Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Web Attack: Ransomlock website


  • Please log in to reply
17 replies to this topic

#1 Cyanide x

Cyanide x

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:09 AM

Posted 14 January 2014 - 03:27 PM

Hi,

Over the past three days I have been recieving periodic notifications from Norton Internet Security that say the following:

"Norton blocked an attack by: Web Attack: Ransomlock Website."

I've run two virus scans and used the norton power eraser tool to try and eliminate any potential viruses that might be on my computer. Nothing came up other than tracking cookies. I've also cleared my browser cache. I've also use malwarebytes to scan my computer for any additional malware on my system and nothing has come up. I was told on the Norton Forums that this community might be able to assist me better in stopping these web attacks. Does anyone have any ideas on what I should do?


Edited by Cyanide x, 14 January 2014 - 03:28 PM.


BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:09 PM

Posted 14 January 2014 - 04:14 PM

Hi -

Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

* Double-click on the Rkill desktop icon to run the tool.
* If using Vista or Windows 7 right-click on it and choose Run As Administrator.
* A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
* If not, delete the file, then download and use the one provided in Link 2.
* Do not reboot until instructed.
* If the tool does not run from any of the links provided, please let me know.

NOTE - If normal mode still doesn't work, run the tool from safe mode.
When the scan is done Notepad will open with rKill log.
Post it in your next reply.
NOTE. rKill.txt log will also be present on your desktop.

 

NOTE -  Do not reboot until instructed

 

 

Download Malwarebytes' Anti-Malware Free (aka MBAM): to your desktop.
- Do not accept the Free Trial Version at this time -
* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Full Scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer if requested.
The log can also be found here:

C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

 

 

See the results after these.


Edited by noknojon, 14 January 2014 - 04:17 PM.


#3 Cyanide x

Cyanide x
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:09 AM

Posted 14 January 2014 - 05:26 PM

From RKill. In the process of doing the second step with MBAM
 

Rkill 2.6.5 by Lawrence Abrams (Grinler)
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 01/14/2014 04:22:19 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
Checking Windows Service Integrity: 
 
 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Manual
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 01/14/2014 04:25:22 PM
Execution time: 0 hours(s), 3 minute(s), and 3 seconds(s)


#4 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:09 PM

Posted 14 January 2014 - 05:36 PM

After you post the MBAM logs, also give Hitman Pro a quick run -

 

Please download HitmanPro. to your desktop.

 

* HitmanPro (32bit)
* HitmanPro (64bit)
* Launch the program by double clicking on HitmanPro.exe.
* Windows Vista/7 users right click on the HitmanPro icon and select run as administrator.
* Click on the next button. You must agree with the terms of EULA.
* Check the box beside "No, I only want to perform a one-time scan to check this computer".
* Click on the next button.
* The program will start to scan the computer.

* The scan will typically take no more than 2 to 4 minutes, depending on your system.
* Click on the next button and choose the option activate free license
* Click on the next button and the infections where will be deleted.
* Click now on the Save Log option and save this log to your desktop.
* Click on the next button and restart the computer.
* Copy the information of HitmanPro_2014 xxxx_1239.log in your next reply

 

Thanks -


Edited by noknojon, 14 January 2014 - 05:38 PM.


#5 Cyanide x

Cyanide x
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:09 AM

Posted 14 January 2014 - 05:38 PM

Should I restart my computer after the MBAM or wait and run the HitmanPro and then restart it?

 

EDIT: Just gonna say they tried attacking again. I was under the impression that RKill would disable whatever is attempting to attack my computer.


Edited by Cyanide x, 14 January 2014 - 05:40 PM.


#6 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:09 PM

Posted 14 January 2014 - 06:06 PM

Only if MBAM asks for a reboot to remove problem programs -

 

Thanks -



#7 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:09 PM

Posted 14 January 2014 - 06:09 PM

From Rkill ( this normally looks OK )
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
Apart from Norton Internet Security that say the following:
"Norton blocked an attack by: Web Attack: Ransomlock Website."
 
Do you have any symptoms of infection ??

Edited by noknojon, 14 January 2014 - 06:13 PM.


#8 Cyanide x

Cyanide x
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:09 AM

Posted 14 January 2014 - 06:33 PM

"Apart from Norton Internet Security that say the following:

"Norton blocked an attack by: Web Attack: Ransomlock Website."
 
Do you have any symptoms of infection ??"
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
None at all. Whenever I click on details though I found out that all these attacks occur simultaneously with another notification that says "IPS Detection Statistical Submission." I'm not sure what that is but I think it's Norton just taking note of who is doing whatever it is they're doing.

I went to the full history for Norton and noticed something odd though. About 5 days ago there was an activity reported that says "Unauthorized access blocked (Open File)" and there are about 30 reports that happened in a very short amount of time (they literally happened within seconds of one another). This has happened on the 9th and the 12th, the 13th, and a little bit more on the 14th.

One of the more recent ones says "Unauthorized access blocked (access process data)". 
 
This is all in the security log report provided by norton.

Edited by Cyanide x, 14 January 2014 - 06:36 PM.


#9 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:09 PM

Posted 14 January 2014 - 06:41 PM

OK -

Just complete the scans I have left, and post the results.

Only if you find other symptoms can we continue after these scans -

 

Thanks



#10 Cyanide x

Cyanide x
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:09 AM

Posted 14 January 2014 - 07:08 PM

MBAM Log

 

(no malicious files were found)

 

Malwarebytes Anti-Malware 

www.malwarebytes.org
 
Database version: v2014.01.14.08
 
1/14/2014 4:30:21 PM
mbam-log-2014-01-14 (16-30-21).txt
 
Scan type: Full scan (C:\|D:\|E:\|F:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 369336
Time elapsed: 1 hour(s), 34 minute(s), 48 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)


#11 Cyanide x

Cyanide x
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:09 AM

Posted 14 January 2014 - 07:31 PM

Hitman Pro log

 

HitmanPro 3.7.8.208
www.hitmanpro.com
 
   Computer name . . . . : MATTHEW-HP
   Windows . . . . . . . : 6.1.1.7601.X64/4
   User name . . . . . . : Matthew-HP\Matthew
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Trial (31 days left)
 
   Scan date . . . . . . : 2014-01-14 18:16:16
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 12m 12s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : Yes
 
   Threats . . . . . . . : 0
   Traces  . . . . . . . : 100
 
   Objects scanned . . . : 1,506,778
   Files scanned . . . . : 28,063
   Remnants scanned  . . : 363,238 files / 1,115,477 keys
 
Potential Unwanted Programs _________________________________________________
 
   C:\Program Files (x86)\Conduit\ (Conduit)
   C:\Program Files (x86)\Conduit\CT3227981\plugins\ (Conduit)
   C:\Program Files (x86)\Conduit\CT3227981\plugins\TBVerifier.dll (Conduit)
      Size . . . . . . . : 287,008 bytes
      Age  . . . . . . . : 167.4 days (2013-07-31 07:34:43)
      Entropy  . . . . . : 6.5
      SHA-256  . . . . . : 221FBE42E37881EC63C7840B15266C0DABB2C0FDC12D03D12057952BBC7B4926
      Product  . . . . . : Conduit Toolbar Verifier
      Publisher  . . . . : Conduit Ltd.
      Description  . . . : Conduit Toolbar Verifier
      Version  . . . . . : 1.0.4.0
      Copyright  . . . . : Copyright © 2013 All Rights Reserved
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : -15.0
 
   C:\Users\Matthew\AppData\Local\Conduit\ (Rocketfuel)
   C:\Users\Matthew\AppData\LocalLow\Conduit\ (Rocketfuel)
   C:\Users\Matthew\AppData\LocalLow\Conduit\ChromeExtData\mmlkabjddkpgkgfhdhpimhcbonapngoh\Repository\ (Rocketfuel)
   C:\Users\Matthew\AppData\LocalLow\Conduit\ChromeExtData\mmlkabjddkpgkgfhdhpimhcbonapngoh\Repository\CT3227981.1000082.currentList.txt (Rocketfuel)
   C:\Users\Matthew\AppData\LocalLow\Conduit\ChromeExtData\mmlkabjddkpgkgfhdhpimhcbonapngoh\Repository\CT3227981.1000082.localStations.txt (Rocketfuel)
   C:\Users\Matthew\AppData\LocalLow\Conduit\ChromeExtData\mmlkabjddkpgkgfhdhpimhcbonapngoh\Repository\CT3227981.1000082.nowPlaying.txt (Rocketfuel)
   C:\Users\Matthew\AppData\LocalLow\Conduit\ChromeExtData\mmlkabjddkpgkgfhdhpimhcbonapngoh\Repository\CT3227981.1000082.publisherStations.txt (Rocketfuel)
   C:\Users\Matthew\AppData\LocalLow\Conduit\ChromeExtData\mmlkabjddkpgkgfhdhpimhcbonapngoh\Repository\CT3227981.129837882913311618.search.selectedEngineId.txt (Rocketfuel)
   C:\Users\Matthew\AppData\LocalLow\Conduit\ChromeExtData\mmlkabjddkpgkgfhdhpimhcbonapngoh\Repository\CT3227981.129837882913311618.search.settings.txt (Rocketfuel)
   C:\Users\Matthew\AppData\LocalLow\Conduit\ChromeExtData\mmlkabjddkpgkgfhdhpimhcbonapngoh\Repository\CT3227981.129837882913311618.search.user-enlargeBoxSettings.txt (Rocketfuel)
   C:\Users\Matthew\AppData\LocalLow\Conduit\ChromeExtData\mmlkabjddkpgkgfhdhpimhcbonapngoh\Repository\CT3227981.appOptions.txt (Rocketfuel)
   C:\Users\Matthew\AppData\LocalLow\Conduit\ChromeExtData\mmlkabjddkpgkgfhdhpimhcbonapngoh\Repository\CT3227981.installUsage.txt (Rocketfuel)
   C:\Users\Matthew\AppData\LocalLow\Conduit\ChromeExtData\mmlkabjddkpgkgfhdhpimhcbonapngoh\Repository\CT3227981.installUsageEarly.txt (Rocketfuel)
   C:\Users\Matthew\AppData\LocalLow\Conduit\ChromeExtData\mmlkabjddkpgkgfhdhpimhcbonapngoh\Repository\CT3227981.NOTIFICATION_ID.notifications-repository.txt (Rocketfuel)
   C:\Users\Matthew\AppData\LocalLow\Conduit\ChromeExtData\mmlkabjddkpgkgfhdhpimhcbonapngoh\Repository\CT3227981.NOTIFICATION_ID.notifications-service_1663750.txt (Rocketfuel)
   C:\Users\Matthew\AppData\LocalLow\Conduit\ChromeExtData\mmlkabjddkpgkgfhdhpimhcbonapngoh\Repository\CT3227981.NOTIFICATION_ID.notifications-servicemap.txt (Rocketfuel)
   C:\Users\Matthew\AppData\LocalLow\Conduit\ChromeExtData\mmlkabjddkpgkgfhdhpimhcbonapngoh\Repository\CT3227981.NotificationSettings.txt (Rocketfuel)
   C:\Users\Matthew\AppData\LocalLow\Conduit\ChromeExtData\mmlkabjddkpgkgfhdhpimhcbonapngoh\Repository\CT3227981.searchProtectorData.txt (Rocketfuel)
   C:\Users\Matthew\AppData\LocalLow\Conduit\ChromeExtData\mmlkabjddkpgkgfhdhpimhcbonapngoh\Repository\CT3227981_10.16.70.1.serviceLayer_services_appsMetadata.txt (Rocketfuel)
   C:\Users\Matthew\AppData\LocalLow\Conduit\ChromeExtData\mmlkabjddkpgkgfhdhpimhcbonapngoh\Repository\CT3227981_10.16.70.1.serviceLayer_services_appTrackingFirstTime.txt (Rocketfuel)
   C:\Users\Matthew\AppData\LocalLow\Conduit\ChromeExtData\mmlkabjddkpgkgfhdhpimhcbonapngoh\Repository\CT3227981_10.16.70.1.serviceLayer_services_Configuration.txt (Rocketfuel)
   C:\Users\Matthew\AppData\LocalLow\Conduit\ChromeExtData\mmlkabjddkpgkgfhdhpimhcbonapngoh\Repository\CT3227981_10.16.70.1.serviceLayer_services_gottenAppsContextMenu.txt (Rocketfuel)
   C:\Users\Matthew\AppData\LocalLow\Conduit\ChromeExtData\mmlkabjddkpgkgfhdhpimhcbonapngoh\Repository\CT3227981_10.16.70.1.serviceLayer_services_login.txt (Rocketfuel)
   C:\Users\Matthew\AppData\LocalLow\Conduit\ChromeExtData\mmlkabjddkpgkgfhdhpimhcbonapngoh\Repository\CT3227981_10.16.70.1.serviceLayer_services_otherAppsContextMenu.txt (Rocketfuel)
   C:\Users\Matthew\AppData\LocalLow\Conduit\ChromeExtData\mmlkabjddkpgkgfhdhpimhcbonapngoh\Repository\CT3227981_10.16.70.1.serviceLayer_services_searchAPI.txt (Rocketfuel)
   C:\Users\Matthew\AppData\LocalLow\Conduit\ChromeExtData\mmlkabjddkpgkgfhdhpimhcbonapngoh\Repository\CT3227981_10.16.70.1.serviceLayer_services_serviceMap.txt (Rocketfuel)
   C:\Users\Matthew\AppData\LocalLow\Conduit\ChromeExtData\mmlkabjddkpgkgfhdhpimhcbonapngoh\Repository\CT3227981_10.16.70.1.serviceLayer_services_toolbarContextMenu.txt (Rocketfuel)
   C:\Users\Matthew\AppData\LocalLow\Conduit\ChromeExtData\mmlkabjddkpgkgfhdhpimhcbonapngoh\Repository\CT3227981_10.16.70.1.serviceLayer_services_toolbarSettings.txt (Rocketfuel)
   C:\Users\Matthew\AppData\LocalLow\Conduit\ChromeExtData\mmlkabjddkpgkgfhdhpimhcbonapngoh\Repository\CT3227981_10.16.70.1.serviceLayer_services_translation.txt (Rocketfuel)
   C:\Users\Matthew\AppData\LocalLow\Conduit\ChromeExtData\mmlkabjddkpgkgfhdhpimhcbonapngoh\Repository\CT3227981_RAW.serviceLayer_services_appsMetadata.txt (Rocketfuel)
   C:\Users\Matthew\AppData\LocalLow\Conduit\ChromeExtData\mmlkabjddkpgkgfhdhpimhcbonapngoh\Repository\CT3227981_RAW.serviceLayer_services_appTrackingFirstTime.txt (Rocketfuel)
   C:\Users\Matthew\AppData\LocalLow\Conduit\ChromeExtData\mmlkabjddkpgkgfhdhpimhcbonapngoh\Repository\CT3227981_RAW.serviceLayer_services_Configuration.txt (Rocketfuel)
   C:\Users\Matthew\AppData\LocalLow\Conduit\ChromeExtData\mmlkabjddkpgkgfhdhpimhcbonapngoh\Repository\CT3227981_RAW.serviceLayer_services_gottenAppsContextMenu.txt (Rocketfuel)
   C:\Users\Matthew\AppData\LocalLow\Conduit\ChromeExtData\mmlkabjddkpgkgfhdhpimhcbonapngoh\Repository\CT3227981_RAW.serviceLayer_services_login.txt (Rocketfuel)
   C:\Users\Matthew\AppData\LocalLow\Conduit\ChromeExtData\mmlkabjddkpgkgfhdhpimhcbonapngoh\Repository\CT3227981_RAW.serviceLayer_services_otherAppsContextMenu.txt (Rocketfuel)
   C:\Users\Matthew\AppData\LocalLow\Conduit\ChromeExtData\mmlkabjddkpgkgfhdhpimhcbonapngoh\Repository\CT3227981_RAW.serviceLayer_services_searchAPI.txt (Rocketfuel)
   C:\Users\Matthew\AppData\LocalLow\Conduit\ChromeExtData\mmlkabjddkpgkgfhdhpimhcbonapngoh\Repository\CT3227981_RAW.serviceLayer_services_serviceMap.txt (Rocketfuel)
   C:\Users\Matthew\AppData\LocalLow\Conduit\ChromeExtData\mmlkabjddkpgkgfhdhpimhcbonapngoh\Repository\CT3227981_RAW.serviceLayer_services_toolbarContextMenu.txt (Rocketfuel)
   C:\Users\Matthew\AppData\LocalLow\Conduit\ChromeExtData\mmlkabjddkpgkgfhdhpimhcbonapngoh\Repository\CT3227981_RAW.serviceLayer_services_toolbarSettings.txt (Rocketfuel)
   C:\Users\Matthew\AppData\LocalLow\Conduit\ChromeExtData\mmlkabjddkpgkgfhdhpimhcbonapngoh\Repository\CT3227981_RAW.serviceLayer_services_translation.txt (Rocketfuel)
   C:\Users\Matthew\AppData\LocalLow\Conduit\ChromeExtData\mmlkabjddkpgkgfhdhpimhcbonapngoh\Repository\toolbar_initializing_logger.txt.txt (Rocketfuel)
   C:\Users\Matthew\AppData\LocalLow\Conduit\ChromeExtData\mmlkabjddkpgkgfhdhpimhcbonapngoh\Repository\ToolbarFullUserID.txt (Rocketfuel)
   C:\Users\Matthew\AppData\LocalLow\Conduit\ChromeExtData\mmlkabjddkpgkgfhdhpimhcbonapngoh\Repository\ToolbarUserID.txt (Rocketfuel)
   C:\Users\Matthew\AppData\LocalLow\Conduit\ChromeExtData\mmlkabjddkpgkgfhdhpimhcbonapngoh\Repository\uninstallData.txt (Rocketfuel)
   C:\Users\Matthew\AppData\LocalLow\Conduit\ChromeExtData\mmlkabjddkpgkgfhdhpimhcbonapngoh\Repository\uninstallUrl.txt (Rocketfuel)
   C:\Users\Matthew\AppData\LocalLow\Conduit\Community Alerts\Dialogs\ (Rocketfuel)
   C:\Users\Matthew\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\ (Rocketfuel)
   C:\Users\Matthew\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\AppNotification.js (Rocketfuel)
   C:\Users\Matthew\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\ (Rocketfuel)
   C:\Users\Matthew\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\close.png (Rocketfuel)
   C:\Users\Matthew\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\ (Rocketfuel)
   C:\Users\Matthew\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\close.png (Rocketfuel)
   C:\Users\Matthew\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\closeBtn.png (Rocketfuel)
   C:\Users\Matthew\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\Next.png (Rocketfuel)
   C:\Users\Matthew\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\Next_hover.png (Rocketfuel)
   C:\Users\Matthew\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\powered-by.png (Rocketfuel)
   C:\Users\Matthew\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\Prev.png (Rocketfuel)
   C:\Users\Matthew\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\Prev_hover.png (Rocketfuel)
   C:\Users\Matthew\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\settings.png (Rocketfuel)
   C:\Users\Matthew\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\settingsBtn.png (Rocketfuel)
   C:\Users\Matthew\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\ (Rocketfuel)
   C:\Users\Matthew\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\close.png (Rocketfuel)
   C:\Users\Matthew\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\closeBtn.png (Rocketfuel)
   C:\Users\Matthew\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\Next.png (Rocketfuel)
   C:\Users\Matthew\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\Next_hover.png (Rocketfuel)
   C:\Users\Matthew\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\powered-by.png (Rocketfuel)
   C:\Users\Matthew\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\Prev.png (Rocketfuel)
   C:\Users\Matthew\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\Prev_hover.png (Rocketfuel)
   C:\Users\Matthew\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\settings.png (Rocketfuel)
   C:\Users\Matthew\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\settingsBtn.png (Rocketfuel)
   C:\Users\Matthew\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\Thumbs.db (Rocketfuel)
   C:\Users\Matthew\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\like.png (Rocketfuel)
   C:\Users\Matthew\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Next.png (Rocketfuel)
   C:\Users\Matthew\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Next_hover.png (Rocketfuel)
   C:\Users\Matthew\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\powered-by.png (Rocketfuel)
   C:\Users\Matthew\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Prev.png (Rocketfuel)
   C:\Users\Matthew\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Prev_hover.png (Rocketfuel)
   C:\Users\Matthew\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\settings.png (Rocketfuel)
   C:\Users\Matthew\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Thumbs.db (Rocketfuel)
   C:\Users\Matthew\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\initialNotification.html (Rocketfuel)
   C:\Users\Matthew\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\main.html (Rocketfuel)
   C:\Users\Matthew\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\NotificationDialogStyle.css (Rocketfuel)
   C:\Users\Matthew\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\NotificationDialogStyleIE9.css (Rocketfuel)
   C:\Users\Matthew\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\sampleNotification.html (Rocketfuel)
   C:\Users\Matthew\AppData\LocalLow\Conduit\Community Alerts\Dialogs\DialogsAPI.js (Rocketfuel)
   C:\Users\Matthew\AppData\LocalLow\Conduit\Community Alerts\Dialogs\PIE.htc (Rocketfuel)
   C:\Users\Matthew\AppData\LocalLow\Conduit\Community Alerts\Dialogs\settings.js (Rocketfuel)
   C:\Users\Matthew\AppData\LocalLow\Conduit\Community Alerts\Dialogs\version.txt (Rocketfuel)
   C:\Users\Matthew\AppData\LocalLow\Conduit\Community Alerts\Feeds\ (Rocketfuel)
   C:\Users\Matthew\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1663750_1656276_US.xml (Rocketfuel)
   C:\Users\Matthew\AppData\LocalLow\Conduit\Community Alerts\LanguagePacks\ (Rocketfuel)
   C:\Users\Matthew\AppData\LocalLow\Conduit\Community Alerts\LanguagePacks\en.xml (Rocketfuel)
   HKLM\SOFTWARE\Wow6432Node\Conduit\ (Rocketfuel)
   HKU\S-1-5-21-1214744462-727542408-992882293-1000\Software\AppDataLow\Software\SmartBar\ (Conduit)
   HKU\S-1-5-21-1214744462-727542408-992882293-1000\Software\Conduit\ (Conduit)
   HKU\S-1-5-21-1214744462-727542408-992882293-1000\Software\Softonic\ (Softonic)
 
Cookies _____________________________________________________________________
 
   C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.googleadservices.com
 
 


#12 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:09 PM

Posted 14 January 2014 - 07:47 PM

browsing throught my Notron Security History and I found out that there where this two messages about IPS Detection Statistical Submission, I don't know if it is a virus or something that norton does. This messages comes from two different wesbites from different days.

This seems to mean your Web Attack: Ransomlock is currently a heuristic detection

 

C:\Program Files (x86)\Conduit\ (Conduit) <=Like a very bad tracking cookie
(Rocketfuel) Is this related to a game ??
If not go to Chrome Extensions (the 3 bars at top right) and remove it.
Software\Softonic usually just means a tracking cookie from a Softonic download -

 

Apart from that the system seems clean now -



#13 Cyanide x

Cyanide x
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:09 AM

Posted 14 January 2014 - 07:52 PM

"C:\Program Files (x86)\Conduit\ (Conduit) <=Like a very bad tracking cookie
(Rocketfuel) Is this related to a game ??"

 

I looked up Rocketfuel and it appears to be an installer package that comes with conduit. I really do want conduit completely off my system but it's very hard to get rid of. Anyways, I agree, it didn't look like anything harmful was on my computer. Regardless, I just want to thank you for sticking with me and helping me out. I really do appreciate it.


Edited by Cyanide x, 14 January 2014 - 08:02 PM.


#14 Cyanide x

Cyanide x
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:09 AM

Posted 14 January 2014 - 07:55 PM

"This seems to mean your Web Attack: Ransomlock is currently a heuristic detection"

When you say it's a heuristic detection, what exactly do you mean?



#15 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:09 PM

Posted 14 January 2014 - 08:16 PM

The term means basically "It looks like it should not be here, but we are not 100% sure".

 

Many Anti virus / malware programs use this method to check for future problems.

 

Conduit is usually removed with AdwCleaner and Junkware Removal Tool by thisisu.

 

This is only a "Pest" and usually causes NO real problems.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users