Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Evasive/Hidden Malware?


  • Please log in to reply
2 replies to this topic

#1 realtime321

realtime321

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:01 AM

Posted 02 May 2014 - 02:02 AM

My sister fell victim to scareware, clicking and downloading several malicious programs from the internet. This was over the course of about six months. She made me aware of the problem a couple of months ago, so I have been working on cleaning up the computer. I have tried everything in my knowledge.

 

Here are my problems:  

1. I cannot connect to the internet with Internet Explorer v8.0.7600.16385 even though I am connected to a functioning home wireless LAN.

2. Before I uninstalled Mozilla Firefox (see point 6 below), ~10 advertisements disguised as search results would appear above normal Google search results (no, these were not the paid Google ads). After navigating to a site, advertisements would pop up, open new tabs, and slide out from the sides of pages.

3. The computer is sluggish and other programs are also having difficulty connecting to the internet (see below)

 

Here is what I have tried:
1. Removed the obviously malicious "virus removal" scareware programs that showed up in Programs and Features section of Control Panel. Ran Malwarebytes Anti-Malware. Results (Full Reports linked @ bottom): 
3/7/14 Quick Scan: 1 Memory Process Detected, 23 Registry Keys Detected, 1 Registry Value Detected, 2 Registry Data Items Detected, 31 Folders Detected, 188 Files Detected.
4/30/14 Full Scan: 2 Registry Keys Detected, 2 Registry Values Detected, 3 Folders Detected, 31 Folders Detected, 
After both scans, I deleted all quarantined objects.
2. Downloaded Microsoft Security Essentials. (The computer had an expired trial of Trend Micro, no other AV software)
3. Tried to ensure Windows Firewall was turned on. The only option in Control Panel/System and Security/Windows Firewall is "Use recommended settings" When I click the button, it says, "Windows Firewall can't change some of your settings. Error code: 0x80070424"
4. I was worried that the firewall was not working, so I downloaded ZoneAlarm Free Firewall v13.0.208. ZoneAlarm says that it is securring 211 programs and there have been 4 access attempts blocked.
5. Since I was still having the same problems, I downloaded Spybot v1.6.2. When I ran a scan on 5/2/14, I discovered several malicous programs (yes, this was after the two Mbam scans). I know there was adware, but I don't remember what other types because when I realized there was a new version (v2.3), I downloaded it and uninstalled v1.6.2-destroying the log. Spybot v2.3 was not able to connect to the internet to download the malware definitions, so I had to manually update it via a flash drive. 116 objects (mostly "tracking cookies") were removed with the v2.3 scan. I still was not able to connect to the internet.
6. I thought that Firefox might be the problem, so I removed it. Unfortunately, that did not fix the problem, so now I do not have anyway to access the internet (even though I can still connect to my home wireless LAN)
7. I tried installing Google Chrome via flash drive, but the installation process failed. The error message said that it could not connect to the internet and suggested whitelisting the program within firewalls. ZoneAlarm whitelisted the program automatically, but I was not able to access Windows Firewall settings (see step 4).
8. I have combed through the programs on the services and startup tabs in msconfig, looking up programs in the databases on this website to try to find malicious programs running in the background/starting during the boot process. (I stopped several services and startup programs, but cannot remember which ones).

9. Ran Internet Connection Troubleshooter to ensure that it was not an issue with the hardware (and not malware). However, the report blames the connection problem on an issue with the connection of my access point/modem to the internet. That is not correct because I am using the wireless network on my Lenovo Helix to submit this post. I tried a wired connection with an Ethernet cable and ran the troubleshooter with the same results.
 
I am out of ideas and the computer still runs slowly and will not connect to the internet even though it is connected to the same home wireless network that I am using to submit this post.
Here are the computer stats:
Toshiba Satellite A665
Windows 7 Home Premium 64-bit
Intel Core i3 CPU M 370 @ 2.40 GHz
RAM: 4.00 GB (3.80 GB Usable)
453 GB HDD (368 GB free)
 

Link to Reports from Malwarebytes Scans, Spybot Failed Update Attempts, Internet Connection Troubleshooting:

https://drive.google.com/folderview?id=0BweVboGOxYs4Vk84S0hNbnhNa2M&usp=sharing

(I am new to Google drive, so let me know if you cannot access this link.

 

I am new to this website, so if I posted this under the wrong category, please move the post. To me, this seems like a malware issue, but to someone with more experience than me, this could be a networking issue.

 

I would appreciate any help!



BC AdBot (Login to Remove)

 


m

#2 realtime321

realtime321
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:01 AM

Posted 02 May 2014 - 11:50 AM

Update: Problem resolved! As I was posting this Microsoft Security Essentials finally connected to the internet and updated. I ran a full scan which took ~2.5 hours. The scan found 5 trojans that Malwarebytes and Spybot missed. After removing those trojans, The computer is speedy and is able to connect to the internet via Internet Explorer. I downloaded Chrome and Firefox as backups and both work perfectly.



#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,560 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:01 AM

Posted 02 May 2014 - 07:20 PM

Glad to hear you resolved the issue.

Have your sister read these topics:
Answers to common security questions - Best Practices for Safe Computing
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs)
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users