
  ## FRST
     [OK] C:\Users\moond\Desktop\FRST64.exe deleted
     [OK] C:\Users\moond\Desktop\Virus Checking\Addition.txt deleted
     [OK] C:\Users\moond\Desktop\Virus Checking\Fixlog.txt deleted
     [OK] C:\Users\moond\Desktop\Virus Checking\FRST-OlderVersion deleted
     [OK] C:\Users\moond\Desktop\Virus Checking\FRST.txt deleted
     [OK] C:\FRST deleted
 
- Restore System Settings -
 
     [OK] Reset WinSock
     [OK] FLUSHDNS
     [OK] Hide Hidden file.
     [OK] Show Extensions for known file types
     [OK] Hide protected operating system files
 
- Restore UAC -
 
     [OK] Set EnableLUA with default (1) value
     [OK] Set ConsentPromptBehaviorAdmin with default (5) value
     [OK] Set ConsentPromptBehaviorUser with default (3) value
     [OK] Set EnableInstallerDetection with default (0) value
     [OK] Set EnableSecureUIAPaths with default (1) value
     [OK] Set EnableUIADesktopToggle with default (0) value
     [OK] Set EnableVirtualization with default (1) value
     [OK] Set FilterAdministratorToken with default (0) value
     [OK] Set PromptOnSecureDesktop with default (1) value
     [OK] Set ValidateAdminCodeSignatures with default (0) value
 
- Clear Restore Points -
 
   ~ [OK] RP named Windows Modules Installer created at 08/09/2021 12:41:31 deleted
   ~ [OK] RP named Windows Modules Installer created at 08/09/2021 12:42:07 deleted
     [OK] All system restore points have been successfully deleted
 
- Create Restore Point -
 
     [OK] System Restore Point created
 
- Display System Restore Point -
 
   ~ [I] RP named KpRm created at 08/10/2021 18:13:19
 
-- KPRM finished in 27.96s --

  • 0

#35
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,150 posts

As for Drive Z ... no error message ... nothing pops up on it when I connect it. Thanks for all your help ... one question left ... in one of your latest posts, you mentioned that torrents are a pipeline for hackers etc ... The game I play "World of Tanks" uses torrent technology ... is this also a risk?

 

Hi, Mark.

 

Since the Drive Z appeared to have errors in the past, I recommend you to do as I suggested in my previous post, just to be sure about your files' safety. You never know when a disk will fail, and having 2 places of backup is a must.

 

As for the WoT, it seems that yes, it is based on the P2P sharing. So, yes, unfortunately it is a risk.

 

See the discussion here: Game Center Updates ( A huge problem in the making ) - Feedback / Suggestions - World of Tanks official forum

 

Any other question?


  • 0

#36
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,150 posts

Hi, Mark.
 
Since no other questions, here are some final tips about your computer's security from now on:

Some of the following, are from Klein's (2005) article, So how did I get infected in the first place. Since then, the article has been reproduced or linked to in dozens of locations. As a result, many malware experts have continued updating it, to include current operating systems and software program information. My source is Security Garden, and I marked for you the following:

1. Keep your Windows updated!
It is important always to keep current with the latest security fixes from Microsoft. This can patch many of the security holes through which attackers can infect your computer.

2. Update 3rd Party Software Programs
Third Party software programs have long been targets for malware creators. It has been stated that "Adobe’s Reader and Flash and all versions of Java are together responsible for a total of 66 percent of the vulnerabilities in Windows systems exploited by malware.'' It's important to keep everything updated.

3. Update the browsers you use
Many malware infections install themselves by exploiting security holes in the Internet browser that you use. So... Keep them updated.

4. Be careful about what you download and what you open!

  • Many "freeware" programs come with an enormous amount of bundled spyware that will slow down your system, spawn pop-up advertisements, or just plain crash your browser or even Windows itself. Watch for pre-checked options such as toolbars that are not essential to the operation of the installed software.
  • Peer-to-peer (P2P) programs like Kazaa, BearShare, Imesh, Warez P2P, and others, allow the creation of a network enabling people to connect with other users and upload or download material in a fast efficient manner. BUT even if the P2P software you are using is "clean", a large percentage of the files served on the P2P network are likely to be infected.
  • Cracked or pirated programs are not only illegal, but also can make your computer a malware target. Have this in mind.
  • Do not open any files without being certain of what they are!

5. Avoid questionable web sites!
Visit web sites that are trustworthy and reputable. Many disreputable sites will attempt to install malware on your system through "drive-by" exploits just by visiting the site in your browser. Lyrics sites, free software sites (especially ones that target young children), cracked software sites, and pornography sites are some of the worst offenders. Also, never give out personal information of any sort online or click "OK" to a pop-up unless it is signed by a reputable company and you know what it is.

6. Registry cleaners/driver boosters/system optimizers
I do not recommend registry cleaners, system optimizers, driver boosters and the like. It is your computer and certainly your choice. However, please consider that modifying registry keys incorrectly can cause Windows instability, or make Windows unbootable. With registry cleaner and system optimization software programs, the potential is ever present to cause more problems than they claim to fix. Do note, however, that Microsoft does not support the use of registry cleaners. See Microsoft support policy for the use of registry cleaning utilities.

7. PC means personal computer!
Don't give access to your computer to friends or family who appear to be clueless about what they are doing.

8. Back-up your work!
Make back-ups of your personal files frequently. You never know when you'll have to reformat and start from scratch. You can always reformat and reinstall programs, but you cannot replace your data if you haven't made backups.

9. Must-Have Software
An anti-virus and an anti-spyware program is a necessity for the security of your computer. Be sure that you keep them updated, and that real time protection is enabled. You have now Avast. Together with Malwarebytes, if you run it occasionally, depending on how often you use your computer, can keep you safe.

Happy safe computing. ZZZQehw.gif



I'm glad I was able to help you.
 


  • 0

#37
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,150 posts
It appears that this issue is resolved, and therefore this topic has been marked as such.
 
Glad we could help. 

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP