[abhi6512]

Hi Brian,

PFB the ESET log. 

 

C:\AdwCleaner\Quarantine\C\Users\Abhishek\AppData\Local\AskToolbar\Downloaded Program Files\Nero.dll.vir a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application

C:\AdwCleaner\Quarantine\C\Users\Abhishek\AppData\Local\AskToolbar\Downloaded Program Files\Nerooeopd.dll.vir a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application

C:\AdwCleaner\Quarantine\C\Users\Abhishek\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kgdjcclbaackjcjhgmljnjdjdjdmdkjm\1.3\DECP.js.vir JS/Kryptik.ATL trojan

C:\AdwCleaner\Quarantine\C\Users\Abhishek\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kgdjcclbaackjcjhgmljnjdjdjdmdkjm\1.3\DECP.js.vir JS/Kryptik.ATL trojan

C:\AdwCleaner\Quarantine\C\Users\Abhishek\AppData\Local\Conduit\APISupport\APISupport.dll.vir a variant of Win32/Conduit.SearchProtect.P potentially unwanted application

C:\AdwCleaner\Quarantine\C\Users\Abhishek\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kgdjcclbaackjcjhgmljnjdjdjdmdkjm\1.3\DECP.js.vir JS/Kryptik.ATL trojan

C:\AdwCleaner\Quarantine\C\Users\Abhishek\AppData\Local\torch\User Data\Default\Extensions\kgdjcclbaackjcjhgmljnjdjdjdmdkjm\1.3\DECP.js.vir JS/Kryptik.ATL trojan

C:\AdwCleaner\Quarantine\C\Users\Abhishek\AppData\LocalLow\AskToolbar\nero.cab.vir a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application

C:\AdwCleaner\Quarantine\C\Users\Abhishek\AppData\LocalLow\AskToolbar\setup.exe.vir a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application

C:\AdwCleaner\Quarantine\C\Users\Abhishek\AppData\Roaming\VOPackage\runasu.exe.vir a variant of Win32/VOPackage.R potentially unwanted application

C:\AdwCleaner\Quarantine\C\Users\Abhishek\AppData\Roaming\VOPackage\Uninstall.exe.vir Win32/VOPackage.AS potentially unwanted application

C:\AdwCleaner\Quarantine\C\Users\Abhishek\AppData\Roaming\VOPackage\VOPackage.exe.vir Win32/VOPackage.U potentially unwanted application

C:\AdwCleaner\Quarantine\C\Users\Abhishek\AppData\Roaming\VOPackage\VOsrv.exe.vir a variant of Win32/VOPackage.S potentially unwanted application

C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kgdjcclbaackjcjhgmljnjdjdjdmdkjm\1.3\DECP.js.vir JS/Kryptik.ATL trojan

C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kgdjcclbaackjcjhgmljnjdjdjdmdkjm\1.3\DECP.js.vir JS/Kryptik.ATL trojan

C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgdjcclbaackjcjhgmljnjdjdjdmdkjm\1.3\DECP.js.vir JS/Kryptik.ATL trojan

C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kgdjcclbaackjcjhgmljnjdjdjdmdkjm\1.3\DECP.js.vir JS/Kryptik.ATL trojan

C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\kgdjcclbaackjcjhgmljnjdjdjdmdkjm\1.3\DECP.js.vir JS/Kryptik.ATL trojan

C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kgdjcclbaackjcjhgmljnjdjdjdmdkjm\1.3\DECP.js.vir JS/Kryptik.ATL trojan

C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kgdjcclbaackjcjhgmljnjdjdjdmdkjm\1.3\DECP.js.vir JS/Kryptik.ATL trojan

C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgdjcclbaackjcjhgmljnjdjdjdmdkjm\1.3\DECP.js.vir JS/Kryptik.ATL trojan

C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kgdjcclbaackjcjhgmljnjdjdjdmdkjm\1.3\DECP.js.vir JS/Kryptik.ATL trojan

C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\kgdjcclbaackjcjhgmljnjdjdjdmdkjm\1.3\DECP.js.vir JS/Kryptik.ATL trojan

C:\Downloads\Software\kundli4100.exe a variant of Win32/Toolbar.Conduit.B potentially unwanted application

C:\FRST\Quarantine\C\ProgramData\d7a0fe93-7bf3-4f3d-89c3-fe4e144b2eb8\maintainer.bak Win32/BrowseFox.V potentially unwanted application

C:\FRST\Quarantine\C\ProgramData\d7a0fe93-7bf3-4f3d-89c3-fe4e144b2eb8\maintainer.exe Win32/BrowseFox.V potentially unwanted application

C:\FRST\Quarantine\C\ProgramData\Trusted Publisher\SW-Booster\SW-Booster.exe Win32/TrojanDownloader.Agent.ACF trojan

C:\mba\IB III.lnk LNK/Agent.AK trojan

C:\mba\IB-4.lnk LNK/Agent.AK trojan

C:\mba\logo1.lnk LNK/Agent.AK trojan

C:\mba\New folder.lnk LNK/Agent.AK trojan

C:\mba\Ragini MMS 2 (2014) Hindi [Proper] 720p  Pre DvDRip x264 AAC xRG.lnk LNK/Agent.AK trojan

C:\mba\saib.lnk LNK/Agent.AK trojan

C:\Users\Abhishek\AppData\Local\nscB950.tmp Win32/VOPackage.BC potentially unwanted application

C:\Users\Abhishek\AppData\Local\nsh752B.tmp Win32/VOPackage.BC potentially unwanted application

C:\Users\Abhishek\Desktop\lappy servicing\spsetup128.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

C:\Users\Abhishek\Downloads\GraboidVideoSetup-3.05-Complete.exe Win32/Graboid potentially unsafe application

C:\Users\Abhishek\Downloads\winzip160.exe a variant of Win32/Systweak.L potentially unwanted application

C:\Windows\Installer\33ba58.msi a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application

[Advertisements]

Thank you. Please do the following fix and also provide the speed test info from my last post. Almost there!

 

Step#1 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop.  fixlist.txt   395bytes   208 downloads
Note. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

 

[BrianDrab]

Thank you. Please do the following fix and also provide the speed test info from my last post. Almost there!

 

Step#1 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop.  fixlist.txt   395bytes   208 downloads
Note. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

 

[abhi6512]

Hi Brian,
Some issue with my home net connection. I shall post you soon.

Abhi.

[abhi6512]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2015

Ran by Abhishek at 2015-03-23 23:09:13 Run:5

Running from C:\Users\Abhishek\Desktop\lappy servicing

Loaded Profiles: Abhishek (Available profiles: Abhishek)

Boot Mode: Normal

 

==============================================

 

Content of fixlist:

*****************

C:\Downloads\Software\kundli4100.exe

C:\mba\IB III.lnk

C:\mba\IB-4.lnk

C:\mba\logo1.lnk

C:\mba\New folder.lnk

C:\mba\Ragini MMS 2 (2014) Hindi [Proper] 720p  Pre DvDRip x264 AAC xRG.lnk

C:\mba\saib.lnk

C:\Users\Abhishek\AppData\Local\nscB950.tmp

C:\Users\Abhishek\AppData\Local\nsh752B.tmp

C:\Users\Abhishek\Downloads\GraboidVideoSetup-3.05-Complete.exe

C:\Windows\Installer\33ba58.msi

*****************

 

C:\Downloads\Software\kundli4100.exe => Moved successfully.

C:\mba\IB III.lnk => Moved successfully.

C:\mba\IB-4.lnk => Moved successfully.

C:\mba\logo1.lnk => Moved successfully.

C:\mba\New folder.lnk => Moved successfully.

C:\mba\Ragini MMS 2 (2014) Hindi [Proper] 720p  Pre DvDRip x264 AAC xRG.lnk => Moved successfully.

C:\mba\saib.lnk => Moved successfully.

C:\Users\Abhishek\AppData\Local\nscB950.tmp => Moved successfully.

C:\Users\Abhishek\AppData\Local\nsh752B.tmp => Moved successfully.

C:\Users\Abhishek\Downloads\GraboidVideoSetup-3.05-Complete.exe => Moved successfully.

C:\Windows\Installer\33ba58.msi => Moved successfully.

 

==== End of Fixlog 23:09:14 ====

[abhi6512]

Hi Brian,

My net connection is terribly slow. somehow managed to post the above stuff (trying since last night). I have raised the complaint with my broadband vendor hope it resolves soon. Also pls. let me know in case we need to check from machine perspective.

 

-abhi

[abhi6512]

speed test when cabled:

ping - 18 ms

download - 0.47 mbps

upload - <unable to test>

 

I shall post you complete stats moment my internet starts behaving properly.

 

-abhi

Edited by abhi6512, 23 March 2015 - 09:42 PM.

[BrianDrab]

Wow! That is slow. Yes please let me know the outcome with your Internet Provider. We have a few more things to do but it can wait until you have a better connection.

[abhi6512]

Hi Brian,

I'm back, my net is gud now

It was an issue from the provider end, all well now. Marking the latest internet speed stats (on wifi) below for your reference:

 

    http://www.speedtest.net/my-result/4238231872

 

Pls. let me know the next steps to be executed. Also I 

[BrianDrab]

Woohooo!! Great news. Now that you are malware free and have an updated AV on your system I'd like to get you buttoned up on a couple programs.

 

1. Keep Adobe Reader Updated
1. Uninstall Adobe Reader. Click here for instructions on how to uninstall a program.
2. Install the newest version from this website.
Note: Make sure to uncheck the Optional Offer (i.e. Google Chrome, Google Toolbar) unless you really want it.
NOTE: You should disable JavaScript in the program as this is a highly exploitable method for the bad guys to get in your machine. Follow these instructions to disable it in Adobe Reader.
1. Open Adobe Reader
2. Select Edit from the menu and select Preferences
3. Click on JavaScript in the left column and uncheck Enable Acrobat JavaScript.
4. Click OK and close the program.
NOTE: Many installers, including Adobe Reader, offer third-party downloads that are installed automatically when you do not uncheck certain checkboxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser.

 

2. Keeping Java Updated
If you don't use Java or don't know if you need Java, please simply skip this step.

WARNING: Java is one of the most exploited programs at this time. The Department of Homeland Security recommends that computer users disable Java. You can read more about this here.
I would recommend that you completely uninstall Java unless you need it to run an important software. If you need it or are unsure or uncomfortable with removing it then I would recommend that you disable Java in your browsers until you need it and then enable it at that time. (See How to disable Java in your web browser and How to unplug Java from the browser). If you don't uninstall it, it's also important that you follow the directions below to update to the latest version of Java.
 
1. Go to this page to download the latest version of Java SE Runtime Environment JRE 8 Update 40.
2. When you click this link you will need to click the "Accept License Agreement" radio button and then click on the "Windows x86 Offline" installer link. You will notice that there is also a Windows x64 link option, however even if you are using a 64-bit operating system, it's very likely you aren't running a 64-bit browser and should only download the "Windows x86 Offline" installer. To determine if you are using a 64-bit browser you can follow these instructions. If you find that you ARE using a 64-bit browser then you can download the "Windows x64" one.

 

3. Once you click on the appropriate link, please download this to your Desktop like we have with all of our tools.
4. Close any programs you may have running - especially your web browser.
5. Now we need to uninstall all versions of Java that are currently on your machine before we install the newest version. Go to Add/Remove programs (instructions are here) and uninstall any item that appears in the list that has the following as part of the name: We Already Uninstalled This program
6. Reboot your computer once all Java components are removed.
7. Then from your desktop, right click on the file that was downloaded (jre-8u40-windows-i586.exe or jre-8u40-windows-x64.exe) and select Run as an Administrator to install the latest version. Accept all the defaults and you're good to go.
Note: Java has been notorious for installing foistware (software downloaded without the users knowledge). If you follow the instructions I provided no foistware will be installed but that doesn't mean it won't in the future. While performing the install of this software or any software for that matter, pay attention to each screen and ensure you uncheck any extra software that you don't want installed (i.e. Ask Toolbar, Chrome Browser, etc.).

[abhi6512]

Hi Brian,

I have done all said above though I was unable to disable java in IE (unable to trace java control panel).

Also to share I'm surprised by the info that Java is vulnerable to malware attacks. I'm a java manager with 14+ years in IT & I was never aware of that.

Appreciate the piece of info from you though.

 

Also I'm curious what was the issue with my machine & what exactly we did in the process ?

 

-Abhi

[BrianDrab]

Also I'm curious what was the issue with my machine & what exactly we did in the process ?

 

In summary you had the following issues that we cleared up.

 

BitTorrent -  P2P client which is a huge infection vector. See Post#5 if you need a refresher on the risks of it.
Symantec Endpoint Protection - You didn't have an updated Antivirus on your machine so we had to remedy this.
A fair amount of adware was on your machine
LNK/Agent.AK Trojan - You had a Trojan that we removed.
Chrome was compromised - We resolved this as well.

 

If you are satisfied, I'll leave you with the following.

 

OK! Well done, your computer is clean again! Part of our jobs here at G2G is to help you clean your computer. But beyond that and just as important is to provide you with some information to keep you safe and secure on the net as well as to share knowledge. Following is that information.
 
1. Clean Up!
We need to remove all the tools that we used so that should you ever be re-infected, you will download updated versions which may have updated detection logic.
1. Download Delfix from here.
2. Ensure everything is checked.
3. Click Run.
Note: The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.
Note: Delete any  other .bat, .log, .reg, .txt,  and any other files created during this process, and left on the desktop and empty the Recycle Bin.
 
2. Windows Updates
Another essential task is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats. Microsoft releases security updates that help your computer from becoming vulnerable. It is best if you have these set to download automatically. Follow the instructions below to ensure your settings are optimal.
1. Click the Start Orb in the lower left corner of the screen.
2. Type Windows Update in the search box that appears
3. Click on the Windows Update program that appears in the search results.

4. Click on Change Settings.

5. Select "Install updates automatically (recommended)" from the Important updates drop-down.

6. Choose a day and a time when you know the computer will be on and connected to the internet. The default is 3:00AM every day.
7. Ensure that all of the other check boxes are checked.
8. Click OK.
 
3. Keeping Programs Updated
You need to ensure that any programs installed on your machine are kept current. The bad guys exploit vulnerabilities that are found in older versions of software. A very good piece of software that keeps your programs up-to-date is Secunia Personal Software Inspector (PSI). You can download and install it from here. You can read more information about this free software as well as a video walkthrough from here.
 
4. Antimalware- Preventative
Note: Let's keep Malwarebytes installed as it's a fantastic piece of software. Malwarebytes is an anti-malware software and not an antivirus software so it won't conflict with the Antivirus that you are running. I would recommend that you open up this program, allow it to update and scan your machine at least quarterly...monthly if you can.
 
5. Crypto Warning!!!! - Complete Data Loss can occur!
There are particularly nasty infections out there at the moment that encrypt your data and hold it for ransom. You may read more about this here.
 

• Download CryptoPrevent free for home use here following the instructions below.
• Save the file to your desktop from the link above and then open the program by clicking Run when prompted from your browser or by going to the desktop where the file was saved and double-clicking.
• Accept all the defaults during the install. The last screen of the install has a checkmark in "Launch CryptoPrevent". This is good and will launch the program once you click Finish.
• You will get a prompt asking if you purchased a Product Key for Automatic Updates. You can answer No.
• You will then be prompted to learn more about automatic updates or if you want to purchase a key. This is up to you but you don't have to.
• You will be prompted to click OK to continue and select your protection level. Go ahead and click OK.
• Click the Apply button to set Default protection.
• You may get a message stating that Windows Sidebar and Desktop Gadgets are a major security vulnerability and asking you if you want to disable them. If you don't use these features, answer Yes.
• That's it. The protection is in place.

Note: The free version doesn't provide automatic updates. Periodically, you should open up the program (there is a shortcut on your desktop now) and select the Updates! menu....and select Check for Updates to see if there are any as this infection has serious consequences.
 

 

 

For more information about computer security and how to protect yourself when on the internet, please read this guide Best Practices for Safe Computing
 
OK, all the best, and stay safe!
 
Items for your next post
1. Contents of the delfix log

 

 

[abhi6512]

Hi Brian,

There were issues with my home broadband again but good now. I shall work on this & revert back to you tomorrow.

Appreciate your patience.

 

-Abhi

[abhi6512]

Hi Brian,

PFB the delfix log 

 

# DelFix v10.9 - Logfile created 28/03/2015 at 20:09:58

# Updated 27/02/2015 by Xplode

# Username : Abhishek - ABHISHEK-PC

# Operating System : Windows Vista ™ Home Basic Service Pack 2 (32 bits)

 

~ Activating UAC ... OK

 

~ Removing disinfection tools ...

 

Deleted : C:\FRST

 

~ Creating registry backup ... OK

 

~ Cleaning system restore ...

 

Deleted : RP #1061 [End of disinfection | 03/28/2015 14:24:57]

 

New restore point created !

 

~ Resetting system settings ... OK

 

########## - EOF - ##########

 

 

-Abhi

[abhi6512]

Hi Brian,

Just checking in case you have any next steps for me.

 

-Abhi.

[BrianDrab]

No more steps. You are good to go! Take care.