Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Avast detecting Malware-help on getting rid of it-Windows 10


  • Please log in to reply
10 replies to this topic

#1 dbz2010

dbz2010

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 18 December 2015 - 03:25 PM

for the past few days I've been getting this message from Avast stating that it has detected a threat. I am not sure how to get rid of it. I scanned Avast and nothing comes up. I am working on a Windows 10 Toshiba Satellite A665-S5170

 

HKb0J4N.png



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • BC Advisor
  • 12,893 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:11:00 PM

Posted 18 December 2015 - 04:25 PM

hzmksreiuojy.in/ldr.php....doing a search for that produces this at Scan report for http://hzmksreiuojy.in/ldr.php at 2015-10-02 08:40:56 UTC - VirusTotal

 

AutoShun Malicious site

Sophos Malicious site

Websense ThreatSeeker Malicious site

ESET Malware site

Fortinet Malware site

Kaspersky Malware site

 

See what these scans report...allow them to remove whatever they find.

 

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).

  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • When MBAM is finished scanning it will display a screen that displays any malware that it has detected.
  • Click the Remove Selected button.
  • MBAM will now delete all of the files and registry keys and add them to the programs quarantine. When removing the files, MBAM may require a reboot in order to remove some of them. If it displays a message stating that it needs to reboot, please allow it to do so.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.

POST THE LOG FOR  REVIEW.

 

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

Edited by buddy215, 18 December 2015 - 04:30 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,952 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:00 AM

Posted 18 December 2015 - 04:43 PM

FYI dbz2010...

You have to be careful when conducting searches on the Internet as there is a lot of useless and misinformation out there
especially in regards to malware removal assistance (and removal guides). It is not unusual to find numerous hits from untrustworthy and scam sites which mis-classify detections or provide misleading information. This is deliberately done more as a scam to entice folks into buying an advertised fix or removal tool. Scammers take advantage of novice users and entice them into downloading junk software using gimmicks, false claims and other deceptive advertising. In some cases if the fix is a free download, users may be enticed to download dubious software, malicious files or even be redirected to a malicious web site.

With that said, follow buddy215's instructions.


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 dbz2010

dbz2010
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 18 December 2015 - 11:32 PM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 12/18/2015
Scan Time: 9:30 PM
Logfile: scan_12-18-15.txt
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2015.12.19.01
Rootkit Database: v2015.12.18.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: user
 
Scan Type: Threat Scan
Result: Cancelled
Objects Scanned: 1456
Time Elapsed: 1 min, 25 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
starting the AdwCleaner one right now


#5 dbz2010

dbz2010
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 18 December 2015 - 11:49 PM

# AdwCleaner v5.025 - Logfile created 18/12/2015 at 21:43:16
# Updated 13/12/2015 by Xplode
# Database : 2015-12-13.2 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : user - PSYCHOTICBIOTIC
# Running from : C:\Users\user\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\users\user\AppData\Roaming\Store
[-] Folder Deleted : C:\users\user\AppData\Roaming\WTools
[-] Folder Deleted : C:\users\user\Documents\Updater
 
***** [ Files ] *****
 
[-] File Deleted : C:\END
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
[-] Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Itibiti.exe]
[-] Key Deleted : HKCU\Software\Store
[-] Key Deleted : HKCU\Software\WTools
 
***** [ Web browsers ] *****
 
[-] [C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : vosteran.com
[-] [C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://search.conduit.com/?ctid=CT3317816&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SPE7C787B4-0A9D-4C32-8E27-51DAB92D07FE&SSPV=
[-] [C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://search.babylon.com/?affID=113545&tt=120912_cpc_3912_8&babsrc=HP_ss&mntrId=3efe848100000000000064d4da22b4c5
[-] [C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://isearch.avg.com/?cid={30C18B65-46D4-4E51-9ACB-16AAFDF9FD1A}&mid=41a854cbcd6d47d09c87cd3c4e6cd0b9-3236cc2533f308d12ea400830f4cf62b4b83bbe5&lang=en&ds=AVG&pr=pr&d=2012-08-01%2019:29:36&v=14.0.2.14&pid=avg&sg=&sap=hp
[-] [C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://start.mysearchdial.com/?f=1&a=MSD3_14_10_CH&cd=2XzuyEtN2Y1L1QzuyCyE0DyE0D0AtBtB0ByE0CyDzzyEzztCtN0D0Tzu0SyBzyzztN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAtD0EyBtAyCyDtDtG0C0EtC0AtG0D0AtCtAtGtD0A0DtCtGyEtB0D0CzyzztD0Ezz0AyD0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0DtA0CyBtAyBzytGyBtAtCtCtGyBtDtAtDtG0E0DyBzytGyC0F0DtCtAzytByBtAtAzy0D2Q&cr=1173608038&ir=
[-] [C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://vosteran.com/?f=7&a=vst_wnzp01_15_05_ch&cd=2XzuyEtN2Y1L1QzuyCyE0DyE0D0AtBtB0ByE0CyDyDyC0D0FtN0D0Tzu0StCtCtBtCtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2StCyC0D0F0CyBtDzytG0BtBzyyCtGtAyByC0FtGyCyBzyyEtGtAyCtDyEyDtByB0F0BtCtAyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtBtD0CzyyDtC0FtGyE0CyD0CtGyE0B0AyDtGzyzy0FzztGtAtC0Ezz0EzzzzzyyBtC0FyD2Q&cr=2046171270&ir=
[-] [C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : fcfenmboojpjinhpgggodefccipikbpd
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [3426 bytes] ##########


#6 dbz2010

dbz2010
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 18 December 2015 - 11:54 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 10 Home x64 
Ran by user (Administrator) on Fri 12/18/2015 at 21:52:34.79
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 2 
 
Successfully deleted: C:\ProgramData\best buy pc app (Folder) 
Successfully deleted: C:\Users\user\AppData\Local\best buy pc app (Folder) 
 
 
 
Registry: 1 
 
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Registry Key)
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 12/18/2015 at 21:55:38.53
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#7 dbz2010

dbz2010
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 19 December 2015 - 01:10 AM

and finally the ESET results

 

C:\Users\user\AppData\Local\tslxll.dll a variant of Win32/TrojanProxy.Agent.NZR trojan cleaned by deleting - quarantined
 
thank you for helping me out with this


#8 buddy215

buddy215

  • BC Advisor
  • 12,893 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:11:00 PM

Posted 19 December 2015 - 06:01 AM

Are you still getting the alert from Avast? Eset may have found and removed the culprit trying to call home.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Post the three lists mentioned below using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#9 dbz2010

dbz2010
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 19 December 2015 - 04:09 PM

i restarted my computer and i haven't gotten any threat alerts since yesterday. i use CCleaner regularly so i am not sure why that program didn't get rid of the program responsible for the malware.

 

thank you so much for helping me!



#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,952 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:00 AM

Posted 19 December 2015 - 04:31 PM

...i use CCleaner regularly so i am not sure why that program didn't get rid of the program responsible for the malware.

That is because CCleaner is a freeware system privacy and cleaning tool that removes unused, temporary and junk files from your system to include temporary Internet files, cookies, erases private data in browser history, etc. Use of the cleaning feature is recommended to delete such files in order to improve performance, reclaim space and even help speed up scans performed by security tools. It is not an anti-malware tool like AdwCleaner and JRT.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 buddy215

buddy215

  • BC Advisor
  • 12,893 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:11:00 PM

Posted 19 December 2015 - 06:53 PM

You're welcome...

 

If that problem pops up again....post the lists from CCleaner

 

Happy surfin'


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users