Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Chrome CAPTCHA / Unusual Traffic - AGAIN


  • This topic is locked This topic is locked
7 replies to this topic

#1 Dawgmom

Dawgmom

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:03:00 PM

Posted 19 February 2016 - 12:36 PM

Hi.

 

I was helped here a month or so ago but my PC (Win 8.1, 64) has become reinfected. My AVG detected something last week during a freeware download (Wonderfox or something, I think) and although it was quarantined and the installation aborted, maybe that's how it happened? 

 

Anyway, I posted here: http://www.bleepingcomputer.com/forums/t/605858/ugh-google-search-captcha-redirect-unusual-traffic-again/ and followed the instructions from Mr. Buddy (unistalled Java 8 Update 60, Java 8 Update 66, and installed the current Adobe Flash Player and Mozilla Firefox - *although I mainly use Chrome). And, prior to his instructions I did the previous steps from my original post (which was run CCleaner, MBAM, AdwCleaner, Junkware Removal Tool, and ESET, and found nothing). 

 

So, as I was instructed to post here after following his instructions, attached are the results of the Farbar Recovery Scan Tool.

 

Thanks again so much for your help!

Attached Files



BC AdBot (Login to Remove)

 


#2 Dawgmom

Dawgmom
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:03:00 PM

Posted 19 February 2016 - 05:39 PM

Hi.

 

I had a thought about my post and took a look at the AVG Vault items. I don't know if it helps but just in case:

 

1/20/2016: Trojan Horse Cryptic.ERX in ...\Downloads\BlogJet.3.0.7.2.rar
2/09/2016: Found MalSign.OpenCandy.BDO in ...\AppData\Local\Temp\is-SET3P.tmp\OCSetupHlp.dll
2/14/2016: Found MalSign.Generic.139 in ...\AppData\Local\Temp\is-0OG8J.tmp\OCSetupHlp.dll
2/14/2016: Found MalSign.Generic.139 in ...\AppData\Local\Temp\is-BM5B4.tmp\OCSetupHlp.dll

Edited by Dawgmom, 19 February 2016 - 06:02 PM.


#3 mAL_rEm018

mAL_rEm018

  • Malware Response Team
  • 308 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:00 AM

Posted 20 February 2016 - 12:29 AM

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the Malware Removal forum and wait for help.

Failure to post replies within 4 days will result in this thread being closed.


Hello Dawgmom,

My name is mAL_rEm018, but feel free to call me mAL.  I will be helping you with your malware related problems. :)

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.


Because of this, I advise you to backup any personal files and folders before you start.


Cobian Backup
DriveImage XML


To make sure everything goes smoothly, I would like you to observe the following rules:

  • You must have Administrator rights, permissions for this computer.
  • Please reply to this thread.  Do not start another topic.
  • Perform all actions in the order given.
  • If you don't know, stop and ask!
  • DO NOT run any other fix or removal tools unless instructed to do so!
  • Don't attempt to install any new software (other than those I ask you to) until your computer is clean.
  • DO NOT post for help at any other forum.  Applying fixes from multiple help sites can cause problems.
  • I advise you to print the instructions if possible, since your internet connection might not be available during some of the fixes.
  • Absence of symptoms does not mean that everything is clear, therefore stick with this topic until I give you the "all clear".

I am currently reviewing you logs and will return as soon as possible, with additional instructions.


Teacher at the Malware Removal University.

Member of UNITE

 

Failure to post replies within 4 days will result in this thread being closed


#4 Dawgmom

Dawgmom
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:03:00 PM

Posted 20 February 2016 - 12:51 AM

Okay, thanks. 



#5 mAL_rEm018

mAL_rEm018

  • Malware Response Team
  • 308 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:00 AM

Posted 20 February 2016 - 02:06 AM

Hello Dawgmom,


Cracked - Illegal Software

There are cracked/illegal software on your computer.  Bleeping Computer does not condone the use of such programs.  Not only is it illegal, but it is a sure way to get infected!  Most cracked software are infected in some way...The best way to look at it is "if it's too good to be true, then it probably is".

I will be more than happy to help you clean your computer from infection(s), however before we proceed any further I expect you to remove any and all of the following from your computer:

  • Illegal software
  • Cracked software
  • Illegal software key generators


Once the software and/or keygens have been removed, please run the following scans:


CKScanner

  • Please download CKScanner from Here
  • Save it to your Desktop.
  • Right-Click on CKScanner.exe and select Run as Administrator.
  • Select Search For Files
  • When the scan in finished, click on Save List To File.
  • Open CKFiles.txt on your desktop and post the contents in your next reply.
    Only run CKScanner.exe once.


Next..


I need to see a fresh FRST log..


  • Right-click on FRST64.exe and select Run as administrator.
  • Ensure that Addition.txt is checked.
  • Select Scan.
  • When the scan is over two windows will open, FRST.txt and Addition.txt.
  • Please post the contents of both logs in your next reply.

Please note: if you get infected in the future and we see the presence of cracked/illegal software, you might not receive any help.


-----------------------------------------
In your next reply, I would like to see..

  • CKFiles.txt
  • FRST.txt
  • Addition.txt

 


Teacher at the Malware Removal University.

Member of UNITE

 

Failure to post replies within 4 days will result in this thread being closed


#6 Dawgmom

Dawgmom
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:03:00 PM

Posted 20 February 2016 - 09:10 AM

Hi.

I do download from Giveaway of the Day and Shareware on Sale. So, if those are what you mean or not, you're going to have to tell me which programs.

Sorry for being ignorant but I have seen 'free' offers else where and may not have realized. After looking at the AVG vault results yesterday I do recall that, for example, the OpenCandy that was quarantined was from a program downloaded right from the manufacturer of a software. Again, I don't recall if it was Wonderfox or Free Studio... but I know that it has happened.

Actually, I think it was a free comic book reader. Because I started to install it and when AVG found something, I aborted the install.

I'll clean and send the reports next.

Thank you.

Edited by Dawgmom, 20 February 2016 - 09:35 AM.


#7 mAL_rEm018

mAL_rEm018

  • Malware Response Team
  • 308 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:00 AM

Posted 20 February 2016 - 08:14 PM

Hello Dawgmom,
 

Actually, I think it was a free comic book reader. Because I started to install it and when AVG found something, I aborted the install.

Please refrain from installing any software until I give you the all clear.


I would like you to run the following scan..


CKScanner


  • Please download CKScanner from Here
  • Save it to your Desktop.
  • Right-Click on CKScanner.exe and select Run as Administrator.
  • Select Search For Files
  • When the scan in finished, click on Save List To File.
  • Open CKFiles.txt on your desktop and post the contents in your next reply.
    Only run CKScanner.exe once.


-----------------------------------------
In your next reply, I would like to see..

  • CKFiles.txt

 


Teacher at the Malware Removal University.

Member of UNITE

 

Failure to post replies within 4 days will result in this thread being closed


#8 mAL_rEm018

mAL_rEm018

  • Malware Response Team
  • 308 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:00 AM

Posted 24 February 2016 - 06:24 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Teacher at the Malware Removal University.

Member of UNITE

 

Failure to post replies within 4 days will result in this thread being closed





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users