Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

1-855-707-6272 Pop-up, SpyHunter 4 & Fear of Keyloggers on my laptop


  • This topic is locked This topic is locked
122 replies to this topic

#1 ihateviruses1

ihateviruses1

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:34 AM

Posted 27 December 2015 - 06:19 PM

Aloha!  I hope someone can please help me with this.  I let Malware Free trial lapse without purchasing it (yet) and also let my antivirus and security software lapse (BitDefender) I was paying annually.  My antivirus protection ended about a month ago and I was just about to renew it or switch back to Norton Antivirus.

 

Anyway, I went on my laptop to go to a children's website (LeapFrog.com) and a pop-up (I believe it is known as a 1-855-707-6272 pop-up because that is the # it tells you to call).  It's made to look "official" and it says (and even a voice can be heard) telling you that you need to call this # because your computer device has been compromised.  In any case, I did NOT call and use my phone to Google it.  Used phone because my laptop wouldn't let me do anything at the time.  I read several things to do to fix the issue and to use SpyHunter 4.  I was finally able to download the free trial and it found about 96-99 "issues" (malware, spyware, etc.).  I did several searches in my registry and was able to delete only some.  Then I decided to purchase the SpyHunter 4 to have it do it for me, but I couldn't download it (thankfully because I later read here and other places that it isn't the best thing to use).

 

I was going to download a new antivirus and Malware (paid version), but I am now SUPER scared there is also a keylogger on my laptop.  I was going to get a pre-paid Visa card so even if there is "they" couldn't (hopefully) get any more funds from that card.

 

What I am praying someone can help me with is:

 

1. To get rid of this virus, malware, etc.

2. Fully get rid of SpyHunter trial version (didn't download the paid version)

3. Make certain there are no keylogger or other malicious software on my computer.

 

I know this is like a serious and long wish list, but ANY help would be greatly appreciated.

 

P.S.  It's been a few years, but I believe Machiavelli helped me with virus issue before on my work laptop.

 

THANK YOU IN ADVANCE TO ANYONE WILLING TO HELP.



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,967 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:34 PM

Posted 27 December 2015 - 08:35 PM

Greetings ihateviruses1 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Please do this.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 ihateviruses1

ihateviruses1
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:34 AM

Posted 28 December 2015 - 01:46 AM

Oh Gary...you have no idea how much I appreciate you replying!

After everything I had described in my original post, I shut my computer off and now it will not boot up. I've tried 4 ways to start it up (Start Windows Normally, Safe Mode, Safe Mode with Networking and Safe Mode with Command Prompt) none of them would bring me to the "enter password" part. It just stays on the screen right before that and shows the Windows 7 Home Premium page (it's what I always would see right before I am asked to enter my password).

If you have ANY suggestion Gary I would appreciate it. I have one little toddler who just turned 2 years old and there are photos on my laptop on this laptop that mean so much to me. If I can recover those at least I would be happy.

#4 ihateviruses1

ihateviruses1
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:34 AM

Posted 28 December 2015 - 01:58 AM

I forgot to mention that I also did an Advance Boot Option and selected "Disable automatic restart on system failure" and same thing happened as mentioned a little while ago. I was going to select "Last know good configuration...", but I figured I would wait for your direction since I do not want to make matters worse.

Thank you again Gary.

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,967 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:34 PM

Posted 28 December 2015 - 10:13 AM

Greetings,

You are quite welcome for the help. We have lots of things we can do so there is good reason to be optomistic.

Let's start with this.

===================================================

Farbar's Recovery Scan Tool in Recovery Environment

--------------------

For this step you will need a USB flash drive and start on a clean computer.
  • Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
===================================================

Entering into the System Recovery Options

Option #1

To enter System Recovery Options in Windows 8:Option #2

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
Option #3

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next
===================================================

Running Farbar's Recovery Scan Tool in System Recovery
  • Once you are in the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt
  • In the command window type in Notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select Computer and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter Note: Replace letter e with the drive letter of your flash drive
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • When completed a (FRST.txt) file will be created on the flash drive. Please copy and paste it to your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 ihateviruses1

ihateviruses1
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:34 AM

Posted 28 December 2015 - 01:07 PM

Aloha Gary! 

 

I put the 2 Farbar Recovery Scan Tools on a dongle already.  Just don't know where to go from here since I do not have

"Repair your Computer" as a selection on my laptop in the Advanced Boot Options. Here are the only options I can select from:

 

Safe Mode

Safe Mode with Networking

Safe Mode with Command Prompt

 

Enable Boot Logging

Enable low-resolution video (640x480)

Last Known Good Configuration (advanced)

Directory Services Restore Mode

Debugging Mode

Disable automatic restart on system failure

Disable Driver Signature Enforcement

 

Start Windows Normally



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,967 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:34 PM

Posted 28 December 2015 - 01:37 PM

Greetings,

Do you have a Windows Installation or Recovery disk?

Please select Last Known Good Configuration then let me know if you can boot.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 ihateviruses1

ihateviruses1
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:34 AM

Posted 28 December 2015 - 02:04 PM

Sadly, I don't believe I have an Installation or Recovery disk.

 

I tried the option you suggested and unfortunately it is doing the same thing where it just take me to the "start-up" screen that says Windows 7 Home Premium.  It is the screen I see right before it should ask me for my password.

 

Would you happen to have any other suggestions Gary? :(



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,967 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:34 PM

Posted 28 December 2015 - 02:18 PM

Yes we have lots of options. Do you have the valid Product Key for Windows 7?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 ihateviruses1

ihateviruses1
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:34 AM

Posted 28 December 2015 - 02:21 PM

I do!
 

***Key Number Removed***

Edited by Oh My!, 28 December 2015 - 02:22 PM.


#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,967 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:34 PM

Posted 28 December 2015 - 02:33 PM

I removed the number since we don't want to make that public information.

Let's do this first.

===================================================

Kaspersky Rescue Disk 10 CD

--------------

To complete this process you will need a USB device and a blank CD.
  • On a clean computer download Kaspersky Rescue Disk 10 and save it to your desktop
  • Now go to the ISO Recorder site and download the version for your operating system (do not download the command line version)
  • Save the file to your desktop
  • Double click the icon to start the program
  • Select Run, then continue to select Next until you receive a notification that the installation was complete
  • Close the installation window
  • Insert a blank CD into your CD ROM drive
  • Right click on the kav_rescue_10.iso file on your desktop and select Copy image to CD/DVD
  • Make sure Image File is selected and it shows the kavrescue_10.iso file
  • In the Recorder section make sure it shows your CD ROM drive
  • Select the lowest recording speed
  • Click Next
  • Click Finish on the Operation has been completed screen
  • Remove the CD and insert it, and your USB device into the infected computer
  • Reboot the infected computer
  • As the computer boots up gently tap F12 (you may need to tap a different key like Del, Esc, F2.....) and choose to boot from CD/DVD
  • When the Kaspersky Rescue Disk screen appears press any key within 10 seconds
  • Press Enter on English which should be highlighted by default
  • Press 1 to accept the agreement
  • Press Enter on Kaspersky Rescue Disk. Graphic Mode which should be highlighted by default
  • Allow the program to load and mount the disks
  • Select your operating system then click OK
  • Place a check mark in each box except for sda1
  • Click Start Objects Scan
  • Upon completion do not Quarantine any items yet, simply click Report, save it to your USB device, then from your clean computer copy and paste the results in your reply
  • Attempt to boot your computer
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Kaspersky report
  • Can you boot?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 ihateviruses1

ihateviruses1
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:34 AM

Posted 28 December 2015 - 02:58 PM

Sorry about the Product Key.  I am thankful you were online to remove it from lingering too long.

 

Regarding the ISO recorder, after I install it on my desktop of a functioning computer what do I do with it?  Do I run it and then somehow put it on my thumb drive?  Or does the kav_rescue the only thing I burn a copy of on the CD?



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,967 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:34 PM

Posted 28 December 2015 - 03:07 PM

No problem on the edit.

Let me try to simplify things, I know the instructions are cumbersome.

We will not use the USB device until we run the Kaspersky Rescue Disk on your infected computer. The USB is only there for the log file to be written on once the scan is done.

After you install ISO Recorder go back to the Kaspersky download icon on your desktop, right click on it and select Copy Image to CD/DVD. That should launch ISO Recorder automatically. If it doesn't let me know.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 ihateviruses1

ihateviruses1
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:34 AM

Posted 28 December 2015 - 03:37 PM

Gary,

It's telling me this (please see attached).

Do I continue, skip or restart

Attached Files



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,967 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:34 PM

Posted 28 December 2015 - 03:39 PM

Continue


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users