Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I need urgent help please.


  • Please log in to reply
8 replies to this topic

#1 Mindpower

Mindpower

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:36 PM

Posted 18 May 2015 - 03:44 PM

So, today I was browsing the internet, going through some websites that are a bit more questionable and a popup got through my adblock. It was in my native language, portuguese and it appeared it was pretending to be an Interpol website, asking me to pay money through the popup to 'unlock my browser', it didn't even say my PC, just my browser. Of course, that triggered a flag, as I know how the law works and I immediately pulled up the task manager and killed google chrome. I started it up again after and reset it to make sure no cookies or anything were leftover from that. I also ran CCleaner.

 

My computer kept working fine for a few hours, I then had to leave home and go to have some tutoring and other things. When I came back 3 hours later, I booted up my PC and my desktop.ini files were visible, despite me not having altered anything to make them visible. Of course, I immediately thought 'virus' and ran my McAffee as well as Malwarebytes. I had some minor malware apparently that I properly deleted but then I went and searched through the internet to see if I was in danger. I found out that I most likely was. Immediately, I did a system restore to 4 days ago, ran malwarebytes again, ran mcaffee, ran malwarebytes rootkit, ran CCleaner and made sure that I had no malware present. I had never heard of ransomware before in my life. I killed all the startup programs and started windows in safe mode, I went to the Registry Edit and went through the Shell, the Windows and all the other folders I saw on different websites and found nothing unusual. I only had one line in them saying <default> and the value was empty, except in the shell folder, there I had other things but they were as per usual.

 

I ran everything AGAIN and had no detections, my computer is NOT slow but I don't know if my internet connection is or not. I have no unusual processes or CPU, Memory or Network overload.

 

Do I need to do something else? Am I still infected? Can my accounts be stolen?

I really do need help fast.

 

Running: Windows 7 Professional


Edited by Mindpower, 18 May 2015 - 03:55 PM.


BC AdBot (Login to Remove)

 


m

#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:36 AM

Posted 18 May 2015 - 04:58 PM

Download and run wipe  and system ninja,

 

https://privacyroot.com/software/www/en/wipe.php

https://singularlabs.com/software/system-ninja/

 

Then.....

 

Go ahead and install ccleaner Now that you have the program installed go ahead and run the cleaner function.

https://www.piriform.com/ccleaner/download
kwLN4uv.png


Now that you have cleaned out some temp files, lets go ahead and disable all of the items starting up with your machine except your antivirus. To do this you will need to click on tools then start up select each item then disable.

GjWwvEu.png

Now that you have disabled those un-needed start ups lets go into the settings, we will have Ccleaner run when your machine boots, so that you will never have to worry about cleaning temp files again.

To do this:

  • Hit options.
  • Settings.
  • Place a tick to run Ccleaner when the computer starts.


Lxioao1.png

Now go to the advanced tab, and select close program after cleaning, now run the cleaner again this will close Ccleaner.

SnqZ2JW.png

 

Reboot your machine and then follow the  instructions below.

 

Step 1: eScanAV.

 

Disable your antivirus prior to this scan.

http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

Download the eScanAV Anti-Virus Toolkit (MWAV)
http://www.escanav.com/english/content/products/downloadlink/downloadcounter.asp?pcode=MWAV&src=english_dwn&type=alter

 

Source

http://www.escanav.com/english/content/products/downloadlink/downloadproduct.asp?pcode=MWAV
Save the file to your desktop.
Right click run as administrator.
A new icon will appear on your desktop.
Right click run as administrator on new icon.
Click on the update tab.
ZCDJtZN.png
Once you have updated the program, make sure the settings are the same as the picture below.
7DUFn5c.png
Once you have made sure the settings match the picture, hit the Scan & Clean button.
Upon scan completion, click View Log.
ApSVXsQ.png
Copy and paste entire log into your next reply.
Note: Reboot if needed to remove infections.

 

Step 2: Zemana

 

Run a full scan with Zemana antimalware.

http://www.zemana.us/product/zemana-antimalware/default.aspx

Install and select deep scan.

jdmyscF.jpg

Remove any infections found.

Then click on the icon in the pic below.

DOLGyto.jpg

Double click on the scan log, copy and paste here in your reply.

 

 

Step 3: Junkware Removal Tool.
 
Please download Junkware Removal Tool and save it on your desktop.

Source

http://thisisudax.org/

  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.

Step 4: Adware Cleaner.
 
Please download AdwCleaner by Xplode onto your desktop.


  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


#3 Mindpower

Mindpower
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:36 PM

Posted 18 May 2015 - 05:09 PM

So, because of certain private reasons I decided to take the most agressive route and reinstalled the windows 7 OS from scratch, wiping out all of my C drive. I am also going to wipe my D drive. Am I safe?

Apologies for being rude but I suffer from extreme anxiety. Thank you for your quick reply, but should I still follow those steps or am I in the clear?

Edited by Mindpower, 18 May 2015 - 05:13 PM.


#4 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:36 AM

Posted 18 May 2015 - 05:31 PM

If you format the machine then you are good to go. :) A fresh install is like cutting off the head for a headache....

 

Here are some things that may interest you.

 

 

 

Install One of the following.

 

http://www.360totalsecurity.com/en/  360 Total Security Antivirus (Free)

 

http://www.secureaplus.com/Main/index.php SecureAplus  Free Antivirus

 

http://www.bitdefender.com/solutions/free.htmlBitdefender Free Antivirus

 

 

 http://tiranium-antivirus.com/products.html Tiranium Free Antivirus

 

Update your software.

 

https://patchmypc.net/download

 

 

Qualys BrowserCheck To update plugins.

Safe Browsing Tool Web of trust to keep away from shady sites.

Unchecky  To avoid bundled software.

Adblock Plus  To browse the web ad free.

https://www.fanboy.co.nz/filters.html Add the Ultimate list.

Malwarebytes Anti-Exploit To block Zero day attacks.

Malwarebytes | StartUpLITE To disable un-needed start ups.

http://www.toolwiz.com/en/products/toolwiz-smart-defrag/ Defrag your machine.

adguard use with adblock for basically zero ads

https://chrome.google.com/webstore/detail/adguard-adblocker/bgnkhhnnamicmpeenaelnjfhikgbkllg?hl=en

https://addons.mozilla.org/en-uS/firefox/addon/adguard-adblocker/


Edited by InadequateInfirmity, 18 May 2015 - 05:31 PM.


#5 Mindpower

Mindpower
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:36 PM

Posted 18 May 2015 - 05:38 PM

Thank you so much, you have no idea how much those few words helped me! Especially due to how fast they came.

Since you gave me a few options. I had malwarebytes anti-malware + the paid version of McAffee on my PC any advice on that?

#6 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:36 AM

Posted 18 May 2015 - 05:47 PM

Malwarebytes is a great program, Mcafee is IMO not really great.

 

Although antivirus is a personal choice.

 

If you are going to pay for something then I would suggest

 

Tiranium Premium

http://tiranium-antivirus.com/store.html

 

or ESET Nod32

http://www.eset.com/us/home/products/antivirus/

 

But if you like Mcafee then you keep it, I only offer suggestions. :)



#7 Mindpower

Mindpower
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:36 PM

Posted 18 May 2015 - 05:54 PM

The paid version was offered to us, so luckily it's essentially freeware for me. Thank you for your helpful information and suggestions, I'll keep them in mind. Also, thank you for that hefty list of tools! They're going to make my life so much easier! :)


Edited by Mindpower, 18 May 2015 - 05:54 PM.


#8 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:36 AM

Posted 18 May 2015 - 05:56 PM

:) Have a great day!!



#9 Mindpower

Mindpower
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:36 PM

Posted 18 May 2015 - 06:05 PM

You too!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users