Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please Help, SpringFile Infected Computer!!


  • Please log in to reply
5 replies to this topic

#1 Halohockey36

Halohockey36

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:35 AM

Posted 24 December 2015 - 04:10 AM

Hey there, so the stupid person I am accidentally downloaded a "SpringFile" .exe and it all went down hill from there.  I opened the exe meaning to delete it but instead opened it and then this spring file program installed a whole bunch of bleep on my computer.  I didn't want to shut my computer down thinking that it could just cause even more problems so i just relaxed and tried uninstalling the programs through control panel however that was not working, I was unable to open windows defender as it said a group policy had turned it off or something along those lines.  

 

I then decided to do a system restore but that failed and came back saying the restore may have been deleted and failed blah blah blah, so I tried an older one but it still did not work.  I was able to get windows defender back up and running with some help from google but the scan came back with out detecting anything but it was clear there was stuff.  So I then decided to try and uninstall the programs once again through control panel and it seems to have worked although if I know malware there is most likely still some little bugger hidden on my computer.  

 

I have come here because i want to be absolutely sure that I have gotten rid of everything so that i can make a new system backup and all that good stuff and make sure my computer is completely free of any viruses or malware or whatever else

 

Thanks, I really hope you can help.

-Erik

 

P.S. Running Windows 10 Home - 64 bit


Edited by Halohockey36, 24 December 2015 - 04:28 AM.


BC AdBot (Login to Remove)

 


#2 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,917 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:02:35 PM

Posted 24 December 2015 - 07:08 AM

Halohockey36:

:welcome: to the Bleeping Computer Am I Infected? - What Do I Do? Forum. My name is Phil. If you would permit me, I would like to address you by your first name, since we will be working together to scan your computer.

I am guessing that the file you downloaded was "springfiles.exe", which is a form of adware.

I think that we should run a few preliminary security scans on your computer to see if anything serious is detected. We will also run AdwCleaner and see if picks up any remnants of "springfiles" or other adware.


:step1:
ESET Online Scanner using Internet Explorer:

Note 1: These instructions are for Internet Explorer only! If you're using Chrome or Firefox, you will need to download and install the ESET Smart Installer tool before it can scan. See instructions here.
Note 2: You will need to disable your currently installed Anti-Virus, how to do so can be found here.

*Click this link to open ESET OnlineScan.
* Place a checkmark next to "Yes, I accept the Terms of Use", then click the greenstart.png button.
* When prompted allow the Add-On/Active X to install.
* In the new window that opens, tic the radio button next to Enable detection of potentially unwanted applications.
* Then click "Advanced settings", and make sure there is a checkmark next to only the following items (uncheck everything else):

  • Remove found threats
  • Scan archives
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology

*Then click the shieldstart.png button and ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
*When the scan completes, click List Found Threats (only if anything is found).
*Then click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
*Click back.png, then click finish.png to exit ESET Online Scanner.

Don't forget to re-enable your antivirus when finished!



:step2:
Download and install Malwarebytes Anti-Malware:

Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click mbam-setup-2.2.*.****.exe and follow the prompts to install the program ( * = program version numbers may vary - always get the latest version).
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard
  • Paste the contents of the clipboard into your next reply.

 

 

 

:step3:
Please download AdwCleaner by Xplode and save the file to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait for it to complete the update.
  • Click on I Agree button.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

 

 

 

I would like you to paste the logs from all three scans into your next reply. I will examine those and determine what our next step should be. If there is evidence of serious infection, you might have to open a new thread in the Virus, Trojan, Spyware and Malware Removal Logs Forum, but let's not get ahead of ourselves yet. Many less serious issues can be solved right here, in this Forum.

If I haven't responded to your reply in 24 hours, please send me a personal message.

Have a great day.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#3 Halohockey36

Halohockey36
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:35 AM

Posted 25 December 2015 - 01:48 PM

Hey there Phil, you can go ahead and call me Erik as like you said we will be working together.  You are correct with the Springfiles.exe being what I downloaded.  Here are the 3 log files for you.

 

The ESET Scan:
 
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dlbkngmdkfdcjjefdcoonoajeggaiafh\1.0\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dlbkngmdkfdcjjefdcoonoajeggaiafh\1.0\lsdb.js.vir JS/Adware.MultiPlug.A application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlbkngmdkfdcjjefdcoonoajeggaiafh\1.0\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlbkngmdkfdcjjefdcoonoajeggaiafh\1.0\lsdb.js.vir JS/Adware.MultiPlug.A application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\eccadgabgfmfcddgndifgfieoiodenpo\5.14\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\eccadgabgfmfcddgndifgfieoiodenpo\5.14\lsdb.js.vir JS/Adware.MultiPlug.A application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\eccadgabgfmfcddgndifgfieoiodenpo\5.14\qwo.js.vir JS/Kryptik.ATL trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\dlbkngmdkfdcjjefdcoonoajeggaiafh\1.0\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\dlbkngmdkfdcjjefdcoonoajeggaiafh\1.0\lsdb.js.vir JS/Adware.MultiPlug.A application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Erik Storteboom\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dlbkngmdkfdcjjefdcoonoajeggaiafh\1.0\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Erik Storteboom\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dlbkngmdkfdcjjefdcoonoajeggaiafh\1.0\lsdb.js.vir JS/Adware.MultiPlug.A application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Erik Storteboom\AppData\Local\pgcchelper\pgcchelper.exe.vir Win32/AdWare.CycloneAd.B application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Erik Storteboom\AppData\Local\torch\User Data\Default\Extensions\dlbkngmdkfdcjjefdcoonoajeggaiafh\1.0\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Erik Storteboom\AppData\Local\torch\User Data\Default\Extensions\dlbkngmdkfdcjjefdcoonoajeggaiafh\1.0\lsdb.js.vir JS/Adware.MultiPlug.A application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dlbkngmdkfdcjjefdcoonoajeggaiafh\1.0\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dlbkngmdkfdcjjefdcoonoajeggaiafh\1.0\lsdb.js.vir JS/Adware.MultiPlug.A application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlbkngmdkfdcjjefdcoonoajeggaiafh\1.0\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlbkngmdkfdcjjefdcoonoajeggaiafh\1.0\lsdb.js.vir JS/Adware.MultiPlug.A application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\dlbkngmdkfdcjjefdcoonoajeggaiafh\1.0\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\dlbkngmdkfdcjjefdcoonoajeggaiafh\1.0\lsdb.js.vir JS/Adware.MultiPlug.A application cleaned by deleting - quarantined
C:\Users\Erik Storteboom\AppData\Local\Experience Extension\{07120BA9-5988-7ED4-8B20-BF83293F8639}\ExperienceExtension.dll a variant of Win32/Toolbar.CrossRider.DK potentially unwanted application cleaned by deleting (after the next restart) - quarantined
C:\Users\Erik Storteboom\AppData\Local\Experience Extension\{07120BA9-5988-7ED4-8B20-BF83293F8639}\{37622D1A-A364-D4C4-DBCD-4E7D4DA4C42B}.dll a variant of Win32/Toolbar.CrossRider.DK potentially unwanted application cleaned by deleting - quarantined
C:\Users\Erik Storteboom\AppData\Local\Experience Extension\{07120BA9-5988-7ED4-8B20-BF83293F8639}\{AE34044C-A9C7-B3F2-B5E6-2EF73AF0C5E8}.dat a variant of MSIL/Toolbar.CrossRider.B potentially unwanted application cleaned by deleting (after the next restart) - quarantined
C:\Users\Erik Storteboom\AppData\Local\Microsoft\Windows\INetCache\IE\3CJZQ8UV\63100.Bubble_Dock.BBD023.no[1].exe Win32/BubbleDock.C potentially unwanted application deleted - quarantined
C:\Users\Erik Storteboom\AppData\Local\Microsoft\Windows\INetCache\IE\3CJZQ8UV\ioproduct[1].exe a variant of Win32/Adware.MaxDriver.D application cleaned by deleting - quarantined
C:\Users\Erik Storteboom\AppData\Local\Microsoft\Windows\INetCache\IE\RL3W0KCO\installer[1].exe multiple threats cleaned by deleting - quarantined
C:\Users\Erik Storteboom\AppData\Local\Microsoft\Windows\INetCache\IE\RL3W0KCO\SVH[1].exe multiple threats cleaned by deleting - quarantined
C:\Users\Erik Storteboom\AppData\Local\Microsoft\Windows\INetCache\IE\S6PUC09G\62773.Bubble_Suite.BBS001.no[1].exe Win32/BubbleDock.C potentially unwanted application deleted - quarantined
C:\Users\Erik Storteboom\AppData\Local\Microsoft\Windows\INetCache\IE\T07EE7AB\63991.Selection_Tools.ALT001.no[1].exe Win32/BubbleDock.C potentially unwanted application deleted - quarantined
C:\Users\Erik Storteboom\AppData\Local\Microsoft\Windows\INetCache\IE\T07EE7AB\downloader.63399[1].exe Win32/BubbleDock.D potentially unwanted application deleted - quarantined
C:\Users\Erik Storteboom\AppData\Local\Microsoft\Windows\INetCache\IE\T07EE7AB\nca[1].exe multiple threats cleaned by deleting - quarantined
C:\Users\Erik Storteboom\AppData\Local\Temp\7B0Jg0Jbl4.exe a variant of Win32/OptimizerEliteMax.E potentially unwanted application deleted - quarantined
C:\Users\Erik Storteboom\AppData\Local\Temp\bkU6KZc2t6.exe a variant of Win32/Adware.EoRezo.BD application cleaned by deleting - quarantined
C:\Users\Erik Storteboom\AppData\Local\Temp\cEn3eybe4l.exe a variant of Win32/Adware.MaxDriver.C application cleaned by deleting - quarantined
C:\Users\Erik Storteboom\AppData\Local\Temp\OjVrurNdD1.exe a variant of Win32/TrojanDropper.Addrop.R trojan cleaned by deleting - quarantined
C:\Users\Erik Storteboom\AppData\Local\Temp\oprun14988.exe multiple threats cleaned by deleting - quarantined
C:\Users\Erik Storteboom\AppData\Local\Temp\ScP8nWnz2I.tmp a variant of Win32/ExpressDownloader.K potentially unwanted application cleaned by deleting - quarantined
C:\Users\Erik Storteboom\AppData\Local\Temp\Ys4PHAe5WK.exe Win32/BubbleDock.A potentially unwanted application deleted - quarantined
C:\Users\Erik Storteboom\AppData\Local\Temp\Z7ScqkvAUh.exe a variant of Win32/TrojanDownloader.Phabeload.E trojan cleaned by deleting - quarantined
C:\Users\Erik Storteboom\AppData\Local\Temp\2412201501604\Bubble Suite Uninstall.exe Win32/BubbleDock.C potentially unwanted application deleted - quarantined
C:\Users\Erik Storteboom\AppData\Local\Temp\2412201501638\Bubble Dock Uninstall.exe Win32/BubbleDock.C potentially unwanted application deleted - quarantined
C:\Users\Erik Storteboom\AppData\Local\Temp\2412201501638\Selection Tools Uninstall.exe Win32/BubbleDock.C potentially unwanted application deleted - quarantined
C:\Users\Erik Storteboom\AppData\Local\Temp\F98ER24S8U\newversion.exe multiple threats cleaned by deleting - quarantined
C:\Users\Erik Storteboom\AppData\Local\Temp\F98ER24S8U\SVH.exe multiple threats cleaned by deleting - quarantined
C:\Users\Erik Storteboom\AppData\Local\Temp\is-ECFES.tmp\381.exe a variant of Win32/Adware.EoRezo.AY application cleaned by deleting - quarantined
C:\Users\Erik Storteboom\AppData\Local\Temp\is-ECFES.tmp\465.exe a variant of Win32/Adware.EoRezo.AY application cleaned by deleting - quarantined
C:\Users\Erik Storteboom\AppData\Local\Temp\is-ECFES.tmp\473.exe a variant of Win32/Adware.EoRezo.AY application cleaned by deleting - quarantined
C:\Users\Erik Storteboom\AppData\Local\Temp\is-ECFES.tmp\643.exe a variant of Win32/Adware.EoRezo.AY application cleaned by deleting - quarantined
C:\Users\Erik Storteboom\AppData\Local\Temp\is-ECFES.tmp\666.exe a variant of Win32/Adware.EoRezo.AY application cleaned by deleting - quarantined
C:\Users\Erik Storteboom\AppData\Local\Temp\is-ECFES.tmp\720.exe a variant of Win32/Adware.EoRezo.AY application cleaned by deleting - quarantined
C:\Users\Erik Storteboom\AppData\Local\Temp\is-ECFES.tmp\package_AnySend_installer_multilang.exe a variant of Win32/Adware.EoRezo.AY application cleaned by deleting - quarantined
C:\Users\Erik Storteboom\AppData\Local\Temp\is-ECFES.tmp\package_vuupc_installer_multilang.exe a variant of Win32/Adware.EoRezo.AY application cleaned by deleting - quarantined
C:\Users\Erik Storteboom\AppData\Local\Temp\is-G2IQ1.tmp\dm.exe a variant of Win32/Adware.EoRezo.BG application cleaned by deleting - quarantined
C:\Users\Erik Storteboom\AppData\Local\Temp\is-K3B6D.tmp\Z2VudGxlbWptcF9pZWV1dQ==.exe multiple threats cleaned by deleting - quarantined
C:\Users\Erik Storteboom\AppData\Local\Temp\is-KCLC2.tmp\465.exe multiple threats cleaned by deleting - quarantined
C:\Users\Erik Storteboom\AppData\Local\Temp\is-KV29O.tmp\gentlemjmp_ieeuu.exe multiple threats cleaned by deleting - quarantined
C:\Windows\System32\drivers\bsdriver.sys a variant of Win64/Toolbar.Perion.K potentially unwanted application cleaned by deleting - quarantined
D:\ERIKS-GAMING-PC\Backup Set 2015-08-22 234157\Backup Files 2015-08-22 234157\Backup files 1.zip multiple threats deleted - quarantined
D:\ERIKS-GAMING-PC\Backup Set 2015-08-22 234157\Backup Files 2015-08-22 234157\Backup files 1489.zip a variant of Win32/Amonetize.EH potentially unwanted application deleted - quarantined
D:\ERIKS-GAMING-PC\Backup Set 2015-08-22 234157\Backup Files 2015-08-22 234157\Backup files 232.zip a variant of Win32/OpenCandy.A potentially unsafe application deleted - quarantined
D:\ERIKS-GAMING-PC\Backup Set 2015-08-22 234157\Backup Files 2015-08-22 234157\Backup files 233.zip Win32/Somoto.Q potentially unwanted application deleted - quarantined
D:\ERIKS-GAMING-PC\Backup Set 2015-08-22 234157\Backup Files 2015-08-22 234157\Backup files 243.zip Win32/Somoto.G potentially unwanted application deleted - quarantined
D:\ERIKS-GAMING-PC\Backup Set 2015-08-22 234157\Backup Files 2015-08-22 234157\Backup files 244.zip a variant of Win32/InstallCore.ACZ potentially unwanted application deleted - quarantined
D:\FileHistory\Erik Storteboom\ERIKS-GAMING-PC\Data\C\Users\Erik Storteboom\Desktop\Mr DJ\The Sims 4 Deluxe Edition\Game\Bin\RldOrigin (2015_10_30 14_52_43 UTC).dll a variant of Win32/HackTool.Crack.DK potentially unsafe application cleaned by deleting - quarantined
D:\FileHistory\Erik Storteboom\ERIKS-GAMING-PC\Data\C\Users\Erik Storteboom\Downloads\BitTorrent (2015_08_23 06_32_06 UTC).exe a variant of Win32/OpenCandy.A potentially unsafe application cleaned by deleting - quarantined
D:\FileHistory\Erik Storteboom\ERIKS-GAMING-PC\Data\C\Users\Erik Storteboom\Downloads\Core-Temp-installer (2015_08_23 06_32_06 UTC).exe Win32/Somoto.Q potentially unwanted application deleted - quarantined
D:\FileHistory\Erik Storteboom\ERIKS-GAMING-PC\Data\C\Users\Erik Storteboom\Downloads\DTLite4491-0356 (2015_08_23 06_32_06 UTC).exe Win32/DownWare.L potentially unwanted application deleted - quarantined
D:\FileHistory\Erik Storteboom\ERIKS-GAMING-PC\Data\C\Users\Erik Storteboom\Downloads\FreemakeVideoConverterSetup (2015_08_23 06_32_06 UTC).exe a variant of Win32/OpenCandy.A potentially unsafe application deleted - quarantined
D:\FileHistory\Erik Storteboom\ERIKS-GAMING-PC\Data\C\Users\Erik Storteboom\Downloads\Game Of Thrones S01 Dvdrip Xvi Downloader (1) (2015_08_23 06_32_06 UTC).zip a variant of Win32/Amonetize.EH potentially unwanted application deleted - quarantined
D:\FileHistory\Erik Storteboom\ERIKS-GAMING-PC\Data\C\Users\Erik Storteboom\Downloads\Game Of Thrones S01 Dvdrip Xvi Downloader (2015_08_23 06_32_06 UTC).zip a variant of Win32/Amonetize.EH potentially unwanted application deleted - quarantined
E:\Downloaded Games\Mr DJ\The Sims 4 Deluxe Edition\Game\Bin\RldOrigin.dll a variant of Win32/HackTool.Crack.DK potentially unsafe application cleaned by deleting - quarantined
Operating memory a variant of Win32/Toolbar.CrossRider.DK potentially unwanted application deleted (after the next restart) - quarantined
 
 
 
The MalwareBytes Scan:
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 12/25/2015
Scan Time: 8:37 AM
Logfile: 
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2015.12.25.04
Rootkit Database: v2015.12.18.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: Erik Storteboom
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 386444
Time Elapsed: 18 min, 13 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 1
PUP.Optional.CrossRider, C:\Users\Erik Storteboom\AppData\Local\Experience Extension\{07120BA9-5988-7ED4-8B20-BF83293F8639}\umadr.dll, Delete-on-Reboot, [3117ebbe8dfed1654cc2127341c31fe1], 
 
Registry Keys: 14
PUP.Optional.SwiftSearch, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\swsedrvr_vw_1_10_0_25, Quarantined, [7fc962479fecd165ea02892c42c227d9], 
PUP.Optional.SwiftSearch, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\SwiftSearch Auto Updater 1.10.0.25 Core, Delete-on-Reboot, [d771bfea95f6c274bc97b224c142a45c], 
PUP.Optional.SwiftSearch, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\SwiftSearch Auto Updater 1.10.0.25 Pending Update, Delete-on-Reboot, [ae9ad6d35b3088ae99ba15c1ec1715eb], 
PUP.Optional.SwiftSearch, HKLM\SOFTWARE\WOW6432NODE\SwiftSearch_1.10.0.25, Quarantined, [53f550598506d16514ba82420102c33d], 
PUP.Optional.Shopperz.BrwsrFlsh, HKU\.DEFAULT\SOFTWARE\MICROSOFT\INTERNET EXPLORER\INTERNETREGISTRY\REGISTRY\USER\S-1-5-18\SOFTWARE\shopperz241220150747, Quarantined, [65e306a3424957dff64212fffa0a2ad6], 
PUP.Optional.Shopperz.BrwsrFlsh, HKU\S-1-5-18\SOFTWARE\{4EE2B108-8C33-4251-89DE-0268357C9F45}, Quarantined, [0345e8c1692213237aa01f6c15ee2dd3], 
PUP.Optional.Shopperz.BrwsrFlsh, HKU\S-1-5-19\SOFTWARE\{4EE2B108-8C33-4251-89DE-0268357C9F45}, Quarantined, [3414d1d87d0eae8842d8a1ea8a7923dd], 
PUP.Optional.Shopperz.BrwsrFlsh, HKU\S-1-5-20\SOFTWARE\{4EE2B108-8C33-4251-89DE-0268357C9F45}, Quarantined, [67e14e5b7e0da88e4ad0325959aae020], 
PUP.Optional.BrowserAir, HKU\S-1-5-21-768788373-553331824-2316965193-1001\SOFTWARE\CLIENTS\STARTMENUINTERNET\BrowserAir.RD6433CZQEJBL72TIX7AI2ENOI, Quarantined, [6fd92b7e0d7e0e2869b98058ed16f010], 
PUP.Optional.Searching, HKU\S-1-5-21-768788373-553331824-2316965193-1001\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\jlcgehabolcakkjhgmgpkagpolbjlhfa, Quarantined, [53f5adfcb4d7ca6c9e8a8f290ef47789], 
PUP.Optional.HoumPage.ShrtCln, HKU\S-1-5-21-768788373-553331824-2316965193-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{CF34D395-9FF1-49A0-98A5-8DB1636431B1}, Quarantined, [c880a0098dfeb185d64f848e798b5ea2], 
PUP.Optional.BrowserAir, HKU\S-1-5-21-768788373-553331824-2316965193-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\BrowserAir.exe, Quarantined, [c682b7f2b1dad46294a7787d53b07888], 
PUP.Optional.Shopperz.BrwsrFlsh, HKU\S-1-5-21-768788373-553331824-2316965193-1001\SOFTWARE\{4EE2B108-8C33-4251-89DE-0268357C9F45}, Quarantined, [66e24069b9d2c47255c5c9c253b0758b], 
PUP.Optional.BrowserAir, HKU\S-1-5-21-768788373-553331824-2316965193-1001_Classes\BrowserAir.RD6433CZQEJBL72TIX7AI2ENOI, Quarantined, [df699b0e6f1c0b2ba4f6758f976d04fc], 
 
Registry Values: 15
PUP.Optional.Shopperz.BrwsrFlsh, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|{A84BD39C-6775-4372-8BD4-46188066CC5E}, C:\Program Files\shopperz241220150747\Firefox\{A84BD39C-6775-4372-8BD4-46188066CC5E}.xpi, Quarantined, [9eaaa009f992f1456bcab2d98182e719]
PUP.Optional.DeskTopPlay, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|dply_en_015020185, Quarantined, [c1877831e5a6ab8bb7f4309ffe05ab55], 
PUP.Optional.Recover, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|rec_en_77, Quarantined, [1e2a08a12269e452fb650eac18eb08f8], 
PUP.Optional.Shopperz.BrwsrFlsh, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|{A84BD39C-6775-4372-8BD4-46188066CC5E}, C:\Program Files\shopperz241220150747\Firefox\{A84BD39C-6775-4372-8BD4-46188066CC5E}.xpi, Quarantined, [f652b6f352393cfa73c29af125de50b0]
PUP.Optional.Vitruvian, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\swsedrvr_vw_1_10_0_25|ImagePath, system32\drivers\swsedrvr_vw_1_10_0_25.sys, Quarantined, [15336c3d1279da5c89c6c2f4976b03fd]
PUP.Optional.MaxDriverUpdater, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{C7520314-DAFE-499E-A4BC-706B4DE450D9}, v2.24|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Max Driver Updater\maxdu.exe|Name=MaxDriverUpdater|, Quarantined, [88c0525708833df99f84897ebb4934cc]
PUP.Optional.BrowserAir, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{149413AA-FFFE-4E4F-AA84-4731C5F93C4D}, v2.24|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Users\Erik Storteboom\AppData\Local\BrowserAir\Application\BrowserAir.exe|Name=BrowserAir (mDNS-In)|Desc=Inbound rule for BrowserAir to allow mDNS traffic.|EmbedCtxt=BrowserAir|, Quarantined, [04449712494241f5b7fe887c52b22dd3]
PUP.Optional.Shopperz.BrwsrFlsh, HKU\S-1-5-18\SOFTWARE\{4EE2B108-8C33-4251-89DE-0268357C9F45}|Name, C:\Program Files\shopperz241220150747\Boddo.exe, Quarantined, [0345e8c1692213237aa01f6c15ee2dd3]
PUP.Optional.Shopperz.BrwsrFlsh, HKU\S-1-5-19\SOFTWARE\{4EE2B108-8C33-4251-89DE-0268357C9F45}|Name, C:\Program Files\shopperz241220150747\Boddo.exe, Quarantined, [3414d1d87d0eae8842d8a1ea8a7923dd]
PUP.Optional.Shopperz.BrwsrFlsh, HKU\S-1-5-20\SOFTWARE\{4EE2B108-8C33-4251-89DE-0268357C9F45}|Name, C:\Program Files\shopperz241220150747\Boddo.exe, Quarantined, [67e14e5b7e0da88e4ad0325959aae020]
PUP.Optional.DeskBar, HKU\S-1-5-21-768788373-553331824-2316965193-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|DeskBar.exe, 8888, Quarantined, [85c39d0c711a53e34cb6ca46986caa56]
PUP.Optional.SelectionTools, HKU\S-1-5-21-768788373-553331824-2316965193-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|Selection Tools.exe, 11000, Quarantined, [be8a17921f6cc670ae93739ea163c33d]
PUP.Optional.HoumPage.ShrtCln, HKU\S-1-5-21-768788373-553331824-2316965193-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{cf34d395-9ff1-49a0-98a5-8db1636431b1}|URL, http://houmpage.com/search/?src=ds&q={searchTerms}&ssid=1450942999&a=1024132&uuid=e7cafa08-3d83-4c70-9dc4-c9346f4f90e8, Quarantined, [c880a0098dfeb185d64f848e798b5ea2]
Hijack.AutoConfigURL.ShrtCln, HKU\S-1-5-21-768788373-553331824-2316965193-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|AutoConfigUrl, http://unstopp.me/wpad.dat?9d7df2c0631f53aecc08c34f5ace46383075284, Quarantined, [75d33b6e08832115755a977807fdba46]
PUP.Optional.Shopperz.BrwsrFlsh, HKU\S-1-5-21-768788373-553331824-2316965193-1001\SOFTWARE\{4EE2B108-8C33-4251-89DE-0268357C9F45}|Name, C:\Program Files\shopperz241220150747\Boddo.exe, Quarantined, [66e24069b9d2c47255c5c9c253b0758b]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 9
PUP.Optional.VBates, C:\Users\Erik Storteboom\AppData\LocalLow\Company\Product\1.0, Quarantined, [35135257c6c5e94d35bddff9ae5505fb], 
PUP.Optional.VBates, C:\Users\Erik Storteboom\AppData\LocalLow\Company\Product, Quarantined, [35135257c6c5e94d35bddff9ae5505fb], 
PUP.Optional.MaxDriverUpdater, C:\Users\Erik Storteboom\AppData\Local\Temp\MAXDriverUpdater, Quarantined, [b296feabdead58ded54374273dc511ef], 
PUP.Optional.OasisSpace, C:\Users\Erik Storteboom\AppData\Local\Temp\Oasis Space, Quarantined, [361233767b10152163e37728768c6d93], 
PUP.Optional.SpringFiles, C:\Users\Erik Storteboom\AppData\Roaming\SpringFiles, Quarantined, [fc4c911863283402bcee00aefd053bc5], 
Adware.LaSuperba, C:\uninst, Quarantined, [f454a80199f2092daaedf3ca1ee6fe02], 
PUP.Optional.CrossAd.Gen, C:\Users\Erik Storteboom\AppData\Local\Experience Extension\Component, Delete-on-Reboot, [7ccc7d2c2f5cfd3981d993262bd9ff01], 
PUP.Optional.CrossAd.Gen, C:\Users\Erik Storteboom\AppData\Local\Experience Extension, Delete-on-Reboot, [7ccc7d2c2f5cfd3981d993262bd9ff01], 
PUP.Optional.CrossAd.Gen, C:\Users\Erik Storteboom\AppData\Local\Experience Extension\{07120BA9-5988-7ED4-8B20-BF83293F8639}, Delete-on-Reboot, [7ccc7d2c2f5cfd3981d993262bd9ff01], 
 
Files: 33
PUP.Optional.CrossRider, C:\Users\Erik Storteboom\AppData\Local\Experience Extension\{07120BA9-5988-7ED4-8B20-BF83293F8639}\umadr.dll, Delete-on-Reboot, [3117ebbe8dfed1654cc2127341c31fe1], 
PUP.Optional.SwiftSearch, C:\Windows\System32\drivers\swsedrvr_vw_1_10_0_25.sys, Delete-on-Reboot, [7fc962479fecd165ea02892c42c227d9], 
PUP.Optional.Komodia.WnskRST, C:\Windows\System32\Muawikog64.dll, Quarantined, [2e1accdd95f6ee48c5c1c5d9ba47d22e], 
PUP.Optional.Komodia.WnskRST, C:\Windows\SysWOW64\Muawikog.dll, Quarantined, [8fb9aefbe1aa80b6b498dbc3c63b916f], 
PUP.Optional.Cherimoya, C:\Windows\System32\drivers\cherimoya.sys, Quarantined, [59efc4e55437310511e7308410f428d8], 
PUP.Optional.Wajam, C:\Users\Erik Storteboom\AppData\Local\Temp\xHBsNu6jLH.exe, Quarantined, [82c6d9d0c7c49f974b50329171906997], 
PUP.Optional.CrossRider, C:\Users\Erik Storteboom\AppData\Local\Experience Extension\{07120BA9-5988-7ED4-8B20-BF83293F8639}\ExperienceExtension.Vdll, Delete-on-Reboot, [0e3afcad7d0eca6c6d7aaad9f60e26da], 
PUP.Optional.BrowserAir, C:\Users\Erik Storteboom\AppData\Local\Temp\BrowserAirInst.exe, Quarantined, [70d83277d2b914224751961f02001ae6], 
Rootkit.Agent.A, C:\Windows\System32\drivers\cherimoya.sys, Quarantined, [ec5c78319bf093a3a1d66b52ff037f81], 
PUP.Optional.BubbleDock, C:\Users\Erik Storteboom\AppData\Local\Temp\Bubble Dock.txt, Quarantined, [c1873c6d94f7092ddd98464dbd4644bc], 
PUP.Optional.BubbleDock, C:\Users\Erik Storteboom\AppData\Local\Temp\LBubble Dock.txt, Quarantined, [72d6c6e38b00d1658ee9b8dbe3209868], 
PUP.Optional.Vitruvian, C:\Users\Erik Storteboom\AppData\Local\Temp\vitruvian-installer-hardwareprofile-v0001, Quarantined, [36121c8d5b30f2448f676a5f19ea51af], 
PUP.Optional.Vitruvian, C:\Users\Erik Storteboom\AppData\Local\Temp\vitruvian-installer-install-v0003, Quarantined, [2c1cb6f3f09bf5419e583f8ab64df10f], 
PUP.Optional.Vitruvian, C:\Users\Erik Storteboom\AppData\Local\Temp\vitruvian-installer-processes-v0002, Quarantined, [0c3c7e2b6922d06646b0f3d6689bdb25], 
PUP.Optional.Vitruvian, C:\Users\Erik Storteboom\AppData\Local\Temp\vitruvian-installer-scheduledtasks-v0001, Quarantined, [8abe6d3c761587af6f87a3265aa9bf41], 
PUP.Optional.Vitruvian, C:\Users\Erik Storteboom\AppData\Local\Temp\vitruvian-installer-softwareregkeys-v0002, Quarantined, [0543d5d4127963d352a4c900be45f10f], 
PUP.Optional.Vitruvian, C:\Users\Erik Storteboom\AppData\Local\Temp\vitruvian-installer-uninstall-v0002, Quarantined, [252373368efd6fc76c8a3495966d926e], 
PUP.Optional.SwiftSearch, C:\Windows\System32\Tasks\SwiftSearch Auto Updater 1.10.0.25 Core, Quarantined, [4afeb1f8c7c492a40f42cb0be81b4ab6], 
PUP.Optional.SwiftSearch, C:\Windows\System32\Tasks\SwiftSearch Auto Updater 1.10.0.25 Pending Update, Quarantined, [9dabdecb0f7cb5813b1610c658aba957], 
PUP.Optional.FakeIELaunch, C:\Users\Erik Storteboom\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet-Explorer Browser.lnk, Quarantined, [3e0a08a1f19a9b9ba9d7e5f1d92a728e], 
PUP.Optional.VBates, C:\Users\Erik Storteboom\AppData\LocalLow\Company\Product\1.0\localStorageIE.txt, Quarantined, [35135257c6c5e94d35bddff9ae5505fb], 
PUP.Optional.VBates, C:\Users\Erik Storteboom\AppData\LocalLow\Company\Product\1.0\localStorageIE_backup.txt, Quarantined, [35135257c6c5e94d35bddff9ae5505fb], 
PUP.Optional.VBates.WnskRST, C:\Users\Erik Storteboom\AppData\Local\Temp\shopperz241220150747_installer_1450943024.txt, Quarantined, [9dab4e5b4f3c54e2e7a0d92ca65ed22e], 
Adware.LaSuperba, C:\uninst\uninstall.html, Quarantined, [f454a80199f2092daaedf3ca1ee6fe02], 
PUP.Optional.CrossAd.Gen, C:\Users\Erik Storteboom\AppData\Local\Experience Extension\Component\config.json, Quarantined, [7ccc7d2c2f5cfd3981d993262bd9ff01], 
PUP.Optional.CrossAd.Gen, C:\Users\Erik Storteboom\AppData\Local\Experience Extension\Component\hello.js, Quarantined, [7ccc7d2c2f5cfd3981d993262bd9ff01], 
PUP.Optional.CrossAd.Gen, C:\Users\Erik Storteboom\AppData\Local\Experience Extension\Component\log.html, Delete-on-Reboot, [7ccc7d2c2f5cfd3981d993262bd9ff01], 
PUP.Optional.CrossAd.Gen, C:\Users\Erik Storteboom\AppData\Local\Experience Extension\Component\manifest.json, Quarantined, [7ccc7d2c2f5cfd3981d993262bd9ff01], 
PUP.Optional.CrossAd.Gen, C:\Users\Erik Storteboom\AppData\Local\Experience Extension\Component\scriptTagContext.js, Quarantined, [7ccc7d2c2f5cfd3981d993262bd9ff01], 
PUP.Optional.CrossAd.Gen, C:\Users\Erik Storteboom\AppData\Local\Experience Extension\Component\tmp_bg.js, Quarantined, [7ccc7d2c2f5cfd3981d993262bd9ff01], 
PUP.Optional.CrossAd.Gen, C:\Users\Erik Storteboom\AppData\Local\Experience Extension\Component\uconfig.json, Quarantined, [7ccc7d2c2f5cfd3981d993262bd9ff01], 
PUP.Optional.CrossAd.Gen, C:\Users\Erik Storteboom\AppData\Local\Experience Extension\{07120BA9-5988-7ED4-8B20-BF83293F8639}\c.dat, Quarantined, [7ccc7d2c2f5cfd3981d993262bd9ff01], 
PUP.Optional.CrossAd.Gen, C:\Users\Erik Storteboom\AppData\Local\Experience Extension\{07120BA9-5988-7ED4-8B20-BF83293F8639}\{AE34044C-A9C7-B3F2-B5E6-2EF73AF0C5E8}.Vdat, Delete-on-Reboot, [7ccc7d2c2f5cfd3981d993262bd9ff01], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
 
The AdwCleaner Scan:
 
# AdwCleaner v5.026 - Logfile created 25/12/2015 at 10:26:31
# Updated 21/12/2015 by Xplode
# Database : 2015-12-23.1 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : Erik Storteboom - ERIKS-GAMING-PC
# Running from : C:\Users\Erik Storteboom\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
 
***** [ DLL ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\Classes\CLSID\{17EF1FFB-0545-4C9A-BE64-78FF53338475}
Key Found : HKLM\SOFTWARE\Classes\Interface\{43C525CB-3E1A-4BD9-9FEF-2873F3028717}
Key Found : HKLM\SOFTWARE\Classes\Interface\{75DF134F-3ED3-4C67-B16E-997C4D2A61FB}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{0F0FF4FD-AE4F-4CC8-99AA-BB2E12A892FF}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{43C525CB-3E1A-4BD9-9FEF-2873F3028717}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{75DF134F-3ED3-4C67-B16E-997C4D2A61FB}
Key Found : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\chatango.com
Key Found : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\st.chatango.com
Key Found : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www-searching.com
Key Found : HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\chatango.com
Key Found : HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\st.chatango.com
Key Found : HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www-searching.com
 
***** [ Web browsers ] *****
 
[C:\Users\Erik Storteboom\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Found : hxxp://search.conduit.com/?ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP55387270-D2F0-412A-96CA-19493AD625B4&SSPV=SE1CG1_sp_ch
[C:\Users\Erik Storteboom\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : jlcgehabolcakkjhgmgpkagpolbjlhfa
 
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [2764 bytes] ##########
 
 
Thanks
-Erik


#4 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,917 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:02:35 PM

Posted 25 December 2015 - 01:58 PM

Eric:

Thank you for permission to address you by your first name. :) Thank you also for the three logs. :thumbup2:

Unless there is something that you want to keep that was detected by AdwCleaner, we should instruct it to clean out the remaining "garbage". There is nothing showing there that I would want to keep on my computer!


Double click on AdwCleaner.exe to run the tool again. Vista/Windows 7/8 users right-click and select Run As Administrator

  • The tool will start to update the database, please wait for the update to complete.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • Uncheck any PUP and adware applications that you want to keep.
  • Then this time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile into your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

 

In addition to your AdwCleaner log, please let me know how your computer is working after you reboot it. We got rid of a lot of adware and other assorted PUPs (Potentially Unwanted Programs), so your computer should be running better. If not, please let me know of any new, or continuing, symptoms of computer problems, and we will go from there.

Have a great day, Eric.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#5 Halohockey36

Halohockey36
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:35 AM

Posted 25 December 2015 - 04:39 PM

Thanks for your help Phil!  As far as I can see so far everything is running just fine, I have not seen any adware or unwanted stuff pop up but i will give it a little time and let you know if anything does come up!

 

Thanks again,

-Erik



#6 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,917 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:02:35 PM

Posted 26 December 2015 - 11:03 AM

Erik:

First off, let me apologize for misspelling your name. :blush:

That is great news that your computer has been restored to health. Great Job! :thumbsup:

If you have any other issues, please post again, and the Bleeping Computer community will be happy to assist you.


Some Advice For the Future ...

The most common cause of an infected machine is the Trojan Horse, or programs which appear to be legitimate but which contain malicious payloads, or which are simply malicious in and of themselves. No antivirus, firewall, host-based intrusion prevention system (HIPS), or other security software can fully protect you against this kind of attack. The best way to project yourself is not to run email attachments from untrusted sources, and avoid software downloaded from the internet wherever possible. Remember, when you run an application, you are giving that application permission to do to your machine anything you can do to the machine, including create, modify, or destroy files or other data. In the Windows (and most other systems' such as Unix) security model, applications don't have privileges, users do.

The second most common cause of infection is out of date software. Leaving your system unpatched leaves holes through which attackers can execute code on your behalf without your consent. This goes for far more than common targets such as Windows and Internet Explorer. Most recent threats target other third party software, such as Adobe's Adobe Reader, Shockwave Player, or Flash Player, or Oracle's Java browser plugins. You can check your system for out of date software manually, or by using automated tools such as Secunia's Personal Software Inspector. This goes doubly for security applications such as antivirus and other antimalware products based on definition lists, where out-of-date lists mean no detection of newer malware.

Finally, occasionally you will be forced to run some potentially infected binary, or attackers will use a hole which is unpatched by software vendors, so a last line of defense is needed. That means turning on a firewall (Windows Firewall included with Windows XP SP2 or later is fine) and leaving it on, and using and keeping up-to-date an antivirus solution such as Bitdefender. Antiviral solutions don't even have to cost money; for instance Microsoft Secuity Essentials provides perfectly acceptable protection for free. If for some reason you don't like MSE, there are other free products available as well:
  • Avast (home use only)
  • Avira (shows nag screen to purchase full product when updating, home use only)
  • Bitdefender Free (home use only)
That should be fine for the majority of users. However, if you absolutely want additional protection, consider one or more of the following products:If you want more information on methods malware uses to infect your computer, consider browsing our How did I get infected? topic.



It has been a pleasure assisting you and I hope that you will avoid any further infections in the future. Your most important protection step is to ALWAYS HAVE MORE THAN ONE RECENT BACKUP OF YOUR ENTIRE SYSTEM on an external drive that is only connected to your computer long enough to backup or restore. I do system images weekly. With the free backup software out there (Easeus ToDo Backup Home, Macrium Reflect, etc.), and the very reasonable prices for external USB hard drives, there is no reason to not have a backup.

On behalf of the Bleeping Computer Community, stay safe out there in cyberspace and have a great day, Erik.

Regards,
-Phil

Graduate of the Bleeping Computer Malware Removal Study Hall





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users