Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My computer is infected with rootkit, hijackers, and my browser have pop ups


  • This topic is locked This topic is locked
12 replies to this topic

#1 leonardobr2d

leonardobr2d

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:45 PM

Posted 11 April 2015 - 03:37 PM

hey, today i downloaded a virus that made my computer very slow, my cpu is 50% everytime, my navigator is infected, and in the system startup some new process appear. Please help me, my log of FRST:

 

Log:

 

Anexed

Attached Files


Edited by leonardobr2d, 11 April 2015 - 03:38 PM.


BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:45 PM

Posted 11 April 2015 - 08:19 PM

Hello, welcome to Bleeping Computer

 

There is just a ton of adware on the machine,

 

Please do the following:

 

Navigate to Programs and Features and uninstall the following programs:

 

AnySend
BlockAndSurf
GamesDesktop
iWebar
Object Browser
searchult
Shopper-Pro
SmartWeb
YTDownloader

 

(if they wont uninstall normally, move on to the next step)

 

Then run the following program:

 

Please download AdwCleaner and save it to your desktop.

http://www.bleepingcomputer.com/download/adwcleaner/?rha=1

 

**ATTENTION:** After you click the Download Now button, another page will open - DO NOT CLICK any additional 'download now' buttons as they are sponsored advertisements. Please wait and look toward the top or bottom of your browser for the option to Run or Save. Click Save to save the file.

 

Double click on AdwCleaner.exe to run the tool.

Click on the Scan button.

After the scan has finished... click on the Cleaning button.

Press OK when asked to close all programs and follow the onscreen prompts.

Press OK again to allow AdwCleaner to restart the computer and complete the removal process.

After rebooting, a log file report (AdwCleaner[S0].txt) will open automatically.

Attach that log file to your next reply.

A copy of that log file will also be saved in the C:\AdwCleaner folder.

 

 

NEXT

 

 

Re-run the scan with FRST and attach the new Frst.txt


Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 leonardobr2d

leonardobr2d
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:45 PM

Posted 12 April 2015 - 03:27 PM

 Sorry for the time:

 

Adwcleaner:

http://pastebin.com/4Z7TMPMP

FRST:

http://pastebin.com/7ZgDLSvR

Addition:

http://pastebin.com/2eXkXUBS



#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:45 PM

Posted 13 April 2015 - 11:06 AM

please do the following:

Download the attached fixlist.txt file and save it to the Downloads folder, where FRST64.exe is saved.


Attached File  FixList.txt   3.35KB   2 downloads

NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

Run FRST64 and press the Fix button just once and wait.

The tool will make a log in the same folder as where FRST is saved. (Fixlog.txt). Please attach it to your reply.


Please advise how the computer is running now and if there are any outstanding issues.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 leonardobr2d

leonardobr2d
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:45 PM

Posted 14 April 2015 - 07:28 PM

Here its, and i ran the Tdsskiller, Adwcleaner, and CCleaner:

 

http://pastebin.com/j04Hf3nE


Edited by leonardobr2d, 14 April 2015 - 07:29 PM.


#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:45 PM

Posted 15 April 2015 - 11:55 AM

Please do the following:

Please download Malwarebytes Anti-Malware from here:
https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ and save it to your desktop.
• Double-click mbam-setup.exe file and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to the following:
○ Launch Malwarebytes Anti-Malware
○ A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
• Click Finish.
• On the Dashboard, click the 'Update Now >>' link
• After the update completes, click the 'Scan Now >>' button.
• Or, on the Dashboard, click the Scan Now >> button.
• If an update is available, click the Update Now button.
• A Threat Scan will begin.
• When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
• In most cases, a restart will be required.
• Wait for the prompt to restart the computer to appear, then click on Yes.

• When completed click the down arrow on Export Log and select Text file (*.txt)
• Save the file to your desktop as MBAM
• Click Apply Actions then restart your computer if requested
• Attach the MBAM.txt to your next reply

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 leonardobr2d

leonardobr2d
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:45 PM

Posted 16 April 2015 - 06:11 PM

Hey, I'd like to apologize for the delay i'm answering you, I'm studying too much.

 

MBAM.TXT:

 

http://pastebin.com/gjCGeZc7



#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:45 PM

Posted 17 April 2015 - 03:08 PM

was Malwarebytes able to successfully remove those detections?

Please run the following:

Go here to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator
  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how.
  • Click the blue Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
  • Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
  • Click on Advanced Settings
  • Make sure that the option Remove found threats is unticked.
  • Ensure these options are ticked
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
  • Close the ESET online scan, and let me know how things are now.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 leonardobr2d

leonardobr2d
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:45 PM

Posted 18 April 2015 - 03:48 PM

Yes, hey, thanks for help, my pc is soo good now, you are crazy!!



#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:45 PM

Posted 19 April 2015 - 03:16 PM


That's good to hear. Now we can clean up our tools, please do the following:

You can delete the FRST logs and program from your desktop.

NEXT

Double click on adwcleaner.exe to run the tool.
Click on the Uninstall button
Confirm with yes

If there are any logs/tools remaining on your desktop > right click and delete them

NEXT

Below I have included a couple of recommendations for how to protect your computer against malware infections.
It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection.
Refer to this Microsoft article - Strong passwords: How to create and use them
http://www.microsoft.com/security/online-privacy/passwords-create.aspx

Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com

This will ensure your computer has always the latest security updates available installed on your computer.

http://www.mywot.com
Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
Green to go
Yellow for caution
Red to stop
WOT has an addon available for Chrome, Firefox and IE

AdblockPlus, Surf the web without annoying ads!
Blocks banners, pop-ups and video ads - even on Facebook and YouTube
Protects your online privacy
Two-click installation, It's free!
https://adblockplus.org/en/internet-explorer
https://adblockplus.org/en/firefox
https://adblockplus.org/en/chrome
click the link(s) for your browser(s) and download.

Thank you for your patience, and performing all of the procedures requested.

If there are no other questions or concerns then we can go ahead and close this thread.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 leonardobr2d

leonardobr2d
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:45 PM

Posted 20 April 2015 - 10:02 PM

Hey, thanks, my pc is clean now , and ready for what comes next ! rsrs thank you for everything, for your patience too! :)



#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:45 PM

Posted 21 April 2015 - 10:15 AM

you are welcome

stay safe :hello:

~CB

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:45 PM

Posted 21 April 2015 - 10:16 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users