Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multitude of "Infected Internet Resources" alerts from Bitdefender


  • Please log in to reply
19 replies to this topic

#1 Lilium

Lilium

  • Members
  • 114 posts
  • OFFLINE
  •  
  • Local time:02:55 AM

Posted 27 February 2016 - 06:27 PM

Hi, thanks for reading.

 

For the past few weeks Bitdefender Total Security 2016 has been intercepted a few hundred threats labeled as "infected internet resources." The name of the application responsible and the web resource it accesses change very frequently.

 

Ex:

Spoiler

Spoiler

Spoiler

Spoiler

 

Bitdefender is the only protection on this particular rig as it is used primarily for gaming and is supposedly a good compatibility with that function. Running Windows 7 Ultimate 64bit. What should I do now to detect and remove this issue? Thank you.


Edited by Lilium, 27 February 2016 - 06:53 PM.

Tempus Fugit


BC AdBot (Login to Remove)

 


#2 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:07:55 AM

Posted 28 February 2016 - 04:54 AM

Hello there,

My name is Sintharius and I will assist you with your problem.

From your logs it looks like something is trying to download files into your machine. I will need some information about your computer.

:step1: MiniToolbox by Farbar

Disable your antivirus if it does not allow you to download the tool!
Please download MiniToolBox, save it to your desktop and run it.
Place a checkmark in Select all, then click Go and post the result (MTB.txt). A copy of Result.txt will be saved in the same directory the tool is run.

===

:step2: Security Check by screen317
  • Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt. Please copy and paste the contents of the log in your next reply.

#3 Lilium

Lilium
  • Topic Starter

  • Members
  • 114 posts
  • OFFLINE
  •  
  • Local time:02:55 AM

Posted 28 February 2016 - 05:29 PM

Thank you Sintharius. For the Hosts Content section I should mention I deliberately made additional entries to my Hosts file. It's a method of blocking ad servers I learned from http://pgl.yoyo.org/as/

 

Edit: Updated with correct logs

 

MTB.txt log

Spoiler

 

checkup.txt log

Spoiler

Edited by Lilium, 28 February 2016 - 06:22 PM.

Tempus Fugit


#4 Lilium

Lilium
  • Topic Starter

  • Members
  • 114 posts
  • OFFLINE
  •  
  • Local time:02:55 AM

Posted 29 February 2016 - 04:42 PM

Previous post was update.


Tempus Fugit


#5 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:07:55 AM

Posted 29 February 2016 - 04:53 PM

Hello Lilium,

If you shut down FileZilla and Internet Download Manager, does BitDefender still throw warnings?

#6 Lilium

Lilium
  • Topic Starter

  • Members
  • 114 posts
  • OFFLINE
  •  
  • Local time:02:55 AM

Posted 29 February 2016 - 10:38 PM

I'd take a day to build a comparison though I will say it was definitely a while after Bitdefender was installed that these errors surfaced. The two programs were present long before Bitdefender too. I'll report back tomorrow if the errors stopped or not.


Tempus Fugit


#7 Lilium

Lilium
  • Topic Starter

  • Members
  • 114 posts
  • OFFLINE
  •  
  • Local time:02:55 AM

Posted 01 March 2016 - 05:05 PM

Both Filezilla and Internet Download Manager have been off for about 17 hours and I still received 6 alerts.

 

Spoiler


Tempus Fugit


#8 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:07:55 AM

Posted 01 March 2016 - 05:07 PM

Then it looks like something else is the cause of those alerts. Please run these tools to rule out malware.

:step1: Emsisoft Emergency Kit

Please download Emsisoft Emergency Kit and save it to your desktop. Double click on the EmsisoftEmergencyKit file you downloaded to extract its contents and create a shortcut on the desktop. Leave all settings as they are and click the Extract button at the bottom. A folder named EEK will be created in the root of the drive (usually c:\).
  • After extraction please double-click on the new Start Emsisoft Emergency Kit icon on your desktop.
  • The first time you launch it, Emsisoft Emergency Kit will recommend that you allow it to download updates. Please click Yes so that it downloads the latest database updates.
  • When update is complete, click Malware Scan. When asked if you want the scanner to scan for Potentially Unwanted Programs, click Yes. Emsisoft Emergency Kit will start scanning.
  • When the scan is completed click Quarantine selected objects. Note, this option is only available if malicious objects were detected during the scan.
  • When the threats have been quarantined, click the View report button in the lower-right corner, and the scan log will be opened in Notepad.
  • Please save the log in Notepad on your desktop and post the contents in your next reply.
  • When you close Emsisoft Emergency Kit, it will give you an option to sign up for a newsletter. This is optional, and is not necessary for the malware removal process.
===

:step2: Kaspersky Virus Removal Tool

4n7CEPj.jpgPlease download Kaspersky Virus Removal Tool from here.
  • Right click on NfpAe5Z.jpg and select Run as Administrator.
  • Read the EULA, then select Accept.
  • Wait for Kaspersky Virus Removal Tool to initialize.
  • In the main screen, select Change parameters, place a checkmark in System drive, then click OK.
  • Click Start scan.
  • Wait for Kaspersky Virus Removal Tool to complete scanning.
  • When the scan is finished, select Neutralize all for all detected objects.
  • Close Kaspersky Virus Removal Tool when done.
Let me know if it found anything.

#9 Lilium

Lilium
  • Topic Starter

  • Members
  • 114 posts
  • OFFLINE
  •  
  • Local time:02:55 AM

Posted 04 March 2016 - 10:04 PM

I screwed up this first time and had to re scan. But within this time between deleting these file and now I haven't received any alerts. Thank you for your support.

 

This community has helped me several times over the years and so I have donated to help fund the current legal battle as well

 

8 more manifested. 1 of which was an application. I'm guessing a tmp file was successful.

Spoiler

Spoiler


Edited by Lilium, 05 March 2016 - 09:19 AM.

Tempus Fugit


#10 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:07:55 AM

Posted 05 March 2016 - 03:57 PM

Those tmp files are detected as adware - please run this.

AdwCleaner by Xplode

Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait a bit.
  • Click on I agree button.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • DO NOT CLEAN ANYTHING! Removal will be done after analysis of the log.
  • After the scan has finished, click on the Logfile button...a logfile (AdwCleaner[S#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.


#11 Lilium

Lilium
  • Topic Starter

  • Members
  • 114 posts
  • OFFLINE
  •  
  • Local time:02:55 AM

Posted 06 March 2016 - 12:46 AM

This is associated with my usb transfer cable - Folder Found : C:\Users\Kroneru\AppData\Roaming\targus

Everything else is either unknown or expendable

 

AdwCleaner[S1] log

Spoiler

Tempus Fugit


#12 Lilium

Lilium
  • Topic Starter

  • Members
  • 114 posts
  • OFFLINE
  •  
  • Local time:02:55 AM

Posted 08 March 2016 - 12:14 AM

Post updated.


Tempus Fugit


#13 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:07:55 AM

Posted 08 March 2016 - 02:40 AM

Hello Lilium,

Please run AdwCleaner again and choose Cleaning for all detections except the entry that you recognized.

Junkware Removal Tool by Malwarebytes Corporation

Please download Junkware Removal Tool to your desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system. Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


#14 Lilium

Lilium
  • Topic Starter

  • Members
  • 114 posts
  • OFFLINE
  •  
  • Local time:02:55 AM

Posted 08 March 2016 - 10:44 AM

JRT.txt log

 

Spoiler

Tempus Fugit


#15 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:07:55 AM

Posted 08 March 2016 - 10:51 AM

Hello Lilium,

:step1: Malwarebytes Anti-Malware

Download Malwarebytes Anti-Malware from here.

Double click on the file mbam-setup-2.x.x.xxxx.exe to install the application. (x.x.xxxx is the version)
  • Follow the prompt. At the end place a checkmark in Launch Malwarebytes Anti-Malware, then choose Finish.
  • When MBAM opens it will says Your database is out of date. Choose Fix Now.
  • Click on the Scan tab at the top of the window, choose Threat Scan, then Scan Now.
  • If you receive a message that updates are available, choose Update Now button (the scan will start after updates are completed).
  • Please be patient as the scan will take some time.
  • If MBAM detected threats, choose Quarantine for all items, then click Apply Actions.
  • While still on the Scan tab, choose View detailed log. In the window that opens, click the Export button, choose Text file (*.txt) and save the log to your Desktop.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


===

:step2: ESET Online Scanner
  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.
Let me know if the warnings from BitDefender still persist after these.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users