Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Norton security suite blocking intrusion attemps by www.nice-doggy.xyz


  • This topic is locked This topic is locked
4 replies to this topic

#1 Rick23708

Rick23708

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:31 PM

Posted 23 October 2015 - 09:40 AM

Hi Folks;

I saw someone post a similar topic on this and I was hoping that somebody could help me out. 

 

It looks like I have an instance of "Nice-Doggy" (?) on my system. I've tried the usual Malwarebytes, AdWare, Spyhunter and RogueKiller. Norton Secuity Suite doesn't find anything either.

 

Norton firewall is running and stops the program "Updater.exe" from accessing the internet. The virus tries to connect every 10 minutes. 

I've run FRST64.exe and I am attaching the requested files. Any assistance would be greatly appreciated.

Thanks!

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,447 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:31 PM

Posted 25 October 2015 - 10:32 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Remove these programs in bold using the Add/Remove Programs applet.
Freemake Audio Converter version 1.1.3 (HKLM-x32\...\Freemake Audio Converter_is1) (Version: 1.1.3 - Ellora Assets Corporation)
Freemake Video Converter version 4.1.6 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.6 - Ellora Assets Corporation)
Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.7.4 - Ellora Assets Corporation)


Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-809160671-391717539-2055838567-1000\...A8F59079A8D5}\localserver32:  <==== ATTENTION
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
Handler: WSAllMyTubechrome - {0A0C95CF-A116-4C74 -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.71\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.71\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.550.14) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll => No File
CHR Plugin: (Java(TM) Platform SE 7 U55) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll => No File
S3 InnovativeSolutions_monitor; C:\Program Files (x86)\Common Files\Innovative Solutions\Advanced Uninstaller\InnovativeSolutions_monitor_Svr.exe [X]
S3 CrystalSysInfo; \??\C:\Program Files (x86)\MediaCoder\SysInfoX64.sys [X]
Task: {6542B0C4-770B-49CE-8338-E923A84CDE03} - \DnsIo2 -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\PACE:8E44E05F44BCA643

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

How is the computer running now?

#3 Rick23708

Rick23708
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:31 PM

Posted 25 October 2015 - 10:00 PM

Hi Nasdaq;

Thanks for getting to me sooner than expected. I appreciate you taking the time. 

 

I followed your instructions and the system no longer has the issue. It looks like your fix eliminated the problem. I ran AdwCleaner and after that completed, I created an additional restore point and did a back-up. 

 

I have been running AdwCleaner and Malware Bytes and both have been telling me about the Freemake products.  I know that they try to install unwanted SW even when you opt out.  I have been treating them like "false positives" because they're useful tools. I've had them for years and haven't had an issue because I thought I was being vigilant with them. Well...obviously not vigilant enough.

 

Now that I think of it, The Audio Converter was telling me about an update that I have been ignoring for a few months. I'm wondering if it decided to do an update because I was ignoring it. It kept trying to do updates every 10 minutes and Norton kept stopping it.  

 

Either way ... Lesson learned. I'm good to go! Thanks again, especially since you responded on a Sunday. 



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,447 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:31 PM

Posted 26 October 2015 - 08:01 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,447 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:31 PM

Posted 01 November 2015 - 08:59 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users