Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Schooling unruly malware.


  • Please log in to reply
11 replies to this topic

#1 Zestypanda

Zestypanda

  • Members
  • 603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sunny San Diego, California.
  • Local time:09:49 AM

Posted 29 July 2013 - 01:53 PM

Hello all, surprisingly the story I am about to tell you isn't about my own laptop, but instead my teachers sons girlfriends laptop. Ok so, long story slightly short, it was brought to me because it had a fake av, simple I thought. So I did the things you did, got the rogue out of the way, then apparently it had brought a root kit along with it, so basically without boring you with the tedious details, I will show you the log I wrote up. It seems a-ok now but I wanna make sure everything is all right and clean.


Scanned with kaspersky bootable antivirus and found three java exploit viruses, two pieces of adware.
Ran Rkill, it deleted two things and killed one process.
Ran JRT (Junkware Removal Tool), it removed ask toolbar related junk.
Ran AdwareRemover (Removed some shopping related adware.)
Ran combofix, deleted two toolbars and their associated registry keys.
Ran rougekiller, deleted three infected registry entries.
Ran HitmanPro bootable scanner, removed one suspicious item.
Ran tdsskiller and removed two things.
Ran ASWMBR and replaced infected MBR code with clean widows 7 boot code.
Ran ESET online scanner, found nothing.
Repaired norton 360
Updated norton 360
Ran Windows Repair all-in-one, fixed system corruption caused by the virus.
Ran ccleaner and cleared 1.5GB of temp files.
Ran Auslogics Diskdefragger, hard drive was 6% fragmented, de-fragmented the hard drive.
Removed one malicious adware extension from Chrome.
Moved antiphishing domain advisor (conflicted with norton performance.)
Removed bingbar (semi adware/impacted system performance.)
Removed mcafee security scanner (adware/unneeded.)
Installed Malwarebytes' Anti-Malware, started 2week free premium trial.
Ran "Flash Scan" and removed two adware/PUP threats.
Ran "Quick Scan" removed two pieces of Adware.
Cleared previous Windows restore points (prevents potential -infection.)
Set clean new Windows restore point.
Uninstalled unneeded programs.
Ran system file check.
Ran various system fixes.
Removed HP obloat ware
Installed Steam.
Installed Safari Browser.
Updated Adobe flash player, reader, air, java, and shockwave.
Changed default search engine from ask to google. (Due to potential adware threat.)
Reset action center icons.
Added back missing Action Center system tray icon registry value.
Removed corrupted temporary files.
Fixed M4A audio association with iTunes and Windows Media Player.
Ran full Norton scan, found two tracking cookies (harmless.)

Have a question, or just wanna chat? Send me a message. Or add me as a friend.

 


BC AdBot (Login to Remove)

 


#2 Anshad Edavana

Anshad Edavana

  • Members
  • 2,805 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:19 PM

Posted 29 July 2013 - 02:11 PM

Hi

 

A full scan with Superantispyware will also be good. I have seen it detecting malwares missed by MBAM.



#3 Zestypanda

Zestypanda
  • Topic Starter

  • Members
  • 603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sunny San Diego, California.
  • Local time:09:49 AM

Posted 29 July 2013 - 02:40 PM

Ok, I'm trying to lessen my footprints on the laptop, and from my experience SAS leaves a crap ton of files and registry entries when it uninstalls.

Have a question, or just wanna chat? Send me a message. Or add me as a friend.

 


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,597 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:49 AM

Posted 29 July 2013 - 02:42 PM

There are no guarantees or shortcuts when it comes to malware removal. Infections and severity of damage will vary. The longer malware remains on your system,the more opportunity it has to download additional malicious files. Depending on the infection, especially when dealing with backdoor Trojans and rootkits, it may take several efforts with different, the same or more powerful tools to do the job. Even then, with some types of malware infections, the task can be arduous and security tools may not find all the remnants.

In any case, we can only go by what was detected/removed and your description of whatever signs or symptoms of infection you are experiencing. Usually when a computer is still infected there will be other indications (symptoms of infection) something is wrong.

How is the computer running now...are there any signs of infection?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 Zestypanda

Zestypanda
  • Topic Starter

  • Members
  • 603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sunny San Diego, California.
  • Local time:09:49 AM

Posted 29 July 2013 - 02:55 PM

It seems to be running fine, I would know if it still had malware, it was crashing and explorer was restarting every five minutes and things were being blocked from running. Thou, this might be norton, but when it starts up there is about a 5second lag from when it says welcome, shows curser then loads desktop and explorer. Though that might be related to norton. I can run a scan using portable SAS

Have a question, or just wanna chat? Send me a message. Or add me as a friend.

 


#6 Zestypanda

Zestypanda
  • Topic Starter

  • Members
  • 603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sunny San Diego, California.
  • Local time:09:49 AM

Posted 29 July 2013 - 03:15 PM

Wow....just wow....the people at SAS have truly lost a customer, the portable isn't portable it's just a randomly named extractor that just extracts the regular exe it's definitions. Which, worked tem years ago but now viruses just scan for the md5 so basically it's all BS.
Grr, this is infuriating. See this thread to see how they "handle" their customers. (http://forums.superantispyware.com/index.php?/topic/6822-sas-portable-not-portable/page-3) ok, rant over. I bit the bullet and installed it, sigh I guess I will have to do more clean up.

Have a question, or just wanna chat? Send me a message. Or add me as a friend.

 


#7 Zestypanda

Zestypanda
  • Topic Starter

  • Members
  • 603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sunny San Diego, California.
  • Local time:09:49 AM

Posted 29 July 2013 - 03:19 PM

Note: when I say cleanup I mean cleaning up non malicious files left by sas that are cluttering it up.

Have a question, or just wanna chat? Send me a message. Or add me as a friend.

 


#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,597 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:49 AM

Posted 29 July 2013 - 04:19 PM

It looks to me as if you covered all the bases.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 Zestypanda

Zestypanda
  • Topic Starter

  • Members
  • 603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sunny San Diego, California.
  • Local time:09:49 AM

Posted 29 July 2013 - 04:37 PM

Ok, scanned with SAS and all it found was tracking cookies.

Have a question, or just wanna chat? Send me a message. Or add me as a friend.

 


#10 Zestypanda

Zestypanda
  • Topic Starter

  • Members
  • 603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sunny San Diego, California.
  • Local time:09:49 AM

Posted 29 July 2013 - 04:45 PM

Anymore suggestions? Also I removed SAS after it fished, removed settings and quarantine items along with it.

Have a question, or just wanna chat? Send me a message. Or add me as a friend.

 


#11 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 6,044 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:49 AM

Posted 30 July 2013 - 02:47 AM

Clean the screen.....and hand it back. . :thumbsup:

 

As quiteman7  said " It looks to me as if you covered all the bases"


Condobloke ...Outback Australian  fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

“A man travels the world in search of what he needs and returns home to find it."

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

 GcnI1aH.jpg

 

 


#12 Zestypanda

Zestypanda
  • Topic Starter

  • Members
  • 603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sunny San Diego, California.
  • Local time:09:49 AM

Posted 30 July 2013 - 03:25 AM

:o His did you know it's screen was dirty? :P and yeah I will. XD also vacume the keyboard. .-. Bugger is dirty D:

Have a question, or just wanna chat? Send me a message. Or add me as a friend.

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users