Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

virus help


  • Please log in to reply
32 replies to this topic

#1 sfwuzhere

sfwuzhere

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:07:17 AM

Posted 08 May 2013 - 02:09 AM

so i just ran an eset online scan which discovered i had 5 virus's. I let eset online scanner delete the virus's. after i deleted them i ran a malwarebytes full scan and a bitdefender full scan. then rerun eset and none of them found anything. I am here just so i an get some help to insure there are no more virus's on my computer. any help will be appreciated 


Edited by hamluis, 08 May 2013 - 10:02 AM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:17 PM

Posted 08 May 2013 - 05:06 AM

Hi -

Were you having problems that made you decide to do all those scans, or did you just think something was wrong ??

Since doing all of those very good scans, have all the "problems" now gone ??

 

There is only one more I would ask you to do and that would be AdwCleaner, to check all minor items are removed.

 

Please download AdwCleaner by Xplode onto your desktop.

*Close all open programs and internet browsers.
*Double click on adwcleaner.exe to run the tool.
*Click on Delete.
*Confirm each time with Ok.
*NOTE: Your computer will be rebooted automatically. A text file will open after the restart.

*Please post the contents of that logfile with your next reply.
*You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

Thank You -



#3 sfwuzhere

sfwuzhere
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:07:17 AM

Posted 08 May 2013 - 01:15 PM

no I was no having problems I just run eset once a month. After eset found the virus's i ran the others to see if i can find anything else.

The viru's eset found and deleted the first time were

win32/bundled.toolbar.ask.b application ( 3 of these)

 

possibly a variant of win32/installQ ( 2 of these)

 

and i think they were all on my ssd except for one which was on my hard drive 


Edited by sfwuzhere, 08 May 2013 - 02:05 PM.


#4 sfwuzhere

sfwuzhere
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:07:17 AM

Posted 08 May 2013 - 01:20 PM

# AdwCleaner v2.300 - Logfile created 05/08/2013 at 14:17:20
# Updated 28/04/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : SFWUZERE - SFWUZERE-PC
# Boot Mode : Normal
# Running from : C:\Users\SFWUZERE\Desktop\adwcleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
Folder Deleted : C:\ProgramData\APN
 
***** [Registry] *****
 
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v10.0.9200.16537
 
[OK] Registry is clean.
 
-\\ Google Chrome v26.0.1410.64
 
File : C:\Users\SFWUZERE\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[S1].txt - [706 octets] - [08/05/2013 14:17:20]
 
########## EOF - C:\AdwCleaner[S1].txt - [765 octets] ##########


#5 sfwuzhere

sfwuzhere
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:07:17 AM

Posted 09 May 2013 - 05:07 PM

I haven't seen anything not normal on my pc but i still want to be sure there is nothing else on it 



#6 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:17 PM

Posted 09 May 2013 - 05:22 PM

Hi - Sorry but I was not notified of your reply ( this happens at times due to the volume of forum emails and notifications)

 

These are just unwanted toolbars you downloaded => win32/bundled.toolbar.ask.b application ( 3 of these)

 

The second item is similar as I checked it with a few online scanners, and only get minor results.

 

VirusTotal lists it as UnclassifiedMalware from Comodo, while TrendMicro-HouseCall calls it TROJ_GEN.F47V0308.
ESET-NOD32 lists it as, probably a variant of Win32/InstallIQ, but you used this program to remove it.

 

I would say that you have removed both items, as they are generally classified as AdAware and not major.
The infection seems to be minor and not wide spread and only picked up by a few online scanners mainly.

 

Do you have Malwarebytes Anti-Malware Free installed ?
If not, please Download it, Install it, and then check for Updates.

Please delete any items found, or if you are not sure then ask me first -
A Quick Scan is all that is required to see if any traces remain.

 

Next, please Download and install SUPERAntiware Free if you do not have it already.
As above check for Updates and run a Quick Scan only.

 

Both of these programs will produce a log file when they complete, please post them back here -

 

Thank You -


Edited by noknojon, 09 May 2013 - 05:31 PM.


#7 sfwuzhere

sfwuzhere
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:07:17 AM

Posted 09 May 2013 - 05:53 PM

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.05.09.06
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16540
SFWUZERE :: SFWUZERE-PC [administrator]
 
Protection: Disabled
 
09/05/2013 6:50:34 PM
mbam-log-2013-05-09 (18-50-34).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 217776
Time elapsed: 1 minute(s), 39 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)


#8 sfwuzhere

sfwuzhere
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:07:17 AM

Posted 09 May 2013 - 06:08 PM

SUPERAntiSpyware Scan Log
 
Generated 05/09/2013 at 06:59 PM
 
Application Version : 5.6.1018
 
Core Rules Database Version : 10379
Trace Rules Database Version: 8191
 
Scan type       : Quick Scan
Total Scan Time : 00:01:30
 
Operating System Information
Windows 7 Professional 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User
 
Memory items scanned      : 912
Memory threats detected   : 0
Registry items scanned    : 60648
Registry threats detected : 0
File items scanned        : 10700
File threats detected     : 27
 
Adware.Tracking Cookie
.doubleclick.net [ C:\USERS\SFWUZERE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.eaeacom.112.2o7.net [ C:\USERS\SFWUZERE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\SFWUZERE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\SFWUZERE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.microsofthalo.122.2o7.net [ C:\USERS\SFWUZERE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.estat.com [ C:\USERS\SFWUZERE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.xiti.com [ C:\USERS\SFWUZERE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\SFWUZERE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\SFWUZERE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\SFWUZERE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
uk.sitestat.com [ C:\USERS\SFWUZERE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
uk.sitestat.com [ C:\USERS\SFWUZERE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
hc2.humanclick.com [ C:\USERS\SFWUZERE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
hc2.humanclick.com [ C:\USERS\SFWUZERE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pcworldcommunication.122.2o7.net [ C:\USERS\SFWUZERE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
hc2.humanclick.com [ C:\USERS\SFWUZERE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.liveperson.net [ C:\USERS\SFWUZERE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.dmtracker.com [ C:\USERS\SFWUZERE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\USERS\SFWUZERE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\USERS\SFWUZERE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\USERS\SFWUZERE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.cz5.clickzs.com [ C:\USERS\SFWUZERE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.cz5.clickzs.com [ C:\USERS\SFWUZERE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.liveperson.net [ C:\USERS\SFWUZERE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.liveperson.net [ C:\USERS\SFWUZERE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.eset.122.2o7.net [ C:\USERS\SFWUZERE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\SFWUZERE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]


#9 sfwuzhere

sfwuzhere
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:07:17 AM

Posted 09 May 2013 - 06:10 PM

I ran super anti spyware again and it found 23 the second time

 

 

SUPERAntiSpyware Scan Log
 
Generated 05/09/2013 at 07:09 PM
 
Application Version : 5.6.1018
 
Core Rules Database Version : 10379
Trace Rules Database Version: 8191
 
Scan type       : Quick Scan
Total Scan Time : 00:00:58
 
Operating System Information
Windows 7 Professional 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User
 
Memory items scanned      : 907
Memory threats detected   : 0
Registry items scanned    : 60648
Registry threats detected : 0
File items scanned        : 10699
File threats detected     : 23
 
Adware.Tracking Cookie
.doubleclick.net [ C:\USERS\SFWUZERE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.eaeacom.112.2o7.net [ C:\USERS\SFWUZERE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\SFWUZERE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\SFWUZERE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.microsofthalo.122.2o7.net [ C:\USERS\SFWUZERE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.estat.com [ C:\USERS\SFWUZERE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.xiti.com [ C:\USERS\SFWUZERE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
uk.sitestat.com [ C:\USERS\SFWUZERE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
uk.sitestat.com [ C:\USERS\SFWUZERE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
hc2.humanclick.com [ C:\USERS\SFWUZERE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
hc2.humanclick.com [ C:\USERS\SFWUZERE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pcworldcommunication.122.2o7.net [ C:\USERS\SFWUZERE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
hc2.humanclick.com [ C:\USERS\SFWUZERE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.liveperson.net [ C:\USERS\SFWUZERE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.dmtracker.com [ C:\USERS\SFWUZERE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\USERS\SFWUZERE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\USERS\SFWUZERE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\USERS\SFWUZERE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.cz5.clickzs.com [ C:\USERS\SFWUZERE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.cz5.clickzs.com [ C:\USERS\SFWUZERE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.liveperson.net [ C:\USERS\SFWUZERE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.liveperson.net [ C:\USERS\SFWUZERE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.eset.122.2o7.net [ C:\USERS\SFWUZERE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]


#10 sfwuzhere

sfwuzhere
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:07:17 AM

Posted 09 May 2013 - 08:47 PM

Then on a third run it found nothing 



#11 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:17 PM

Posted 09 May 2013 - 10:11 PM

Hello -

You may need to reset the Hosts file back to the default automatically.

Click the M/soft Fix it link below, click Run in the File Download dialog box, and then follow the steps in the Fix it wizard below.
http://go.microsoft.com/?linkid=9668866

 

The amount of Adware.Tracking Cookies showing in the SUPERAntiSpyware log can be greatly reduced if you wish.
If you do not wish this, there will be 20 entries there after a quick session on the internet.

 

Please download Security Check by Screen317 from Here
* Save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.

* If the program seems to stall for a minute, it is just looking for related data
* A Notepad document should open automatically called checkup.txt; please copy / paste the contents of that document.
Note: If a security program requests permission to access the Internet, allow it to do so.

 

Thank You -



#12 sfwuzhere

sfwuzhere
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:07:17 AM

Posted 09 May 2013 - 10:23 PM

 Results of screen317's Security Check version 0.99.63  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
 Windows Firewall Disabled!  
Bitdefender Antivirus   
 Antivirus out of date! (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 McAfee SiteAdvisor    
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 21  
 Adobe Flash Player 11.7.700.169  
 Google Chrome 18.0.1025.142  
 Google Chrome 26.0.1410.64  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
 Bitdefender Bitdefender 2013 vsserv.exe  
 Bitdefender Bitdefender 2013 bdparentalservice.exe  
 Bitdefender Bitdefender 2013 updatesrv.exe  
 Bitdefender Bitdefender SafeBox safeboxservice.exe  
 Bitdefender Bitdefender 2013 bdagent.exe  
 Bitdefender Bitdefender 2013 BdParentalSysTray.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 20% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log`````````````````````` 


#13 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:17 PM

Posted 09 May 2013 - 10:57 PM

Windows Firewall Disabled! < Is there a Firewall with your Bitdefender program ? If not turn this on.

 

Bitdefender Antivirus Antivirus out of date! (On Access scanning disabled!) << This is not good - You will be infected -
Either fully update Bitdefender or ask me how to uninstall it, and we can install another Antivirus program.

 

McAfee SiteAdvisor << I would remove this, as it has been shown to be a bit "fault ridden"

 

Google Chrome 18.0.1025.142 << Uninstall the old version of Chrome from Control Panel > Programs and Features.

 

Total Fragmentation on Drive C: 20% Defragment your hard drive soon! (Do NOT defrag if SSD!) << This is very Bad -
Use the installed defragmenter at Accessories > System Tools, or download Auslogics Disk Defrag (free) or Defraggler Free to your desktop and use them.
The last 2 are much quicker, but NEVER use any other section of the programs, just the defragmenter -

Thank You -

Spell check Edit Only -


Edited by noknojon, 09 May 2013 - 10:58 PM.


#14 sfwuzhere

sfwuzhere
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:07:17 AM

Posted 09 May 2013 - 11:10 PM

yes bitdefender has a firewall i just set it on the highest settings as the default is pretty low

bitdefender says it up to date i just clicked the update button again i can run that program again to see if it's updated if you suggest and it says on access is on 

Uninstalled site adviser 

I can not see the old version of google chrome there it only says the latest version

That is my ssd drive with windows and some other stuff on it my other hdd drive is my E: drive



#15 sfwuzhere

sfwuzhere
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:07:17 AM

Posted 09 May 2013 - 11:12 PM

 Results of screen317's Security Check version 0.99.63  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Disabled!  
Bitdefender Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 21  
 Adobe Flash Player 11.7.700.169  
 Google Chrome 18.0.1025.142  
 Google Chrome 26.0.1410.64  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
 Bitdefender Bitdefender 2013 vsserv.exe  
 Bitdefender Bitdefender 2013 bdparentalservice.exe  
 Bitdefender Bitdefender 2013 updatesrv.exe  
 Bitdefender Bitdefender SafeBox safeboxservice.exe  
 Bitdefender Bitdefender 2013 bdagent.exe  
 Bitdefender Bitdefender 2013 BdParentalSysTray.exe  
 Bitdefender Bitdefender 2013 seccenter.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 20% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log`````````````````````` 

im going to reboot to see if i just havent installed the bitdefender update yet






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users