Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

gameharbour.org virus


  • This topic is locked This topic is locked
4 replies to this topic

#1 aaronator

aaronator

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:09 AM

Posted 17 September 2014 - 02:17 AM

every time I start up my PC the gamharbour.org website opens itself.

I have already scanned with FRST. How Do i solve this now ?

 

 

greets

Attached Files



BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:09 AM

Posted 19 September 2014 - 10:35 AM

Hello aaronator and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

 

My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.
 

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.

 

  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks

---------------------------------------------------------------------------------------------------------

 

I am currently reviewing your log.I will be back with a fix for your problem as soon as possible.Please be patient with me during this time.

 

:hello:

 

Sincerely


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:09 AM

Posted 19 September 2014 - 12:19 PM

Hello aaronator,

 

Please do the following.
 

Step 1:

 

İmportant: Ensure your external and/or USB drives are inserted during the scan

 

Run FRST fixlist

 

Please open notepad (Start > All Programs > Accessories > Notepad)
Copy the entire contents of the code box below (Do not copy the word 'code') to Notepad.
Save it to the Desktop, and name it: fixlist.txt

start
Task: {D8EF1221-A115-4209-B700-0DB9BCA612BA} - System32\Tasks\UpdaterEX => C:\Users\000\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
HKU\S-1-5-21-3918077518-3712141223-318403584-1002\...\Run: [CMD] => cmd.exe /c start http://extendedunlimited.org && exit <===== ATTENTION
HKU\S-1-5-21-3918077518-3712141223-318403584-1002\...\MountPoints2: H - "H:\autorun.exe" 
HKU\S-1-5-21-3918077518-3712141223-318403584-1002\...\MountPoints2: {3fe22cd7-0d5e-11e4-bf81-ac220bac400b} - "H:\Startme.exe" 
HKU\S-1-5-21-3918077518-3712141223-318403584-1002\...\MountPoints2: {7f2701f8-cd5d-11e3-bf5c-ac220bac400b} - "G:\Startme.exe" 
HKU\S-1-5-21-3918077518-3712141223-318403584-1002\...\MountPoints2: {8fd343ec-bc2d-11e3-bf55-ac220bac400b} - "F:\HTC_Sync_Manager_PC.exe" 
HKU\S-1-5-21-3918077518-3712141223-318403584-1002\...\MountPoints2: {8fd34427-bc2d-11e3-bf55-ac220bac400b} - "F:\HTC_Sync_Manager_PC.exe" 
HKU\S-1-5-21-3918077518-3712141223-318403584-1002\...\MountPoints2: {af2520a9-ea11-11e3-bf76-ac220bac400b} - "F:\autorun.exe" 
HKU\S-1-5-21-3918077518-3712141223-318403584-1002\...\MountPoints2: {af2535ed-ea11-11e3-bf76-ac220bac400b} - "G:\S3\Autorun.exe" 
R1 {0c0bb4a8-45a4-4685-9c1d-08d98af4b926}Gw64; C:\Windows\System32\drivers\{0c0bb4a8-45a4-4685-9c1d-08d98af4b926}Gw64.sys
FF ProfilePath: C:\Users\000\AppData\Roaming\Mozilla\Firefox\Profiles\izn7xzos.default-1410432858287
C:\Users\000\Downloads\Thumbs.db
FF user.js: detected! => C:\Users\000\AppData\Roaming\Mozilla\Firefox\Profiles\izn7xzos.default-1410432858287\user.js
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
CHR HKLM\...\Chrome\Extension: [aoejbmmillcdifgagjpdlaamnalbielp] - C:\Users\000\AppData\Local\nwhb-v9.4.15.crx 
CHR HKCU\...\Chrome\Extension: [aoejbmmillcdifgagjpdlaamnalbielp] - C:\Users\000\AppData\Local\nwhb-v9.4.15.crx 
CHR HKLM-x32\...\Chrome\Extension: [aoejbmmillcdifgagjpdlaamnalbielp] - C:\Users\000\AppData\Local\nwhb-v9.4.15.crx 
C:\WINDOWS\SysWOW64\AI_RecycleBin
C:\Users\000\jagex_cl_runescape_LIVE.dat
C:\Users\000\random.dat
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS
C:\Users\000\AppData\Local\Temp\drm_dyndata_7370014.dll
C:\Users\000\AppData\Local\Temp\Electri-Q Patch.DLL
C:\Users\000\AppData\Local\Temp\i4jdel0.exe
C:\Users\000\AppData\Local\Temp\JavaIC.dll
C:\Users\000\AppData\Local\Temp\msscct32.dll
C:\Users\000\AppData\Local\Temp\SHSetup.exe
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
end

NOTICE: This script is written specifically for this computer!!!
Running this on another computer may cause damage to the Operating System.

Now, please run FRST, and press the Fix button, just once, and wait.

When done, the tool creates a report on the Desktop called: Fixlog.txt

>> Please post the Fixlog.txt in your reply.

 

Step 2:

 

Run rkill and MalwreBytes

 

  • Please download rkill (Courtesy of Bleepingcomputer.com).
  • There are 5 different versions of this tool. If one of them will not run, please try the next one in the list.
  • Note: Vista and Windows 7 Users must right click and select "Run as Administrator" to run the tool.
  • Note: You only need to get one of the tools to run, not all of them.

1. rkill.exe

2. rkill.com

3. rkill.scr

4. WiNlOgOn.exe

5. uSeRiNiT.exe

 
next....
 
Scan with Malwarebytes Antimalware

  • Please update the database by clicking on the "Update Now" button.
  • Following the update and click "Settings" and go to "Detection and Protection"
  • Make sure "Scan for Rootkits" is checked.
  • İmportant: Now internet closed
  • Click on Dashboard, then click on Scan Now to start the scan.
  • If Malware or Potentially Unwanted Programs ''PUPs'' are found, you will receive a prompt so that you can decide what you want to do. I suggest "Quarantine". Click the button: Apply All Actions.
  • A window with an option to view the detailed log will appear. Click on "View Detailed Log".
  • After viewing the results, please click on the "Copy to Clipboard" button and then OK.
  • Return to our forum. Paste your log into your next reply.

Step 3:

 

Run Eset Online Scan

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

In Microsoft Windows Vista/ 7 / 8, you must open the Web browser via a right-click using the Run as Administrator command.

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option "Scan Archives" and Remove found threats is ticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.

Have a nice day


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#4 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:09 AM

Posted 21 September 2014 - 04:50 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#5 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:09 AM

Posted 26 September 2014 - 12:15 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users