Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pop-ups taking over and hijacking my browsers, also eating CPU power, Win 7 PC


  • This topic is locked This topic is locked
62 replies to this topic

#1 Angela Nepper

Angela Nepper

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:12:13 PM

Posted 14 April 2015 - 01:28 PM

Hi there, good folks of Bleeping Computer -

 

Am running a PC with Windows 7 Home Premium, a fairly old HP computer, "Intel Pentium inside", 32-bit.  I have kept the OS up to date through Windows Updatearrow-10x10.png.

 

Have been running Chromearrow-10x10.png largely, having uninstalled Firefox because there were too many pop-ups.

 

Despite running Malwarebytesarrow-10x10.png, Avira Freearrow-10x10.png, and AdwCleaner, and quarantining and re-booting, the pop-ups are still coming fast and furious.  Even this Bleeping Computer site had words in the text suddenly become URL links taking me to some other browser trying to sell me stuff.  Definitely think the bugs have well and truly gotten into my computer's guts.  

 

Interestingly, during Malwarebytesarrow-10x10.png heuristic scan, the number of detections was in the tens of thousands, which is clearly flawed.  Uninstalling Malwarebytes and installingarrow-10x10.png the latest version of Malwarebytes and downloading its latest definitions did nothing;  the heuristic scan still went crazy.

 

I am typing to you from the infected computer.  My fan seems to be on far more than normal, presumably because it's processing so much junk?

 

Any help would be much appreciated.  I am doing what I can, but I just don't have enough experience in this area of expertise!

 

All best wishes,

Angela


Edited by Queen-Evie, 14 April 2015 - 01:36 PM.
moved from Anti-Virus and Anti-Malware Software to Am I Infected


BC AdBot (Login to Remove)

 


#2 FakoktaNetworkPerson

FakoktaNetworkPerson

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:13 AM

Posted 14 April 2015 - 02:35 PM

Sounds like you have quite the infection. Here is something you can try:

1) Download and run rkill at http://www.bleepingcomputer.com/download/rkill/

 - Once it is finished, it will spit out a log file for your viewing pleasure. Take note of anything it says and move on to step 2

2) Run Malwarebytes and select the Scan tab. Once there, you will be given 3 options; Threat Scan, Custom Scan and Hyper Scan *which will be greyed out*, select Custom Scan. Once you do, the blue button on the bottom will say "Configure Scan" select that and once you are brought to the new screen, check the option to scan for Rootkits. In the right side of that same window, it will list out any disks that MalwareBytes has detected. Select your C: drive and hit the scan now button. If Malwarebytes lists anything other than C:, you can scan those as well. 

2a) Once Malwarebytes comes back, follow the onscreen prompts and your computer will restart. Keep scanning with Malwarebytes until it comes back clean. 

3) Once Malwarebytes finishes it's first scan, but before you reboot, you can run AdwCleaner to catch the adware that is no doubt infecting your Chrome and IE installations. 

4) Once Malwarebytes and AdwCleaner come back clean, you should be good to go but I would like you to check a couple more places before declaring victory. 

5) Go to your Internet Explorer and select the gear in the upper right corner of the window and choose "Manage Options" from the dropdown menu. 

5a) Doing this will open the Manage Add-Ons window, in the left hand portion of this window you will see "Toolbars and Extensions", which will be pre-selected. In the right hand side of the screen will be the toolbars and extensions that are installed in IE. Here you might see toolbars/extensions from Oracle America / Java, Logitech, Microsoft or Adobe. If you see any suspicious entries, you can disable them, which will prevent them from running. Once you have disabled any suspicious entries, look back to the left hand side and select "Search Providers". This will show you all search providers that are currently configured for IE. Generally, you will have entries for; Ask.com, Google, Bing, Yahoo and Aol. If you see any suspicious entries, you can click on them and there will be a remove option on the lower portion of this window. Once you have completed that, you can hit the close button and close out of IE. Open IE once more and browse the web to verify that the extensions/toolbars you have disabled will not interfere with how IE runs and to make sure that any adware that was installed will no longer be active. Once you have finished that, head on over to Google Chrome. 

6) Google chrome will be a bit easier to do. Open Google chrome and select the menu option in the upper right hand corner underneath the X button. Select the "Settings" option from the dropdown and this will open up your settings for Google Chrome. On the left hand side will be "Extensions", select that and remove any suspicious extensions that you may see. Once that is finished, select the "Settings" option from the left hand side and you will be back at settings screen. 

Once there, you will notice a few areas of interest, The ones we will focus on are: On Startup and Search. If you check under On Startup and it is set to "Open a specific set of pages", there will be a link to set these pages. Click that and you will be presented with a small pop-up window with entries for webpages that google chrome is set to display upon startup. Remove any suspicious entries and hit the "Ok" button. Once you do that you will be back to the setting screen and I would like you to look at the "Search" area. Directly underneath search is a button labeled "Manage Search Engines..." Select that and you will be presented with the search engines installed. Remove any suspicious entries and hit ok. Close chrome and re-open to test if everything is ok. 

If all goes well, you will be all clean and ready to browse the web again. 



#3 Angela Nepper

Angela Nepper
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:12:13 PM

Posted 15 April 2015 - 01:27 PM

Hello!
 
Thank you for your assistance.
 
I completed Step 1 as you directed, a report was generated but nothing seemed unusual.  I can forward to you via email if you'd like to see report.  As to Step 2, I have tried several times to run Malwarebytes doing as you directed -- checking custom scan and selecting the rootkits option.  This process seems to work ok up until it gets to the 'scan file system' step of the entire scan -- my computer seems to get 'hung up' on this step and sits there for hours.  As I ran Malwarebytes before heading to bed last night, it was still sitting at the 'scan file system' step when I awoke, 7 hours later.  I quickly cancelled the scan, rebooted and tried again but to no avail.  I'm not sure what to do next if there's anything I can do.  This laptop was purchased in 2010, so it is fairly old at this point.
 
Thanks,
Angela



#4 FakoktaNetworkPerson

FakoktaNetworkPerson

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:13 AM

Posted 15 April 2015 - 01:34 PM

Interesting. Try running RKill then running AdwCleaner and then doing steps 4-6 and let me know how that goes. 



#5 Angela Nepper

Angela Nepper
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:12:13 PM

Posted 15 April 2015 - 02:30 PM

Hello!

 

Thank you again for these tips -- they seemed to 'kill' all the PUPs.  I followed your instructions and adjusted the settings for both Chrome and IE.  Should I try running Malwarebytes again?

 

Appreciate your help!!

 

Angela



#6 Roedel

Roedel

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:13 AM

Posted 15 April 2015 - 03:10 PM

Just wondering, On the adds does it say "ads by passshow"? Cause the Adware you're describing sounds similar to one I had.



#7 FakoktaNetworkPerson

FakoktaNetworkPerson

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:13 AM

Posted 15 April 2015 - 03:22 PM

Yes, running Malwarebytes is recommended just to make sure that there aren't any ancillary infections or scraps left behind. AdwCleaner is geared towards cleaning adware specifically, whereas Malwarebytes is more geared towards all malware in general. Which is why it is recommended to run them both. 
Once all that is done, let me know if you continue to have ads popup. 



#8 Queen-Evie

Queen-Evie

    Official Bleepin' G.R.I.T.S. (and proud of it)


  • Staff Emeritus
  • 16,485 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:My own little corner of the universe (somewhere in Alabama). It's OK, they know me here
  • Local time:05:13 AM

Posted 15 April 2015 - 03:35 PM

For what it's worth, if you run any recommended tools for malware removal the logs of those scans should be posted for review by the person who is helping you.

#9 Angela Nepper

Angela Nepper
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:12:13 PM

Posted 16 April 2015 - 11:03 AM

Hello!

 

Overnight I ran Malwarebytes again but yet again it is getting 'hung' up at the 'scan file system' step and doesn't finish out.  After closing out of Malwarebytes and rebooting this morning, I then attempted to run Avira but this program also seems to get 'hung' up in the process, it does not want to finish out -- are there any other tools or steps I can try?

 

Thank you,

Angela



#10 Angela Nepper

Angela Nepper
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:12:13 PM

Posted 16 April 2015 - 12:19 PM

Hi again,

 

I re-ran AdwCleaner.  Here's the log:

 

# AdwCleaner v4.201 - Logfile created 16/04/2015 at 19:07:03
# Updated 08/04/2015 by Xplode
# Database : 2015-04-15.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Angela - ANGELA-PC
# Running from : C:\Users\Angela\Downloads\adwcleaner_4.201.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - ;192.168.*.*
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17728
 
 
-\\ Mozilla Firefox v
 
 
-\\ Google Chrome v41.0.2272.118
 
 
*************************
 
AdwCleaner[R0].txt - [25545 bytes] - [12/04/2015 13:54:09]
AdwCleaner[R1].txt - [1378 bytes] - [12/04/2015 18:38:10]
AdwCleaner[R2].txt - [1402 bytes] - [14/04/2015 02:31:30]
AdwCleaner[R3].txt - [1251 bytes] - [15/04/2015 20:39:55]
AdwCleaner[R4].txt - [1310 bytes] - [15/04/2015 20:41:58]
AdwCleaner[R5].txt - [1370 bytes] - [15/04/2015 20:47:51]
AdwCleaner[R6].txt - [1488 bytes] - [15/04/2015 21:16:08]
AdwCleaner[R7].txt - [1606 bytes] - [16/04/2015 19:04:44]
AdwCleaner[S0].txt - [14601 bytes] - [12/04/2015 13:57:17]
AdwCleaner[S1].txt - [1448 bytes] - [12/04/2015 18:39:33]
AdwCleaner[S2].txt - [1472 bytes] - [14/04/2015 02:32:45]
AdwCleaner[S3].txt - [1436 bytes] - [15/04/2015 20:49:03]
AdwCleaner[S4].txt - [1554 bytes] - [15/04/2015 21:18:07]
AdwCleaner[S5].txt - [1533 bytes] - [16/04/2015 19:07:03]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [1592  bytes] ##########
 
 
 
And here is the log from rkill, which I also ran again:
 
Rkill 2.7.0 by Lawrence Abrams (Grinler)
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 04/16/2015 07:12:43 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
 
The Avira and Malwarebytes scans from last night were both badly hanging up, not completing, and therefore neither generating a log (which I would post) or quarantining anything they catch.  I will run them both again now and revert with any results.
 
Should we be running some software which is a little stronger now, that searches a little deeper?  My problems do not seem to be going away at all :-(
 
Thanks as always for your great help.  I may be frustrated, but your help is wonderful!
Angela


#11 Angela Nepper

Angela Nepper
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:12:13 PM

Posted 16 April 2015 - 02:18 PM

I started Avira and ran a "Scan for Rootkits and active malware" scan.  

 

After running for 1 hour 43 mins, the scan has now ceased running at all, mid-way through the scan, at 67.5% complete.

 

 

The last file it was attempting to scan was HPSA_Service.exe (whatever that is).

 

Objects scanned 569697

Hidden objects 100015

No detections, no suspicious files.

 

It just ceased scanning, so I canceled it, and an posting its report here.

 

 

Here's the report (at least Avira created one):

 

 
Free Antivirus
Report file date: Thursday, April 16, 2015  19:21
 
 
The program is running as an unrestricted full version.
Online services are available.
 
Licensee        : Avira Antivirus Free
Serial number   : 0000149996-AVHOE-0000001
Platform        : Windows 7 Home Premium
Windows version : (Service Pack 1)  [6.1.7601]
Boot mode       : Normally booted
Username        : Angela
Computer name   : ANGELA-PC
 
Version information:
BUILD.DAT       : 15.0.9.504     94784 Bytes   3/24/2015 14:59:00
AVSCAN.EXE      : 15.0.9.504   1027528 Bytes   4/11/2015 12:53:07
AVSCANRC.DLL    : 15.0.9.460     54064 Bytes   4/11/2015 12:53:07
LUKE.DLL        : 15.0.9.460     60664 Bytes   4/11/2015 12:53:31
AVSCPLR.DLL     : 15.0.9.460     95536 Bytes   4/11/2015 12:53:07
REPAIR.DLL      : 15.0.9.504    374064 Bytes   4/11/2015 12:53:06
REPAIR.RDF      : 1.0.7.16      834076 Bytes   4/15/2015 08:41:55
AVREG.DLL       : 15.0.9.460    273712 Bytes   4/11/2015 12:53:05
AVLODE.DLL      : 15.0.9.504    596272 Bytes   4/11/2015 12:53:03
AVLODE.RDF      : 14.0.4.64      79226 Bytes   4/11/2015 12:52:58
XBV00018.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 11:02:04
XBV00019.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 11:02:04
XBV00020.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 11:02:04
XBV00021.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 11:02:04
XBV00022.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 11:02:04
XBV00023.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 11:02:04
XBV00024.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 11:02:04
XBV00025.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 11:02:04
XBV00026.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 11:02:04
XBV00027.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 11:02:04
XBV00028.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 11:02:04
XBV00029.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 11:02:04
XBV00030.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 11:02:04
XBV00031.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 11:02:04
XBV00032.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 11:02:04
XBV00033.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 11:02:04
XBV00034.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 11:02:04
XBV00035.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 11:02:04
XBV00036.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 11:02:04
XBV00037.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 11:02:04
XBV00038.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 11:02:04
XBV00039.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 11:02:04
XBV00040.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 11:02:04
XBV00041.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 11:02:04
XBV00209.VDF    : 8.11.219.166     2048 Bytes   3/25/2015 12:53:55
XBV00210.VDF    : 8.11.219.166     2048 Bytes   3/25/2015 12:53:55
XBV00211.VDF    : 8.11.219.166     2048 Bytes   3/25/2015 12:53:55
XBV00212.VDF    : 8.11.219.166     2048 Bytes   3/25/2015 12:53:55
XBV00213.VDF    : 8.11.219.166     2048 Bytes   3/25/2015 12:53:56
XBV00214.VDF    : 8.11.219.166     2048 Bytes   3/25/2015 12:53:56
XBV00215.VDF    : 8.11.219.166     2048 Bytes   3/25/2015 12:53:56
XBV00216.VDF    : 8.11.219.166     2048 Bytes   3/25/2015 12:53:56
XBV00217.VDF    : 8.11.219.166     2048 Bytes   3/25/2015 12:53:56
XBV00218.VDF    : 8.11.219.166     2048 Bytes   3/25/2015 12:53:56
XBV00219.VDF    : 8.11.219.166     2048 Bytes   3/25/2015 12:53:56
XBV00220.VDF    : 8.11.219.166     2048 Bytes   3/25/2015 12:53:56
XBV00221.VDF    : 8.11.219.166     2048 Bytes   3/25/2015 12:53:56
XBV00222.VDF    : 8.11.219.166     2048 Bytes   3/25/2015 12:53:56
XBV00223.VDF    : 8.11.219.166     2048 Bytes   3/25/2015 12:53:56
XBV00224.VDF    : 8.11.219.166     2048 Bytes   3/25/2015 12:53:56
XBV00225.VDF    : 8.11.219.166     2048 Bytes   3/25/2015 12:53:56
XBV00226.VDF    : 8.11.219.166     2048 Bytes   3/25/2015 12:53:56
XBV00227.VDF    : 8.11.219.166     2048 Bytes   3/25/2015 12:53:56
XBV00228.VDF    : 8.11.219.166     2048 Bytes   3/25/2015 12:53:56
XBV00229.VDF    : 8.11.219.166     2048 Bytes   3/25/2015 12:53:56
XBV00230.VDF    : 8.11.219.166     2048 Bytes   3/25/2015 12:53:56
XBV00231.VDF    : 8.11.219.166     2048 Bytes   3/25/2015 12:53:57
XBV00232.VDF    : 8.11.219.166     2048 Bytes   3/25/2015 12:53:57
XBV00233.VDF    : 8.11.219.166     2048 Bytes   3/25/2015 12:53:57
XBV00234.VDF    : 8.11.219.166     2048 Bytes   3/25/2015 12:53:57
XBV00235.VDF    : 8.11.219.166     2048 Bytes   3/25/2015 12:53:57
XBV00236.VDF    : 8.11.219.166     2048 Bytes   3/25/2015 12:53:57
XBV00237.VDF    : 8.11.219.166     2048 Bytes   3/25/2015 12:53:57
XBV00238.VDF    : 8.11.219.166     2048 Bytes   3/25/2015 12:53:57
XBV00239.VDF    : 8.11.219.166     2048 Bytes   3/25/2015 12:53:57
XBV00240.VDF    : 8.11.219.166     2048 Bytes   3/25/2015 12:53:57
XBV00241.VDF    : 8.11.219.166     2048 Bytes   3/25/2015 12:53:57
XBV00242.VDF    : 8.11.219.166     2048 Bytes   3/25/2015 12:53:57
XBV00243.VDF    : 8.11.219.166     2048 Bytes   3/25/2015 12:53:57
XBV00244.VDF    : 8.11.219.166     2048 Bytes   3/25/2015 12:53:57
XBV00245.VDF    : 8.11.219.166     2048 Bytes   3/25/2015 12:53:57
XBV00246.VDF    : 8.11.219.166     2048 Bytes   3/25/2015 12:53:57
XBV00247.VDF    : 8.11.219.166     2048 Bytes   3/25/2015 12:53:57
XBV00248.VDF    : 8.11.219.166     2048 Bytes   3/25/2015 12:53:57
XBV00249.VDF    : 8.11.219.166     2048 Bytes   3/25/2015 12:53:57
XBV00250.VDF    : 8.11.219.166     2048 Bytes   3/25/2015 12:53:57
XBV00251.VDF    : 8.11.219.166     2048 Bytes   3/25/2015 12:53:57
XBV00252.VDF    : 8.11.219.166     2048 Bytes   3/25/2015 12:53:58
XBV00253.VDF    : 8.11.219.166     2048 Bytes   3/25/2015 12:53:58
XBV00254.VDF    : 8.11.219.166     2048 Bytes   3/25/2015 12:53:58
XBV00255.VDF    : 8.11.219.166     2048 Bytes   3/25/2015 12:53:58
XBV00000.VDF    : 7.11.70.0   66736640 Bytes    4/4/2013 11:02:04
XBV00001.VDF    : 7.11.74.226  2201600 Bytes   4/30/2013 11:02:04
XBV00002.VDF    : 7.11.80.60   2751488 Bytes   5/28/2013 11:02:04
XBV00003.VDF    : 7.11.85.214  2162688 Bytes   6/21/2013 11:02:04
XBV00004.VDF    : 7.11.91.176  3903488 Bytes   7/23/2013 11:02:04
XBV00005.VDF    : 7.11.98.186  6822912 Bytes   8/29/2013 11:02:04
XBV00006.VDF    : 7.11.139.38 15708672 Bytes   3/27/2014 11:02:04
XBV00007.VDF    : 7.11.152.100  4193792 Bytes    6/2/2014 11:02:04
XBV00008.VDF    : 8.11.165.192  4251136 Bytes    8/7/2014 11:02:04
XBV00009.VDF    : 8.11.172.30  2094080 Bytes   9/15/2014 11:02:04
XBV00010.VDF    : 8.11.178.32  1581056 Bytes  10/14/2014 11:02:04
XBV00011.VDF    : 8.11.184.50  2178560 Bytes  11/11/2014 11:02:04
XBV00012.VDF    : 8.11.190.32  1876992 Bytes   12/3/2014 11:02:04
XBV00013.VDF    : 8.11.201.28  2973696 Bytes   1/14/2015 11:02:04
XBV00014.VDF    : 8.11.206.252  2695680 Bytes    2/4/2015 11:02:04
XBV00015.VDF    : 8.11.213.84  3175936 Bytes    3/3/2015 11:02:04
XBV00016.VDF    : 8.11.213.176   212480 Bytes    3/5/2015 11:02:04
XBV00017.VDF    : 8.11.219.166  2033664 Bytes   3/25/2015 12:53:42
XBV00042.VDF    : 8.11.219.194    36864 Bytes   3/25/2015 12:53:42
XBV00043.VDF    : 8.11.219.218     7168 Bytes   3/25/2015 12:53:42
XBV00044.VDF    : 8.11.219.242     6144 Bytes   3/25/2015 12:53:42
XBV00045.VDF    : 8.11.219.244     7680 Bytes   3/25/2015 12:53:42
XBV00046.VDF    : 8.11.219.246     5632 Bytes   3/26/2015 12:53:42
XBV00047.VDF    : 8.11.219.250    38400 Bytes   3/26/2015 12:53:42
XBV00048.VDF    : 8.11.219.252    14336 Bytes   3/26/2015 12:53:42
XBV00049.VDF    : 8.11.219.254    18432 Bytes   3/26/2015 12:53:42
XBV00050.VDF    : 8.11.220.0      7680 Bytes   3/26/2015 12:53:42
XBV00051.VDF    : 8.11.220.2     10240 Bytes   3/26/2015 12:53:42
XBV00052.VDF    : 8.11.220.6      2048 Bytes   3/26/2015 12:53:43
XBV00053.VDF    : 8.11.220.8      2560 Bytes   3/26/2015 12:53:43
XBV00054.VDF    : 8.11.220.10    17408 Bytes   3/26/2015 12:53:43
XBV00055.VDF    : 8.11.220.12     2048 Bytes   3/26/2015 12:53:43
XBV00056.VDF    : 8.11.220.16    23040 Bytes   3/26/2015 12:53:43
XBV00057.VDF    : 8.11.220.18     8704 Bytes   3/26/2015 12:53:43
XBV00058.VDF    : 8.11.220.22    30720 Bytes   3/27/2015 12:53:43
XBV00059.VDF    : 8.11.220.24     6144 Bytes   3/27/2015 12:53:43
XBV00060.VDF    : 8.11.220.26     2048 Bytes   3/27/2015 12:53:44
XBV00061.VDF    : 8.11.220.48     9728 Bytes   3/27/2015 12:53:44
XBV00062.VDF    : 8.11.220.68    14848 Bytes   3/27/2015 12:53:44
XBV00063.VDF    : 8.11.220.88    23552 Bytes   3/27/2015 12:53:44
XBV00064.VDF    : 8.11.220.108     9216 Bytes   3/27/2015 12:53:44
XBV00065.VDF    : 8.11.220.110    15360 Bytes   3/27/2015 12:53:44
XBV00066.VDF    : 8.11.220.116    27648 Bytes   3/27/2015 12:53:44
XBV00067.VDF    : 8.11.220.118    10752 Bytes   3/27/2015 12:53:44
XBV00068.VDF    : 8.11.220.120     6144 Bytes   3/27/2015 12:53:44
XBV00069.VDF    : 8.11.220.122    62976 Bytes   3/28/2015 12:53:45
XBV00070.VDF    : 8.11.220.124     2048 Bytes   3/28/2015 12:53:45
XBV00071.VDF    : 8.11.220.126     9728 Bytes   3/28/2015 12:53:45
XBV00072.VDF    : 8.11.220.128    20992 Bytes   3/28/2015 12:53:45
XBV00073.VDF    : 8.11.220.148    54784 Bytes   3/29/2015 12:53:45
XBV00074.VDF    : 8.11.220.176     7680 Bytes   3/29/2015 12:53:45
XBV00075.VDF    : 8.11.220.196    32768 Bytes   3/30/2015 12:53:45
XBV00076.VDF    : 8.11.220.216     2048 Bytes   3/30/2015 12:53:45
XBV00077.VDF    : 8.11.220.236     9728 Bytes   3/30/2015 12:53:46
XBV00078.VDF    : 8.11.220.238    15360 Bytes   3/30/2015 12:53:46
XBV00079.VDF    : 8.11.220.240     9216 Bytes   3/30/2015 12:53:46
XBV00080.VDF    : 8.11.220.242     4608 Bytes   3/30/2015 12:53:46
XBV00081.VDF    : 8.11.220.248    58368 Bytes   3/30/2015 12:53:46
XBV00082.VDF    : 8.11.220.250     2048 Bytes   3/30/2015 12:53:46
XBV00083.VDF    : 8.11.220.252     2048 Bytes   3/30/2015 12:53:46
XBV00084.VDF    : 8.11.220.254    39424 Bytes   3/31/2015 12:53:47
XBV00085.VDF    : 8.11.221.0      2048 Bytes   3/31/2015 12:53:47
XBV00086.VDF    : 8.11.221.6     40960 Bytes   3/31/2015 12:53:47
XBV00087.VDF    : 8.11.221.8      2048 Bytes   3/31/2015 12:53:47
XBV00088.VDF    : 8.11.221.10    16896 Bytes   3/31/2015 12:53:47
XBV00089.VDF    : 8.11.221.30    10240 Bytes   3/31/2015 12:53:47
XBV00090.VDF    : 8.11.221.48    29184 Bytes   3/31/2015 12:53:47
XBV00091.VDF    : 8.11.221.50     2048 Bytes   3/31/2015 12:53:47
XBV00092.VDF    : 8.11.221.70    27648 Bytes   3/31/2015 12:53:47
XBV00093.VDF    : 8.11.221.88     3584 Bytes   3/31/2015 12:53:47
XBV00094.VDF    : 8.11.221.90    32256 Bytes   3/31/2015 12:53:47
XBV00095.VDF    : 8.11.221.94    34816 Bytes    4/1/2015 12:53:47
XBV00096.VDF    : 8.11.221.96     8704 Bytes    4/1/2015 12:53:47
XBV00097.VDF    : 8.11.221.100     8704 Bytes    4/1/2015 12:53:47
XBV00098.VDF    : 8.11.221.102     7680 Bytes    4/1/2015 12:53:47
XBV00099.VDF    : 8.11.221.106    39936 Bytes    4/1/2015 12:53:48
XBV00100.VDF    : 8.11.221.124     8704 Bytes    4/1/2015 12:53:48
XBV00101.VDF    : 8.11.221.142    12288 Bytes    4/1/2015 12:53:48
XBV00102.VDF    : 8.11.221.160     7168 Bytes    4/1/2015 12:53:48
XBV00103.VDF    : 8.11.221.178     7168 Bytes    4/1/2015 12:53:48
XBV00104.VDF    : 8.11.221.196     8192 Bytes    4/1/2015 12:53:48
XBV00105.VDF    : 8.11.221.200    33280 Bytes    4/2/2015 12:53:48
XBV00106.VDF    : 8.11.221.202     2048 Bytes    4/2/2015 12:53:48
XBV00107.VDF    : 8.11.221.204    28160 Bytes    4/2/2015 12:53:48
XBV00108.VDF    : 8.11.221.206     2048 Bytes    4/2/2015 12:53:48
XBV00109.VDF    : 8.11.221.208    33792 Bytes    4/2/2015 12:53:48
XBV00110.VDF    : 8.11.221.210    24576 Bytes    4/2/2015 12:53:48
XBV00111.VDF    : 8.11.221.214    18944 Bytes    4/2/2015 12:53:48
XBV00112.VDF    : 8.11.221.216    11264 Bytes    4/2/2015 12:53:48
XBV00113.VDF    : 8.11.221.220    29696 Bytes    4/3/2015 12:53:48
XBV00114.VDF    : 8.11.221.222     2048 Bytes    4/3/2015 12:53:48
XBV00115.VDF    : 8.11.221.224    31232 Bytes    4/3/2015 12:53:49
XBV00116.VDF    : 8.11.221.242     3584 Bytes    4/3/2015 12:53:49
XBV00117.VDF    : 8.11.222.2     11776 Bytes    4/3/2015 12:53:49
XBV00118.VDF    : 8.11.222.18     7168 Bytes    4/3/2015 12:53:49
XBV00119.VDF    : 8.11.222.34     6656 Bytes    4/3/2015 12:53:49
XBV00120.VDF    : 8.11.222.38    15360 Bytes    4/3/2015 12:53:49
XBV00121.VDF    : 8.11.222.40     5632 Bytes    4/3/2015 12:53:49
XBV00122.VDF    : 8.11.222.42     6144 Bytes    4/3/2015 12:53:49
XBV00123.VDF    : 8.11.222.44    46592 Bytes    4/4/2015 12:53:49
XBV00124.VDF    : 8.11.222.46     2048 Bytes    4/4/2015 12:53:49
XBV00125.VDF    : 8.11.222.48     2048 Bytes    4/4/2015 12:53:49
XBV00126.VDF    : 8.11.222.50    36864 Bytes    4/4/2015 12:53:49
XBV00127.VDF    : 8.11.222.52     2048 Bytes    4/4/2015 12:53:49
XBV00128.VDF    : 8.11.222.68    68096 Bytes    4/5/2015 12:53:50
XBV00129.VDF    : 8.11.222.84     2048 Bytes    4/5/2015 12:53:50
XBV00130.VDF    : 8.11.222.116    18432 Bytes    4/5/2015 12:53:50
XBV00131.VDF    : 8.11.222.132    62464 Bytes    4/6/2015 12:53:50
XBV00132.VDF    : 8.11.222.134    10752 Bytes    4/6/2015 12:53:50
XBV00133.VDF    : 8.11.222.138     2048 Bytes    4/6/2015 12:53:50
XBV00134.VDF    : 8.11.222.154    13312 Bytes    4/6/2015 12:53:50
XBV00135.VDF    : 8.11.222.156     8704 Bytes    4/6/2015 12:53:50
XBV00136.VDF    : 8.11.222.158     9216 Bytes    4/6/2015 12:53:50
XBV00137.VDF    : 8.11.222.160     2048 Bytes    4/6/2015 12:53:50
XBV00138.VDF    : 8.11.222.164    18432 Bytes    4/6/2015 12:53:50
XBV00139.VDF    : 8.11.222.166    10752 Bytes    4/6/2015 12:53:50
XBV00140.VDF    : 8.11.222.182     7168 Bytes    4/6/2015 12:53:51
XBV00141.VDF    : 8.11.222.196     8704 Bytes    4/7/2015 12:53:51
XBV00142.VDF    : 8.11.222.212    29696 Bytes    4/7/2015 12:53:51
XBV00143.VDF    : 8.11.222.226     6656 Bytes    4/7/2015 12:53:51
XBV00144.VDF    : 8.11.222.228    10752 Bytes    4/7/2015 12:53:51
XBV00145.VDF    : 8.11.222.230     4096 Bytes    4/7/2015 12:53:51
XBV00146.VDF    : 8.11.222.232     5120 Bytes    4/7/2015 12:53:51
XBV00147.VDF    : 8.11.222.234     5632 Bytes    4/7/2015 12:53:51
XBV00148.VDF    : 8.11.222.240    34816 Bytes    4/7/2015 12:53:51
XBV00149.VDF    : 8.11.222.242     2048 Bytes    4/7/2015 12:53:51
XBV00150.VDF    : 8.11.222.244     3584 Bytes    4/7/2015 12:53:51
XBV00151.VDF    : 8.11.222.246    24576 Bytes    4/7/2015 12:53:51
XBV00152.VDF    : 8.11.222.250    37888 Bytes    4/8/2015 12:53:52
XBV00153.VDF    : 8.11.223.8     12800 Bytes    4/8/2015 12:53:52
XBV00154.VDF    : 8.11.223.22     2048 Bytes    4/8/2015 12:53:52
XBV00155.VDF    : 8.11.223.36    10752 Bytes    4/8/2015 12:53:52
XBV00156.VDF    : 8.11.223.52    35328 Bytes    4/8/2015 12:53:52
XBV00157.VDF    : 8.11.223.66     7168 Bytes    4/8/2015 12:53:52
XBV00158.VDF    : 8.11.223.68     2048 Bytes    4/8/2015 12:53:52
XBV00159.VDF    : 8.11.223.72    15360 Bytes    4/8/2015 12:53:52
XBV00160.VDF    : 8.11.223.74     7168 Bytes    4/9/2015 12:53:52
XBV00161.VDF    : 8.11.223.78    38400 Bytes    4/9/2015 12:53:52
XBV00162.VDF    : 8.11.223.80     2048 Bytes    4/9/2015 12:53:52
XBV00163.VDF    : 8.11.223.82    35328 Bytes    4/9/2015 12:53:52
XBV00164.VDF    : 8.11.223.90    80896 Bytes    4/9/2015 12:53:52
XBV00165.VDF    : 8.11.223.92     2048 Bytes    4/9/2015 12:53:53
XBV00166.VDF    : 8.11.223.94    30208 Bytes    4/9/2015 12:53:53
XBV00167.VDF    : 8.11.223.108    30208 Bytes   4/10/2015 12:53:53
XBV00168.VDF    : 8.11.223.120    35840 Bytes   4/10/2015 12:53:53
XBV00169.VDF    : 8.11.223.124     3072 Bytes   4/10/2015 12:53:53
XBV00170.VDF    : 8.11.223.136    20480 Bytes   4/10/2015 12:53:53
XBV00171.VDF    : 8.11.223.148    14848 Bytes   4/10/2015 12:53:53
XBV00172.VDF    : 8.11.223.150     2048 Bytes   4/10/2015 12:53:53
XBV00173.VDF    : 8.11.223.154    23552 Bytes   4/10/2015 12:53:53
XBV00174.VDF    : 8.11.223.156     8192 Bytes   4/10/2015 12:53:53
XBV00175.VDF    : 8.11.223.158     7680 Bytes   4/11/2015 12:53:53
XBV00176.VDF    : 8.11.223.162    49152 Bytes   4/11/2015 12:53:53
XBV00177.VDF    : 8.11.223.164     2048 Bytes   4/11/2015 12:53:53
XBV00178.VDF    : 8.11.223.176    18944 Bytes   4/11/2015 15:02:05
XBV00179.VDF    : 8.11.223.192    68096 Bytes   4/12/2015 13:02:24
XBV00180.VDF    : 8.11.223.194     2048 Bytes   4/12/2015 13:02:24
XBV00181.VDF    : 8.11.223.196     2048 Bytes   4/12/2015 13:02:24
XBV00182.VDF    : 8.11.223.208    13312 Bytes   4/12/2015 17:02:30
XBV00183.VDF    : 8.11.223.210     6144 Bytes   4/12/2015 17:02:30
XBV00184.VDF    : 8.11.223.222    75776 Bytes   4/13/2015 13:17:52
XBV00185.VDF    : 8.11.223.224     2048 Bytes   4/13/2015 13:17:52
XBV00186.VDF    : 8.11.223.236    27648 Bytes   4/13/2015 15:17:46
XBV00187.VDF    : 8.11.223.246     2048 Bytes   4/13/2015 15:17:47
XBV00188.VDF    : 8.11.224.2      9728 Bytes   4/13/2015 07:35:11
XBV00189.VDF    : 8.11.224.12    33792 Bytes   4/13/2015 07:35:11
XBV00190.VDF    : 8.11.224.22    40448 Bytes   4/14/2015 07:35:11
XBV00191.VDF    : 8.11.224.28    26112 Bytes   4/14/2015 11:35:03
XBV00192.VDF    : 8.11.224.32    49152 Bytes   4/14/2015 18:40:29
XBV00193.VDF    : 8.11.224.34    12288 Bytes   4/14/2015 22:41:03
XBV00194.VDF    : 8.11.224.36     8704 Bytes   4/14/2015 22:41:03
XBV00195.VDF    : 8.11.224.46     6656 Bytes   4/14/2015 22:41:03
XBV00196.VDF    : 8.11.224.48     2048 Bytes   4/14/2015 22:41:04
XBV00197.VDF    : 8.11.224.58    12288 Bytes   4/15/2015 00:41:15
XBV00198.VDF    : 8.11.224.68     5632 Bytes   4/15/2015 08:41:54
XBV00199.VDF    : 8.11.224.72    29184 Bytes   4/15/2015 08:41:54
XBV00200.VDF    : 8.11.224.82    17920 Bytes   4/15/2015 10:42:01
XBV00201.VDF    : 8.11.224.84    29184 Bytes   4/15/2015 12:41:16
XBV00202.VDF    : 8.11.224.90    29184 Bytes   4/15/2015 17:00:34
XBV00203.VDF    : 8.11.224.92    18432 Bytes   4/15/2015 19:00:32
XBV00204.VDF    : 8.11.224.102    13824 Bytes   4/15/2015 19:00:32
XBV00205.VDF    : 8.11.224.112    18944 Bytes   4/15/2015 23:00:39
XBV00206.VDF    : 8.11.224.120     6144 Bytes   4/15/2015 23:00:39
XBV00207.VDF    : 8.11.224.130    38400 Bytes   4/16/2015 05:48:17
XBV00208.VDF    : 8.11.224.132    43520 Bytes   4/16/2015 11:47:58
LOCAL000.VDF    : 8.11.224.132 127585280 Bytes   4/16/2015 11:48:22
Engine version  : 8.3.30.20 
AEVDF.DLL       : 8.3.1.6       133992 Bytes   3/17/2015 11:01:51
AESCRIPT.DLL    : 8.2.2.62      567208 Bytes   4/16/2015 15:58:38
AESCN.DLL       : 8.3.2.2       139456 Bytes   3/17/2015 11:01:51
AESBX.DLL       : 8.2.20.34    1615784 Bytes   3/17/2015 11:01:51
AERDL.DLL       : 8.2.1.20      731040 Bytes   3/17/2015 11:01:51
AEPACK.DLL      : 8.4.0.62      793456 Bytes   3/17/2015 11:01:51
AEOFFICE.DLL    : 8.3.1.18      358312 Bytes   4/16/2015 15:58:38
AEMOBILE.DLL    : 8.1.7.0       281456 Bytes   3/17/2015 11:01:51
AEHEUR.DLL      : 8.1.4.1642   8301688 Bytes   4/16/2015 15:58:38
AEHELP.DLL      : 8.3.2.0       281456 Bytes   4/11/2015 12:52:54
AEGEN.DLL       : 8.1.7.40      456608 Bytes   3/17/2015 11:01:51
AEEXP.DLL       : 8.4.2.82      260968 Bytes   4/11/2015 12:52:57
AEEMU.DLL       : 8.1.3.4       399264 Bytes   3/17/2015 11:01:51
AEDROID.DLL     : 8.4.3.116    1050536 Bytes   3/17/2015 11:01:51
AECORE.DLL      : 8.3.4.0       243624 Bytes   3/17/2015 11:01:51
AEBB.DLL        : 8.1.2.0        60448 Bytes   3/17/2015 11:01:51
AVWINLL.DLL     : 15.0.9.460     26872 Bytes   4/11/2015 12:52:47
AVPREF.DLL      : 15.0.9.460     52984 Bytes   4/11/2015 12:53:05
AVREP.DLL       : 15.0.9.460    220464 Bytes   4/11/2015 12:53:06
AVARKT.DLL      : 15.0.9.460    228088 Bytes   4/11/2015 12:52:59
AVEVTLOG.DLL    : 15.0.9.460    193328 Bytes   4/11/2015 12:53:01
SQLITE3.DLL     : 15.0.9.460    455472 Bytes   4/11/2015 12:53:35
AVSMTP.DLL      : 15.0.9.460     79096 Bytes   4/11/2015 12:53:08
NETNT.DLL       : 15.0.9.460     15152 Bytes   4/11/2015 12:53:31
CommonImageRc.dll: 15.0.9.460   4355376 Bytes   4/11/2015 12:52:50
CommonTextRc.DLL: 15.0.9.476     71416 Bytes   4/11/2015 12:52:50
 
Configuration settings for the scan:
Jobname.............................: Quick system scan
Configuration file..................: C:\Program Files (x86)\Avira\AntiVir Desktop\quicksysscan.avp
Reporting...........................: default
Primary action......................: Interactive
Secondary action....................: Ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Limit recursion depth...............: 20
Smart extensions....................: on
Macrovirus heuristic................: on
File heuristic......................: extended
 
Start of the scan: Thursday, April 16, 2015  19:21
 
Start scanning boot sectors:
 
Starting search for hidden objects.
 
 
End of the scan: Thursday, April 16, 2015  21:09
Used time:  1:47:50 Hour(s)
 
The scan has been canceled!
 
      0 Scanned directories
      0 Files were scanned
      0 Viruses and/or unwanted programs were found
      0 Files were classified as suspicious
      0 Files were deleted
      0 Viruses and unwanted programs were repaired
      0 Files were moved to quarantine
      0 Files were renamed
      0 Files cannot be scanned
      0 Files not concerned
      0 Archives were scanned
      0 Warnings
      0 Notes
 569697 Objects were scanned with rootkit scan
 100015 Hidden objects were found
 

 

I will now attempt to run Malwarebytes, and will post again as soon as that scan either finishes or hangs up.

 

Best wishes,

Angela



#12 Angela Nepper

Angela Nepper
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:12:13 PM

Posted 16 April 2015 - 02:38 PM

Am 8 minutes in to the Malwarebytes scan (doing a so-called Hyper Scan, just to see what happens), and it's doing the Heuristic scan, and the Detected Objects is running up like a crazy clock counter, as it sees as "Detected Objects" files which surely cannot be all bad files.  

 

In fact, it is not seeing anything other than Detected Objects - the Objects Scanned has frozen at 269,211 and is not increasing, while the Detected Objects is running up like mad. 

 

Up to 11 minutes now and in excess of 9,000 Detected Objects.

 

I do not want to quarantine these files as they may be a chunk of the operating system.  Should I cancel out of this scan?

 

Clearly whatever is messing up the system is forcing both these scanning softwares (both Avira and Malwarebytes) from functioning as they should and catching the problems.

 

Now 13 minutes in, and north of 13,000 Detected Objects.

 

If it happens to finish and then creates a report, I will post the results here of course.

 

16 minutes in, and now close to 16,000 Detected Objects.... and so it goes.

 

Help!

 

Best wishes,

Angela



#13 FakoktaNetworkPerson

FakoktaNetworkPerson

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:13 AM

Posted 16 April 2015 - 03:17 PM

At this point, I will have to bow out. This goes beyond what I am comfortable with. You should make backups of any critical files ASAP. 



#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,768 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:13 PM

Posted 17 April 2015 - 06:40 AM

Hi,

could you post a section of the detected files by MBAM, so that we get a feeling of what MBAM is detecting?

If you have a file infector or a file replicator, 10.000 detections is not uncommon... The most I've seen in a log so far where over 50.000. It might also be a problem with a loop that has you rescan the same file again and again.

MBAM will not automatically delete at the end of a scan, it'll show you the log and will let you decide to check/uncheck what you actually want to delete, there's no danger in letting it run by itself.

regards
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 Angela Nepper

Angela Nepper
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:12:13 PM

Posted 17 April 2015 - 11:27 AM

Hiya Myrti :-)

 

Thanks for jumping in, much appreciated.  

 

I will now run Malwarebytes again, and carry out a "Threat Scan".  This will likely clock up tens of thousands of Detected Objects, as it was doing yesterday before I cancelled the scan, and (as and when and if) it ever completes this scan, I will then post here the log it generates.

 

I will NOT quarantine/delete anything it finds until I hear back from you or the BC team.

 

Question:  can I carry on using my PC while Malwarebytes has automatically placed the "bad" files in quarantine?

 

I will start the scan right now - it could take all night, or indeed hang up mid-way, without generating any log....  I'll let you know.  If it does hang up mid-way through and as a result cannot generate a log file, what should I do then?

 

All best wishes,

Angela






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users