Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Several Malware Internet Explorer Processes Running In Background


  • Please log in to reply
11 replies to this topic

#1 RedKrovvy

RedKrovvy

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:14 AM

Posted 18 February 2015 - 05:34 PM

Hi,
 
I'd like help with what I'm pretty sure is malware on my computer. There are several instances of Internet Explorer that are running in the background on my computer. I've seen my RAM become pretty hogged up by this, at times. If I end these processes, they come back.
 
Some further details, I believe the same issue is happening on Chrome as well. With no Chrome windows open, I am getting several Chrome processes running in the task manager.
 
I am running my computer on Windows 7. I did have Norton Anti-Virus installed and used it for a full system scan where it did not find any issues. I uninstalled it, and installed a trial version of Kaspersky. I ran the Kaspersky full scan, and it found a couple of viruses which I deleted. The suspicious and memory-hogging Chrome and Internet Explorer processes are still appearing, though. I also ran a full system scan using Malwarebytes and it did not find any issues.
 
Thanks,
-Mike


BC AdBot (Login to Remove)

 


#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:14 PM

Posted 18 February 2015 - 06:04 PM

Download Zemana Cloud AntiMalware from one of the links below.

CLICK HERE to determine whether you're running 32-bit or 64-bit for Windows.

http://dl9.zemana.com/download/Products/AntiMalware/Build192/ZemanaAntiMalware.exe          32 bit
http://dl9.zemana.com/download/Products/AntiMalware/Build192/ZemanaAntiMalware_x64.exe  64 bit

Note: If you have used Hitman Pro in the past you will not be able to activate a free license for this product.

Save the file to your desktop.
Right Click and run as administrator.
Click Next to scan for malicious software.
Tick the box that reads. " No I only want to perform a one time scan to check this computer"
0X6Id66.jpg

Hit Next.

ccs6wdZ.png

Upon scan completion. Now click on on save log and save to your desktop. Hit next to activate.

yhKtpGe.png

After you activate, remove malware and post the log created in your next reply.
 



#3 RedKrovvy

RedKrovvy
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:14 AM

Posted 18 February 2015 - 06:31 PM

I followed the steps, but I could not click on the 'save log' link after removing the malware. I have the log from before the malware removal, if needed.



#4 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:14 PM

Posted 18 February 2015 - 06:46 PM

Yes please post it and tell me if it was removed and if you are having any issues.



#5 RedKrovvy

RedKrovvy
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:14 AM

Posted 18 February 2015 - 07:14 PM

The issue is partially gone. The malware Internet Explorer processes are gone but the Google Chrome malware processes still exist.

 

I also am receiving dialogs at startup for 'modules that have failed to load'. Can you help me here? here's link for screenshot:

https://imgur.com/gallery/zovadQz/new

 

Here's the log from before the malware removal:

 

Zemana AntiMalware 3.7.9.235
www.zemana.com
 
   Computer name . . . . : BLENDER-PC
   Windows . . . . . . . : 6.1.1.7601.X64/8
   User name . . . . . . : Blender-PC\MikeBlender
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free
 
   Scan date . . . . . . : 2015-02-18 15:17:36
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 1m 30s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
 
   Threats . . . . . . . : 2
   Traces  . . . . . . . : 136
 
   Objects scanned . . . : 2,144,010
   Files scanned . . . . : 125,486
   Remnants scanned  . . : 681,178 files / 1,337,346 keys
 
Malware _____________________________________________________________________
 
   C:\Users\MikeBlender\AppData\Local\Efttion\Dx_x86.dll
      Size . . . . . . . : 32,768 bytes
      Age  . . . . . . . : 30.8 days (2015-01-18 19:38:24)
      Entropy  . . . . . : 6.4
      SHA-256  . . . . . : E9E4C26B408A62A1EB8216AFC9B94D2F76374A9940AAF879046D26BD70A708BA
      Product  . . . . . : Dx_x86
      Publisher
      Description
      Version  . . . . . : 22,19,2686,0
      Copyright  . . . . : Copyright (C) 2015
      LanguageID . . . . : 1033
    > Bitdefender  . . . : Gen:Variant.Kazy.520359
      Fuzzy  . . . . . . : 103.0
 
   C:\Users\MikeBlender\AppData\Local\Ipsoft\MetaTraceNetwork.dll
      Size . . . . . . . : 39,936 bytes
      Age  . . . . . . . : 29.1 days (2015-01-20 12:52:22)
      Entropy  . . . . . : 6.3
      SHA-256  . . . . . : A46ECE926B9AAE6E2214161587038BB97A1B5371CEBE55CF6F24208C7A3107A7
      Product  . . . . . : MetaTraceNetwork
      Publisher
      Description
      Version  . . . . . : 40,8,9598,0
      Copyright  . . . . : Copyright (C) 2015
      LanguageID . . . . : 1033
    > Bitdefender  . . . : Gen:Variant.Kazy.521549
      Fuzzy  . . . . . . : 101.0
      Forensic Cluster
          0.0s C:\Users\MikeBlender\AppData\Local\Ipsoft\MetaTraceNetwork.dll
          5.0s C:\Users\MikeBlender\AppData\Local\Ipsoft\MetaTraceNetwork.idx
 
 
Potential Unwanted Programs _________________________________________________
 
   C:\ProgramData\APN\ (AskBar)
 
Cookies _____________________________________________________________________
 
   C:\Users\MikeBlender\AppData\Local\Google\Chrome\User Data\Default\Cookies:247realmedia.com
   C:\Users\MikeBlender\AppData\Local\Google\Chrome\User Data\Default\Cookies:2o7.net
   C:\Users\MikeBlender\AppData\Local\Google\Chrome\User Data\Default\Cookies:998766.fls.doubleclick.net
   C:\Users\MikeBlender\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com
   C:\Users\MikeBlender\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.auditude.com
   C:\Users\MikeBlender\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.mlnadvertising.com
   C:\Users\MikeBlender\AppData\Local\Google\Chrome\User Data\Default\Cookies:adlegend.com
   C:\Users\MikeBlender\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.ad-center.com
   C:\Users\MikeBlender\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.betweendigital.com
   C:\Users\MikeBlender\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.creative-serving.com
   C:\Users\MikeBlender\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.kelbymediagroup.com
   C:\Users\MikeBlender\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.mediade.sk
   C:\Users\MikeBlender\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.nexage.com
   C:\Users\MikeBlender\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.p161.net
   C:\Users\MikeBlender\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pointroll.com
   C:\Users\MikeBlender\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pubmatic.com
   C:\Users\MikeBlender\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.servebom.com
   C:\Users\MikeBlender\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.stickyadstv.com
   C:\Users\MikeBlender\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.undertone.com
   C:\Users\MikeBlender\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.yahoo.com
   C:\Users\MikeBlender\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtech.de
   C:\Users\MikeBlender\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechus.com
   C:\Users\MikeBlender\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
   C:\Users\MikeBlender\AppData\Local\Google\Chrome\User Data\Default\Cookies:at.atwola.com
   C:\Users\MikeBlender\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
   C:\Users\MikeBlender\AppData\Local\Google\Chrome\User Data\Default\Cookies:atwola.com
   C:\Users\MikeBlender\AppData\Local\Google\Chrome\User Data\Default\Cookies:bs.serving-sys.com
   C:\Users\MikeBlender\AppData\Local\Google\Chrome\User Data\Default\Cookies:burstnet.com
   C:\Users\MikeBlender\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
   C:\Users\MikeBlender\AppData\Local\Google\Chrome\User Data\Default\Cookies:collective-media.net
   C:\Users\MikeBlender\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\MikeBlender\AppData\Local\Google\Chrome\User Data\Default\Cookies:emjcd.com
   C:\Users\MikeBlender\AppData\Local\Google\Chrome\User Data\Default\Cookies:fastclick.net
   C:\Users\MikeBlender\AppData\Local\Google\Chrome\User Data\Default\Cookies:googleadservices.com
   C:\Users\MikeBlender\AppData\Local\Google\Chrome\User Data\Default\Cookies:in.getclicky.com
   C:\Users\MikeBlender\AppData\Local\Google\Chrome\User Data\Default\Cookies:interclick.com
   C:\Users\MikeBlender\AppData\Local\Google\Chrome\User Data\Default\Cookies:kontera.com
   C:\Users\MikeBlender\AppData\Local\Google\Chrome\User Data\Default\Cookies:media6degrees.com
   C:\Users\MikeBlender\AppData\Local\Google\Chrome\User Data\Default\Cookies:mediaplex.com
   C:\Users\MikeBlender\AppData\Local\Google\Chrome\User Data\Default\Cookies:microsoftsto.112.2o7.net
   C:\Users\MikeBlender\AppData\Local\Google\Chrome\User Data\Default\Cookies:myroitracking.com
   C:\Users\MikeBlender\AppData\Local\Google\Chrome\User Data\Default\Cookies:pcworldcommunication.122.2o7.net
   C:\Users\MikeBlender\AppData\Local\Google\Chrome\User Data\Default\Cookies:pointroll.com
   C:\Users\MikeBlender\AppData\Local\Google\Chrome\User Data\Default\Cookies:questionmarket.com
   C:\Users\MikeBlender\AppData\Local\Google\Chrome\User Data\Default\Cookies:realmedia.com
   C:\Users\MikeBlender\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
   C:\Users\MikeBlender\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
   C:\Users\MikeBlender\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
   C:\Users\MikeBlender\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com
   C:\Users\MikeBlender\AppData\Local\Google\Chrome\User Data\Default\Cookies:specificclick.net
   C:\Users\MikeBlender\AppData\Local\Google\Chrome\User Data\Default\Cookies:statcounter.com
   C:\Users\MikeBlender\AppData\Local\Google\Chrome\User Data\Default\Cookies:stats.manticoretechnology.com
   C:\Users\MikeBlender\AppData\Local\Google\Chrome\User Data\Default\Cookies:statse.webtrendslive.com
   C:\Users\MikeBlender\AppData\Local\Google\Chrome\User Data\Default\Cookies:tacoda.at.atwola.com
   C:\Users\MikeBlender\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.adform.net
   C:\Users\MikeBlender\AppData\Local\Google\Chrome\User Data\Default\Cookies:tribalfusion.com
   C:\Users\MikeBlender\AppData\Local\Google\Chrome\User Data\Default\Cookies:warnerbros.112.2o7.net
   C:\Users\MikeBlender\AppData\Local\Google\Chrome\User Data\Default\Cookies:wileypublishing.112.2o7.net
   C:\Users\MikeBlender\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.googleadservices.com
   C:\Users\MikeBlender\AppData\Local\Google\Chrome\User Data\Default\Cookies:xiti.com
   C:\Users\MikeBlender\AppData\Local\Google\Chrome\User Data\Default\Cookies:yadro.ru
   C:\Users\MikeBlender\AppData\Local\Google\Chrome\User Data\Default\Cookies:z1.zedo.com
   C:\Users\MikeBlender\AppData\Local\Google\Chrome\User Data\Default\Cookies:zedo.com
   C:\Users\MikeBlender\AppData\Roaming\Mozilla\Firefox\Profiles\i9ci94o3.default\cookies.sqlite:ad.360yield.com
   C:\Users\MikeBlender\AppData\Roaming\Mozilla\Firefox\Profiles\i9ci94o3.default\cookies.sqlite:ad.maist.jp
   C:\Users\MikeBlender\AppData\Roaming\Mozilla\Firefox\Profiles\i9ci94o3.default\cookies.sqlite:ad.mlnadvertising.com
   C:\Users\MikeBlender\AppData\Roaming\Mozilla\Firefox\Profiles\i9ci94o3.default\cookies.sqlite:adinterax.com
   C:\Users\MikeBlender\AppData\Roaming\Mozilla\Firefox\Profiles\i9ci94o3.default\cookies.sqlite:adlegend.com
   C:\Users\MikeBlender\AppData\Roaming\Mozilla\Firefox\Profiles\i9ci94o3.default\cookies.sqlite:ads.2xbpub.com
   C:\Users\MikeBlender\AppData\Roaming\Mozilla\Firefox\Profiles\i9ci94o3.default\cookies.sqlite:ads.ad-center.com
   C:\Users\MikeBlender\AppData\Roaming\Mozilla\Firefox\Profiles\i9ci94o3.default\cookies.sqlite:ads.ad4game.com
   C:\Users\MikeBlender\AppData\Roaming\Mozilla\Firefox\Profiles\i9ci94o3.default\cookies.sqlite:ads.betweendigital.com
   C:\Users\MikeBlender\AppData\Roaming\Mozilla\Firefox\Profiles\i9ci94o3.default\cookies.sqlite:ads.creative-serving.com
   C:\Users\MikeBlender\AppData\Roaming\Mozilla\Firefox\Profiles\i9ci94o3.default\cookies.sqlite:ads.kinkbomb.com
   C:\Users\MikeBlender\AppData\Roaming\Mozilla\Firefox\Profiles\i9ci94o3.default\cookies.sqlite:ads.mediade.sk
   C:\Users\MikeBlender\AppData\Roaming\Mozilla\Firefox\Profiles\i9ci94o3.default\cookies.sqlite:ads.nexage.com
   C:\Users\MikeBlender\AppData\Roaming\Mozilla\Firefox\Profiles\i9ci94o3.default\cookies.sqlite:ads.p161.net
   C:\Users\MikeBlender\AppData\Roaming\Mozilla\Firefox\Profiles\i9ci94o3.default\cookies.sqlite:ads.pointroll.com
   C:\Users\MikeBlender\AppData\Roaming\Mozilla\Firefox\Profiles\i9ci94o3.default\cookies.sqlite:ads.pubmatic.com
   C:\Users\MikeBlender\AppData\Roaming\Mozilla\Firefox\Profiles\i9ci94o3.default\cookies.sqlite:ads.stickyadstv.com
   C:\Users\MikeBlender\AppData\Roaming\Mozilla\Firefox\Profiles\i9ci94o3.default\cookies.sqlite:ads.undertone.com
   C:\Users\MikeBlender\AppData\Roaming\Mozilla\Firefox\Profiles\i9ci94o3.default\cookies.sqlite:ads.yahoo.com
   C:\Users\MikeBlender\AppData\Roaming\Mozilla\Firefox\Profiles\i9ci94o3.default\cookies.sqlite:adtech.de
   C:\Users\MikeBlender\AppData\Roaming\Mozilla\Firefox\Profiles\i9ci94o3.default\cookies.sqlite:adtechus.com
   C:\Users\MikeBlender\AppData\Roaming\Mozilla\Firefox\Profiles\i9ci94o3.default\cookies.sqlite:advertising.com
   C:\Users\MikeBlender\AppData\Roaming\Mozilla\Firefox\Profiles\i9ci94o3.default\cookies.sqlite:at.atwola.com
   C:\Users\MikeBlender\AppData\Roaming\Mozilla\Firefox\Profiles\i9ci94o3.default\cookies.sqlite:atdmt.com
   C:\Users\MikeBlender\AppData\Roaming\Mozilla\Firefox\Profiles\i9ci94o3.default\cookies.sqlite:bs.serving-sys.com
   C:\Users\MikeBlender\AppData\Roaming\Mozilla\Firefox\Profiles\i9ci94o3.default\cookies.sqlite:burstnet.com
   C:\Users\MikeBlender\AppData\Roaming\Mozilla\Firefox\Profiles\i9ci94o3.default\cookies.sqlite:casalemedia.com
   C:\Users\MikeBlender\AppData\Roaming\Mozilla\Firefox\Profiles\i9ci94o3.default\cookies.sqlite:chitika.net
   C:\Users\MikeBlender\AppData\Roaming\Mozilla\Firefox\Profiles\i9ci94o3.default\cookies.sqlite:clickbank.net
   C:\Users\MikeBlender\AppData\Roaming\Mozilla\Firefox\Profiles\i9ci94o3.default\cookies.sqlite:collective-media.net
   C:\Users\MikeBlender\AppData\Roaming\Mozilla\Firefox\Profiles\i9ci94o3.default\cookies.sqlite:doubleclick.net
   C:\Users\MikeBlender\AppData\Roaming\Mozilla\Firefox\Profiles\i9ci94o3.default\cookies.sqlite:emjcd.com
   C:\Users\MikeBlender\AppData\Roaming\Mozilla\Firefox\Profiles\i9ci94o3.default\cookies.sqlite:fastclick.net
   C:\Users\MikeBlender\AppData\Roaming\Mozilla\Firefox\Profiles\i9ci94o3.default\cookies.sqlite:googleadservices.com
   C:\Users\MikeBlender\AppData\Roaming\Mozilla\Firefox\Profiles\i9ci94o3.default\cookies.sqlite:in.getclicky.com
   C:\Users\MikeBlender\AppData\Roaming\Mozilla\Firefox\Profiles\i9ci94o3.default\cookies.sqlite:interclick.com
   C:\Users\MikeBlender\AppData\Roaming\Mozilla\Firefox\Profiles\i9ci94o3.default\cookies.sqlite:kontera.com
   C:\Users\MikeBlender\AppData\Roaming\Mozilla\Firefox\Profiles\i9ci94o3.default\cookies.sqlite:livejasmin.com
   C:\Users\MikeBlender\AppData\Roaming\Mozilla\Firefox\Profiles\i9ci94o3.default\cookies.sqlite:media6degrees.com
   C:\Users\MikeBlender\AppData\Roaming\Mozilla\Firefox\Profiles\i9ci94o3.default\cookies.sqlite:mediaplex.com
   C:\Users\MikeBlender\AppData\Roaming\Mozilla\Firefox\Profiles\i9ci94o3.default\cookies.sqlite:mm.chitika.net
   C:\Users\MikeBlender\AppData\Roaming\Mozilla\Firefox\Profiles\i9ci94o3.default\cookies.sqlite:network.realmedia.com
   C:\Users\MikeBlender\AppData\Roaming\Mozilla\Firefox\Profiles\i9ci94o3.default\cookies.sqlite:pointroll.com
   C:\Users\MikeBlender\AppData\Roaming\Mozilla\Firefox\Profiles\i9ci94o3.default\cookies.sqlite:questionmarket.com
   C:\Users\MikeBlender\AppData\Roaming\Mozilla\Firefox\Profiles\i9ci94o3.default\cookies.sqlite:realmedia.com
   C:\Users\MikeBlender\AppData\Roaming\Mozilla\Firefox\Profiles\i9ci94o3.default\cookies.sqlite:revsci.net
   C:\Users\MikeBlender\AppData\Roaming\Mozilla\Firefox\Profiles\i9ci94o3.default\cookies.sqlite:ru4.com
   C:\Users\MikeBlender\AppData\Roaming\Mozilla\Firefox\Profiles\i9ci94o3.default\cookies.sqlite:server.cpmstar.com
   C:\Users\MikeBlender\AppData\Roaming\Mozilla\Firefox\Profiles\i9ci94o3.default\cookies.sqlite:serving-sys.com
   C:\Users\MikeBlender\AppData\Roaming\Mozilla\Firefox\Profiles\i9ci94o3.default\cookies.sqlite:smartadserver.com
   C:\Users\MikeBlender\AppData\Roaming\Mozilla\Firefox\Profiles\i9ci94o3.default\cookies.sqlite:specificclick.net
   C:\Users\MikeBlender\AppData\Roaming\Mozilla\Firefox\Profiles\i9ci94o3.default\cookies.sqlite:statcounter.com
   C:\Users\MikeBlender\AppData\Roaming\Mozilla\Firefox\Profiles\i9ci94o3.default\cookies.sqlite:stats.paypal.com
   C:\Users\MikeBlender\AppData\Roaming\Mozilla\Firefox\Profiles\i9ci94o3.default\cookies.sqlite:tacoda.at.atwola.com
   C:\Users\MikeBlender\AppData\Roaming\Mozilla\Firefox\Profiles\i9ci94o3.default\cookies.sqlite:track.adform.net
   C:\Users\MikeBlender\AppData\Roaming\Mozilla\Firefox\Profiles\i9ci94o3.default\cookies.sqlite:track.clariad.com
   C:\Users\MikeBlender\AppData\Roaming\Mozilla\Firefox\Profiles\i9ci94o3.default\cookies.sqlite:track.omtrckr.com
   C:\Users\MikeBlender\AppData\Roaming\Mozilla\Firefox\Profiles\i9ci94o3.default\cookies.sqlite:tradedoubler.com
   C:\Users\MikeBlender\AppData\Roaming\Mozilla\Firefox\Profiles\i9ci94o3.default\cookies.sqlite:tribalfusion.com
   C:\Users\MikeBlender\AppData\Roaming\Mozilla\Firefox\Profiles\i9ci94o3.default\cookies.sqlite:www.burstnet.com
   C:\Users\MikeBlender\AppData\Roaming\Mozilla\Firefox\Profiles\i9ci94o3.default\cookies.sqlite:www.googleadservices.com
   C:\Users\MikeBlender\AppData\Roaming\Mozilla\Firefox\Profiles\i9ci94o3.default\cookies.sqlite:yadro.ru
   C:\Users\MikeBlender\AppData\Roaming\Mozilla\Firefox\Profiles\i9ci94o3.default\cookies.sqlite:zedo.com
 
 


#6 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:14 PM

Posted 19 February 2015 - 04:06 PM

 
Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

 

 

 

 

Download 9-Lab Removal Tool. from one of the links below.

CLICK HERE to determine whether you're running 32-bit or 64-bit for Windows.
 


Install the program onto your computer, then right click the icon RRXH2ZG.jpg run as administrator.

Go to the Update tab and update the program.

ZT1y9rP.png

Now go to the scanner tab and select Full Scan.

k68m97f.png

Upon Scan Completion Click Show Results.

FihDIFx.png

Now click the Clean button.

eCCJKcA.png

Once done cleaning you can go to the logs tab double click it and copy paste in your next reply.

 

 Download Autoruns and Autorunsc Unzip it to your desktop and then double click autoruns.exe After the scan is finished then click on File>>>>>>>>>>>Save The default name will be autoruns.arn make sure to save it as Autoruns.txt under the file type option. in other words make sure it is a .txt file instead of .arn Attach the text in your next reply.

 


#7 RedKrovvy

RedKrovvy
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:14 AM

Posted 19 February 2015 - 06:01 PM

I followed the steps for adwcleaner and will include log at end of post.

 

I cannot run 9-Labs Removal Tool as administrator and a dialog pops up saying windows explorer has stopped working when I try to. I cannot right click to extract the autoruns.zip and the same dialog shows. I also cannot right-click and run as administrator for any program on my computer, with same dialog showing.

 

I am still seeing the malware chrome processes running.

 

 Here is the log for adwcleaner:

 

# AdwCleaner v4.111 - Logfile created 19/02/2015 at 14:45:46
# Updated 18/02/2015 by Xplode
# Database : 2015-02-18.3 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : MikeBlender - BLENDER-PC
# Running from : C:\Users\MikeBlender\Desktop\adwcleaner_4.111.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\MikeBlender\AppData\Roaming\Maxiget
File Deleted : C:\Users\MikeBlender\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage
File Deleted : C:\Users\MikeBlender\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage-journal
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\MaxiGet
Key Deleted : [x64] HKLM\SOFTWARE\MaxiGet
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v10.0.9200.17229
 
 
-\\ Mozilla Firefox v35.0.1 (x86 en-US)
 
 
-\\ Google Chrome v40.0.2214.111
 
 
*************************
 
AdwCleaner[R0].txt - [1388 bytes] - [19/02/2015 14:41:47]
AdwCleaner[S0].txt - [1282 bytes] - [19/02/2015 14:45:46]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1341  bytes] ##########


#8 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:14 PM

Posted 19 February 2015 - 07:18 PM

Uninstall 9-lab reboot then run eset.

 

 

 

 

 

Disable your antivirus prior to running this scan.
 
 
 esetonlinebtn.png
 

  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.



#9 RedKrovvy

RedKrovvy
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:14 AM

Posted 19 February 2015 - 11:46 PM

Google Chrome malware processes still exist.
 
Nothing was logged.

Edited by RedKrovvy, 20 February 2015 - 01:21 AM.


#10 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:14 PM

Posted 21 February 2015 - 05:40 AM

Follow this guide.

 

 

 

http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/


Edited by InadequateInfirmity, 21 February 2015 - 05:41 AM.


#11 RedKrovvy

RedKrovvy
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:14 AM

Posted 21 February 2015 - 07:37 PM

K, I'll be back on with guide followed by Monday or so. Main thing for me is backing up my stuff now.



#12 RedKrovvy

RedKrovvy
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:14 AM

Posted 23 February 2015 - 04:42 PM

Ok, I am free of issues now.

 

I read the section about how the problem may be badly written browser extensions. All those Chrome processes that were running at startup, which I thought was malware, were either extensions or apps I added. 2 were games which I don't remember adding!, and the others were apps I use like Google Docs and Drive. I removed all of them, and voila, there's no Chrome processes running at startup and the processes go away when I close down all Chrome browsers. I also tested using Google Drive, Docs and Gmail in my browser and the 'apps' for these did not re-install.

 

Also, I got rid of the 'Specified module could not be found' dialogs at startup, which were reporting trying to start up removed malware, by following method 3 at this link:

http://www.sevenforums.com/tutorials/1401-startup-programs-change.html

The first two methods didn't work for me.

 

Thanks for the help!!


Edited by RedKrovvy, 23 February 2015 - 04:43 PM.





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users