Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Is my computer infected? Please help


  • This topic is locked This topic is locked
16 replies to this topic

#1 comp_help2014

comp_help2014

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:02:58 PM

Posted 30 November 2014 - 04:13 AM

Hi,

 

I just need a complete check on my computer to see if it is infected. Could you please let me know the detailed steps I need to follow for the same.

 

Thanks

 



BC AdBot (Login to Remove)

 


#2 comp_help2014

comp_help2014
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:02:58 PM

Posted 30 November 2014 - 06:31 AM

I am following the steps posted on this forum. These are the steps followed by my log files:

 

Welcome to BC !
 
Below are programs that can find and remove adware as well as malware.
 
Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the
Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars...especially Yahoo.
You may see Google Tool Bar being offered.
CCleaner - PC Optimization and Cleaning - Free Download
 
download AdwCleaner by Xplode and save to your Desktop.
Double-click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator.
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
After reviewing the log, click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
Copy and paste the contents of that logfile in your next reply.
A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
Download Malwarebytes' Anti-Malware from Here
 
Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already 
checked place a checkmark in the selection box for Scan for rootkits.
Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, 
and the scan will start).
The scan may take some time to finish,so please be patient.
If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the
 Apply Actions button.
While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button,
 select Text file (*.txt), and save the log to your Desktop.
The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application
 Logs.
POST THE LOG FOR REVIEW.
 
Download Junkware Removal Tool to your desktop.
Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.
 
Hold down Control and click on this link to open ESET OnlineScan in a new window.
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.
Check "YES, I accept the Terms of Use."
Click the Start button.
Accept any security warnings from your browser.
Under scan settings, check "Scan Archives" and "Remove found threats"
Click Advanced settings and select the following:
Scan potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth technology
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, click List Threats
Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Click the Back button.
Click the Finish button.
NOTE:Sometimes if ESET finds no infections it will not create a log.
 
 
 
Here are my results for ADWcleaner:
 
# AdwCleaner v4.102 - Report created 30/11/2014 at 15:45:58
# Updated 23/11/2014 by Xplode
# Database : 2014-11-23.7 [Local]
# Operating System : Windows 7 Starter  (32 bits)
# Username : NM - NM-PC
# Running from : C:\Users\NM\Downloads\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\Users\NM\AppData\Roaming\Mozilla\Firefox\Profiles\eu5tkewl.default-1414670487525\user.js
Folder Found : C:\Users\NM\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKLM\SOFTWARE\DeviceVM
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16421
 
 
-\\ Mozilla Firefox v33.1 (x86 en-US)
 
 
 
 
# AdwCleaner v4.102 - Report created 30/11/2014 at 16:25:43
# Updated 23/11/2014 by Xplode
# Database : 2014-11-23.7 [Local]
# Operating System : Windows 7 Starter  (32 bits)
# Username : NM - NM-PC
# Running from : C:\Users\NM\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\DeviceVM
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16421
 
 
-\\ Mozilla Firefox v33.1 (x86 en-US)
 
 
-\\ Google Chrome v39.0.2171.71
 
 
*************************
 
AdwCleaner[R0].txt - [1107 octets] - [30/11/2014 15:45:58]
AdwCleaner[R1].txt - [917 octets] - [30/11/2014 16:13:45]
AdwCleaner[S0].txt - [1177 octets] - [30/11/2014 16:08:20]
AdwCleaner[S1].txt - [841 octets] - [30/11/2014 16:25:43]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [900 octets] ##########
 
 
I'll be posting results as I get them.


#3 comp_help2014

comp_help2014
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:02:58 PM

Posted 30 November 2014 - 07:14 AM

I did the malwarebytes antimaleware scan. No threats were found.



#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,470 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:28 AM

Posted 30 November 2014 - 09:56 AM

Now try doing an online scan to see if it finds anything else that the other scans may have missed.

Please perform a scan with Eset Online Anti-virus Scanner.
If using Mozilla Firefox, you will be prompted to download and use the ESET Smart Installer. Just double-click on esetsmartinstaller_enu.exe to install.
Vista/Windows 7/8 users need to run Internet Explorer/Firefox as Administrator.
To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu.
 

  • Click the green esetOnline.png button.
  • Read the End User License Agreement and check the box:
  • Check esetAcceptTerms.png.
  • Click the esetStart.png button.
  • Accept any security warnings from your browser and allow the download/installation of any require files.
  • Under scan settings, check esetScanArchives.png and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click the Start button.
  • ESET will install itself, download virus signature database updates, and begin scanning your computer.
  • The scan can take some time to complete...close all programs and do NOT use the computer while the scan is running.
    If given the option (when threats are found), choose "Quarantine" instead of delete.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop as ESETScan.txt.
  • Push the esetBack.png button, then Finish.
  • Copy and paste the contents of ESETScan.txt in your next reply. If no threats are found, there is no option to create a log.

If you have other antivirus, antispyware or anti-malware programs running on your computer, they may intercept the scan being performed by the ESET Online Scanner and hinder performance. You may wish to disable the real-time protection components of your other security software before running the ESET Online Scanner. Remember to turn them back on after you are finished.

ESET Online Scanner FAQs

-- Note: If you recognize any of the detections as legitimate programs, it's possible they are "false positives" and you can ignore them or get a second opinion if you're not sure. Eset's detection rate is high and can include legitimate files which it considers suspicious, a Risk Tool, Hacking Tool, Potentially Unwanted Program, a possible threat or even Malware (virus/trojan) when that is not always the case. Be careful what you choose to remove. If in doubt, ask before taking action.
 

 


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 comp_help2014

comp_help2014
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:02:58 PM

Posted 01 December 2014 - 01:48 AM

Thank you quietman. Here are the results of the JRT scan:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.9 (11.15.2014:2)
OS: Windows 7 Starter x86
Ran by NM on 01-12-2014 at 11:23:09.86
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01-12-2014 at 11:43:08.92
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
Please could you review them and let me know what you think. I'm doing the ESET scan next.  Thanks.


#6 comp_help2014

comp_help2014
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:02:58 PM

Posted 01 December 2014 - 01:50 AM

Could you also please interpret the results of the ADW cleaner



#7 comp_help2014

comp_help2014
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:02:58 PM

Posted 01 December 2014 - 04:43 AM

Eset online scanner results:

 

C:\SwSetup\ATMT\Data1.cab a variant of Win32/Packed.Themida potentially unwanted application deleted - quarantined
C:\Users\NM\Downloads\ccsetup500.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined


#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,470 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:28 AM

Posted 01 December 2014 - 06:51 AM

There is nothing of significant concern showing in any of your logs.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 comp_help2014

comp_help2014
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:02:58 PM

Posted 01 December 2014 - 09:59 AM

Hi,

 

Thanks. So how do I ensure that I am protected while browsing?. How often do I do these scans?, i.e. ADW, ESET, Junkware etc. CCcleaner is still running on my system - it says monitoring is active. Should I disable it?



#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,470 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:28 AM

Posted 01 December 2014 - 02:46 PM

Both AdwCleaner and JRT (Junkware Removal Tool) were created to search for and remove potentially unwanted programs (PUPs), adware, toolbars, browser hijackers , browser extensions, add-ons/plug-ins, browser helper objects (BHOs) and other junkware to include related registry entries (values, keys)...all of which contribute to pop-up ads, user profile corruption and browser hijacking which may change your home page, search engine and other system/browser settings.

There is no need to run regular scans with these tools unless you are having such problems. If these tools are needed you should always download and use the most current version as they are frequently updated.

The Eset Online Anti-virus Scanner is intended to supplement your existing anti-virus software and can be used at any time for a second opinion.

There is no need to run CCleaner at startup. You can uncheck that feature under Options > Settings. When needed just manually run CCleaner from its folder in Start > All Programs or create a shortcut on the Desktop. See Changing CCleaner settings.

Then you may want to read these topics.
Best Practices for Safe Computing - Prevention of Malware Infection
How Malware Spreads - How did I get infected
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs)
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 comp_help2014

comp_help2014
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:02:58 PM

Posted 02 December 2014 - 12:50 AM

Thank you for your reply.

 

The option of 'CCcleaner at startup' is already unchecked in options. However, the icon is visible in 'Show hidden icons' and it says 'CCcleaner monitoring is active'. I think it's alright to let it run correct?

 

 

There is an ADWcleaner folder created in C. Should I delete that?



#12 comp_help2014

comp_help2014
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:02:58 PM

Posted 02 December 2014 - 12:55 AM

These  that ESET picked up and quarantined:

 

C:\SwSetup\ATMT\Data1.cab a variant of Win32/Packed.Themida potentially unwanted application deleted - quarantined
C:\Users\NM\Downloads\ccsetup500.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
 
Could you let me know what these are and how do you think my system got infected by these? Also How do I ensure safety in future?


#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,470 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:28 AM

Posted 02 December 2014 - 05:55 AM

Changing monitoring settings (CCleaner Pro): Automatic monitoring - Browser Monitoring
Changing monitoring settings (CCleaner Free): System Monitoring - Active Monitoring

CCleaner Free enables you to set up Active system monitoring. It can monitor your PC and detect whether it will benefit from a clean. When enabled, CCleaner will continue to run in the background and you’ll see an icon in the system tray.

Active Monitoring allows CCleaner Free to monitor your installation in the background, for any updates or new releases, so you don't have to worry about keeping up-to-date.


To remove AdwCleaner and all of its related files and folders, double-click the AdwCleaner icon on your Desktop to run the tool again.
  • Click on the Uninstall button.
  • Click Yes when asked are you sure you want to uninstall.
  • Both AdwCleaner.exe, its folder and all logs will be removed.
ESET detected a Potentially Unwanted Program (PUP) and Potentially Unsafe Application (PUA).

To learn more about PUPs and how you get them, please read: About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs)
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#14 comp_help2014

comp_help2014
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:02:58 PM

Posted 03 December 2014 - 12:10 AM

Thank you quietman. I have several other queries.

 

1. I reconfigured my router and changed my router password because the internet speed had suddenly become very slow. After changing the wifi password, suddenly the speed went up and after a while it went down again. I am not sure why this is happening. I mostly use a LAN cable and not the wifi. Is it more secure to use a wired connection rather than wifi. Is there a possibility that someone is accessing my net which is why the speed is coming down. And how do you think this is happening when I am the only one using the internet and I have changed the password? Or is it something else?

 

2. Which browser do I use? I have Chrome, firefox and IE. IE is outdated, so could you send me a link where I can download the latest version. The other browsers also freeze. I am not sure why this is happening and if you can tell me how to fix this.



#15 comp_help2014

comp_help2014
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:02:58 PM

Posted 03 December 2014 - 12:51 AM

Hi again,

 

I posted the attach.txt contents of DDS into my new topic on the Malware removing tools and requesting help forum!!!!! Please can you help remove those contents. I realized later that I had to attach it and not post contents. What do I do now? Who do I get in touch with regarding this?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users