Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hao.169x.cn malware


  • This topic is locked This topic is locked
7 replies to this topic

#1 nate613

nate613

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:38 PM

Posted 29 November 2015 - 02:05 AM

A few days ago, I noticed that a shortcut entitled Microsoft Edge with the proper picture appeared on my desktop. I checked the URL and it said hao.169x.cn. I ran nalwarebytes and it found 3 registry keys each listed as PUP.Optional.Hao123. I quarantined them and put the shortcut in the recycle bin. Today, the icon reappeared. I manually checked the registry keys and they were changed again. What do I do next?

BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:38 AM

Posted 29 November 2015 - 07:12 PM

Hello nate613 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.
 
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks
---------------------------------------------------------------------------------------------------------
 
Please do the following.
 
Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure the following option is checked: addition.png
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Sincerely :hello:


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 nate613

nate613
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:38 PM

Posted 30 November 2015 - 08:54 PM

Hi, Yilmaz. Thanks for your help.

I ran the test and I've been trying to post the information, but for whatever reason, the page keeps getting stuck on the "saving post", and never actually saves it. I'm not sure why that is. What do you suggest I do?



#4 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:38 AM

Posted 01 December 2015 - 11:18 AM

Hi nate613,

You can post with attachment. You can try in safe mode or you can try by upload with Wikisend. Or ,try on other browsers.

http://wikisend.com/

--------------

What is your operating system?


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#5 nate613

nate613
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:38 PM

Posted 02 December 2015 - 06:03 PM

My OS is Windows 10. Here are the files:

http://wikisend.com/download/300128/FRST.txt

http://wikisend.com/download/620698/Addition.txt



#6 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:38 AM

Posted 02 December 2015 - 08:47 PM

Hi nate613,
 
The following entries are running on your system:

C:\WINDOWS\System32\Tasks\KMS10Server
C:\WINDOWS\System32\Tasks\KMS10
C:\WINDOWS\KMS10
C:\WINDOWS\System32\Tasks\AutoKMS
C:\WINDOWS\AutoKMS


AutoKMS is used to illegally activate MS Office or Windows OS, I cannot offer any further help as you breach forum protocol. If you want further advice please contact one of the forum moderators... Sorrry

 

I cannot take circumstance into consideration, you have breached forum protocol so I cannot offer any further help. I too am tied to the rules, if you want further help/advice you will have to contact a moderator...

Thank you for your understanding,


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#7 nate613

nate613
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:38 PM

Posted 03 December 2015 - 01:58 AM

I completely understand why that would be an issue. The activator actually is not currently active; it's leftover from a while ago and I didn't realize I still had it installed. However, I do take full responsibility for everything on my computer, and this is something that doesn't belong there. Thanks for your time.

#8 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:38 AM

Posted 03 December 2015 - 01:24 PM

Thank you for your understanding :thumbup2:

 

Best regards.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users