Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ran Malwarebytes and got rid of threat, but I may be still infected?


  • Please log in to reply
8 replies to this topic

#1 ebt137

ebt137

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 17 February 2014 - 05:41 PM

Hi,

 

I'm running the latest version of Windows 8.

 

Today I was clicking around looking for a movie stream and accidentally clicked on something fishy.  It downloaded an .exe program called unlimited downloads_3339_i364885095_il6018856.exe from www.accuratedownload.com (which was not the site I was on) that promptly disappeared from my downloads.  I was running Norton at the time and the scan came up saying the download was safe to run (I didn't want to run it and I was trying to get rid of it) and then I couldn't find anything else.

 

I ran a full scan with Malwarebytes Anti-Malware, which I aborted 40 minutes in because it had found one thing and I later read a quick scan was recommended.  I logged out of my email and other accounts that were open at the time.  I got rid of that one thing (and now I cannot find the description of it at all but it definitely involved the recycle bin and had PUP following the actual file thing, I'm so sorry I'll try to get the info somehow).  When I went to remove that, it said I must restart to really remove it.  I restarted and before it did that it said windows was updating.  So it updated and restarted, and it took a while. I looked it up and this update was not in the windows update history.

 

Then when it got back up I ran a quick scan of MBAM.  I downloaded Avast! and then turned the internet off, uninstalled Norton (because this let this get on my computer) ,restarted, and when it got back up installed Avast!, turned the internet on, updated it, and quick scanned the system.  This said my system was fine.  I am now currently running Malwarebytes again on full scan (and will let it run this time).

 

The reason I'm still suspicious is because of when I restarted it before and windows said it was updating yet this is not in the update history (it says the last update was Saturday).  The second restart didn't have those problems, but it did flash between the normal screen and black, but honestly I'm not sure if this is normal or not.  

 

What should I do?  Am I still infected?  Can I log onto my accounts?



BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,923 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:13 AM

Posted 17 February 2014 - 05:55 PM

Please post the complete results of your Malwarebytes scan for review.

To retrieve the Malwarebytes Anti-Malware scan log information, launch MBAM.
  • Click the Logs Tab at the top.
  • The log will be named by the date of scan in the following format: mbam-log-yyyy-mm-dd
    -- If you have previously used MBAM, there may be several logs showing in the list.
  • Click on the log name to highlight it.
  • Go to the bottom and click on Open.
  • The log will automatically open in Notepad as a text file.
  • Go to Edit and choose Select all.
  • Go back to Edit and choose Copy or right-click on the highlighted text and choose Copy from there.
  • Come back to this thread, click Add Reply, then right-click and choose Paste.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
Logs are automatically saved to the following locations:
-- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd
-- Vista, Windows 7, 2008: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd


If you have a previous log where any infections were detected/removed, please post that log too.

Open Malwarebytes Anti-Malware and click the Logs tab. You will see a list of completed scan logs listed by date/time. To view each log, just double-click on it or highlight and click the Open button. You can ignore the protection logs.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,923 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:13 AM

Posted 17 February 2014 - 05:56 PM


Please download and use the following tools (in the order listed) which will search for and remove many potentially unwanted programs (PUPs), adware, toolbars, browser hijackers, extensions, add-ons and other junkware as well as related registry entries (values, keys) and remnants.

RKill created by Grinler (aka Lawrence Abrams), the site owner of BleepingComputer.
AdwCleaner created by Xplode.
Junkware Removal Tool created by thisisu.

1. Double-click on RKill to launch the tool. A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully. A log file will be created and saved to the root directory, C:\RKill.log. Copy and paste the contents of RKill.log in your next reply.

Important: Do not reboot your computer until you complete the next step.

2. Double-click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on each one and uncheck any items you want to keep (except you cannot uncheck Chrome and Firefox preferences lines).


Close all open programs and shut down any protection/security software to avoid potential conflicts.

3. Double-click on JRT.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log file named JRT.txt will automatically open and be saved to your Desktop.
  • Copy and paste the contents of JRT.txt in your next reply.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 ebt137

ebt137
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 17 February 2014 - 06:12 PM

Okay the first log is from the first scan that I aborted and had the one thing.  The second is from the full scan I just ran.  Should I still do the rkill etc steps that are shown above?

 

Windows 8 x64 NTFS
Internet Explorer 11.0.9600.16518
Ellie Taylor :: SCDP [administrator]
 
2/17/2014 3:03:05 PM
mbam-log-2014-02-17 (15-03-05).txt
 
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 156114
Time elapsed: 53 minute(s), 11 second(s) [aborted]
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 1
C:\$RECYCLE.BIN\S-1-5-21-2143768186-1255910039-752164071-1001\$RJEJG0C.exe (PUP.Optional.Amonetize) -> Quarantined and deleted successfully.
 
(end)
 
------------------------------------------------------------------------------------------
 
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.02.17.07
 
Windows 8 x64 NTFS
Internet Explorer 11.0.9600.16518
Ellie Taylor :: SCDP [administrator]
 
2/17/2014 5:17:30 PM
mbam-log-2014-02-17 (17-17-30).txt
 
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 389547
Time elapsed: 50 minute(s), 3 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 


#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,923 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:13 AM

Posted 17 February 2014 - 06:24 PM

Yes complete all the steps I indicated in my previous post.

BTW, in regards for Windows update....sometimes I find it is quirky. There have been times I have successfully completed an update via the online website, rebooted and yet the system tray icon appears and indicates updates are ready for download. After a short time it goes away but other times it takes another reboot.

Windows upddate is supposed to accomplish its configuration upon shutting down, then finish after restarting the computer. During the process you may see messages such as:

"Preparing to configure Windows. Do not turn off your computer."
"Configuring Windows updates...50% complete. Do not turn off your computer."
"Please do not power off or unplug your machine. Installing update 5 of 12."
"Failure configuring Windows updates. Reverting changes. Do not turn off your computer."

Sometimes after rebooting there may be a delay in synching the update information in order for the OS to indicate (read) that it has been completed. In some cases when the update is being installed, the update installation process can stop, freeze or hang for no apparent reason. Most often, these issues are due to software conflicts or a pre-existing issue that Windows did not detect until the current update began to install itself.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 ebt137

ebt137
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 17 February 2014 - 06:41 PM

Okay here are the logs from all the steps i just ran as you said:  The first is rkill, the second is adwcleaner, and the third is JRT.  Am I able to continue using my computer as normal after this?

 

Rkill 2.6.5 by Lawrence Abrams (Grinler)
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 02/17/2014 06:22:57 PM in x64 mode.
Windows Version: Windows 8.1 
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
Checking Windows Service Integrity: 
 
 * MsKeyboardFilter [Missing Service]
 * CSC [Missing Service]
 * E1G60 [Missing Service]
 * kbldfltr [Missing Service]
 * storvsp [Missing Service]
 * Vid [Missing Service]
 * vmbusr [Missing Service]
 * vpcivsp [Missing Service]
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
-----------------------------------------------------------------
 
# AdwCleaner v3.019 - Report created 17/02/2014 at 18:25:24
# Updated 17/02/2014 by Xplode
# Operating System : Windows 8.1  (64 bits)
# Username : Ellie Taylor - SCDP
# Running from : C:\Users\Ellie Taylor\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16518
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Secondary Start Pages]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Secondary Start Pages]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Secondary Start Pages]
 
-\\ Mozilla Firefox v27.0.1 (en-US)
 
[ File : C:\Users\Ellie Taylor\AppData\Roaming\Mozilla\Firefox\Profiles\wq5c5z2v.default\prefs.js ]
 
 
-\\ Google Chrome v32.0.1700.107
 
[ File : C:\Users\Ellie Taylor\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [1788 octets] - [17/02/2014 18:24:01]
AdwCleaner[S0].txt - [1549 octets] - [17/02/2014 18:25:24]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1609 octets] ##########
 
----------------------------------------------------------------------
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows 8.1 x64
Ran by Ellie Taylor on Mon 02/17/2014 at 18:31:49.54
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 02/17/2014 at 18:36:18.55
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
My computer appears to be working as per usual, so after all this, can I consider it safe to use?  (Of course, no more getting into even remotely fishy areas online if I can help it...)


#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,923 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:13 AM

Posted 17 February 2014 - 06:56 PM

Looking good. Nothing of significant concern showing in your log(s).
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 ebt137

ebt137
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 17 February 2014 - 06:59 PM

Thanks so much for your help!  I was panicking before your response.  This website and its volunteers are a godsend.



#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,923 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:13 AM

Posted 17 February 2014 - 07:09 PM

You're welcome.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users