Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Something malicious is deleting my programs and can't use PC properly


  • Please log in to reply
8 replies to this topic

#1 bex1990

bex1990

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:10 AM

Posted 24 January 2015 - 05:16 PM

Hi,
 
2 days ago, my Google chrome wouldn't work properly. It was acting like the internet was not connected when it in fact was. As internet explorer was still working, I un-installed chrome and tried to re-install it, but it wouldn't.I did a scan with Norton, it found one virus and 5 cookies. 
 
Today I noticed that, Norton and other programs have been un-installed or the short cuts have been remove. I found Norton in my programs and tried to launch it, but it just froze up. I have tried to download other anti-virus, anti-malware etc, even the online ESET virus scanner, but they won't download unless I save them, and then won't run, nothing happens.
 
Does anyone know how to solve this problem and what might be causing it?
 
Thank you.

Edited by Budapest, 24 January 2015 - 05:40 PM.
Moved from Win8 ~Budapest


BC AdBot (Login to Remove)

 


#2 iangcarroll

iangcarroll

  • Members
  • 658 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Birmingham, MI
  • Local time:12:10 AM

Posted 24 January 2015 - 06:08 PM

Are you able to boot into safe mode with networking? If so, please do the following:

Post the logs for all programs you run!


Ian Carroll https://ian.sh • Certly Inc
 
Member of the Bleeping Computer A.I.I. early response team!


#3 bex1990

bex1990
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:10 AM

Posted 26 January 2015 - 04:18 PM

Managed to boot in safe mode with networking. Nothing came up with RKill as you will see in the report bellow;

 

Rkill 2.7.0 by Lawrence Abrams (Grinler)
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 01/26/2015 07:49:40 PM in x64 mode. (Safe Mode)
Windows Version: Windows 8.1 
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
Checking Windows Service Integrity: 
 
 * COM+ Event System (EventSystem) is not Running.
   Startup Type set to: Automatic
 
 * Security Center (wscsvc) is not Running.
   Startup Type set to: Automatic (Delayed Start)
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 01/26/2015 07:52:27 PM
Execution time: 0 hours(s), 2 minute(s), and 46 seconds(s)
 
Downloaded MBAM and ran it. Found only 2 pups and quarantined them. See log bellow;
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 26/01/2015
Scan Time: 19:56:20
Logfile: MBAM Log.txt
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.01.26.07
Rootkit Database: v2015.01.14.01
License: Trial
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Ben
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 329956
Time Elapsed: 7 min, 19 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 2
PUP.Optional.SearchApp.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\aaaaaiabcopkplhgaedhbloeejhhankf, Quarantined, [e41b56a57f0afc3a18aa543a14efe31d], 
PUP.Optional.SearchApp.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\aaaaaiabcopkplhgaedhbloeejhhankf, Quarantined, [c13e19e2e5a455e1f5cd78162ad9d62a], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 1
PUP.Optional.Downloader, C:\$Recycle.Bin\S-1-5-21-675530902-1403755879-2624920334-1002\$RC6HE3M.exe, Quarantined, [d32c9f5cfa8f0234ee30a3465da5e719], 
 
Physical Sectors: 0
(No malicious items detected)
 
(end)
 
 
Also downloaded and ran super anti-spyware. It found adware and cookies but that is all. See logs;
 

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

 

 

Generated 01/26/2015 at 08:25 PM

Application Version : 6.0.1168
Database Version : 11723

Scan type       : Complete Scan
Total Scan Time : 00:07:54

Operating System Information
Windows 8.1 64-bit (Build 6.03.9600)
UAC Off - Administrator

Memory items scanned      : 173
Memory threats detected   : 0
Registry items scanned    : 33682
Registry threats detected : 0
File items scanned        : 17324
File threats detected     : 16

Adware.Tracking Cookie
 C:\Users\Ben\AppData\Local\Microsoft\Windows\INetCookies\IV676RDC.txtC:\Users\Ben\AppData\Local\Microsoft\Windows\INetCookies\IV676RDC.txt [ /doubleclick.net

 
 ]
 C:\Users\Ben\AppData\Local\Microsoft\Windows\INetCookies\FV51N62Q.txtC:\Users\Ben\AppData\Local\Microsoft\Windows\INetCookies\FV51N62Q.txt [ /imrworldwide.com
 
 ]
 C:\Users\Ben\AppData\Local\Microsoft\Windows\INetCookies\GPHP4AHX.txtC:\Users\Ben\AppData\Local\Microsoft\Windows\INetCookies\GPHP4AHX.txt [ /mediaplex.com
 
 ]
 C:\Users\Ben\AppData\Local\Microsoft\Windows\INetCookies\8IR0JTJR.txtC:\Users\Ben\AppData\Local\Microsoft\Windows\INetCookies\8IR0JTJR.txt [ /serving-sys.com
 
 ]
 C:\Users\Ben\AppData\Local\Microsoft\Windows\INetCookies\G1OIKFEN.txtC:\Users\Ben\AppData\Local\Microsoft\Windows\INetCookies\G1OIKFEN.txt [ /bs.serving-sys.com
 
 ]
 C:\Users\Ben\AppData\Local\Microsoft\Windows\INetCookies\Low\42O43HAZ.txtC:\Users\Ben\AppData\Local\Microsoft\Windows\INetCookies\Low\42O43HAZ.txt [ /ru4.com
 
 ]
 C:\Users\Ben\AppData\Local\Microsoft\Windows\INetCookies\Low\C6VUPJ3T.txtC:\Users\Ben\AppData\Local\Microsoft\Windows\INetCookies\Low\C6VUPJ3T.txt [ /c1.adform.net
 
 ]
 C:\Users\Ben\AppData\Local\Microsoft\Windows\INetCookies\Low\M3ONQ1DU.txtC:\Users\Ben\AppData\Local\Microsoft\Windows\INetCookies\Low\M3ONQ1DU.txt [ /doubleclick.net
 
 ]
 C:\Users\Ben\AppData\Local\Microsoft\Windows\INetCookies\Low\5M1IHC38.txtC:\Users\Ben\AppData\Local\Microsoft\Windows\INetCookies\Low\5M1IHC38.txt [ /casalemedia.com
 
 ]
 C:\Users\Ben\AppData\Local\Microsoft\Windows\INetCookies\Low\PE7MHZZA.txtC:\Users\Ben\AppData\Local\Microsoft\Windows\INetCookies\Low\PE7MHZZA.txt [ /atdmt.com
 
 ]
 C:\Users\Ben\AppData\Local\Microsoft\Windows\INetCookies\Low\64TVFKVV.txtC:\Users\Ben\AppData\Local\Microsoft\Windows\INetCookies\Low\64TVFKVV.txt [ /ad.mlnadvertising.com
 
 ]
 C:\Users\Ben\AppData\Local\Microsoft\Windows\INetCookies\Low\A3393KXF.txtC:\Users\Ben\AppData\Local\Microsoft\Windows\INetCookies\Low\A3393KXF.txt [ /adform.net
 
 ]
 C:\Users\Ben\AppData\Local\Microsoft\Windows\INetCookies\Low\D3DIA0JM.txtC:\Users\Ben\AppData\Local\Microsoft\Windows\INetCookies\Low\D3DIA0JM.txt [ /serving-sys.com
 
 ]
 C:\Users\Ben\AppData\Local\Microsoft\Windows\INetCookies\Low\IJ79U05Z.txtC:\Users\Ben\AppData\Local\Microsoft\Windows\INetCookies\Low\IJ79U05Z.txt [ /adtechus.com
 
 ]
 C:\Users\Ben\AppData\Local\Microsoft\Windows\INetCookies\Low\O4PJXK14.txtC:\Users\Ben\AppData\Local\Microsoft\Windows\INetCookies\Low\O4PJXK14.txt [ /burstnet.com
 
 ]
 C:\Users\Ben\AppData\Local\Microsoft\Windows\INetCookies\Low\AIF5OYJO.txtC:\Users\Ben\AppData\Local\Microsoft\Windows\INetCookies\Low\AIF5OYJO.txt [ /bs.serving-sys.com
 
 ]

 

============================
 Unwanted Programs Detected 
============================
 Ask Toolbar

============
 End of Log 
============

 

Managed to do a Norton scan but it found nothing at all. 

 

I rebooted the PC to see how it is working. While on safe mode, downloaded Google, and it now seems to be able to search but once I click on a link, nothing happens, the loading button just keeps spinning. (See photo 1 on original post as I could not see an attach button on the message writer).

Explorer seems to work fine and can download programs. PC is now running the programs and can install them. However when I first turned on the PC a firewall message came up warning me that it had blocked Norton online backup and a message from Norton came up shortly after saying it recommends activating my security suite now, (See pic 2 on original post)

 

What else would you recommend? Do you know what is happening with the firewall and Norton. Are they clashing perhaps?

 

 



#4 iangcarroll

iangcarroll

  • Members
  • 658 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Birmingham, MI
  • Local time:12:10 AM

Posted 26 January 2015 - 06:01 PM

I'm sorry, I can't find the picture you're referencing on this thread.


Ian Carroll https://ian.sh • Certly Inc
 
Member of the Bleeping Computer A.I.I. early response team!


#5 bex1990

bex1990
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:10 AM

Posted 28 January 2015 - 09:24 AM

Appologies, I forgot to put them on but now I see I can't edit to attach. Do you know how I attach photos?



#6 bex1990

bex1990
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:10 AM

Posted 30 January 2015 - 05:47 AM

Hello Ian, are you able to help me please?



#7 iangcarroll

iangcarroll

  • Members
  • 658 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Birmingham, MI
  • Local time:12:10 AM

Posted 30 January 2015 - 07:44 AM

Oh, sorry. I'm unable to help you anymore as I recently got accepted into the training program here. Someone will probably be along soon, if no replies in three days post here: http://www.bleepingcomputer.com/forums/t/400074/please-post-in-this-topic-if-you-have-not-received-help-after-three-days/

Ian Carroll https://ian.sh • Certly Inc
 
Member of the Bleeping Computer A.I.I. early response team!


#8 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:10 PM

Posted 30 January 2015 - 07:47 AM

Edit removed

Edited by boopme, 30 January 2015 - 09:25 PM.


#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,058 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:10 AM

Posted 30 January 2015 - 09:27 PM

Hello, your issue will not be repaired by any of those tools.. You have deeper issues. So rather than spend time there .....

Please follow this Preparation Guide and post in a new topic.
Let me know if all went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users