Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pop ups and ads


  • Please log in to reply
19 replies to this topic

#1 bizemom365

bizemom365

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Visalia, CA
  • Local time:05:27 AM

Posted 19 December 2013 - 01:20 PM

H there. I am running windows 8, but kids download games. Though many of them are from steam, my 11 year old likes to download weird ones. can you please help to see if I am infected with any virus or malware?

 

Thanks,

 

 



BC AdBot (Login to Remove)

 


#2 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:01:27 PM

Posted 19 December 2013 - 01:44 PM

Hi bizemom365,
 
Download and run these for me:


Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

---------
 
thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

--------
 
Please download Malwarebytes Anti-Malware mbamicontw5.gif and save it to your desktop.

  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
  • Double-click on the renamed file to install, then follow these instructions
  • for doing a Quick Scan in normal mode.
  • Don't forget to check for database definition updates through the program's interface (preferable method) before scanning.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues

Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • After completing the scan, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab .
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.

Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.
 
xXToffeeXx~


Edited by xXToffeeXx, 19 December 2013 - 01:50 PM.

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#3 bizemom365

bizemom365
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Visalia, CA
  • Local time:05:27 AM

Posted 20 December 2013 - 06:53 PM

# AdwCleaner v3.015 - Report created 20/12/2013 at 15:46:39
# Updated 10/12/2013 by Xplode
# Operating System : Windows 8.1  (64 bits)
# Username : Office - 2013-OFFICE-PC
# Running from : C:\Users\Office\Downloads\AdwCleaner (1).exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\ProgramData\VisualBee
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Performer
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\pc speed up
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\File Type Helper
Folder Deleted : C:\Program Files (x86)\Searchprotect
Folder Deleted : C:\Program Files\Linksicle
Folder Deleted : C:\Users\Office\AppData\Local\Conduit
Folder Deleted : C:\Users\Office\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\Office\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Office\AppData\LocalLow\Delta
Folder Deleted : C:\Users\Office\AppData\Roaming\PerformerSoft
Folder Deleted : C:\Users\Office\AppData\Roaming\Searchprotect
Folder Deleted : C:\Users\Office\AppData\Roaming\Mozilla\Firefox\Profiles\gb4h5cze.default\CT3279412
Folder Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\ffxtlbr@babylon.com
Folder Deleted : C:\Users\Office\AppData\Roaming\Mozilla\Firefox\Profiles\gb4h5cze.default\Extensions\speedanalysis03@SpeedAnalysis.com
Folder Deleted : C:\Users\Office\AppData\Roaming\Mozilla\Firefox\Profiles\gb4h5cze.default\Extensions\zulagames@ZulaGames.com
Folder Deleted : C:\Users\Office\AppData\Roaming\Mozilla\Firefox\Profiles\gb4h5cze.default\Extensions\{976cd962-e0ca-4337-aea7-d93fae63a79c}
File Deleted : C:\Users\Office\AppData\Roaming\Mozilla\Firefox\Profiles\gb4h5cze.default\Extensions\pricepeep@getpricepeep.com.xpi
File Deleted : C:\Users\Office\AppData\Roaming\Mozilla\Firefox\Profiles\[ofr2][opt]rs1\Extensions\pricepeep@getpricepeep.com.xpi
File Deleted : C:\END
File Deleted : C:\WINDOWS\System32\roboot64.exe
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\nsprotector.js
File Deleted : C:\Users\Office\AppData\Roaming\Mozilla\Firefox\Profiles\gb4h5cze.default\searchplugins\Conduit.xml
File Deleted : C:\Users\Office\AppData\Roaming\Mozilla\Firefox\Profiles\gb4h5cze.default\user.js
File Deleted : C:\Users\Office\AppData\Roaming\Mozilla\Firefox\Profiles\[ofr2][opt]rs1\user.js
File Deleted : C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage
File Deleted : C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage-journal
File Deleted : C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_fastcontent.conduit.com_0.localstorage
File Deleted : C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_fastcontent.conduit.com_0.localstorage-journal
File Deleted : C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Deleted : C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
File Deleted : C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www2.delta-search.com_0.localstorage
File Deleted : C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www2.delta-search.com_0.localstorage-journal
File Deleted : C:\WINDOWS\System32\Tasks\PC Performer
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jainjonnknhmbbkibcbmhihbopigapdm
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\nbmafkdmkkckhggblphicnnhlgljnoje
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\babylon.com
Key Deleted : HKLM\SOFTWARE\Classes\*\shell\filescout
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Key Deleted : HKLM\SOFTWARE\d28888b63bb840
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3279412
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{878B8524-AED5-4870-9A96-A515440DAC75}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422412272}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466416672}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{878B8524-AED5-4870-9A96-A515440DAC75}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{878B8524-AED5-4870-9A96-A515440DAC75}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2A836234-186C-41A0-9863-40BECDEDED9F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{878B8524-AED5-4870-9A96-A515440DAC75}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{878B8524-AED5-4870-9A96-A515440DAC75}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{878B8524-AED5-4870-9A96-A515440DAC75}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{878B8524-AED5-4870-9A96-A515440DAC75}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{24F3378A-5B52-491F-AD90-88D583C42C77}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{2AD2D8CA-D24D-40D2-A8FC-46952409BA9A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{58B849FB-ECBE-4F1B-BEE0-2DC418CF68F7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A66261FC-B82E-4EC7-9F6D-C2F36B871DF0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{ACE0D5AB-50C8-4052-BD02-977569E56291}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422412272}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{17F7D2B4-126F-4567-9FDB-563C2D907A92}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466416672}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2AD2D8CA-D24D-40D2-A8FC-46952409BA9A}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A66261FC-B82E-4EC7-9F6D-C2F36B871DF0}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Delta
Key Deleted : HKCU\Software\installedbrowserextensions
Key Deleted : HKCU\Software\InstalledThirdPartyPrograms
Key Deleted : HKCU\Software\PerformerSoft
Key Deleted : HKCU\Software\powerpack
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\smartbarbackup
Key Deleted : HKCU\Software\smartbarlog
Key Deleted : HKCU\Software\visualbee
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Delta
Key Deleted : HKLM\Software\Fast Free Converter
Key Deleted : HKLM\Software\PerformerSoft
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\visualbee
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\zulagames
Key Deleted : [x64] HKLM\SOFTWARE\InstalledThirdPartyPrograms
Key Deleted : [x64] HKLM\SOFTWARE\Speedchecker Limited
Key Deleted : [x64] HKLM\SOFTWARE\Updater By Sweetpacks
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Lizardlink
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16384


#4 bizemom365

bizemom365
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Visalia, CA
  • Local time:05:27 AM

Posted 20 December 2013 - 07:00 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 8.1 x64
Ran by Office on Fri 12/20/2013 at 15:55:01.92
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\dw7
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2098360642-3775864519-2567998840-1001\Software\sweetim
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110111251155}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110111251155}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EEEFA2A7-017B-4ACA-8891-7BBBCD7E38AC}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\Office\appdata\local\cre"
Failed to delete: [Folder] "C:\WINDOWS\syswow64\ai_recyclebin"
 
 
 
~~~ FireFox
 
Successfully deleted: [Folder] C:\Users\Office\AppData\Roaming\mozilla\firefox\profiles\gb4h5cze.default\extensions\a6ccd3b6-756e-4958-a42d-862e7cadb3dd@083273b9-e311-43aa-9a4f-e2ffa7fb013e.com
Successfully deleted: [Folder] C:\Users\Office\AppData\Roaming\mozilla\firefox\profiles\gb4h5cze.default\extensions\staged
Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{a131ab52-77f3-4bd7-acc7-e2dfdfd298f0}
Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{a131ab52-77f3-4bd7-acc7-e2dfdfd298f0}
 
 
 
~~~ Chrome


#5 bizemom365

bizemom365
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Visalia, CA
  • Local time:05:27 AM

Posted 20 December 2013 - 07:09 PM

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.12.19.08
 
Windows 8 x64 NTFS
Internet Explorer 11.0.9600.16476
Office :: 2013-OFFICE-PC [administrator]
 
12/20/2013 4:02:21 PM
mbam-log-2013-12-20 (16-02-21).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 221785
Time elapsed: 6 minute(s), 26 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)


#6 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:01:27 PM

Posted 21 December 2013 - 05:21 AM

Hi bizemom365,

 

How is your computer running now, any pop-ups?

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#7 bizemom365

bizemom365
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Visalia, CA
  • Local time:05:27 AM

Posted 27 December 2013 - 04:40 PM

Yes I am still having the problem. sorry I've been busy with the Christmas holiday.



#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:27 AM

Posted 27 December 2013 - 09:55 PM

If I may just jump in for a moment.. What browser(s) are you running?

Run TdssKiller and see.



Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 bizemom365

bizemom365
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Visalia, CA
  • Local time:05:27 AM

Posted 28 December 2013 - 01:28 PM

I am running google chrome as my browser.



#10 bizemom365

bizemom365
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Visalia, CA
  • Local time:05:27 AM

Posted 28 December 2013 - 01:31 PM

nothing infected



#11 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:01:27 PM

Posted 28 December 2013 - 02:41 PM

Hi bizemom365,

 

Can you try to reset Google Chrome using the instructions here, and see if that makes a difference.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#12 bizemom365

bizemom365
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Visalia, CA
  • Local time:05:27 AM

Posted 30 December 2013 - 03:20 PM

I'm not able to reset my browser. When I click show advanced settings, I can not find "reset browser settings" section.

Any ideas why?

 

Thanks



#13 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:01:27 PM

Posted 30 December 2013 - 03:27 PM

Hi bizemom365,

 

Have you gone right down to the bottom of the options? You might be running an old version of chrome, see here on how to check if there are any updates (try the manual option).

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#14 bizemom365

bizemom365
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Visalia, CA
  • Local time:05:27 AM

Posted 30 December 2013 - 03:48 PM

For some reason it says updates are disabled by admin.  I am the admin. Not sure how to change the setting.



#15 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:01:27 PM

Posted 30 December 2013 - 04:29 PM

Hi bizemom365,
 
It seems there may be some registry settings which may have been set to stop you from updating. I would like to query this, so do this for me please:
 
Export a registry key using a batch script:

  • Copy and paste the following text into the notepad document:
@echo off
del "%userprofile%\desktop\look.txt"
REG EXPORT "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google" "%userprofile%\desktop\look.txt"
notepad "%userprofile%\desktop\look.txt"
  • Click on File, then Save As...
  • Click on your Desktop as the save location, then in the file name box type: find.bat
  • Click save and close the notepad document.
  • Double-click the file find.bat on your desktop.
  • cmd should appear and disappear quickly, and a text file named look should be on the desktop.
  • Open look and paste it into your next reply.
  • Right-click on find.bat and click Delete, then click Yes to confirm.

 

xXToffeeXx~


Edited by xXToffeeXx, 30 December 2013 - 04:30 PM.

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users