Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I don't know if I am infected, how do I find out?


  • Please log in to reply
7 replies to this topic

#1 EffectiveBones484

EffectiveBones484

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Howling Abyss
  • Local time:08:23 PM

Posted 15 March 2014 - 03:06 PM

Hello,

I have a question: I just recently downloaded a program which was apparently a .dae to .3ds model converter from this link: http://www.paulscode.com/forum/index.php?topic=3.0

 

I clicked on the autodesk download link. Webroot came up with a "malware" infection, and promptly removed it. What worries me is that it didn't detect malware until after I had opened it. Webroot said it removed it successfully. I have had worries about malware recently.

 

The download link said it was an image file, so that seems a bit weird to me. I know the basics of malware removal, and I already have lots of tools from when I removed one about a month ago, but I don't know what order to use them.

 

Webroot also said it was just "malware", and it didn't give any kind of indication what kind of malware it was. It said it removed it, but I just want to make sure.

 

What should I do from here?

 

EDIT: Also, I forgot to mention, I am posting this literally five minutes after the incident, and no messages have popped up or anything like that. The computer is also running at normal speed right now.


Edited by EffectiveBones484, 15 March 2014 - 03:07 PM.


BC AdBot (Login to Remove)

 


#2 stupot65

stupot65

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:23 AM

Posted 15 March 2014 - 03:36 PM

Well, if you're very concerned, head over to Google and search for 'malwarebytes antimalware' and download it. Run an update and then a full scan. If malwarebytes says nothing found, you're clear. :) 



#3 buddy215

buddy215

  • Moderator
  • 13,195 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:23 PM

Posted 15 March 2014 - 03:36 PM

Below are the results of scanning the file you downloaded. You should check further for malware and adware.

Antivirus scan for 80ce10f9826f12c4442f9923776beb3c at 2014-03-10 23:54:02 UTC - VirusTotal

 

Suggest you run scans using the programs below:

 

download AdwCleaner to your desktop.
 Run adwcleaner.exe

  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents in your next reply
  • You´ll find the log file at C:\AdwCleaner[S1].txt also

download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.

Edited by buddy215, 15 March 2014 - 08:07 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#4 EffectiveBones484

EffectiveBones484
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Howling Abyss
  • Local time:08:23 PM

Posted 15 March 2014 - 08:30 PM

Hello again,

 

I have done the steps that you have suggested. Here are the logs:

 

Adwcleaner:

 

# AdwCleaner v3.022 - Report created 15/03/2014 at 15:34:31
# Updated 13/03/2014 by Xplode
# Operating System : Windows 8  (64 bits)
# Username : Colin - FAMILYCOMPUTER2
# Running from : C:\Users\Colin\Downloads\AdwCleaner(1).exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Colin\AppData\Roaming\iWin

***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16843


-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\sab7gjtg.default\prefs.js ]


[ File : C:\Users\catpu_000\AppData\Roaming\Mozilla\Firefox\Profiles\i6mr442q.default\prefs.js ]


[ File : C:\Users\Colin_3\AppData\Roaming\Mozilla\Firefox\Profiles\ssvlbqbp.default\prefs.js ]


[ File : C:\Users\Colin\AppData\Roaming\Mozilla\Firefox\Profiles\p2uplc6h.default\prefs.js ]


-\\ Google Chrome v33.0.1750.154

[ File : C:\Users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\catpu_000\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\csbur_000\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\Colin_3\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\Colin\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [4956 octets] - [24/02/2014 20:32:07]
AdwCleaner[R1].txt - [1727 octets] - [15/03/2014 15:33:19]
AdwCleaner[S0].txt - [5115 octets] - [24/02/2014 20:35:10]
AdwCleaner[S1].txt - [1652 octets] - [15/03/2014 15:34:31]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1712 octets] ##########
 

 

JRT:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 8 x64
Ran by Colin on Sat 03/15/2014 at 15:40:08.81
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{93D29D7E-86C6-464C-9514-BDAB2497FAA9}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\microsoft\Internet Explorer\SearchScopes\{93D29D7E-86C6-464C-9514-BDAB2497FAA9}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{93D29D7E-86C6-464C-9514-BDAB2497FAA9}



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 03/15/2014 at 15:44:41.51
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

ESET found no threats.



#5 EffectiveBones484

EffectiveBones484
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Howling Abyss
  • Local time:08:23 PM

Posted 15 March 2014 - 10:08 PM

Just another quick update: I just ran a Malwarebytes full scan and nothing was found.



#6 buddy215

buddy215

  • Moderator
  • 13,195 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:23 PM

Posted 16 March 2014 - 07:22 AM

Okay...if you are not having any issues with say a browser misdirection or unexpected ads...then it looks like you

are good to go.

 

EDIT:  Is there more than one admin account on this computer? That could possibly explain why the Junkware Removal Tool

couldn't remove the miscellaneous registry items.


Edited by buddy215, 16 March 2014 - 07:32 AM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#7 EffectiveBones484

EffectiveBones484
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Howling Abyss
  • Local time:08:23 PM

Posted 16 March 2014 - 12:29 PM

Yes, I do have multiple admin accounts.



#8 buddy215

buddy215

  • Moderator
  • 13,195 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:23 PM

Posted 16 March 2014 - 01:34 PM

Okay...you could run the JRT on other accounts to get rid of incidental registry entries or not. As I said before, if you are not

experiencing any issues with your browser(s) then there is no reason to suspect you are presently infected with any adware/ malware.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users