Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SwiftSearch infection from downloaded theme


  • Please log in to reply
3 replies to this topic

#1 Karzahni

Karzahni

  • Members
  • 160 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:01:15 PM

Posted 08 December 2015 - 05:17 AM

So someone I know who is very knowledgeable with computers sent me a link to a Vista theme for Windows 7. I wasn't expecting it to be compatible with Windows 10 so I tried it in Hyper-V. It was not. (I was checking because this one modifies Windows and it tells you it is risky, so I didn't want to damage my actual PC.) So I Googled for a Vista theme for 10 and found this one. https://skinpacks.com/download/windows-7/vista-skin-pack/ VirusTotal reports the site clean. I appears to be the site of origin of the original theme I was told about.

 

I downloaded and ran it. McAfee blocked a portion of it near the end, but I assumed this was just because of the way it modifies Windows, and I was expecting it to be mistaken for a rootkit. I also saw a link on the site for info about virus detection, so assumed this was all fine. It looks very nice.

 

However, after running it, there was a new program on my desktop, which I uninstalled. (Some kind of news feed) Then Chrome started redirecting me every time I clicked a link. I ran MalwareBytes free and it found many PUPs. I have the log. Almost all of them SwiftSearch. All have been removed, and no more redirections.

 

I then uploaded the setup exe to VirusTotal and this was the result https://www.virustotal.com/en/file/33f0f7c762a93c7a10dfb47f51166dce3ce8764ac5b6fa8b9f7f0a81949cd48c/analysis/1449567707/ not sure if false detection, or if it's detecting the bundled PUPs.

 

The reason I think it's a false detection is because the FAQ on their site says that the additional programs are the cause of false detection and they can all be deselected. I was however relatively certain I deselected them all.

 

But they could be full of it, like LIGHTNING UK!

 

Should I uninstall the theme, or am I fine now that the PUPs are gone?

 

(Can I post the log here?)

 

Windows 10 Pro (x64)

Custom PC - MSI motherboard, AMD ATi PC


Edited by Karzahni, 08 December 2015 - 05:18 AM.

"A lizard in the desert wouldn't eat that." ~Gordon Ramsay


BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,313 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:15 PM

Posted 08 December 2015 - 07:00 AM

Whether uninstall the theme is your decision to make. Looking at the virus total results I would say you had / have some serious malware and adware.

 

Use the programs below to find and remove adware and malware.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 Karzahni

Karzahni
  • Topic Starter

  • Members
  • 160 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:01:15 PM

Posted 08 December 2015 - 07:49 AM

Okay, I'll try all those when I get the chance. I already have CCleaner so I'll run that right now. I believe that some of the offers in that theme were not deselectable. Similar to ImgBurn. Thank-you.


"A lizard in the desert wouldn't eat that." ~Gordon Ramsay


#4 buddy215

buddy215

  • Moderator
  • 13,313 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:15 PM

Posted 08 December 2015 - 09:23 AM

Okay...we'll keep a light on for you...:)


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users