Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Did I uninstall all the malware? How can I check?


  • Please log in to reply
5 replies to this topic

#1 Dodoram

Dodoram

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:02:58 AM

Posted 03 January 2014 - 07:42 AM

Yesterday I downloaded a free tool to covert PDFs to Word after reading review on CNET which said that this has no viruses and Malware. I don't think I used the download link on CNET but clicked on the company's link and downloaded from their site. (I don't know if this made a difference). The installer gave me an option to install tool bar and something else on step 1/7, I unchecked this. From Step 2 on, there were no boxes to check/uncheck - So I went fast clicking the "next" button (or the button where you usually find the next button). On step 6 (or 7) , I noticed that this button was not titled "next" but "accept" - So I was accepting to install some ad software mentioned on those pages - (To be fair to this company, they did give a decline option as well - noticed it very late). So I thought I already did enough damage and declining at this stage will not even get me the tool. So I accepted the next one and installed the tool. From then on, every time I visited any page, there were large ads at the bottom of every page I visited. And several pop ups.

 

I went to control panel and uninstalled the programs that were shown as installed yesterday. I do not see ads now. Malwarebytes gave the following log. I "removed" the malware listed by selecting the remove option in MalwareBytes.  Microsoft Security essentials did not report any viruses but I am really worried about what all I installed that does not give me an option to uninstall in the control panel. Can you pls help ensure my computer is clean? Shall I post my hijackthis log?

 

1/3/2014 7:55:31 AM
mbam-log-2014-01-03 (07-55-31).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 266178
Time elapsed: 2 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 1
C:\Users\Arun\AppData\Roaming\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> Delete on reboot.

Registry Keys Detected: 2
HKCR\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9} (PUP.Optional.OutBrowse) -> Quarantined and deleted successfully.
HKCR\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534} (PUP.Optional.OutBrowse) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|NextLive (PUP.Optional.NextLive.A) -> Data: C:\Windows\SysWOW64\rundll32.exe "C:\Users\Arun\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 2
C:\Users\Arun\AppData\Roaming\newnext.me (PUP.Optional.NextLive.A) -> Delete on reboot.
C:\Users\Arun\AppData\Roaming\newnext.me\cache (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.

Files Detected: 5
C:\Users\Arun\AppData\Local\Temp\DownloadManager.exe (PUP.Optional.OutBrowse) -> Quarantined and deleted successfully.
C:\Users\Arun\AppData\Local\Temp\dlmA73B.tmp\pdftoword_setup.exe (PUP.Optional.OutBrowse) -> Quarantined and deleted successfully.
C:\Users\Arun\AppData\Roaming\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> Delete on reboot.
C:\Users\Arun\AppData\Roaming\newnext.me\nengine.cookie (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.
C:\Users\Arun\AppData\Roaming\newnext.me\cache\spark.bin (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.

(end)


Edited by Dodoram, 03 January 2014 - 08:45 AM.


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,590 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:58 AM

Posted 03 January 2014 - 10:33 PM

HijackThis only scans certain areas of a computer's system/registry to help diagnose the presence of undetected malware in known hiding places. Given the sophistication of malware hiding techniques used by attackers in today's environment, HijackThis is limited in its ability to detect infection and generate a report outside these known hiding places. This limitation has made its usefulness nearly obsolete since a HijackThis log cannot reveal all the malware residing on a computer. As such, HijackThis has been replaced by other preferred tools like DDS, OTL and RSIT that provide comprehensive logs with specific details about more areas of a computer's system, files, folders and registry keys which may have been modified by malware infection. However, HijackThis logs and logs created by any of the replacement tools are not permitted in this forum.

Try using a third-party utility like Revo Uninstaller Free or Portable which provides a listing of all installed software by installation date and when removing a program, Revo does a more comprehensive job of searching for and removing related registry entries, files and folders.

After doing the above...continue as follows:

Please download and use the following tools (in the order listed) which will search for and remove many potentially unwanted programs (PUPs), adware, toolbars, browser hijackers, extensions, add-ons and other junkware as well as related registry entries (values, keys) and remnants.

RKill created by Grinler (aka Lawrence Abrams), the site owner of BleepingComputer.
AdwCleaner created by Xplode.
Junkware Removal Tool created by thisisu.

1. Double-click on RKill to launch the tool. A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

Important: Do not reboot your computer until you complete the next step.

2. Double-click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on each one and uncheck any items you want to keep (except you cannot uncheck Chrome and Firefox preferences lines).


Close all open programs and shut down any protection/security software to avoid potential conflicts.

3. Double-click on JRT.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log file named JRT.txt will automatically open and be saved to your Desktop.
  • Copy and paste the contents of JRT.txt in your next reply.
4. As a final step, rescan again with Malwarebytes Anti-Malware.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Dodoram

Dodoram
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:02:58 AM

Posted 04 January 2014 - 07:05 PM

Thanks. The logs appear pretty clean. Please see below. Do these two tools check for only adware or adware and other virus types of threats as well? Microsoft Security essentials did not report any viruses, but does it mean I do not have any viruses? Is there any thing I can do I can ensure my system is clean of viruses as well?

 

 

 

AdwCleaner[R3].txt - [1188 octets] - [04/01/2014 18:47:58]
AdwCleaner[S0].txt - [1750 octets] - [03/01/2014 13:05:11]
AdwCleaner[S1].txt - [1068 octets] - [04/01/2014 15:18:45]
AdwCleaner[S2].txt - [1110 octets] - [04/01/2014 18:48:59]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1170 octets] ##########

---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.9 (01.01.2014:1)
OS: Windows 7 Professional x64
Ran by Arun on Sat 01/04/2014 at 18:54:42.04
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ FireFox

Emptied folder: C:\Users\Arun\AppData\Roaming\mozilla\firefox\profiles\tz8onojq.default\minidumps [1 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 01/04/2014 at 18:58:11.60
End of JRT log
~~~~~~~~~~~~~~~~~



#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,590 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:58 AM

Posted 04 January 2014 - 08:41 PM

As I said both tools will search for and remove many potentially unwanted programs (PUPs), adware, toolbars, browser hijackers, extensions, add-ons and other junkware as well as related registry entries (values, keys) and remnants.

Apparently the download you used to install was not bundled with a whole lot of junkware.

Usually when a computer is infected with malware there will be indications (signs of infection) something is wrong.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 Dodoram

Dodoram
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:02:58 AM

Posted 05 January 2014 - 10:59 AM

Thank you very much for yall our help.

 

Arun



#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,590 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:58 AM

Posted 05 January 2014 - 12:46 PM

You're welcome.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users