Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MSE scan won't complete; other issues


  • Please log in to reply
8 replies to this topic

#1 Cjshoop9

Cjshoop9

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:57 AM

Posted 10 November 2015 - 01:26 AM

Hello, I'm having problems scanning with microsoft security essentials, and have some other issues as well. I didn't think I was infected at first but now there are just a few too many issues occurring so I'd like to make sure. I'm running 64-bit Windows 7. I have MSE set up to scan every week but I've noticed lately that the scan never completes. I can see the icon spinning in the taskbar, but if I try to maximize the MSE window, the window opens but doesn't respond. I'm unable to see if there's a specific file it's stuck on. It's ok when doing quick scan, but not a full scan. I've also had some weird explorer dialogue box popping up a few times, but I can't remember what it said other than something about a .dll file. I haven't been able to replicate the popup, it seemed to happen when first logging into the computer but didn't most recently. What can I do to fix MSE and make sure that this isn't being caused by any adware? Thanks for the help.



BC AdBot (Login to Remove)

 


#2 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,635 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:02:57 PM

Posted 10 November 2015 - 07:55 AM

cjshoop9:

:welcome: to the Bleeping Computer Am I Infected Forum. My name is Phil. I would like to call you by your first name as well, if that is alright with you.

It could possibly be adware that is interfering with your MSE, but I think we should first just have a look and see if the problem is caused by something more nefarious. Let's run a couple of scans.


:step1: ESET Online Scanner using Internet Explorer:

Note 1: These instructions are for Internet Explorer only! If you're using Chrome or Firefox, you will need to download and install the ESET Smart Installer tool before it can scan. See instructions here.
Note 2: You will need to disable your currently installed Anti-Virus, how to do so can be found here.

*Click this link to open ESET OnlineScan.
* Place a checkmark next to "Yes, I accept the Terms of Use", then click the greenstart.png button.
* When prompted allow the Add-On/Active X to install.
* In the new window that opens, tic the radio button next to Enable detection of potentially unwanted applications.
* Then click "Advanced settings", and make sure there is a checkmark next to only the following items (uncheck everything else):

  • Remove found threats
  • Scan archives
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology

*Then click the shieldstart.png button and ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
*When the scan completes, click List Found Threats (only if anything is found).
*Then click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
*Click back.png, then click finish.png to exit ESET Online Scanner.

Don't forget to re-enable your antivirus when finished!


:step2: Download and install Malwarebytes Anti-Malware:

Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click mbam-setup-2.2.*.****.exe and follow the prompts to install the program ( * = program version numbers may vary - always get the latest version).
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard
  • Paste the contents of the clipboard into your next reply.

 

 

When you have run the scans, please paste the logs into your next reply. We will see what was found and go from there.  If I have not responded to you within 48 hours, please send me a Personal Message.

Have a great day.

Regards,
-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#3 Cjshoop9

Cjshoop9
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:57 AM

Posted 11 November 2015 - 12:58 PM

Sorry about that, Phil! My name is Chris. I've completed both scans and have posted the results below. I noticed that a few of the files cleaned by ESET are files used for modding a game. Hopefully those are safe and I can undelete them. Thanks for the help!

 

ESETScan:

 

C:\Users\All Users\226C7A63.EX a variant of Win32/Injector.CMBX trojan
C:\Users\All Users\369FBC0E.EX Win32/Tiny.NBN trojan
C:\Users\All Users\52FED1C7.EX Win32/Tiny.NBN trojan
C:\Users\All Users\igfxCUIService.dll a variant of Win64/Tiny.C trojan
C:\Users\All Users\igfxEM_32.dll a variant of Win64/Tiny.C trojan
C:\Users\All Users\netsh_32.exe a variant of Win64/Tiny.C trojan
C:\Users\All Users\QXJhZ3fRFFF4.dll a variant of Win32/Tiny.NBE trojan
C:\ProgramData\226C7A63.EX a variant of Win32/Injector.CMBX trojan cleaned by deleting - quarantined
C:\ProgramData\369FBC0E.EX Win32/Tiny.NBN trojan cleaned by deleting - quarantined
C:\ProgramData\52FED1C7.EX Win32/Tiny.NBN trojan cleaned by deleting - quarantined
C:\ProgramData\igfxCUIService.dll a variant of Win64/Tiny.C trojan cleaned by deleting - quarantined
C:\ProgramData\igfxEM_32.dll a variant of Win64/Tiny.C trojan cleaned by deleting - quarantined
C:\ProgramData\netsh_32.exe a variant of Win64/Tiny.C trojan cleaned by deleting (after the next restart) - quarantined
C:\ProgramData\QXJhZ3fRFFF4.dll a variant of Win32/Tiny.NBE trojan cleaned by deleting - quarantined
C:\Users\Shoop\AppData\Local\Temp\psglbro.dll Win32/TrojanDownloader.Tracur.AL trojan cleaned by deleting - quarantined
C:\Users\Shoop\AppData\Local\Temp\HYD4338.tmp.1447134601\HTA\install.1447134601.zip a variant of Win32/OpenCandy.A potentially unsafe application deleted - quarantined
C:\Users\Shoop\AppData\Local\Temp\HYD4338.tmp.1447134601\HTA\3rdparty\OCSetupHlp.dll a variant of Win32/OpenCandy.A potentially unsafe application cleaned by deleting - quarantined
C:\Users\Shoop\AppData\Local\Temp\HYD4338.tmp.1447134601_permissionsCopy\updates\3.3.1_29988.exe a variant of Win32/AdkDLLWrapper.A potentially unwanted application cleaned by deleting - quarantined
C:\Users\Shoop\AppData\Local\Temp\HYD7A74.tmp.1447208300\HTA\install.1447208300.zip a variant of Win32/OpenCandy.A potentially unsafe application deleted - quarantined
C:\Users\Shoop\AppData\Local\Temp\HYD7A74.tmp.1447208300\HTA\3rdparty\OCSetupHlp.dll a variant of Win32/OpenCandy.A potentially unsafe application cleaned by deleting - quarantined
C:\Users\Shoop\AppData\Local\Temp\HYD98E.tmp.1447225638\HTA\install.1447225638.zip a variant of Win32/OpenCandy.A potentially unsafe application deleted - quarantined
C:\Users\Shoop\AppData\Local\Temp\HYD98E.tmp.1447225638\HTA\3rdparty\OCSetupHlp.dll a variant of Win32/OpenCandy.A potentially unsafe application cleaned by deleting - quarantined
C:\Users\Shoop\AppData\Local\Warframe\Samnqbia.dll Win32/TrojanDownloader.Tracur.AL trojan cleaned by deleting - quarantined
C:\Users\Shoop\AppData\Roaming\ajavmx.exe a variant of Win32/Kryptik.ECXK trojan cleaned by deleting - quarantined
C:\Users\Shoop\AppData\Roaming\aliryzsz.exe a variant of Win32/Kryptik.ECXK trojan cleaned by deleting - quarantined
C:\Users\Shoop\AppData\Roaming\bgzwjwzu.exe a variant of Win32/Kryptik.ECXK trojan cleaned by deleting - quarantined
C:\Users\Shoop\AppData\Roaming\bqxabqp.exe a variant of Win32/Kryptik.ECXK trojan cleaned by deleting - quarantined
C:\Users\Shoop\AppData\Roaming\bufyrevs.exe a variant of Win32/Kryptik.ECXK trojan cleaned by deleting - quarantined
C:\Users\Shoop\AppData\Roaming\cnifovy.exe a variant of Win32/Kryptik.ECXK trojan cleaned by deleting - quarantined
C:\Users\Shoop\AppData\Roaming\dyrideja.exe a variant of Win32/Kryptik.ECXK trojan cleaned by deleting - quarantined
C:\Users\Shoop\AppData\Roaming\ezktspk.exe a variant of Win32/Kryptik.ECXK trojan cleaned by deleting - quarantined
C:\Users\Shoop\AppData\Roaming\filyhkf.exe a variant of Win32/Kryptik.ECXK trojan cleaned by deleting - quarantined
C:\Users\Shoop\AppData\Roaming\gngjez.exe a variant of Win32/Kryptik.ECXK trojan cleaned by deleting - quarantined
C:\Users\Shoop\AppData\Roaming\gxwfkp.exe a variant of Win32/Kryptik.ECXK trojan cleaned by deleting - quarantined
C:\Users\Shoop\AppData\Roaming\hgnspany.exe a variant of Win32/Kryptik.ECXK trojan cleaned by deleting - quarantined
C:\Users\Shoop\AppData\Roaming\jidajeti.exe a variant of Win32/Kryptik.ECXK trojan cleaned by deleting - quarantined
C:\Users\Shoop\AppData\Roaming\jspezsv.exe a variant of Win32/Kryptik.ECXK trojan cleaned by deleting - quarantined
C:\Users\Shoop\AppData\Roaming\khwzczi.exe a variant of Win32/Kryptik.ECXK trojan cleaned by deleting - quarantined
C:\Users\Shoop\AppData\Roaming\knuzcti.exe a variant of Win32/Kryptik.ECXK trojan cleaned by deleting - quarantined
C:\Users\Shoop\AppData\Roaming\kpchato.exe a variant of Win32/Kryptik.ECXK trojan cleaned by deleting - quarantined
C:\Users\Shoop\AppData\Roaming\ktsxahi.exe a variant of Win32/Kryptik.ECXK trojan cleaned by deleting - quarantined
C:\Users\Shoop\AppData\Roaming\mxavix.exe a variant of Win32/Kryptik.ECXK trojan cleaned by deleting - quarantined
C:\Users\Shoop\AppData\Roaming\nyzmhyn.exe a variant of Win32/Kryptik.ECXK trojan cleaned by deleting - quarantined
C:\Users\Shoop\AppData\Roaming\ozkvyh.exe a variant of Win32/Kryptik.ECXK trojan cleaned by deleting - quarantined
C:\Users\Shoop\AppData\Roaming\pipivyp.exe a variant of Win32/Kryptik.ECXK trojan cleaned by deleting - quarantined
C:\Users\Shoop\AppData\Roaming\qvmrotgh.exe a variant of Win32/Kryptik.ECXK trojan cleaned by deleting - quarantined
C:\Users\Shoop\AppData\Roaming\rencvwvo.exe a variant of Win32/Kryptik.ECXK trojan cleaned by deleting - quarantined
C:\Users\Shoop\AppData\Roaming\retglg.exe a variant of Win32/Kryptik.ECXK trojan cleaned by deleting - quarantined
C:\Users\Shoop\AppData\Roaming\rylotev.exe a variant of Win32/Kryptik.ECXK trojan cleaned by deleting - quarantined
C:\Users\Shoop\AppData\Roaming\stwbmz.exe a variant of Win32/Kryptik.ECXK trojan cleaned by deleting - quarantined
C:\Users\Shoop\AppData\Roaming\wdorcl.exe a variant of Win32/Kryptik.ECXK trojan cleaned by deleting - quarantined
C:\Users\Shoop\AppData\Roaming\wzupyp.exe a variant of Win32/Kryptik.ECXK trojan cleaned by deleting - quarantined
C:\Users\Shoop\AppData\Roaming\yjqjafo.exe a variant of Win32/Kryptik.ECXK trojan cleaned by deleting - quarantined
C:\Users\Shoop\AppData\Roaming\zeluno.exe a variant of Win32/Kryptik.ECXK trojan cleaned by deleting - quarantined
C:\Users\Shoop\AppData\Roaming\zqlwnst.exe a variant of Win32/Kryptik.ECXK trojan cleaned by deleting - quarantined
C:\Users\Shoop\AppData\Roaming\zwxubux.exe a variant of Win32/Kryptik.ECXK trojan cleaned by deleting - quarantined
D:\FF Mod Stuff\Bootleg040.zip a variant of Win32/GameHack.AES potentially unsafe application deleted - quarantined
D:\FF Mod Stuff\bl\Bootleg.exe a variant of Win32/GameHack.AES potentially unsafe application deleted - quarantined
D:\FF Mod Stuff\Tifa's Package [Bootleg040 Mods - 4.12.2014]\Avalanche GUI v2.0.8.exe a variant of Win32/HackTool.Patcher.A potentially unsafe application deleted - quarantined
D:\Games\Steam\SteamApps\common\FINAL FANTASY VII\FF7 Load Saved Games By Kranmer.exe a variant of Win32/GameHack.AES potentially unsafe application cleaned by deleting - quarantined
D:\Games\Steam\SteamApps\common\FINAL FANTASY VII\FF7 Trainer 0.7.1v4 By Kranmer.exe a variant of Win32/HackTool.CheatEngine.AB potentially unsafe application cleaned by deleting - quarantined
H:\F\Applications\ADOBE.CREATIVE.SUITE.6.0.MASTER.COLLECTION.LS16.ESD-ISO\MCCS6LS16.iso BAT/HostsChanger.A potentially unsafe application deleted - quarantined
 
 
 
Malwarebytes Log:
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 11/11/2015
Scan Time: 10:46 AM
Logfile: 
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2015.11.11.05
Rootkit Database: v2015.11.04.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Shoop
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 403084
Time Elapsed: 5 min, 3 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 19
PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}, Quarantined, [863b0676f59639fdca561bdc61a00af6], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\INTERFACE\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}, Quarantined, [863b0676f59639fdca561bdc61a00af6], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}, Quarantined, [863b0676f59639fdca561bdc61a00af6], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}, Quarantined, [863b0676f59639fdca561bdc61a00af6], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}, Quarantined, [863b0676f59639fdca561bdc61a00af6], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}, Quarantined, [863b0676f59639fdca561bdc61a00af6], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\TYPELIB\{1112F282-7099-4624-A439-DB29D6551552}, Quarantined, [863b0676f59639fdca561bdc61a00af6], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\INTERFACE\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}, Quarantined, [863b0676f59639fdca561bdc61a00af6], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}, Quarantined, [863b0676f59639fdca561bdc61a00af6], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}, Quarantined, [863b0676f59639fdca561bdc61a00af6], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{1112F282-7099-4624-A439-DB29D6551552}, Quarantined, [863b0676f59639fdca561bdc61a00af6], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{1112F282-7099-4624-A439-DB29D6551552}, Quarantined, [863b0676f59639fdca561bdc61a00af6], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\OCComSDK.ComSDK.1, Quarantined, [863b0676f59639fdca561bdc61a00af6], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\OCComSDK.ComSDK, Quarantined, [863b0676f59639fdca561bdc61a00af6], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\OCComSDK.ComSDK, Quarantined, [863b0676f59639fdca561bdc61a00af6], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\OCComSDK.ComSDK, Quarantined, [863b0676f59639fdca561bdc61a00af6], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\OCComSDK.ComSDK.1, Quarantined, [863b0676f59639fdca561bdc61a00af6], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\OCComSDK.ComSDK.1, Quarantined, [863b0676f59639fdca561bdc61a00af6], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}, Quarantined, [863b0676f59639fdca561bdc61a00af6], 
 
Registry Values: 2
Rootkit.Fileless.MTGen, HKU\S-1-5-21-4011918664-3682508356-3434763698-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|^b8077e59, Quarantined, [8a371666f39888aed8280b4735ceaa56], 
Rootkit.Fileless.MTGen, HKU\S-1-5-21-4011918664-3682508356-3434763698-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|^f47edae6, Quarantined, [b1109ae291fa34028f7191c14ab901ff], 
 
Registry Data: 0
(No malicious items detected)
 
Folders: 1
Trojan.Clicker.FMS, C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}, Quarantined, [b8096b11d3b844f2fcaccf82ab57f808], 
 
Files: 4
PUP.Optional.OpenCandy, C:\Users\Shoop\AppData\Local\Temp\HYD4338.tmp.1447134601\HTA\3rdparty\OCComSDK.dll, Quarantined, [d5eca5d7315a78bee63a8c6bcc358a76], 
PUP.Optional.OpenCandy, C:\Users\Shoop\AppData\Local\Temp\HYD7A74.tmp.1447208300\HTA\3rdparty\OCComSDK.dll, Quarantined, [f9c80d6ffd8e55e152ce7a7dd829ae52], 
PUP.Optional.OpenCandy, C:\Users\Shoop\AppData\Local\Temp\HYD98E.tmp.1447225638\HTA\3rdparty\OCComSDK.dll, Quarantined, [863b0676f59639fdca561bdc61a00af6], 
Trojan.Clicker.FMS, C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\8afc49b02429a, Quarantined, [b8096b11d3b844f2fcaccf82ab57f808], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#4 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,635 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:02:57 PM

Posted 11 November 2015 - 02:10 PM

Chris:
 
Thank you for your reply, for your logs, and for permitting me to use your first name.  It looks like there were a few issues with malware.
 
I am not familiar with files used for "modding a game."  I would not restore those files UNLESS you are CERTAIN that they are not infected.  You could Google the file names and also run a VirusTotal check on the files to make sure that they are safe.  Please do be aware of the Forum Rules.  Bleeping Computer does not condone the use of hacking tools, keygens, and other such applications.  They are very often the doorway used by malware and viruses to infect a computer, not to mention the legal and copyright ramifications.

 

No subject matter will be allowed whose purpose is to defeat existing copyright or security measures. If a user persists and/or the activity is obviously illegal the staff reserves the right to remove such content and/or ban the user. This would also mean encouraging the use or continued use of pirated software is not permitted, and subject to the same consequences.

 

 

 

Can you run MSE now?  Are there any other issues with your computer?
 
It probably wouldn't hurt to run Adwcleaner and Junk Removal Tool as well, since obviously there were a few "nasties" lurking on your hard drive.  I have linked to those adware removal tools download URLs here at Bleeping Computer.  If you are not familiar with those programs, let me know and I will post instructions on how to run them.
 
Have a great day, Chris.
 
Regards,
-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#5 Cjshoop9

Cjshoop9
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:57 AM

Posted 11 November 2015 - 07:22 PM

Hi Phil,

 

I tried running MSE again, but it's still just goes unresponsive. I also realized another small issue I've been having lately when I tried downloading AdwCleaner and Junkware Removal Tool. I usually use Chrome for browsing, and lately when downloading, the download never really finishes. Well, it actually does finish, but Chrome doesn't seem to think so. I've attached a couple screenshots of what's happening. It's just stuck at 0 seconds left. I think at that point Chrome might be trying to scan it for viruses, but I'm not really sure. I also noticed (for the first time) that I can't seem to download anything else when this is happening. I couldn't get Junkware Removal Tool to download while AdwCleaner was stuck. I'll run them both in a minute and give another update.

 

ZKzVmeS.png

 

qJgvWnL.png


Edited by Cjshoop9, 11 November 2015 - 07:25 PM.


#6 Cjshoop9

Cjshoop9
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:57 AM

Posted 11 November 2015 - 07:31 PM

Hey again Phil,

 

I'm not quite sure how AdwCleaner works, so if you could post instructions, that'd be great. I did run Junkware Removal Tool, and here is the log that came back:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.4 (09.28.2015:1)
OS: Windows 7 Professional x64
Ran by Shoop on Wed 11/11/2015 at 17:26:22.21
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\APN PIP
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\PIP
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\Users\Shoop\Appdata\Local\google\chrome\user data\default\local storage\chrome-extension_bmnlcjabgnpnenekpadlanbbkooimhnj_0.localstorage
Successfully deleted: [File] C:\Users\Shoop\Appdata\Local\google\chrome\user data\default\local storage\chrome-extension_bmnlcjabgnpnenekpadlanbbkooimhnj_0.localstorage-journal
 
 
 
~~~ Folders
 
 
 
~~~ Chrome
 
Successfully deleted: [Folder] C:\Users\Shoop\Appdata\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj
 
[C:\Users\Shoop\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Users\Shoop\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
bmnlcjabgnpnenekpadlanbbkooimhnj
 
[C:\Users\Shoop\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Users\Shoop\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[
  bmnlcjabgnpnenekpadlanbbkooimhnj
]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 11/11/2015 at 17:28:54.31
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
After it was finished I again tried downloading something, and had the same issue where it wouldn't finish, as well as not being able to download two at once.

Edited by Cjshoop9, 11 November 2015 - 07:31 PM.


#7 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,635 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:02:57 PM

Posted 12 November 2015 - 06:17 AM

Chris:

Thank you for your post and the JRT log. Some small stuff gone, but nothing too serious.
 

I also realized another small issue I've been having lately when I tried downloading AdwCleaner and Junkware Removal Tool. I usually use Chrome for browsing, and lately when downloading, the download never really finishes. Well, it actually does finish, but Chrome doesn't seem to think so. I've attached a couple screenshots of what's happening. It's just stuck at 0 seconds left. I think at that point Chrome might be trying to scan it for viruses, but I'm not really sure.

 
I think you might be right that MSE is attempting a scan after the download and is unable to complete. It is beginning to sound like your MSE installation may have been corrupted by the trojans that ESET detected. For now though, let's first scan with AdwCleaner and then run a clean up.
 
 
 
:step1: Please download AdwCleaner by Xplode and save the file to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait for it to complete the update.
  • Click on I Agree button.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • Uncheck any PUP and adware applications that you want to keep.
  • Then this time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile into your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

 

:step2: Please reboot your computer and attempt to run MSE. If it fails to run properly or complete, it is likely that your MSE installation is corrupted. You should check out this link to uninstall MSE.

Please try the usual Control Panel, Uninstall Programs option to uninstall MSE before attempting the more complex removal options provided in that link.

Once you have successfully uninstalled MSE, you can download a new copy from this link.

 
 
Good luck, Chris. Let me know how it goes. Have a great day.

Regards,
-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#8 Cjshoop9

Cjshoop9
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:57 AM

Posted 16 November 2015 - 11:31 PM

Hey Phil,

 

Sorry about the wait this time. I was able to run AdwCleaner, and the log is below. Everything seems to be working now! I haven't had any issues with my downloads not finishing, and I was able to run a full MSE scan completely. Let me know if there's anything else I should do.

 

# AdwCleaner v5.021 - Logfile created 16/11/2015 at 00:14:44
# Updated 14/11/2015 by Xplode
# Database : 2015-11-13.3 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Shoop - VENOM
# Running from : D:\Users\Shoop\Downloads\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd
Folder Found : C:\Users\Shoop\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj
 
***** [ Files ] *****
 
File Found : C:\ProgramData\PrhbKsp3FFF4.dll
File Found : C:\Users\Shoop\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bmnlcjabgnpnenekpadlanbbkooimhnj_0.localstorage
File Found : C:\Users\Shoop\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bmnlcjabgnpnenekpadlanbbkooimhnj_0.localstorage-journal
File Found : C:\Users\Shoop\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bmnlcjabgnpnenekpadlanbbkooimhnj
File Found : C:\Users\Shoop\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
File Found : C:\Users\Shoop\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
 
***** [ DLL ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Steam App 228200
 
***** [ Web browsers ] *****
 
[C:\Users\Shoop\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : bmnlcjabgnpnenekpadlanbbkooimhnj
[C:\Users\Shoop\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : edaibbiobngpbmeonadpbfafbkimjbdd
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : edaibbiobngpbmeonadpbfafbkimjbdd
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [2730 bytes] ##########


#9 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,635 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:02:57 PM

Posted 17 November 2015 - 06:21 AM

Chris:

 

That is great news that you have restored your computer to health.  If everything is working fine and your MSE and Malwarebytes scans are clear now, and if you don't notice any unusual behavior in your computer, you are probably good to go.  Apart from running regular MSE scans, I would recommend that you consider, going forward, a good anti-malware product, with real-time protection like Malwarebytes Anti-Malware Premium or Emisoft Anti-Malware.  These paid products prevent infection in the first place.  At the very least, run regular anti-malware scans with the free version of Malwarebytes Anti-Malware, which does not offer any real-time protection.  Bleeping Computer does not endorse any specific product.  Each user has unique needs.  Both of these products are excellent.  Anti-malware software complements a robust anti-virus solution.  Both are recommended as they target different viruses, malware, adware, Potentially Unwanted Programs, etc.

 

Remember to do regular system backups, so that if you should ever get "hit" again, you can restore your programs and data.  There are good free products out there like Easeus Todo Backup Home and Macrium Reflect.

 

Make sure to get all of the updates for your programs, Windows updates, keep your browsers, if you are using Chrome, Firefox, etc., updated to the latest version to enhance your browsing security.

 

Quietman7 has posted an excellent article here on protecting your computer.  It is well worth a read and could save you a lot of grief in the future.

 

Have a great day, Chris.  It was a pleasure to work with you.  Thank you for choosing Bleeping Computer to assist you.

 

Regards,

-Phil

 

 


Member of the Unified Network of Instructors and Trusted Eliminators





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users