Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Think I have a flash player virus??


  • Please log in to reply
7 replies to this topic

#1 cazz111

cazz111

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:39 AM

Posted 31 January 2014 - 06:04 PM

Please help I think I have a virus, I have a flash player 32bit showing in the systems and security folder in my control panel that I can't delete  I have deleted my flash player through adobe website but it is not removing this copy so I think it maybe a virus any suggestions



BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:39 AM

Posted 31 January 2014 - 06:24 PM


What OS (Windows 7, Vista, XP) are you using?
What actions (security tools, scans have you taken so far?
Did the scans find any threats?

Anytime you come across a suspicious file or you want a second opinion, submit it to one of the following online services that analyzes suspicious files:--In the "File to Scan" (Upload or Submit) box, browse to the location of the suspicious file(s) and submit (upload) it for scanning/analysis. If you get a message saying "File has already been analyzed", click Reanalyze or Scan again.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 cazz111

cazz111
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:39 AM

Posted 01 February 2014 - 05:14 AM

Hi

 

Thanks for your reply.

 

I am running windows 8.1 which I thought had built in protection (silly me).

 

Windows defender is not picking up anything but if I run a scan with the free mcafee tool it is picking up 2 web threats.

 

I really need help removing it as it's not even my laptop borrowed it when mine broke and could afford a new one, so any help is gratefully received.

 

I have also tried to go back to a restore point before this appeared and this does not remove it.  Would restoring to factory settings remove it?? I have nothing on the computer that is important.  My computer knowledge is limited.

 

I think the link that was click was something like www.adonbo.com pretending to be adobe I cannot find anything on the internet about it except 1 reference on norton's site which wasn't helpful.

 

Thanks


Edited by cazz111, 01 February 2014 - 05:22 AM.


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:39 AM

Posted 01 February 2014 - 07:52 AM

Please download and use the following tools (in the order listed).

RKill created by Grinler (aka Lawrence Abrams), the site owner of BleepingComputer.
AdwCleaner created by Xplode, a BC Security Colleague.
Junkware Removal Tool created by thisisu, a member of the BC Malware Response Team.

1. Double-click on RKill to launch the tool. A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully. A log file will be created and saved to the root directory, C:\RKill.log. Copy and paste the contents of RKill.log in your next reply.

Important: Do not reboot your computer until you complete the next step.

2. Double-click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on each one and uncheck any items you want to keep (except you cannot uncheck Chrome and Firefox preferences lines).


Close all open programs and shut down any protection/security software to avoid potential conflicts.

3. Double-click on JRT.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log file named JRT.txt will automatically open and be saved to your Desktop.
  • Copy and paste the contents of JRT.txt in your next reply.
4. As a final step, download and scan with Malwarebytes Anti-Malware.
  • When done, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab .
  • Copy and paste the contents of that report in your next reply.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 cazz111

cazz111
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:39 AM

Posted 03 February 2014 - 06:37 AM

Hi

 

thanks for your help I have followed all the steps in your last reply and have copied the report below.  The flash player icon is still in my systems folder.

 

Protection: Enabled

03/02/2014 11:21:48
mbam-log-2014-02-03 (11-21-48).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 209434
Time elapsed: 4 minute(s), 10 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 3
HKCR\AppID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\Users\Johnpaul\Downloads\Firefox_Setup(1).exe (PUP.Optional.IBryte.A) -> Quarantined and deleted successfully.
C:\Users\Johnpaul\Downloads\Firefox_Setup.exe (PUP.Optional.IBryte.A) -> Quarantined and deleted successfully.
C:\Users\Johnpaul\Downloads\speedupmypc.exe (PUP.Optional.SpeedUpMyPC) -> Quarantined and deleted successfully.
C:\Users\Johnpaul\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pflphaooapbgpeakohlggbpidpppgdff_0.localstorage (PUP.Optional.FunMoods.A) -> Quarantined and deleted successfully.

(end)
 



#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:39 AM

Posted 03 February 2014 - 08:23 AM

Nothing of significant concern in your logs.

Flash Player installs to C:\Windows\System32.

Did you remove Flash Player following these instructions?

Usually when a computer is infected with malware there will be indications something is wrong.
* General signs of a malware infection
* Signs of Malicious Software
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 cazz111

cazz111
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:39 AM

Posted 04 February 2014 - 02:57 PM

Thank you, thank you, thank you

 

I have looked in the flash folder system 32 and there are 3 files that I can't delete protected by trustedinstaller, but as long as there is no virus I can live with it.

 

Thank you again



#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:39 AM

Posted 04 February 2014 - 03:15 PM

You're welcome.

BTW, you may want to check out How to Delete Files Protected by TrustedInstaller in Windows 7
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users