Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible malware after surfing in dangerous site


  • Please log in to reply
13 replies to this topic

#1 GeorgeStam89

GeorgeStam89

  • Members
  • 134 posts
  • OFFLINE
  •  
  • Local time:11:33 AM

Posted 02 April 2015 - 12:40 AM

Hello,
I just look about a controller's driver and click in a link and a download started and screen froze with some green arrows...in the screen.When i saw that click back to the previous site.
At the time do a scan for threats but i don't see anything...
Am i infected???
What can i do for this?



BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,590 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:33 AM

Posted 02 April 2015 - 06:09 AM


Please download the following tools to your desktop and use them in the order listed. They will search for and remove many potentially unwanted programs (PUPs), adware, toolbars, browser hijackers, extensions, add-ons and other junkware as well as related registry entries (values, keys) and remnants.

RKill created by Grinler (aka Lawrence Abrams), the site owner of BleepingComputer.
Malwarebytes Anti-Malware 2.0
AdwCleaner created by Xplode.
Junkware Removal Tool created by thisisu.

1. Double-click on RKill to launch the tool. A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully. A log file will be created and saved to the root directory, C:\RKill.log. Copy and paste the contents of RKill.log in your next reply.

Important: Do not reboot your computer until you complete the next step.

2. Install Malwarebytes Anti-Malware and perform a THREAT SCAN following these instructions.
  • If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.
  • When finished, post the complete log in your next reply to include the top portion which shows database version and your operating system.
  • Refer to this topic for instructions on how to save/export a Scan log...How do I access and save logs from Malwarebytes Anti-Malware?.
.
3. Double-click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button...a report (AdwCleaner[R0].txt) will open in Notepad for review.
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.


Close all open programs and shut down any protection/security software to avoid potential conflicts.

4. Double-click on JRT.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log file named JRT.txt will automatically open and be saved to your Desktop.
  • Copy and paste the contents of JRT.txt in your next reply.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 GeorgeStam89

GeorgeStam89
  • Topic Starter

  • Members
  • 134 posts
  • OFFLINE
  •  
  • Local time:11:33 AM

Posted 02 April 2015 - 10:24 AM

Rkill 2.7.0 by Lawrence Abrams (Grinler)
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 04/02/2015 05:55:48 PM in x64 mode.
Windows Version: Windows 7 Professional Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * No issues found.
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 04/02/2015 05:56:10 PM
Execution time: 0 hours(s), 0 minute(s), and 21 seconds(s)

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Ημερομηνία Σάρωσης: 2/4/2015
Ώρα Σάρωσης: 6:03:15 μμ
Αρχείο καταγραφής: mbam.txt
Διαχειριστής: Ναι
 
Έκδοση: 2.00.4.1028
Βάση Δεδομένων Κακόβουλου Λογισμικού: v2015.04.02.04
Βάση Δεδομένων Rootkit: v2015.03.31.01
Άδεια Χρήσης: Δωρεάν
Προστασία από Κακόβουλο Λογισμικό: Απενεργοποιημένο
Προστασία από Κακόβουλο Ιστότοπο: Απενεργοποιημένο
Αυτοπροστασία: Απενεργοποιημένο
 
ΛΣ: Windows 7 Service Pack 1
Επεξεργαστής: x64
Σύστημα Αρχείων: NTFS
Χρήστης: User
 
Τύπος Σάρωσης: Σάρωση για Απειλές
Αποτέλεσμα: Ολοκληρώθηκε
Αντικείμενα που σαρώθηκαν: 339743
Χρόνος που πέρασε: 4 λεπ, 34 δευτ
 
Μνήμη: Ενεργοποιημένο
Εκκίνηση: Ενεργοποιημένο
Σύστημα αρχείων: Ενεργοποιημένο
Συμπιεσμένα αρχεία: Ενεργοποιημένο
Rootkits: Ενεργοποιημένο
Heuristics: Ενεργοποιημένο
ΠΑΠ: Ενεργοποιημένο
ΠΑΤ: Ενεργοποιημένο
 
Διεργασίες: 0
(Δεν εντοπίστηκαν επιβλαβή αντικείμενα)
 
Μονάδες: 0
(Δεν εντοπίστηκαν επιβλαβή αντικείμενα)
 
Κλειδιά Μητρώου: 0
(Δεν εντοπίστηκαν επιβλαβή αντικείμενα)
 
Τιμές Μητρώου: 0
(Δεν εντοπίστηκαν επιβλαβή αντικείμενα)
 
Δεδομένα Μητρώου: 0
(Δεν εντοπίστηκαν επιβλαβή αντικείμενα)
 
Φάκελοι: 0
(Δεν εντοπίστηκαν επιβλαβή αντικείμενα)
 
Αρχεία: 0
(Δεν εντοπίστηκαν επιβλαβή αντικείμενα)
 
Φυσικοί Τομείς: 0
(Δεν εντοπίστηκαν επιβλαβή αντικείμενα)
 
 
(end)

# AdwCleaner v4.200 - Logfile created 02/04/2015 at 18:12:38
# Updated 29/03/2015 by Xplode
# Database : 2015-03-29.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : User - GEORGE
# Running from : E:\UserFiles\Downloads\adwcleaner_4.200.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17689
 
 
-\\ Google Chrome v41.0.2272.101
 
 
*************************
 
AdwCleaner[R0].txt - [749 bytes] - [02/04/2015 18:10:33]
AdwCleaner[S0].txt - [675 bytes] - [02/04/2015 18:12:38]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [733  bytes] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.5.1 (04.02.2015:1)
OS: Windows 7 Professional x64
Ran by User on £ 02/04/2015 at 18:17:34,03
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on £ 02/04/2015 at 18:19:36,05
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,590 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:33 AM

Posted 02 April 2015 - 12:00 PM

Everything looks clean.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 GeorgeStam89

GeorgeStam89
  • Topic Starter

  • Members
  • 134 posts
  • OFFLINE
  •  
  • Local time:11:33 AM

Posted 02 April 2015 - 12:35 PM

ok what can i do next?
...or i am definitely ok?



#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,590 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:33 AM

Posted 02 April 2015 - 12:37 PM

You can do an online scan to see if it finds anything else that the other scans may have missed.

 

Please perform a scan with Eset Online Anti-virus Scanner.
If using Mozilla Firefox, you will be prompted to download and use the ESET Smart Installer. Just double-click on esetsmartinstaller_enu.exe to install.
Vista/Windows 7/8 users need to run Internet Explorer/Firefox as Administrator.
To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu.

  • Click the green esetOnline.png button.
  • Read the End User License Agreement and check the box:
  • Check esetAcceptTerms.png.
  • Click the esetStart.png button.
  • Accept any security warnings from your browser and allow the download/installation of any require files.
  • Under scan settings, check esetScanArchives.png and check Remove found threats
  • Click Advanced settings and select the following:
    • Enable detection of potentially unwanted applications
    • Enable detection of potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click the Start button.
  • ESET will install itself, download virus signature database updates, and begin scanning your computer.
  • Please be patient as the scan can take some time to complete...close all programs and do NOT use the computer while the scan is running.
    If given the option (when threats are found), choose "Quarantine" instead of delete.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop as ESETScan.txt.
  • Push the esetBack.png button, then Finish.
  • Copy and paste the contents of ESETScan.txt in your next reply. If no threats are found, there is no option to create a log.

If you have other antivirus, antispyware or anti-malware programs running on your computer, they may intercept the scan being performed by the ESET Online Scanner and hinder performance. You may wish to disable the real-time protection components of your other security software before running the ESET Online Scanner. Remember to turn them back on after you are finished.
ESET Online Scanner FAQs

-- Note: If you recognize any of the detections as legitimate programs, it's possible they are "false positives" and you can ignore them or get a second opinion if you're not sure. ESET's detection rate is high and can include legitimate files which it considers suspicious, a Risk Tool, Hacking Tool, Potentially Unwanted Program, a possible threat or even Malware (virus/trojan) when that is not always the case. Be careful what you choose to remove. If in doubt, ask before taking action.
 
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 GeorgeStam89

GeorgeStam89
  • Topic Starter

  • Members
  • 134 posts
  • OFFLINE
  •  
  • Local time:11:33 AM

Posted 02 April 2015 - 04:27 PM

Hey,it was my fault to uninstalled the eset before posting the txt....also i quaranted  5 detected items.
I remember that all were: win32/Bundled Toolbar.Google.D.
3 of them detected in my E:/ and other 2 in my external HDD F:/
I think that there aren't dangerous threats...right?



#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,590 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:33 AM

Posted 02 April 2015 - 04:39 PM

Those type of detections are typically related to Potentially Unwanted Programs which do not fall into the same categories as viruses, Trojans, worms, rootkits and bots.

To learn more about PUPs and how you get them, please read: About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs)
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 GeorgeStam89

GeorgeStam89
  • Topic Starter

  • Members
  • 134 posts
  • OFFLINE
  •  
  • Local time:11:33 AM

Posted 02 April 2015 - 05:30 PM

Ok thank,nothing special for worry about.
Am i ok-clean or i can do something more?



#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,590 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:33 AM

Posted 02 April 2015 - 05:37 PM

Since ESET found a few PUPs you may want to perform a scan with emsisoft_emergency_kit.pnglogo.png

Please download Emsisoft Emergency Kit and save it to your desktop.
  • Double-click on EmsisoftEmergencyKit.exe to install and create a shortcut on the desktop.
  • Leave all settings as they are and click Accept & Extract. A folder named EEK will be created in the root of the drive (usually C:\) as shown here.
  • After extraction an Emsisoft Emergency Kit window will open. Under "Run Directly:" click Emergency Kit Scanner.
    rxYDlQ1.png
    .
  • When asked to run an online update, click Yes.
    dQaKPnk.png
    .
  • When the update is finished, click the Back to Security Status link in the left corner.
  • On the main screen click the Scan PC button.
  • Select Smart Scan, then click the Scan button.
  • When the scan is finished, click the Quarantine selected objects button. Note, this option is only available if malicious objects were detected during the scan.
    g5ojhHp.png
    .
  • Click the View Report button and in the Reports window double-click on the most recent log. Logs are named as follows: a2scan_Date-Time.txt (YYMODY) and saved to C:\EEK\bin\Reports\.
  • Alternatively you can click Export and save the log to your Desktop, then open by double-clicking on it.
  • Copy and paste the contents of that logfile in your next reply.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 GeorgeStam89

GeorgeStam89
  • Topic Starter

  • Members
  • 134 posts
  • OFFLINE
  •  
  • Local time:11:33 AM

Posted 02 April 2015 - 09:03 PM

Emsisoft Emergency Kit - Version 9.0
Last update: 3/4/2015 4:38:18 πμ
User account: GEORGE\User
 
Scan settings:
 
Scan type: Smart Scan
Objects: Rootkits, Memory, Traces, C:\Windows\, C:\Program Files\, C:\Program Files (x86)\
 
Detect PUPs: Off
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off
 
Scan start: 3/4/2015 4:39:50 πμ
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A)
 
Scanned 174734
Found 1
 
Scan end: 3/4/2015 4:59:45 πμ
Scan time: 0:19:55
 
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS Quarantined Setting.DisableRegistryTools (A)
 
Quarantined 1


#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,590 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:33 AM

Posted 03 April 2015 - 04:22 AM

Ok that log looks good so I think you are good to go.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#13 GeorgeStam89

GeorgeStam89
  • Topic Starter

  • Members
  • 134 posts
  • OFFLINE
  •  
  • Local time:11:33 AM

Posted 03 April 2015 - 08:57 AM

All right,thank you very much for your help  :thumbup2:



#14 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,590 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:33 AM

Posted 03 April 2015 - 02:40 PM


You're welcome. :thumbup2:

Tips for...Best Practices for Safe Computing - Prevention of Malware Infection.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users