Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IE infection? ransomware?


  • This topic is locked This topic is locked
3 replies to this topic

#1 miztrniceguy

miztrniceguy

  • Members
  • 201 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 24 March 2015 - 09:57 AM

My wife's computer seems to have an infection related it IE which we normally don't use. We use Firefox. She was contacted by a client of hers about a possible issue with a website she manages for someone else. The client was having issues with the site. My wife couldn't replicate the site in FF so opened IE and didn't see a problem either. Then she got a warning that IE was infected. She has run scans with MBAM MSE and SAS, which are all set for active protection with MBAM and SAS being paid versions. MBAM scan was clean, SAS clean and MSE said it found something, but scan was not finished and my wife had to cancel it for some reason. She is currently running new scans in safe mode without networking, which I will post results from when I get them.

 

I was going to attach a screenshot of the ransomeware that she emailed me, but did not see how. The Image button asked for a url so I didn't know what to do with that.

 

Thanks in advance for the help.

 

Oh yeah, win 7 Pro, and I will rin a FRST in a few and attach it.


Edited by miztrniceguy, 24 March 2015 - 10:44 AM.

Asus P8Z77-V motherboard, Intel i5-3570K unlocked Quad Core cpu, 16GB Corsair Vengeance 1866Mhz ram
CoolerMaster Hyper 212 EVO cpu cooler, Samsung 128GB SSD with Win7 Pro, WD 500GB drive for data
Asus DVD writer, Corsair 600W PSU

 


BC AdBot (Login to Remove)

 


m

#2 miztrniceguy

miztrniceguy
  • Topic Starter

  • Members
  • 201 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 24 March 2015 - 04:30 PM

Ok, so new scans of MBAM and MSE show nothing, but the log from MSE says previously found and removed Rogue:JS/FakeCall.B and she opened IE and got another warning, different from the first one, but the same style Ransomeware and so closed IE Now SAS found PC Optimizer Pro which she doesn't have and we don't know how it got there. I have more screenshots to include if I can figure out how to do so.


Asus P8Z77-V motherboard, Intel i5-3570K unlocked Quad Core cpu, 16GB Corsair Vengeance 1866Mhz ram
CoolerMaster Hyper 212 EVO cpu cooler, Samsung 128GB SSD with Win7 Pro, WD 500GB drive for data
Asus DVD writer, Corsair 600W PSU

 


#3 miztrniceguy

miztrniceguy
  • Topic Starter

  • Members
  • 201 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 24 March 2015 - 04:54 PM

image002.jpgimage009.jpgimage013.jpg


Asus P8Z77-V motherboard, Intel i5-3570K unlocked Quad Core cpu, 16GB Corsair Vengeance 1866Mhz ram
CoolerMaster Hyper 212 EVO cpu cooler, Samsung 128GB SSD with Win7 Pro, WD 500GB drive for data
Asus DVD writer, Corsair 600W PSU

 


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,560 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:22 AM

Posted 24 March 2015 - 05:21 PM

I have moved (split away) your FRST log(s) to the Virus, Trojan, Spyware, and Malware Removal Logs forum as they are not permitted in this forum.

Please go here, click on the Follow this topic button in the upper right corner and select Immediate Notification to subscribe to that topic so you are notified when a helper replies.

Now that your new topic is posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Response Team member...nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show in the information or any log(s) you already posted. Further, any modifications you make on your own may cause confusion for the member assisting you and could complicate the malware removal process or make things worst which would extend the time it takes to clean your computer.

From this point on the Malware Response Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take several days to get a response because the Malware Response Team members are very busy working logs posted before yours. They are volunteers but your topic will be reviewed and answered as soon as possible. Once you have posted your log and are waiting, please DO NOT "bump" your post or make another reply until it has been responded to by a member of the Malware Response Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another Malware Response Team member is already assisting you and not open the thread to respond.

I advise checking your new topic once a day for responses as the e-mail notification system is unreliable.

If HelpBot replies to your topic, please follow Step One and CLICK the link so it will report your topic to the team members.

To avoid confusion, I am closing this topic.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users