Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hello all, all I got for the holiday's was a trojan virus.


  • Please log in to reply
21 replies to this topic

#1 mstngsally

mstngsally

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:US
  • Local time:03:53 AM

Posted 28 December 2014 - 02:55 PM

Hope the holiday's are treating you well.

Edit: Topic moved from Introductions to the more appropriate forum.~ Animal

BC AdBot (Login to Remove)

 


#2 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:10:53 AM

Posted 28 December 2014 - 02:58 PM

If you need assistance for removing your "Christmas gift", I could ask a Moderator to move your thread to Am I Infected.

I wish you a Happy New Year sir.

#3 mstngsally

mstngsally
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:US
  • Local time:03:53 AM

Posted 28 December 2014 - 03:02 PM

Thank you for your suggestion. Yes, I would like this moved. I had also wanted to introduce myself. Happy New Year to you also.



#4 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:10:53 AM

Posted 28 December 2014 - 03:07 PM

Once your thread is in Am I Infected, a staff member will guide you through instructions to remove your infection.

I wish you luck.

#5 mstngsally

mstngsally
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:US
  • Local time:03:53 AM

Posted 28 December 2014 - 03:15 PM

Thank you for your assistance. Have a great day!



#6 mstngsally

mstngsally
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:US
  • Local time:03:53 AM

Posted 28 December 2014 - 03:33 PM

I believe I have a dllhost exe *32 virus/Trojan. Any help is appreciated.



#7 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:53 PM

Posted 28 December 2014 - 03:42 PM

Hello and Welcome

This topic has been moved to the correct area now.

 

Please download Malwarebytes Anti-Malware If the program is installed, be sure to update it

  • Follow the simple directions to install the program to desktop
  • Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
  • Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
  • Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.
  • If you find malware and tick it to remove it, you may be asked to re-boot the computer to finish cleaning.
  • Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

 

Next -

Run ESET Online Scanner.

  • For "Internet Explorer" users only, hold down Control  (Ctrl) and click on This Link to open ESET OnlineScan in a new window.
  • Click the ESET Online button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu. to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives and Remove Threats"
  • Click Advanced settings and select the following:
    Scan potentially unwanted applications
     Scan for potentially unsafe applications
     Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer.
  • Please be patient as this will take some time (2 hours is not unusual for a first scan).
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as "ESETScan". Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

NOTE:Sometimes if ESET finds no infections it will not create a log.

 

 

We can see any results from these first -


Edited by noknojon, 28 December 2014 - 04:08 PM.


#8 mstngsally

mstngsally
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:US
  • Local time:03:53 AM

Posted 28 December 2014 - 05:47 PM

Malwarebytes Anti-Malware
www.malwarebytes.org
Here is the malwarebytes scan, I had previously ran an adware program. awscan or something similar.


Scan Date: 12/28/2014
Scan Time: 3:00:39 PM
Logfile:
Administrator: No

Version: 2.00.4.1028
Malware Database: v2014.12.28.09
Rootkit Database: v2014.12.23.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Anna

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 343805
Time Elapsed: 25 min, 39 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

#9 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:53 PM

Posted 28 December 2014 - 06:43 PM

If you get no results, please run this, as I think it will help.

 

 

Please download Powelikscleaner (by ESET) and save it to your Desktop.

  • Double-click the 3.png to start the tool.
  • Read the terms of the End-user license agreement and click Agree if you agree to them.
  • The tool will run automatically. If the cleaner finds a Poweliks infection, press the Y key on your keyboard to remove it.
  • If Poweliks was detected "Win32/Poweliks was successfully removed from your system" will be displayed. Press any key to exit the tool and reboot your PC.
  • The tool will produce a log in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

1.png
2.png



#10 mstngsally

mstngsally
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:US
  • Local time:03:53 AM

Posted 28 December 2014 - 08:26 PM

It did find some items.

C:\Users\Anna\Downloads\setup.exe Win32/Systweak.K potentially unwanted application
C:\$RECYCLE.BIN\S-1-5-21-3053146153-2006442871-2820191638-1001\$RQF4012\MyOSProtect.dll Win32/Adware.Loadshop.C application cleaned by deleting - quarantined
C:\$RECYCLE.BIN\S-1-5-21-3053146153-2006442871-2820191638-1001\$RQF4012\MyOSProtect64.dll Win64/Adware.Loadshop.C application cleaned by deleting - quarantined
C:\$RECYCLE.BIN\S-1-5-21-3053146153-2006442871-2820191638-1001\$RQF4012\pcwtc64f.sys Win64/Adware.Loadshop.D application cleaned by deleting - quarantined
C:\$RECYCLE.BIN\S-1-5-21-3053146153-2006442871-2820191638-1001\$RQF4012\pcwtc64r.sys Win64/Adware.Loadshop.E application cleaned by deleting - quarantined
C:\$RECYCLE.BIN\S-1-5-21-3053146153-2006442871-2820191638-1001\$RQF4012\postcollect.exe Win32/AdWare.Loadshop.G application cleaned by deleting - quarantined
C:\$RECYCLE.BIN\S-1-5-21-3053146153-2006442871-2820191638-1001\$RQF4012\precollect.exe Win32/AdWare.Loadshop.G application cleaned by deleting - quarantined
C:\$RECYCLE.BIN\S-1-5-21-3053146153-2006442871-2820191638-1001\$RQF4012\uninstaller.exe Win32/AdWare.Loadshop.H application cleaned by deleting - quarantined
C:\$RECYCLE.BIN\S-1-5-21-3053146153-2006442871-2820191638-1001\$RQF4012\WDCertInstaller.dll Win32/Adware.Loadshop.F application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\xfin_portal\comcastdx.dll.vir a variant of Win32/Toolbar.Visicom.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\xfin_portal\comcasttb.dll.vir a variant of Win32/Toolbar.Visicom.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\xfin_portal\dtuser.exe.vir a variant of Win32/Toolbar.Visicom.C potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir a variant of Win64/Systweak.A potentially unwanted application deleted - quarantined
C:\Documents and Settings\Anna\Downloads\setup.exe Win32/Systweak.K potentially unwanted application deleted - quarantined

#11 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:53 PM

Posted 28 December 2014 - 08:30 PM

Please run the last (added) program just to be sure. I was hoping we may find a bit more.

If there is a log produced, please post it back here.

 

Thank You -



#12 mstngsally

mstngsally
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:US
  • Local time:03:53 AM

Posted 28 December 2014 - 08:36 PM

No threats found and no log produced.

#13 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:02:53 AM

Posted 28 December 2014 - 08:38 PM

Couldn't resist to comment on a super funny topic title:

Hello all, all I got for the holiday's was a trojan virus.

 

LOOOOOL...

I apologize for an interruption.

It won't happen again :)


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#14 mstngsally

mstngsally
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:US
  • Local time:03:53 AM

Posted 28 December 2014 - 08:50 PM

Hehe!

#15 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:53 PM

Posted 28 December 2014 - 08:51 PM

Please update us if the running or anything has changed (I hope improved) ............

 

I am asking for help to see if I may have missed something prior to us cleaning up.

 

Thanks -






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users