Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I feel like I may have a virus...


  • Please log in to reply
3 replies to this topic

#1 AndyMan315

AndyMan315

  • Members
  • 120 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Syracuse, NY
  • Local time:10:06 PM

Posted 21 July 2015 - 03:55 PM

Recently my computer just doesn't feel like itself...maybe because its been such a long time since I updated it in general as I used to get a new build fairly often but have faded from that phase...my google doesn't seem to be accurate and I have had bootkit and browser hijackers in the past...what tools should I run to help narrow it down? MBAM SAS and Zemana all turn up nothing...THANKS



BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,289 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:06 PM

Posted 21 July 2015 - 06:59 PM

Please download and run RKill by Grinler. Double-click on RKill to launch the tool. A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully. A log file will be created and saved to the root directory, C:\RKill.log. Copy and paste the contents of RKill.log in your next reply.

Important: Do not reboot your computer until you complete the next step.

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double-click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • The tool will start to update its database...please wait until complete.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button...a report (AdwCleaner[RX].txt) will open in Notepad (where the largest value of # represents the most recent report).
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep (except you cannot uncheck Chrome and Firefox preferences lines).


Please download Junkware Removal Tool thisisujrt.gif by thisisu and save it to your Desktop.

  • Close all open programs and shut down any protection/security software now to avoid potential conflicts.
  • Double-click on JRT.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log file named JRT.txt will automatically open and be saved to your Desktop.
  • Copy and paste the contents of JRT.txt in your next reply.

These tools will search for and remove many potentially unwanted programs (PUPs), adware, toolbars, browser hijackers, extensions, add-ons, browser helper objects (BHOs) and other junkware to include many related registry entries (values, keys) and remnants.
 


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 AndyMan315

AndyMan315
  • Topic Starter

  • Members
  • 120 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Syracuse, NY
  • Local time:10:06 PM

Posted 22 July 2015 - 01:46 PM

The logs are all here now!  Also both my Steam account and Facebook have been attempted to be opened in "Taiwan" in the last month, yet another reason I was unsure of my  system security.  thanks!

 

 

 

Rkill 2.7.0 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 07/22/2015 02:24:30 PM in x64 mode.
Windows Version: Windows 7 Professional Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Firewall Disabled

   [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
   "EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1       localhost

Program finished at: 07/22/2015 02:25:38 PM
Execution time: 0 hours(s), 1 minute(s), and 7 seconds(s)
 

 

 

# AdwCleaner v4.208 - Logfile created 22/07/2015 at 14:29:21
# Updated 09/07/2015 by Xplode
# Database : 2015-07-15.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : LLAMA-2 - LLAMA-2-PC
# Running from : C:\Users\LLAMA-2\Downloads\AdwCleaner(1).exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - ;192.168.*.*

***** [ Web browsers ] *****

-\\ Internet Explorer v8.0.7601.17514


-\\ Mozilla Firefox v39.0 (x86 en-US)


-\\ Google Chrome v44.0.2403.89


*************************

AdwCleaner[R0].txt - [3245 bytes] - [08/07/2015 18:19:41]
AdwCleaner[R1].txt - [1026 bytes] - [22/07/2015 14:27:46]
AdwCleaner[S0].txt - [3311 bytes] - [08/07/2015 18:20:31]
AdwCleaner[S1].txt - [955 bytes] - [22/07/2015 14:29:21]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1013  bytes] ##########
 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.1 (07.16.2015:1)
OS: Windows 7 Professional x64
Ran by LLAMA-2 on Wed 07/22/2015 at 14:38:18.09
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer



~~~ Files

Successfully deleted: [File] C:\Windows\SysWOW64\FAP47EB.tmp
Successfully deleted: [File] C:\Windows\SysWOW64\FAP5297.tmp
Successfully deleted: [File] C:\Windows\SysWOW64\FAP64B2.tmp
Successfully deleted: [File] C:\Windows\SysWOW64\FAP6AB0.tmp
Successfully deleted: [File] C:\Windows\SysWOW64\FAP769E.tmp
Successfully deleted: [File] C:\Windows\SysWOW64\FAP7B07.tmp
Successfully deleted: [File] C:\Windows\SysWOW64\FAP867E.tmp
Successfully deleted: [File] C:\Windows\SysWOW64\FAP948C.tmp
Successfully deleted: [File] C:\Windows\SysWOW64\FAPA724.tmp
Successfully deleted: [File] C:\Windows\SysWOW64\FAPBE10.tmp



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\LLAMA-2\AppData\Roaming\mozilla\firefox\profiles\t4dcj65s.default\minidumps [34 files]



~~~ Chrome


[C:\Users\LLAMA-2\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\LLAMA-2\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\LLAMA-2\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\LLAMA-2\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 07/22/2015 at 14:43:13.90
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,289 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:06 PM

Posted 22 July 2015 - 04:24 PM

Nothing of significant concern showing in your log(s)...and no obvious signs of a major malware infection.

If you want a more detailed look at your system for possible malware, then more advanced tools are needed to investigate. Many of the scanning tools tools we use in this forum are not capable of detecting (removing) all malware variants. Before that can be done you will need to create and post a FRST log for further investigation. Before that can be done you will need to create and post a FRST log for further investigation.

Please follow the instructions in the Malware Removal and Log Section Preparation Guide starting at Step 6.
  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 6 there are instructions for downloading and running FRST which will create two logs.
When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.

Start a new topic, give it a relevant title and post your log(s) along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. If you cannot produce any of the required logs...start the new topic anyway. Explain that you followed the Prep. Guide, were unable to create the logs, and describe what happened when you tried to create them. A member of the Malware Removal Team will walk you through, step by step, on how to clean your computer.

After doing this, please reply back in this thread with a link to the new topic so we can close this one.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users