Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I need help i'm under atack!


  • Please log in to reply
10 replies to this topic

#1 Rikersls

Rikersls

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:KC (USA)
  • Local time:11:43 PM

Posted 01 September 2013 - 12:29 AM

I need help, my computer has detected some cookies and then started changing my home page and installed new programs on its own.
 
 
Please help me.

Edit: Moved topic from Virus, Trojan, Spyware, and Malware Removal Logs to the more appropriate forum, due to the absence of malware logs in topic. ~ Animal

BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,318 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:43 AM

Posted 01 September 2013 - 07:48 AM

If you noticed this after downloading and installing a program it could be just some adware/ crapware.

Use the programs listed below to find and remove it.

AdwCleaner Download

SUPERAntiSpyware.com - AntiAdware, AntiSpyware, AntiMalware!

Free ESET Online Antivirus Scanner

 

Post the logs from those scanners back here.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 Rikersls

Rikersls
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:KC (USA)
  • Local time:11:43 PM

Posted 02 September 2013 - 01:14 AM

I have the superantispyware and malwarebytes, both have detected addware but the programs installed themselves and i have been removing them daily, I also found 2 trojans but cant find the logs of what they were



#4 Rikersls

Rikersls
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:KC (USA)
  • Local time:11:43 PM

Posted 02 September 2013 - 03:58 AM

I tried to run adwcleaner and it got to scanning and cleaned 4 infections, but when it wanted to restore the system AVG deleted adwcleaner. I also ran the ESET online antivirus scanner after adwcleaner and it found one more infection and i copied the log, here it is:

 

 

C:\AdwCleaner\Quarantine\C\Users\Hector\AppData\Roaming\Mozilla\Firefox\Profiles\f2c2bmlm.default-1361421431597\Extensions\plugin@getwebcake.com\content\overlay.js.vir    JS/Adware.Yontoo.C application    cleaned by deleting - quarantined

 

PS; I have a problem with internet explorer. It tries to open but it crashes every time. thank you for the help!



#5 buddy215

buddy215

  • Moderator
  • 13,318 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:43 AM

Posted 02 September 2013 - 07:56 AM

To view a log of what was removed, you can start the SUPERAntiSpyware program and then click on the Preferences button. Now click on the Statistics/Logs tab and then double-click on the log you would like to view. Post the log from your last scan.

 

To view and copy the log from the last MBAM scan, open to the main screen and click on logs. Post the last one.

 

Not sure which or what you did to restore system. Elaborate on that, please...did you use a system restore point or what?

 

Run AdwCleaner again. If it finds any adware it will ask you to reboot your computer. Do that. Post the log in your next reply.

 

Download and install Ccleaner. Use the default settings to clean up the temporary files, logs, etc. Be sure to Uncheck the

Yahoo Toolbar offer or other. No need to use the Registry Cleaner tool and it may cause a problem.

CCleaner - PC Optimization and Cleaning - Free Download

 

 After opening ccleaner and clicking on tools > uninstall
You will see on the right save to text file
click on that and choose to save to desktop

Copy and paste that list of programs installed on your computer in your next post.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#6 Rikersls

Rikersls
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:KC (USA)
  • Local time:11:43 PM

Posted 02 September 2013 - 08:32 PM

I spologize i meant "restart" not restore. and the log for the trojans I cant find but here is the last scan from superantidpyware

 

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/01/2013 at 03:57 AM

Application Version : 5.6.1032

Core Rules Database Version : 10735
Trace Rules Database Version: 8547

Scan type       : Complete Scan
Total Scan Time : 00:12:16

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned      : 755
Memory threats detected   : 0
Registry items scanned    : 71940
Registry threats detected : 0
File items scanned        : 35177
File threats detected     : 1

Adware.Tracking Cookie
    player.tritonmedia.com [ C:\USERS\HECTOR\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\5F5D4SMH ]
 

and here is the scan from MBAM:

 

Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.02.06.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Hector :: MEGATRON [administrator]

Protection: Enabled

2/6/2013 1:18:17 AM
mbam-log-2013-02-06 (01-18-17).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 220635
Time elapsed: 5 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

 

 

 

and Ccleaner:

 

 

7-Zip 9.21    Igor Pavlov    8/31/2013    3.54 MB    9.21.00.0
7-zip v9.20    TUGUU SL    2/19/2013        v9.20
Adobe AIR    Adobe Systems Incorporated    2/19/2013        3.4.0.2540
Adobe Flash Player 11 ActiveX 64-bit    Adobe Systems Incorporated    12/18/2011    6.00 MB    11.1.102.55
Adobe Flash Player 11 Plugin    Adobe Systems Incorporated    8/25/2013    6.00 MB    11.8.800.94
Adobe Reader XI (11.0.03)    Adobe Systems Incorporated    7/9/2013    126 MB    11.0.03
AMD Catalyst Install Manager    Advanced Micro Devices, Inc.    8/31/2012    26.3 MB    8.0.881.0
Apple Application Support    Apple Inc.    7/9/2013    64.7 MB    2.3.4
Apple Mobile Device Support    Apple Inc.    6/11/2012    24.9 MB    5.2.0.6
Apple Software Update    Apple Inc.    3/18/2012    2.38 MB    2.1.3.127
AudioConverter    Helmsman, Inc.    3/6/2013        
AVG 2013    AVG Technologies    7/30/2013        2013.0.3392
Bonjour    Apple Inc.    3/30/2013    2.00 MB    3.0.0.10
Call of Duty: Modern Warfare 2    Infinity Ward    2/19/2013        
Call of Duty: Modern Warfare 2 - Multiplayer    Infinity Ward    2/19/2013        
CCleaner    Piriform    2/25/2013        3.28
Company of Heroes Single Player Demo    THQ Inc.    3/26/2012    2.02 GB    1.0.0.105
Creative ALchemy    Creative Technology Limited    3/4/2013        1.43
Creative Audio Control Panel    Creative Technology Limited    6/2/2013        2.00
Creative Console Launcher    Creative Technology Limited    2/19/2013        
Creative MediaSource 5    Creative Technology Limited    2/19/2013        5.00
Creative Software AutoUpdate    Creative Technology Limited    6/2/2013        1.40
Creative Sound Blaster Properties x64 Edition        6/2/2013        
Creative System Information        2/19/2013        
Creative WaveStudio 7    Creative Technology Limited    2/19/2013        7.14
Curse Client    Curse    5/24/2013        5.1.1.792
DarkCrusade    THQ    2/5/2012        1.20
EasyBoost    GIGABYTE    11/2/2012    19.6 MB    1.0.2.1
ESET Online Scanner v3        9/2/2013        
EVGA E-LEET TUNING UTILITY 1.06.0        12/18/2011        
Fox DMI        6/6/2013        1.1.0.7
FOX LiveUpdate        6/12/2013        1.8.2.7
FOX LOGO        6/6/2013        1.1.0.4
FOX ONE        6/6/2013        1.2.9.6
Free Realms    Sony Online Entertainment    10/11/2012        
Google Earth    Google    7/26/2013    180 MB    7.1.1.1888
Hitman 2: Silent Assassin    Eidos Interactive    2/19/2013        
Homeworld        3/7/2013        
HTC BMP USB Driver    HTC    10/30/2012    284 KB    1.0.5375
HTC Driver Installer    HTC Corporation    10/30/2012    2.09 MB    3.0.0.023
HTC Sync    HTC Corporation    10/30/2012    47.8 MB    3.3.10
iCloud    Apple Inc.    3/30/2013    81.8 MB    2.1.1.3
Intel® Network Connections Drivers    Intel    6/2/2013        15.1
Java 7 Update 25 (64-bit)    Oracle    7/9/2013    128 MB    7.0.250
Left 4 Dead    Valve    2/19/2013        
Lexmark 5600-6600 Series    Lexmark International, Inc.    1/8/2012        
Lexmark Printable Web        2/19/2013        1.0.0.0
LG USB Modem driver        2/19/2013        
LightScribe System Software    LightScribe    3/30/2013    25.1 MB    1.18.22.2
Logitech Webcam Software    Logitech Inc.    4/21/2013        2.51
Malwarebytes Anti-Malware version 1.75.0.1300    Malwarebytes Corporation    4/22/2013    19.2 MB    1.75.0.1300
marvell 61xx    Marvell    2/19/2013        1.2.0.69
Marvell Miniport Driver    Marvell    2/19/2013        10.70.3.3
Microsoft .NET Framework 4.5    Microsoft Corporation    6/28/2013    38.8 MB    4.5.50709
Microsoft Mouse and Keyboard Center    Microsoft Corporation    6/8/2013        2.1.177.0
Microsoft Silverlight    Microsoft Corporation    7/10/2013    199 MB    5.1.20513.0
Microsoft Visual C++ 2005 Redistributable    Microsoft Corporation    3/15/2012    300 KB    8.0.56336
Microsoft Visual C++ 2005 Redistributable (x64)    Microsoft Corporation    6/1/2012    572 KB    8.0.61000
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17    Microsoft Corporation    10/30/2012    252 KB    9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148    Microsoft Corporation    2/22/2012    780 KB    9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161    Microsoft Corporation    3/15/2012    788 KB    9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17    Microsoft Corporation    8/22/2012    240 KB    9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148    Microsoft Corporation    12/18/2011    596 KB    9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161    Microsoft Corporation    3/15/2012    600 KB    9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219    Microsoft Corporation    3/31/2013    5.84 MB    10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219    Microsoft Corporation    10/13/2012    16.5 MB    10.0.40219
Microsoft WSE 3.0 Runtime    Microsoft Corp.    7/7/2013    942 KB    3.0.5305.0
MissionMan        3/29/2013        
Mozilla Firefox 23.0.1 (x86 en-US)    Mozilla    8/17/2013    58.8 MB    23.0.1
Mozilla Maintenance Service    Mozilla    8/17/2013    334 KB    23.0.1
MSXML 4.0 SP3 Parser    Microsoft Corporation    10/30/2012    1.47 MB    4.30.2100.0
MSXML 4.0 SP3 Parser (KB2721691)    Microsoft Corporation    11/1/2012    1.53 MB    4.30.2114.0
MSXML 4.0 SP3 Parser (KB2758694)    Microsoft Corporation    1/9/2013    1.54 MB    4.30.2117.0
Mumble 1.2.3    Thorvald Natvig    8/15/2012    32.2 MB    1.2.3
OpenAL        2/19/2013        
OpenOffice.org 3.3    OpenOffice.org    2/22/2012    374 MB    3.3.9567
QuickTime    Apple Inc.    7/9/2013    74.6 MB    7.74.80.86
RaidCall    raidcall.com    5/3/2013        7.2.0-1.0.5185.1
Realtek High Definition Audio Driver    Realtek Semiconductor Corp.    12/18/2011        6.0.1.5888
ResumeMaker    Individual Software, Inc    2/19/2013        
Revo Uninstaller 1.95    VS Revo Group    8/25/2013        1.95
SAMSUNG Intelli-studio        2/19/2013        
Skype Click to Call    Skype Technologies S.A.    8/21/2013    51.5 MB    6.11.13348
Skype™ 6.3    Skype Technologies S.A.    5/24/2013    20.9 MB    6.3.107
Sound Blaster X-Fi    Creative Technology Limited    3/4/2013        1.0
SoundFont Bank Manager    Creative Technology Limited    3/4/2013        3.21
StarCraft II    Blizzard Entertainment    8/23/2013        2.0.11.26825
Steam    Valve Corporation    3/4/2012    42.2 MB    1.0.0.0
SUPERAntiSpyware    SUPERAntiSpyware.com    8/16/2013    62.0 MB    5.6.1032
TeamSpeak 3 Client    TeamSpeak Systems GmbH    6/14/2013        3.0.10.1
The Sims™ 3    Electronic Arts    7/10/2013        1.55.4
The Sims™ 3 Ambitions    Electronic Arts    7/7/2013        4.0.87
The Sims™ 3 Late Night    Electronic Arts    7/10/2013        6.5.1
The Sims™ 3 World Adventures    Electronic Arts    7/10/2013        2.0.86
Unity Web Player    Unity Technologies ApS    10/11/2012    12.0 MB    
Ventrilo Client for Windows x64    Flagship Industries, Inc.    1/31/2012    6.66 MB    3.0.8.0
Visual Studio 2008 x64 Redistributables    AVG Technologies    12/18/2011    11.7 MB    10.0.0.2
Visual Studio 2010 x64 Redistributables    AVG Technologies    10/12/2012    12.4 MB    13.0.0.1
Warcraft III        2/19/2013        
Warcraft III: All Products        10/11/2012        
Warhammer 40,000: Dawn Of War - Platinum Edition    THQ    4/4/2012    2.56 GB    1.51
WinPatrol    BillP Studios    2/19/2013    1.81 MB    26.1.2013.0
WinRAR archiver        2/19/2013        
World of Warcraft    Blizzard Entertainment    6/28/2013        5.3.0.17128
YTD Video Downloader 3.9.6    GreenTree Applications SRL    2/28/2013        3.9.6
 

at this point im going to try to run adwcleaner again and im going to disable avg, i'll do another post.



#7 Rikersls

Rikersls
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:KC (USA)
  • Local time:11:43 PM

Posted 02 September 2013 - 08:43 PM

and here it is the adwcleaner report after it restarted

 

 

# AdwCleaner v3.002 - Report created 02/09/2013 at 20:35:02
# Updated 01/09/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Hector - MEGATRON
# Running from : C:\Users\Hector\Downloads\from the net\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660


-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Users\Hector\AppData\Roaming\Mozilla\Firefox\Profiles\f2c2bmlm.default-1361421431597\prefs.js ]


*************************

AdwCleaner[R0].txt - [10173 octets] - [02/09/2013 01:41:44]
AdwCleaner[S0].txt - [729 octets] - [02/09/2013 20:35:02]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [788 octets] ##########
 

 

 

The first try back when avg deleted it, it  found threats and thats when it wanted to restart but avg removed adwcleaner before it could reboot the system but now i see no trace of those files, but Internet explorer is still crashing.



#8 buddy215

buddy215

  • Moderator
  • 13,318 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:43 AM

Posted 03 September 2013 - 06:26 AM

I think your adware problem came with this....7-Zip 9.21    Igor Pavlov    8/31/2013    3.54 MB    9.21.00.0

Like most free programs these days, 7-Zip comes with unwanted adware/ crapware.

 

You can follow the instructions for repairing or reinstalling IE in link below.

Repair or reinstall Internet Explorer in Windows

 

Check the add-ons lists in both Firefox and IE for unknown add-ons and remove or disable.

I see you have Win Patrol. You can use it to control programs in startup. No need for most programs

to start when you boot your computer.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#9 Rikersls

Rikersls
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:KC (USA)
  • Local time:11:43 PM

Posted 04 September 2013 - 12:50 AM

after attempting to repair IE and fail, I had to uninstall and reinstall it but now its working normal and still kept my settings from IE9.

And I am not sure how exactly but I was looking for an actress when i clicked on a link (not porno) and it started opening browsers like crazy, I stopped and started scans with AVG and MBAM, i found a few trojans and deleted them but I later found gorilaprice installed. My kids use this computer but they usually tell me when something is wrong or suspicious, this time they had no clue how that program got installed. I uninstalled it 2 times before coming here asking for help on a different post, I was worried after finding more trojans and more unknown programs installed, I think my kids may have done it unknowingly.

 

 

Thank you!



#10 buddy215

buddy215

  • Moderator
  • 13,318 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:43 AM

Posted 04 September 2013 - 05:29 AM

Good....glad you got your IE repaired....

 

What you describe is a driveby install of malware. You can easily prevent that by setting Firefox as your default browser

and installing two add-ons....NoScript and Adblock Plus. NoScript requires a small learning curve...Adblock Plus is a no-brainer.

NoScript Security Suite :: Add-ons for Firefox

Adblock Plus :: Add-ons for Firefox

 

You can block the third party ad/ tracking cookies from installing in your browsers. Follow directions in link below. Once you

have blocked them from installing you will need to remove the ones presently installed. Use SAS for that.

Disable third-party cookies in IE, Firefox, and Google Chrome | How To - CNET


Edited by buddy215, 04 September 2013 - 05:30 AM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#11 Rikersls

Rikersls
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:KC (USA)
  • Local time:11:43 PM

Posted 05 September 2013 - 12:19 AM

Done, added the add-ons for Firefox and set it as my default browser, also used SAS to remove threats and found 5 threats SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 09/05/2013 at 00:12 AM Application Version : 5.6.1032 Core Rules Database Version : 0 Trace Rules Database Version: 0 Scan type : Quick Scan Total Scan Time : 00:03:32 Operating System Information Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601) UAC On - Limited User Memory items scanned : 745 Memory threats detected : 0 Registry items scanned : 60350 Registry threats detected : 0 File items scanned : 10794 File threats detected : 5 Adware.Tracking Cookie C:\Users\Hector\AppData\Roaming\Microsoft\Windows\Cookies\AOAOOA4L.txt [ /c.atdmt.com ] C:\Users\Hector\AppData\Roaming\Microsoft\Windows\Cookies\PXANGCRD.txt [ /atdmt.com ] C:\USERS\HECTOR\AppData\Roaming\Microsoft\Windows\Cookies\Low\WD8DDBOM.txt [ Cookie:hector@doubleclick.net/ ] C:\USERS\HECTOR\Cookies\AOAOOA4L.txt [ Cookie:hector@c.atdmt.com/ ] C:\USERS\HECTOR\Cookies\PXANGCRD.txt [ Cookie:hector@atdmt.com/ ]




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users