I was just on CNET, chose 'direct download' (nobody wants OpenCandy or similar junk on there system, do they?), run it through VirusTotal (0/54 btw) downloaded a SoundCloud downloader, and upon closer inspection of the EULA I don't trust this program... at all. Avast! detected Win32:Malware-gen, currently running Malwarebytes and ADWCleaner, I'm really scared.
A bit of an intro to myself: I'm a 12-year-old kid who has a passion for malware removal. I browse this site half and hour a day and visit the virus removal forums, and I'm going to sign up for Malware Removal University soon, but I never expected to have myself in this situation. Please advise!
I'm really scared! Please help! Will post MBAM and ADWCleaner logs in just a sec, they both came out clean last time I ran them about a week ago.
# AdwCleaner v3.302 - Report created 30/07/2014 at 22:43:47
# Updated 30/07/2014 by Xplode
# Operating System : Windows 8.1 (64 bits)
# Username : mathb_000 - ADAMLAPTOP2
# Running from : C:\Users\mathb_000\Downloads\adwcleaner_3.302.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Found : C:\Users\mathb_000\AppData\Roaming\Software Updater
Folder Found : C:\Users\mathb_000\Favorites\StumbleUpon
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17126
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL] - hxxp://mystart.toshiba.com
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Secondary Start Pages] - hxxp://mystart.toshiba.com
-\\ Mozilla Firefox v30.0 (en-US)
[ File : C:\Users\mathb_000\AppData\Roaming\Mozilla\Firefox\Profiles\3siszp71.default\prefs.js ]
-\\ Google Chrome v36.0.1985.125
[ File : C:\Users\mathb_000\AppData\Local\Google\Chrome\User Data\Default\preferences ]
AdwCleaner[R0].txt - [1595 octets] - [06/02/2014 18:05:17]
AdwCleaner[R1].txt - [1746 octets] - [30/03/2014 12:10:29]
AdwCleaner[R2].txt - [1287 octets] - [11/05/2014 11:02:30]
AdwCleaner[R3].txt - [1287 octets] - [11/05/2014 11:02:40]
AdwCleaner[R4].txt - [1377 octets] - [20/05/2014 12:54:49]
AdwCleaner[R5].txt - [1486 octets] - [02/06/2014 13:59:41]
AdwCleaner[R6].txt - [1378 octets] - [13/06/2014 19:23:17]
AdwCleaner[R7].txt - [1576 octets] - [06/07/2014 09:47:29]
AdwCleaner[R8].txt - [1560 octets] - [06/07/2014 10:40:06]
AdwCleaner[R9].txt - [1701 octets] - [30/07/2014 22:43:47]
AdwCleaner[S0].txt - [1687 octets] - [30/03/2014 12:16:26]
AdwCleaner[S1].txt - [1553 octets] - [02/06/2014 14:09:15]
AdwCleaner[S2].txt - [1643 octets] - [06/07/2014 09:55:39]
########## EOF - C:\AdwCleaner\AdwCleaner[R9].txt - [1941 octets] ##########
That "Software Updater" is new... I like StumbleUpon so I'm not removing that. I'm not going to reboot like ADWCleaner but instead delete manually as I don't trust that there isn't a hidden "Run" registry key... I can't see as DDS says it's running in "compatibility mode". Crap, I can't delete it manually. I'm scared & I'm close to crying here
Ran scans with ESET Online and Malwarebytes, Malwarebytes found nothing and ESET found a couple CNET installers of which I carefully unticked the offers...
Last night I got a warning from a legitimate firewall that I've never heard of (possibly the one set up in this apartment complex?), saying that OTL was infected with Kryptik, which is obviously not the case. The malware which was uninstall.exe in a bizarre location has also mysteriously disappeared from Avast! chest and I can't get FRST to download here... I'm pretty sure FRST is getting blocked by something. The download goes really fast, then it stops at the same place every time with a 'failed - network error' warning.
Edited by Math., 31 July 2014 - 07:39 AM.