Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Suspicious.Cloud.9


  • Please log in to reply
5 replies to this topic

#1 Charlie123

Charlie123

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:10:42 PM

Posted 26 July 2014 - 02:49 AM

Looks like I have something funny on my new Windows 8 Box. My computer started acting funny so I downloaded a Norton 30 day free trial. I have gotten several popups saying Norton blocked "suspicious.cloud.9". I did a little research and from what I can tell this is some sort of Trojan. Norton says it blocked it but my computer has been really slow for the past couple of days. Should I worry?

Edited by Queen-Evie, 26 July 2014 - 08:15 AM.
moved from Windows 8 to the appropriate forum


BC AdBot (Login to Remove)

 


#2 MrFlippers

MrFlippers

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:42 AM

Posted 26 July 2014 - 03:07 AM

Try Running the Following Tools:
[List]
[*] (JRT) Junkware Removal Tool
[*] Malwarebytes
[/URL]

Questions:
Did Norton Sucessfully Quarantine the Trojan?

Also I suggest you use Avast besides Norton.

#3 Charlie123

Charlie123
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:10:42 PM

Posted 26 July 2014 - 03:21 AM

Thanks, Flip.

 

JRT found the following. Can you explain what it deleted and how it might have gotten there? Much obliged.

 

~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\secman.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}


#4 MrFlippers

MrFlippers

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:42 AM

Posted 26 July 2014 - 04:03 AM

These Two come back as Babylon Toolbar. "Adware"
[Registry Key] HKEY_CLASSES_ROOT\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
[Registry Key] HKEY_CLASSES_ROOT\AppID\secman.dll

The other Three I'm not Quite sure what they are, But I did some Research and they seem to be some type of Spyware.

With the Babylon Toolbar you Probably just Downloaded something and it came with it.

 

I now Suggest that you Run the Following Tools:

 

Tip's
#1 - Do NOT Download ANY Toolbars. ~ Some are Malicious and they slow down your PC.
#2 - If you download any Tools or Programs make sure to Check OFF any "Extra Downloads" the Installer has to Offer.

#5 Charlie123

Charlie123
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:10:42 PM

Posted 26 July 2014 - 08:48 AM

Hi again Mr. Flipper,

 

My computer is obviously infested. Adwcleaner found the following and Superantispyware came up with 449 tracking cookies and such. Should I think about a clean reinstall? 

 

*** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [LManager]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKCU\Software\Popajar
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16384
 
 
-\\ Google Chrome v36.0.1985.125
 
[ File : C:\Users\JamesTrevor\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Extension] : dhdepfaagokllfmhfbcfmocaeigmoebo
Deleted [Extension] : fbmimoidopbghbcmdmpkjaffffmcbmbg
Deleted [Extension] : hphibigbodkkohoglgfkddblldpfohjl
Deleted [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej
Deleted [Extension] : kincjchfokkeneeofpeefomkikfkiedl
Deleted [Extension] : kkkeikdkpjenmoiicggnnodbkebafgpc
Deleted [Extension] : pgmfkblbflahhponhjmkcnpjinenhlnc
 
*************************
 
AdwCleaner[R0].txt - [2317 octets] - [26/07/2014 21:23:21]
AdwCleaner[S0].txt - [2233 octets] - [26/07/2014 21:31:21]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2293 octets] ##########


#6 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,810 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:07:42 PM

Posted 27 July 2014 - 10:32 AM

Please run the following scans.


Please run the ESET OnlineScan

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

 

Please download Malwarebytes Anti-Malware.  After clicking on the link the download will start automatically.
 
1)  Double-click on mbam-setup.exe, then click on Run to install the application, follow the prompts through the installation.
 
2)  Malwarebytes will automatically open.  If this is the first time you have run this version of Malwarbytes you will see an image like the one below.
 
mbam1_zps95cc812c.png
 
Click on Update Now, after Malwarebytes is updated click on Scan.
 
If this isn't the first time you have run this version, then you will see an image like the one below.  Click on Scan
 
mbam1_zps98e7fba9.png
 
You will be prompted to update Malwarebytes, to do so click on Update Now.
 
 mbam2_zps85f38f0c.png
 
3)  The scan will automatically run now.
 
mbamreplace_zps3ead4824.png
 
 
4)  When the scan is complete the results will be displayed.  Click on Quarantine All, then click on Apply Actions
 
mbam4_zps23e52ad4.png
 
 
5)  To complete any actions taken you will be asked if you want to restart your computer, click on Yes
 
 mbam4_zps490948cc.png
 
6)  Please post the Malwarebytes log.
 
To find your Malwarebytes log,download mbam-check.exe from here and save it to your desktop.
 
To open the log double click on mbam-check.exe on your desktop.  When the log opens, scroll down toward the bottom of the log to Quarantined Items.  Copy and paste this in your next post.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users