Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Imminent Logs Hijacker?


  • Please log in to reply
10 replies to this topic

#1 BlueSEF

BlueSEF

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Somewhere in New Jersey :)
  • Local time:03:48 AM

Posted 08 August 2015 - 08:33 AM

Lol, I don't know exactly what I downloaded to receive this, but I know it was either a torrent or.rar file. I've been trying to delete this folder, and it's logs with Malwarebytes and just simply dragging it to the trash bin, but it keeps duplicating itself. I'm planning on installing AdwareCleaner and Spybot soon to see if that'll help, but I don't know.. Any advice on this? I haven't closed my browser or shut down my laptop yet, so I don't know if this is a keylogger, or browser hijacker, or whatever. I have a Windows 7 Home Premium 64x SP 1 laptop, and this event started happening somewhere in the middle of the night.. No idea what happened really, since I slept late and my computer was still running whilst installing some stuff.



BC AdBot (Login to Remove)

 


#2 OldPhil

OldPhil

    Doppleganger


  • Members
  • 4,130 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Long Island New York
  • Local time:03:48 AM

Posted 08 August 2015 - 08:45 AM

Though you may have a bug, try Revo to see if it will get rid of it.

 

http://www.bleepingcomputer.com/download/revo-uninstaller/


Honesty & Integrity Above All!


#3 BlueSEF

BlueSEF
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Somewhere in New Jersey :)
  • Local time:03:48 AM

Posted 08 August 2015 - 09:02 AM

Well, it's not listed in the uninstall or change a program section, so I had instead downloaded a free trial of Revo Uninstaller Pro, selected the folder I wanted to delete, selected moderate, and ran the scan. Turns out, you were right, and it had completely deleted the files.. I thought this was gonna be a large problem, but thanks anyway!



#4 OldPhil

OldPhil

    Doppleganger


  • Members
  • 4,130 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Long Island New York
  • Local time:03:48 AM

Posted 08 August 2015 - 09:11 AM

Great little program, no longer free but it has earned its place!


Honesty & Integrity Above All!


#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:48 AM

Posted 08 August 2015 - 09:29 AM

Hello, I think you have some malware.. Let's run these.. Skip the SpyBot.

I moved this to the Am I Infected forum from Win 7.

3Al62Pm.pngMiniToolBox
  • Please download MiniToolBox, save it to your desktop and run it.
  • Checkmark the following checkboxes:
    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Installed Programs
    • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
SXvL3ZF.pngTDSSKiller
  • Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
zcMPezJ.pngAdwCleaner
  • Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
lv0mVRW.pngJunkware Removal Tool
  • Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
cvMlKv6.pngESET Online Scanner
  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 BlueSEF

BlueSEF
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Somewhere in New Jersey :)
  • Local time:03:48 AM

Posted 11 August 2015 - 10:45 AM

I scanned my system with these programs to see if the "Imminent" folders in C/Users/ProgramsX86 and in C/Users/BlueSEF/AppData/Roaming were a virus or something and I need to know if I'm still infected or not.

 

 

MiniToolBox Logs:

 

Attached File  MTB.txt   25.3KB   2 downloads

 

TDSSKiller Logs:

 

Attached File  TDSSKiller.3.1.0.5_10.08.2015_16.28.08_log.txt   196.46KB   1 downloads

 

AdwCleaner Logs:

 

Attached File  AdwCleanerR1.txt   1.9KB   2 downloads

 

Junkware Removal Tool Logs:

 

Attached File  JRT.txt   1.79KB   0 downloads

 

ESET Online Scanner Logs:

 

Attached File  ESET logs.txt   3.05KB   1 downloads


Edited by BlueSEF, 11 August 2015 - 10:50 AM.


#7 BlueSEF

BlueSEF
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Somewhere in New Jersey :)
  • Local time:03:48 AM

Posted 11 August 2015 - 10:53 AM

Hello, I think you have some malware.. Let's run these.. Skip the SpyBot.

I moved this to the Am I Infected forum from Win 7.

3Al62Pm.pngMiniToolBox

  • Please download MiniToolBox, save it to your desktop and run it.
  • Checkmark the following checkboxes:
    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Installed Programs
    • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
SXvL3ZF.pngTDSSKiller
  • Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
zcMPezJ.pngAdwCleaner
  • Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
lv0mVRW.pngJunkware Removal Tool
  • Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
cvMlKv6.pngESET Online Scanner
  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.

 

Okay, I had posted the logs to Virus, Trojan, Spyware, and Malware Removal Logs forum.


Edited by BlueSEF, 11 August 2015 - 10:53 AM.


#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:48 AM

Posted 11 August 2015 - 11:11 AM

Hi, I put it back here as this is where I wanted them...

Remove what ADWCleaner fond.
Double click on AdwCleaner.exe to run the tool again. Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait a bit.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
    <-insert any special instructions here for what to uncheck OR remove this line if there are none->
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
.
Please CKScanner:
http://downloads.malwareremoval.com/CKScanner.exe

Important: - Save it to your Desktop

Double-click CKScanner.exe, then, click: Search For Files
When a list appears, click: Save List To File
A message box verifies the file saved.

Double-click the CKFiles.txt on your Desktop, and copy/paste the contents in your reply.

How is it running?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 BlueSEF

BlueSEF
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Somewhere in New Jersey :)
  • Local time:03:48 AM

Posted 11 August 2015 - 04:23 PM

Okay,

 

# AdwCleaner v4.208 - Logfile created 11/08/2015 at 12:53:52
# Updated 09/07/2015 by Xplode
# Database : 2015-08-11.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : BlueSEF - BLUESEF-PC
# Running from : C:\Users\BlueSEF\Downloads\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****

[#] Service Deleted : iOSinstallerUpdater

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\iOSinstaller
Folder Deleted : C:\Users\BlueSEF\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\torch
File Deleted : C:\Users\BlueSEF\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\yahoo.xml

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\Applications\Torch.exe
Key Deleted : HKCU\Software\MozillaPlugins\TorchVLC
Key Deleted : HKCU\Software\torch
Key Deleted : HKLM\SOFTWARE\torch
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\torch
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17909


-\\ Mozilla Firefox v39.0.3 (x86 en-US)


-\\ Google Chrome v44.0.2403.130

[C:\Users\BlueSEF\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\BlueSEF\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [2264 bytes] - [10/08/2015 16:26:45]
AdwCleaner[R1].txt - [1946 bytes] - [10/08/2015 19:53:35]
AdwCleaner[R2].txt - [1970 bytes] - [11/08/2015 12:51:03]
AdwCleaner[S0].txt - [1886 bytes] - [11/08/2015 12:53:52]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1945  bytes] ##########
 

 

 

And CK

 

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\users\bluesef\desktop\programs\ccleaner\ccleaner professional plus 5.05.5176 final incl + crack dll\install notes.txt
c:\users\bluesef\desktop\programs\ccleaner\ccleaner professional plus 5.05.5176 final incl + crack dll\crack dll\branding.dll
c:\users\bluesef\desktop\programs\ccleaner\ccleaner professional plus 5.05.5176 final incl + crack dll\crack dll\ccleaner.dat
c:\users\bluesef\desktop\programs\malwarebytes\malwarebytes anti-malware premium 2.1.8.1057 multilingual + keygen by fff\fff.nfo
c:\users\bluesef\desktop\programs\malwarebytes\malwarebytes anti-malware premium 2.1.8.1057 multilingual + keygen by fff\file_id.diz
c:\users\bluesef\desktop\programs\malwarebytes\malwarebytes anti-malware premium 2.1.8.1057 multilingual + keygen by fff\keygen.exe
c:\users\bluesef\desktop\programs\malwarebytes\malwarebytes anti-malware premium 2.1.8.1057 multilingual + keygen by fff\malwarebytes.anti-malware.2.00.0.1000.readnfo_keygen-fff.zip
c:\users\bluesef\desktop\programs\malwarebytes\malwarebytes anti-malware premium 2.1.8.1057 multilingual + keygen by fff\mbam-setup.exe
c:\users\bluesef\desktop\programs\malwarebytes\malwarebytes anti-malware premium 2.1.8.1057 multilingual + keygen by fff\readme.txt
c:\users\bluesef\desktop\utorrent\daemon tools pro advanced v6.1.0.0483\crack\activator.exe
c:\users\bluesef\desktop\utorrent\utorrent pro v3.4.3 build 40760 stable + crack [s0ft4pc]\how to crack [full tutorial].url
c:\users\bluesef\desktop\utorrent\utorrent pro v3.4.3 build 40760 stable + crack [s0ft4pc]\instruction.txt
c:\users\bluesef\desktop\utorrent\utorrent pro v3.4.3 build 40760 stable + crack [s0ft4pc]\s0ft4pc.com.url
c:\users\bluesef\desktop\utorrent\utorrent pro v3.4.3 build 40760 stable + crack [s0ft4pc]\torrent downloaded from s0ft4pc.com.txt
c:\users\bluesef\desktop\utorrent\utorrent pro v3.4.3 build 40760 stable + crack [s0ft4pc]\crack\crack.exe
c:\users\bluesef\desktop\vuze downlaods\[kat.cr]dragon.ball.xenoverse.dlc.resurrection.f.update.codex.3dm.crack.torrent
c:\users\bluesef\desktop\vuze downlaods\[kat.cr]malwarebytes.anti.malware.premium.2.1.8.1057.multilingual.keygen.by.fff.torrent
c:\users\bluesef\desktop\winrar files\crack dragon ball xenoverse online.rar
c:\users\bluesef\downloads\[kat.cr]magix.movie.edit.pro.2015.premium.v.14.0.0.183.cracked.deepstatus.torrent
scanner sequence 3.HK.11.APNAL0
 ----- EOF -----
 



#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:48 AM

Posted 11 August 2015 - 08:42 PM

If you have cracks and Keygenerators on here they will download malware for you.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 BlueSEF

BlueSEF
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Somewhere in New Jersey :)
  • Local time:03:48 AM

Posted 15 August 2015 - 12:37 PM

If you have cracks and Keygenerators on here they will download malware for you.

I know, but it's a risk I'm willing to take.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users