Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

think I am infected


  • Please log in to reply
26 replies to this topic

#1 conanpriority

conanpriority

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:05:46 AM

Posted 08 December 2013 - 10:18 PM

Hi , I keep getting this adobe update thing , I had clicked ok then I get a bynch of optimizer/speed up your computer etc stufff, I ran malware and it got rid of it then the adobe thing keeps coming back  screenshot

 


cant see the screenshot?  how to post it??



BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:46 PM

Posted 08 December 2013 - 11:35 PM

Hi conanpriority -
Just try these programs first -

Please print or save these instructions so you do not lose them -

 

Download Security Check by Screen317 from HERE
* Save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: If any security program requests permission to access the Internet, allow it to do so.

 

Next -

Please download and run RKill by Grinler. A black DOS box will briefly flash and then disappear.
This is normal and indicates the tool ran successfully.
If a log is produced, save it, or post it back here -

Important: Do not reboot your computer until you complete the next step.

 

Please download AdwCleaner by Xplode and save to your Desktop.
* Double-click on AdwCleaner.exe to run the tool.
* Vista/Windows 7/8 users right-click and select Run As Administrator.
* Click on the Scan button. (only once)
* AdwCleaner will begin...be patient as the scan may take some time to complete.
* After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
* NOW - Click on the Clean button. (only once)
* Press OK when asked to close all programs and follow the onscreen prompts.
+ Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
* After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
* Copy and paste the contents of that logfile in your next reply.
* A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

 

Next -

Please scan your computer with ESET Online Scanner
Disable active Antivirus and Antimalware programs How To Temporarily Disable Your Anti-virus
This scan is best performed with Internet Explorer, as it uses ActiveX
If you will not use Internet Explorer, then please read item 3 in this post
1 - Open Internet Explorer and hold down Control (Ctrl) key and click on This Link to open ESET OnlineScan in a new window.
2 - Click the ESET Online Scanner button.
3 - For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- a - Click on eset.exe to download the ESET Smart Installer. Save it to your desktop.
- b - Double click on the  icon on your desktop.

Vista / Windows 7 & 8 users may need to Right click on it and select Run as Administrator
4 - Check "YES, I accept the Terms of Use."
5 - Click the Start button.
6 - Accept any security warnings from your browser.
7 - Under scan settings, check "Scan Archives" and "Remove found threats"
8 - Click Advanced settings and select the following:
* Scan potentially unwanted applications
* Scan for potentially unsafe applications
* Enable Anti-Stealth technology

9 - ESET will then download updates for itself, install itself, and begin scanning your computer.
10 - Please be patient as this will take quite some time (first time scans are always longer).
11 - When the scan completes, click List Threats
12 - Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
13 - Click the Back button and then Click the Finish button.
NOTE :Sometimes if ESET finds no infections it will not create a log.
If you lose the log it can be found at C:\Program Files\ESET\EsetOnlineScanner\log.txt
If no infections are found then please tell me -
You can ignore any ESET detection of AdwCleaner...it is a false positive detection.

 

Next -

Please post a snapshot with Speccy for more system details -
How to Publish a snapshot with Speccy <<-- Full Directions Here

 

We will see what results we get so we can diagnose from these -

 

Thanks -



#3 conanpriority

conanpriority
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:05:46 AM

Posted 08 December 2013 - 11:49 PM

thanks for the quick response mate  , 1st step done

 Results of screen317's Security Check version 0.99.77  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 45  
 Adobe Flash Player 11.9.900.152  
 Adobe Reader 10.1.8 Adobe Reader out of Date!  
 Mozilla Firefox (25.0.1)
 Google Chrome 31.0.1650.57  
 Google Chrome 31.0.1650.63  
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast avastui.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 



#4 conanpriority

conanpriority
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:05:46 AM

Posted 08 December 2013 - 11:52 PM

next step

Rkill 2.6.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 12/08/2013 08:50:38 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * C:\Windows\SysWOW64\ASGT.exe (PID: 1920) [WD-HEUR]
 * C:\Users\conan\Downloads\SecurityCheck.exe (PID: 5904) [UP-HEUR]

2 proccesses terminated!

Checking Registry for malware related settings:

 * Explorer Policy Removed:  NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
 C:\Users\conan\Desktop\rkill\rkill-12-08-2013-08-50-44.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 12/08/2013 08:51:28 PM
Execution time: 0 hours(s), 0 minute(s), and 49 seconds(s)
 



#5 conanpriority

conanpriority
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:05:46 AM

Posted 09 December 2013 - 12:02 AM

# AdwCleaner v3.014 - Report created 08/12/2013 at 20:59:24
# Updated 01/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : conan - CONAN-PC
# Running from : C:\Users\conan\Downloads\AdwCleaner(1).exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\conan\AppData\Local\filetypeassistant
File Deleted : C:\Windows\System32\Tasks\NCH Software

***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Users\conan\AppData\Roaming\Mozilla\Firefox\Profiles\ry9tnda6.default\prefs.js ]


-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\conan\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [14789 octets] - [07/12/2013 17:44:05]
AdwCleaner[R1].txt - [1139 octets] - [08/12/2013 20:53:31]
AdwCleaner[S0].txt - [14346 octets] - [07/12/2013 17:53:09]
AdwCleaner[S1].txt - [1067 octets] - [08/12/2013 20:59:24]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1127 octets] ##########
 



#6 conanpriority

conanpriority
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:05:46 AM

Posted 09 December 2013 - 12:08 AM

Sorry I will continue 1st thing in the morning



#7 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:46 PM

Posted 09 December 2013 - 12:19 AM

Take your time -

I will pick it up later ......

 

Click Follow This Topic at the top Right side so you do not lose this -



#8 conanpriority

conanpriority
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:05:46 AM

Posted 09 December 2013 - 09:42 AM

woke up its still scanning



#9 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:46 PM

Posted 09 December 2013 - 12:56 PM

It can take 5 hours sometimes -

 

Just depends on your system .................



#10 conanpriority

conanpriority
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:05:46 AM

Posted 09 December 2013 - 01:44 PM

C:\Users\conan\AppData\Local\Temp\apnpip.exe    a variant of Win32/Bundled.Toolbar.Ask.D application    cleaned by deleting - quarantined
C:\Users\conan\AppData\Local\Temp\APNStub.exe    a variant of Win32/Bundled.Toolbar.Ask application    cleaned by deleting - quarantined
C:\Users\conan\AppData\Local\Temp\109079377.Uninstall\Uninstall.exe    a variant of Win32/InstallCore.AG application    cleaned by deleting - quarantined
C:\Users\conan\AppData\Local\Temp\ICReinstall\cnet_coretemp_coretemp_publisher_4645575_CNET_exe.exe    a variant of Win32/InstallCore.D application    cleaned by deleting - quarantined
C:\Users\conan\AppData\Local\Temp\is1438683437\MyBabylonTB.exe    Win32/Toolbar.Babylon application    cleaned by deleting - quarantined
C:\Users\conan\AppData\Local\Temp\is1590112554\22777882_stp\uninstaller.exe    Win32/InstallCore.AZ application    cleaned by deleting - quarantined
C:\Users\conan\AppData\Local\Temp\is1590112554\22843882_stp\uninstaller.exe    Win32/InstallCore.AZ application    cleaned by deleting - quarantined
C:\Users\conan\AppData\Local\Temp\is1852162411\7940038_stp\PCFixSpeedSetup.exe    multiple threats    cleaned by deleting - quarantined
C:\Users\conan\AppData\Local\Temp\is1852162411\7940173_stp\uninstaller.exe    Win32/InstallCore.AZ application    cleaned by deleting - quarantined
C:\Users\conan\AppData\Local\Temp\is1852162411\9168456_stp\PCFixSpeedSetup.exe    multiple threats    cleaned by deleting - quarantined
C:\Users\conan\AppData\Local\Temp\is1852162411\9168467_stp\uninstaller.exe    Win32/InstallCore.AZ application    cleaned by deleting - quarantined
C:\Users\conan\Documents\APNSetup.exe    Win32/Bundled.Toolbar.Ask.B application    deleted - quarantined
C:\Users\conan\Downloads\ADLSoft_UnCompressor_v2_3.exe    a variant of Win32/InstallCore.AG application    cleaned by deleting - quarantined
C:\Users\conan\Downloads\Alcohol52_FE_2.0.2.3931.exe    a variant of Win32/InstallCore.AF application    cleaned by deleting - quarantined
C:\Users\conan\Downloads\setup(1).exe    a variant of Win32/Induc.A virus    cleaned by deleting - quarantined
 



#11 conanpriority

conanpriority
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:05:46 AM

Posted 09 December 2013 - 01:48 PM

http://speccy.piriform.com/results/aunpucp4npNvV4TYgdzHTJy



#12 conanpriority

conanpriority
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:05:46 AM

Posted 09 December 2013 - 01:53 PM

I think I  got it all  ?



#13 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:46 PM

Posted 09 December 2013 - 04:04 PM

Hi -

That looks a lot better. Mainly smaller bits, but enough to annoy you.

 

How are things now ??



#14 conanpriority

conanpriority
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:05:46 AM

Posted 09 December 2013 - 09:22 PM

not sure i'm good yet

http://s928.photobucket.com/user/conan_brown1/media/newscreenshot_zpsc30d8c80.png.html

file:///C:/Users/conan/Desktop/screenshot.jpg



#15 conanpriority

conanpriority
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:05:46 AM

Posted 09 December 2013 - 09:23 PM

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.07.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16428
conan :: CONAN-PC [administrator]

12/9/2013 6:16:14 PM
mbam-log-2013-12-09 (18-16-14).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 216713
Time elapsed: 5 minute(s), 22 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\conan\AppData\Local\Temp\ICReinstall_SoftwareUpdateSetup.exe (PUP.Optional.Installcore) -> Quarantined and deleted successfully.
C:\Users\conan\AppData\Local\Temp\SoftwareUpdateSetup.exe (PUP.Optional.Installcore) -> Quarantined and deleted successfully.

(end)
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users