Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected with the fake windows security virus


  • This topic is locked This topic is locked
6 replies to this topic

#1 Dan0785

Dan0785

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:18 AM

Posted 17 November 2015 - 04:00 PM

Good afternoon. the gist is a couple nights ago I downloads some software, installed it, and accidently clicked yes to d/l something that included this fake microsoft security software and it put a bunch of junk on my computer. I have like 99% of it gone I think, but I still have something running in background. It doesn't seem to be affecting the computer performance wise, but it can't be good that it is there.

 

I can see it if I scroll through programs by alt + tab, but it wont bring it up. in the task bar on the bottom right it is listed as "windows defenders" and yes, it is plural. If I go to task manager inside "mytrayapp" it is there and listed as "microsoft security essential." I can end the process there and kill it, but it always comes back about 10 minutes later

 

As of right now, windows defender, Malawarebytes, ADWcleaner, and this other program i just downloaded "spyware begone" can't find anything. all 4 of them caught different things through several scans but in most recent scans nothing is being found.  I also did the sfc/scannow cmd, which I think helped, but it did say there were a couple things it couldn't fix, but it might not be related to the malaware.

 

And on a side note, on boot up I can an error about a downloadlogo.dll file. I haven't really tackled that issue, I wanted to take care of the malaware first. but Im not sure if the 2 are releated or not.

 

that is Where I am at, but I seem to have gotten rid of most of the stuff using the tools about. I had to use Revo to uninstall the programs because the normal uninstaller prevented me from doing so. It removed the programs, but I think I might done something in Revo that started the error about the downloadlogo.dll file, and posibbly why some of the malware is still on my system.

 

I did use the that frst tool, but i have no idea what I am looking at to see what is usefull

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:18 AM

Posted 20 November 2015 - 10:03 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Remove these programs in bold via the Control Panel > Programs and Features applet.

Getprivate VPN version 1.0 (HKLM-x32\...\{43A12E1B-6532-4C90-90A5-60972044DFED}_is1) (Version: 1.0 - ) <==== ATTENTION
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden

===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
GroupPolicy: Restriction - Chrome <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-936374043-2950029655-4024890196-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.toshiba.com
HKU\S-1-5-21-936374043-2950029655-4024890196-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://mystart.toshiba.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Extension: No Name - C:\Users\DAN\AppData\Roaming\Mozilla\Firefox\Profiles\kzp2dadz.default-1404134345470\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com [not found]
CHR Extension: (BeFrugal.com Add-On) - C:\Users\DAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcdcneeneoifbeenbbnjodcflhdbaggp [2015-06-17]
S2 APXACC; \SystemRoot\system32\DRIVERS\appexDrv.sys [X]
Task: {09FF6674-202A-4822-907C-9912D19E356A} - System32\Tasks\Alfasistem Memory Schedualer => C:\Program Files (x86)\Alfasistem Memory\ tmjob.exe <==== ATTENTION
Task: {0A5C6430-53BD-4998-80B3-7406294E33B2} - \bvxvgxvyy -> No File <==== ATTENTION
Task: {185BD3CF-9CAF-4E7C-8364-5646F3320F0D} - \WinKit -> No File <==== ATTENTION
Task: {18EA724B-ADB9-4F5F-9422-D80AE78E7432} - System32\Tasks\GzKFiy8bYMJqyuNwtAtj915 => C:\Users\DAN\AppData\Roaming\GzKFiy8bYMJqyuNwtAtj915.exe <==== ATTENTION
Task: {3F2C6137-490E-4D4E-B131-3822AD83808D} - System32\Tasks\tVT0i8Fasy0s0pOy9 => C:\Users\DAN\AppData\Roaming\tVT0i8Fasy0s0pOy9.exe <==== ATTENTION
Task: {808A130C-D42F-41DF-956C-1DB1D0AB13A1} - System32\Tasks\Umuokreomoixo => C:\ProgramData\Umuokreomoixo\1.0.6.1\erfiauwu.exe
Task: {86563A3A-5591-4E34-8F99-A52A8D2707DB} - System32\Tasks\MyDailyBackup => C:\Windows\system32\winupd.exe <==== ATTENTION
Task: {95167246-1510-4077-9394-10EF630C13F3} - \2pP -> No File <==== ATTENTION
Task: {B7E0069A-E3D4-4728-801F-34A750B0890B} - System32\Tasks\Googleuptodate => C:\Windows\system32\Wimboldon.exe
Task: {C94DC393-DD24-41DC-8BF7-16FCD2148CA0} - \impo -> No File <==== ATTENTION
Task: {CF97A755-1259-4D56-9598-A5F2A2AD54F6} - \Malware Cleaner -> No File <==== ATTENTION
Task: {D7536BE6-596F-4C8C-8113-A79D5729F613} - System32\Tasks\GoogleUp => C:\Windows\system32\hsysinfo.exe
Task: {E33EB403-B932-431F-ACE6-31F0DCB5AC21} - System32\Tasks\win => C:\Windows\system32\win.exe
Task: {E3984EC0-0CAB-40FD-8A28-8214607F33B8} - System32\Tasks\Security Defrag => C:\Users\DAN\AppData\Roaming\Updater\winupd.exe <==== ATTENTION
Task: {E6092F2C-34C3-4F18-B830-435F1450F1B2} - System32\Tasks\import => C:\Windows\system32\Mint.exe
Task: {EAB86048-8C7E-4F10-B4B5-627E05C34D5D} - System32\Tasks\Download Logo => Rundll32.exe "C:\Users\DAN\AppData\Local\Download Logo\xBin\DownloadLogo.dll",#3 <==== ATTENTION
Task: C:\Windows\Tasks\GzKFiy8bYMJqyuNwtAtj915.job => C:\Users\DAN\AppData\Roaming\GzKFiy8bYMJqyuNwtAtj915.exe <==== ATTENTION
Task: C:\Windows\Tasks\tVT0i8Fasy0s0pOy9.job => C:\Users\DAN\AppData\Roaming\tVT0i8Fasy0s0pOy9.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Uedaxagel => ""="service"
C:\Program Files (x86)\Alfasistem Memory\ tmjob.exe
C:\Users\DAN\AppData\Roaming\GzKFiy8bYMJqyuNwtAtj915.exe
C:\Users\DAN\AppData\Roaming\tVT0i8Fasy0s0pOy9.exe
C:\ProgramData\Umuokreomoixo
C:\Windows\system32\Wimboldon.exe
C:\Windows\system32\hsysinfo.exe
C:\Windows\system32\win.exe
C:\Users\DAN\AppData\Roaming\Updater\winupd.exe
C:\Windows\system32\Mint.exe
C:\Users\DAN\AppData\Roaming\GzKFiy8bYMJqyuNwtAtj915.exe
C:\Users\DAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcdcneeneoifbeenbbnjodcflhdbaggp

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en
Select "From the beginning of time"

Restart Chrome.
===

How is the computer running now?

#3 Dan0785

Dan0785
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:18 AM

Posted 20 November 2015 - 09:25 PM

Thanks for the response. It seems to be working better, but I it is still running in the background. I was able to do all the steps you gave me, except for removing Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden

 

I don't see it listed in the applet. I did a search for it as well by typing it in, and nothing came up. It is probably still on my computer because I haven't been able to do that last step.

 

One of the things that is fixed is I no longer get that error about downloadlogo.dll upon bootup anymore, and everything is running better. but I still have the mircosoft security essential running, which I can see if I alt + tab, and if I tab to it nothing comes up. I can still close it in the task manager, and so far it only comes up when I reboot. And it the little tool bar in the bottom right it is still listed as "windows defenders" in plural.

 

I am also getting an error message that I thought went away, but it came back when I booted it. it was "unhandled exception has occurred in your application. if you click continue the application will ignore this error and attempt to continue. if you click quit, the 

 
application will close immediately" there is no row at position 0"
 
then there was a details button that gave this 

 

see the end of this message for details on invoking 

just-in-time (JIT) debugging instead of this dialog box.
 
************** Exception Text **************
System.IndexOutOfRangeException: There is no row at position 0.
   at System.Data.RBTree`1.GetNodeByIndex(Int32 userIndex)
   at System.Data.DataRowCollection.get_Item(Int32 index)
   at MyTrayApp.Form1.timer3_Tick(Object sender, EventArgs e)
   at System.Windows.Forms.Timer.TimerNativeWindow.WndProc(Message& m)
   at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)
 
 
************** Loaded Assemblies **************
mscorlib
    Assembly Version: 4.0.0.0
    Win32 Version: 4.0.30319.34209 built by: FX452RTMGDR
    CodeBase: file:///C:/Windows/Microsoft.NET/Framework64/v4.0.30319/mscorlib.dll
----------------------------------------
MyTrayApp
    Assembly Version: 1.0.0.0
    Win32 Version: 1.0.0.0
    CodeBase: file:///C:/Windows/SysWOW64/MyTrayApp.exe
----------------------------------------
System.Windows.Forms
    Assembly Version: 4.0.0.0
    Win32 Version: 4.0.30319.34250 built by: FX452RTMGDR
    CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.Windows.Forms/v4.0_4.0.0.0__b77a5c561934e089/System.Windows.Forms.dll
----------------------------------------
System.Drawing
    Assembly Version: 4.0.0.0
    Win32 Version: 4.0.30319.34262 built by: FX452RTMGDR
    CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.Drawing/v4.0_4.0.0.0__b03f5f7f11d50a3a/System.Drawing.dll
----------------------------------------
System
    Assembly Version: 4.0.0.0
    Win32 Version: 4.0.30319.34239 built by: FX452RTMGDR
    CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System/v4.0_4.0.0.0__b77a5c561934e089/System.dll
----------------------------------------
System.Data
    Assembly Version: 4.0.0.0
    Win32 Version: 4.0.30319.34209 built by: FX452RTMGDR
    CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_64/System.Data/v4.0_4.0.0.0__b77a5c561934e089/System.Data.dll
----------------------------------------
System.Core
    Assembly Version: 4.0.0.0
    Win32 Version: 4.0.30319.34209 built by: FX452RTMGDR
    CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.Core/v4.0_4.0.0.0__b77a5c561934e089/System.Core.dll
----------------------------------------
System.Xml
    Assembly Version: 4.0.0.0
    Win32 Version: 4.0.30319.34230 built by: FX452RTMGDR
    CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.Xml/v4.0_4.0.0.0__b77a5c561934e089/System.Xml.dll
----------------------------------------
System.Configuration
    Assembly Version: 4.0.0.0
    Win32 Version: 4.0.30319.34209 built by: FX452RTMGDR
    CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.Configuration/v4.0_4.0.0.0__b03f5f7f11d50a3a/System.Configuration.dll
----------------------------------------
System.Transactions
    Assembly Version: 4.0.0.0
    Win32 Version: 4.0.30319.34209 built by: FX452RTMGDR
    CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_64/System.Transactions/v4.0_4.0.0.0__b77a5c561934e089/System.Transactions.dll
----------------------------------------
System.EnterpriseServices
    Assembly Version: 4.0.0.0
    Win32 Version: 4.0.30319.33440 built by: FX45W81RTMREL
    CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_64/System.EnterpriseServices/v4.0_4.0.0.0__b03f5f7f11d50a3a/System.EnterpriseServices.dll
----------------------------------------
System.Numerics
    Assembly Version: 4.0.0.0
    Win32 Version: 4.0.30319.34209 built by: FX452RTMGDR
    CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.Numerics/v4.0_4.0.0.0__b77a5c561934e089/System.Numerics.dll
----------------------------------------
 
************** JIT Debugging **************
To enable just-in-time (JIT) debugging, the .config file for this
application or computer (machine.config) must have the
jitDebugging value set in the system.windows.forms section.
The application must also be compiled with debugging
enabled.
 
For example:
 
<configuration>
    <system.windows.forms jitDebugging="true" />
</configuration>
 
When JIT debugging is enabled, any unhandled exception
will be sent to the JIT debugger registered on the computer
rather than be handled by this dialog box.
 
 

 

I did click quit and no programs closed I only had chrome and notepad running at the time.

 

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:18 AM

Posted 21 November 2015 - 10:02 AM

I was able to do all the steps you gave me, except for removing Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden


Unhide your Files and folders.
http://www.ricksdailytips.com/view-hidden-files-and-folders-windows-8-1/

Then you may be able to remove it.
Keep me posted.

If you want later you can hide them again.
===

When JIT debugging is enabled, any unhandled exception
will be sent to the JIT debugger registered on the computer
rather than be handled by this dialog box

Execute the fix suggested on this page.

https://msdn.microsoft.com/en-CA/library/k8kf6y2a(v=vs.85).aspx
===
 

And it the little tool bar in the bottom right it is still listed as "windows defenders" in plural


Lets look also in the Registry.

Please run the Farbar Recovery Scan Tool. Enter windows defenders in the Search Box.
Click the Search Registry button, post the content of the Search.txt file in your next reply.
===

The fix I suggested did not work.

You are running the Farbar tool from this folder in bold C:\Users\DAN\Downloads
Please move or copy the Farbar tool to your Desktop.
Create this new Fixlog.txt and place it on the Desktop also.
(remove the Fixlog.txt from the Download folder if present.)

Restart the computer using an Administrator account.

Run the Farbar tool from your Desktop and click the Fix button.

==


Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CloseProcesses:

HKLM\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
GroupPolicy: Restriction - Chrome <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-936374043-2950029655-4024890196-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.toshiba.com
HKU\S-1-5-21-936374043-2950029655-4024890196-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://mystart.toshiba.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Extension: No Name - C:\Users\DAN\AppData\Roaming\Mozilla\Firefox\Profiles\kzp2dadz.default-1404134345470\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com [not found]
CHR Extension: (BeFrugal.com Add-On) - C:\Users\DAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcdcneeneoifbeenbbnjodcflhdbaggp [2015-06-17]
S2 APXACC; \SystemRoot\system32\DRIVERS\appexDrv.sys [X]
Task: {09FF6674-202A-4822-907C-9912D19E356A} - System32\Tasks\Alfasistem Memory Schedualer => C:\Program Files (x86)\Alfasistem Memory\ tmjob.exe <==== ATTENTION
Task: {0A5C6430-53BD-4998-80B3-7406294E33B2} - \bvxvgxvyy -> No File <==== ATTENTION
Task: {185BD3CF-9CAF-4E7C-8364-5646F3320F0D} - \WinKit -> No File <==== ATTENTION
Task: {18EA724B-ADB9-4F5F-9422-D80AE78E7432} - System32\Tasks\GzKFiy8bYMJqyuNwtAtj915 => C:\Users\DAN\AppData\Roaming\GzKFiy8bYMJqyuNwtAtj915.exe <==== ATTENTION
Task: {3F2C6137-490E-4D4E-B131-3822AD83808D} - System32\Tasks\tVT0i8Fasy0s0pOy9 => C:\Users\DAN\AppData\Roaming\tVT0i8Fasy0s0pOy9.exe <==== ATTENTION
Task: {808A130C-D42F-41DF-956C-1DB1D0AB13A1} - System32\Tasks\Umuokreomoixo => C:\ProgramData\Umuokreomoixo\1.0.6.1\erfiauwu.exe
Task: {86563A3A-5591-4E34-8F99-A52A8D2707DB} - System32\Tasks\MyDailyBackup => C:\Windows\system32\winupd.exe <==== ATTENTION
Task: {95167246-1510-4077-9394-10EF630C13F3} - \2pP -> No File <==== ATTENTION
Task: {B7E0069A-E3D4-4728-801F-34A750B0890B} - System32\Tasks\Googleuptodate => C:\Windows\system32\Wimboldon.exe
Task: {C94DC393-DD24-41DC-8BF7-16FCD2148CA0} - \impo -> No File <==== ATTENTION
Task: {CF97A755-1259-4D56-9598-A5F2A2AD54F6} - \Malware Cleaner -> No File <==== ATTENTION
Task: {D7536BE6-596F-4C8C-8113-A79D5729F613} - System32\Tasks\GoogleUp => C:\Windows\system32\hsysinfo.exe
Task: {E33EB403-B932-431F-ACE6-31F0DCB5AC21} - System32\Tasks\win => C:\Windows\system32\win.exe
Task: {E3984EC0-0CAB-40FD-8A28-8214607F33B8} - System32\Tasks\Security Defrag => C:\Users\DAN\AppData\Roaming\Updater\winupd.exe <==== ATTENTION
Task: {E6092F2C-34C3-4F18-B830-435F1450F1B2} - System32\Tasks\import => C:\Windows\system32\Mint.exe
Task: {EAB86048-8C7E-4F10-B4B5-627E05C34D5D} - System32\Tasks\Download Logo => Rundll32.exe "C:\Users\DAN\AppData\Local\Download Logo\xBin\DownloadLogo.dll",#3 <==== ATTENTION
Task: C:\Windows\Tasks\GzKFiy8bYMJqyuNwtAtj915.job => C:\Users\DAN\AppData\Roaming\GzKFiy8bYMJqyuNwtAtj915.exe <==== ATTENTION
Task: C:\Windows\Tasks\tVT0i8Fasy0s0pOy9.job => C:\Users\DAN\AppData\Roaming\tVT0i8Fasy0s0pOy9.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Uedaxagel => ""="service"
C:\Program Files (x86)\Alfasistem Memory\ tmjob.exe
C:\Users\DAN\AppData\Roaming\GzKFiy8bYMJqyuNwtAtj915.exe
C:\Users\DAN\AppData\Roaming\tVT0i8Fasy0s0pOy9.exe
C:\ProgramData\Umuokreomoixo
C:\Windows\system32\Wimboldon.exe
C:\Windows\system32\hsysinfo.exe
C:\Windows\system32\win.exe
C:\Users\DAN\AppData\Roaming\Updater\winupd.exe
C:\Windows\system32\Mint.exe
C:\Users\DAN\AppData\Roaming\GzKFiy8bYMJqyuNwtAtj915.exe
C:\Users\DAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcdcneeneoifbeenbbnjodcflhdbaggp
Task: {F51C7ED4-77A1-49C9-A632-C055EB1F3F52} - System32\Tasks\Ponki => C:\PROGRA~1\SHOPPE~1\Iomec.bat
C:\PROGRA~1\SHOPPE~1\

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Post the Fixlog.txt and let me know what problem persists.

Edited by nasdaq, 21 November 2015 - 10:03 AM.


#5 Dan0785

Dan0785
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:18 AM

Posted 23 November 2015 - 04:29 AM

Hey Nasdaq, thanks again for responding.

 

I did the steps you gave me, and so far it looks good. I don't see notice anything running in the background that shouldn't be anymore. I am not getting anymore pop ups or error messages of any kind. Unless you notice anything in the log, I think you got it all taken care of for me. 

Attached Files



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:18 AM

Posted 23 November 2015 - 08:35 AM

Glad we could help.


If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:18 AM

Posted 29 November 2015 - 09:51 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users