Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

netfilter, netfilter2, swdumon, itnfd_1_10_0_9 & vToolbarUpdater18.1


  • This topic is locked This topic is locked
7 replies to this topic

#1 extemporaneouslyella

extemporaneouslyella

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:46 AM

Posted 05 December 2015 - 03:37 PM

AVG would not update properly the Anti-Virus or PCTuneUp, so I ran AdwCleaner, and cleaned everything it found. (I chose the services it found for the topic title.)
 
Then, I uninstalled AVG and tried a reinstall, but that's impossible - even with remote assistance.  
 
After running a system diagnostics immediately after that, about a month ago, I haven't done much because I've been reading the forums and now I know I did not attempt the fix in the right order.  
 
I downloaded FRST weeks ago, but I wouldn't run the scan because the URL's kept changing.  Then I read a thread explaining why this may not present as a threat.  I finally ran the scan this morning and it paused for a very long time on a service called "T cpip" or something similar.  
 
I can't make sense of it; I think I keep making it worse.  I would just like to know whether someone has been remotely accessing this computer...
 
Thanks for your time,
e
 
 
 
 
 
 
 


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,933 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:46 AM

Posted 06 December 2015 - 10:21 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • When instructed Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • Click on "Report"
  • Click on Export TXT button save the file as RogueReport.txt
  • The file RogueReport.txt will be saved in the desktop.
  • Close the program.
  • Open the file with Notepad and Copy/paste the content into your next reply.
<<<>>>


You will need to temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zeok tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Click the Options in bold the following options are available to you.
Select only the check boxes for the options in bold.

Running Processes
Installed Programs
Startup Information
FireFox look
Chrome Look
Do a Quick Scan


Do a Quick Scan
HijackThis log
Uninstall list
Shortcut Fix
Do a Deep Scan
Installer List
IE Default
Silent Runner
System Restore Info
Symlink Check
Reset Chrome
System Specs
Recently created
Empty Temp
Auto Clean



Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.
Do
Please attach the zoek-results.log in your reply. It's probably too long to post.

How to:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.

Make sure you Enable your AV Program.

===

Let me know what problem persists.

#3 extemporaneouslyella

extemporaneouslyella
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:46 AM

Posted 08 December 2015 - 06:30 PM

We had AVG remote support try a remote installation and it failed.  AVG made a second attempt to re-install and made sure to remove all leftover aspects of the program.  However, the second attempt seemed not right.  (My diagnostic utility was disabled after session ended, and the remote installation failed.)

 

Then a third attempt was made (i was only able to see part of this since i didn't initiate the session) and i'm almost convinced that these "AVG" sessions were fraudulent.  The last thing suggested to fix the problem was to uninstall microsoft security essentials, and the PC gave permission (against my advice).  Last thing to occur was renaming the windows defender folder with an ".old" extension and so that has been disabled too.  Then there was a remote restart and when the chat interface popped-up (looked phony to me anyway) the session had timed out and windows defender was disabled as a result.

 

Many of the programs that are suggested in these threads were executed on our PC during these sessions - revo uninstaller, malware bytes, adwcleaner again, roguekiller, et al.  I will take your advice in hand, but I thought this info may help you better under the severity and complexity of the issue and possibly change the course to attempt a fix or clean.  Thanks again.  I will post results after I have the time block to devote to your instructions, unless of course you reply with an alternative.  Thanks again for your time.

 

e



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,933 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:46 AM

Posted 09 December 2015 - 09:08 AM

Thank you for the information. It may help in the long run.

Run the tools I suggested and will take if from there.

#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,933 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:46 AM

Posted 15 December 2015 - 07:46 AM

Are you still with me?

#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,933 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:46 AM

Posted 21 December 2015 - 09:40 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,933 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:46 AM

Posted 04 May 2016 - 06:01 PM


Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.
===


Please post the logs.

Let me know what problems persists.

#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,933 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:46 AM

Posted 10 May 2016 - 07:28 AM

Are you still with me?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users