Fake windows security alert and McAfee

Hi i am new here so i don't how this here go

my computer is windows 10 home x64

 

I think infected, start up my computer what whatever start a programs it close by it self

i see a pop up of windows security alert and McAfee, I don't have McAfee or windows security alert, if I stay to long a images show up about Trojan zeus?

only get two screenshots the other one i can't not get.

 

Here some screenshots
 

windows security alert:

http://i1096.photobucket.com/albums/g326/mypic612/nun1_zpsl9tac74k.png

 

McAfee

http://i1096.photobucket.com/albums/g326/mypic612/nun2_zpsaxeitjiv.png

the pop up show i go task manager and show locating

Program Files (x86)\Microsoft Corporation

I don't know is that the virus?

 

try ran in full system scanning have to go boot safe with this software

AVG

SUPERAntiSpyware

Kaspersky TDSSKiller

RKill

Malwarebytes Anti-Malware

HitmanPro

Emsisoft Emergency Kit

Microsoft Windows Malicious Software Removal Tool (only quick scan)

 

I trying everything i got nothing also somehow it work checking normal startup on system configuration

it clean and work some reason next day boom back again.

 

i been doing for three day now, somehow not infected other user account only mine, the account even not a administrator account

 

can you help me please and thank you

Edited by Green617, 30 April 2016 - 09:56 PM.

Hi Green617

My name is Aura and I'll be assisting you with your issue. Follow the instructions below please.

Autoruns - Start-up Entries
Follow the instructions below to give me an Autoruns log containing your start-up entries:

• Download Autoruns.zip from the Sysinternals Suite webpage;
• Extract the content of the Autoruns.zip folder where you want, then go in the folder, right-click on Autoruns.exe and select Run as Administrator;
• Accept the EULA on opening, then wait for all the entries to load;
• Click on File then Save and save the file to a location easily accessible as a .arn (Autoruns) file;
• Upload the file on Dropbox, Google Drive or OneDrive and post the download URL for it here;

hi aura i don't know how to replay this here the link

https://www.dropbox.com/s/pn2bv9w0ciiymil/my%20log.arn?dl=0

Hello,

your my log.arn contains all entries you can see in Autoruns under "Everything". Just upload it as mentioned above.

Ralf

Hello,

your my log.arn contains all entries you can see in Autoruns under "Everything". Just upload it as mentioned above.

Ralf

i don't get it

Thank you for the log Next, you'll run Autoruns as Administrator again, and you'll delete the entries shown in the screenshots below. To delete an entry, simply right-click on it and select Delete. They are listed in the order they are displayed in your logs, and the ones I'm asking them to delete are all highlighted in yellow (but you are not deleting ALL of the yellow ones).













Once done, please save a new Autoruns (.arn) file, and upload it for me to review.

to aura

 

here my after delete highlighted on the list

https://www.dropbox.com/s/z5dv0rlc72401oc/my%20log%202.arn?dl=0

Good Now follow the instructions below please.

Junkware Removal Tool (JRT)

• Download Junkware Removal Tool (JRT) and move it to your Desktop;
• Right-click on JRT.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
• Press on any key to launch the scan and let it complete;
  
  Credits : BleepingComputer.com
• Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;

AdwCleaner - Fix Mode

• Download AdwCleaner and move it to your Desktop;
• Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
• Accept the EULA (I accept), let the database update, then click on Scan;
• Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Cleaning button. This will kill all the active processes;
  
• Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it;
• After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply;

Malwarebytes Anti-Malware - Clean Mode

• Download and install the free version of Malwarebytes Anti-Malware
  Note: It's your choice if you want to enable the free trial of Malwarebytes Premium or not. Enabling it will give you real-time protection from the program, as well as access to all the Premium features.
  Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point;
• Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the Update Now button;
• Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan;
• Let the scan run, the time required to complete the scan depends of your system and computer specs;
• Once the scan is complete, make sure that the checkbox by Threat is checked (it means that every item detected is checked), then click on the Remove Selected button;
  
• Click on Save Results after the deletion (in the bottom-right corner) and select Copy to clipboard. Paste the content in your next reply;

Your next reply(ies) should therefore contain:

• Copy/pasted JRT log;
• Copy/pasted AdwCleaner clean log;
• Copy/pasted Malwarebytes clean log;

HERE ALL THE LOG

 

 

 

 

JRT log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 10 Home x64
Ran by username (Administrator) on Sat 05/07/2016 at 17:42:23.81
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 1

Successfully deleted: C:\Users\Edwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm (Folder)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 05/07/2016 at 17:48:57.52
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

AdwCleaner clean log;

# AdwCleaner v5.115 - Logfile created 07/05/2016 at 20:37:15
# Updated 01/05/2016 by Xplode
# Database : 2016-05-04.2 [Server]
# Operating system : Windows 10 Home  (X64)
# Username : Edwin - TELLEZ
# Running from : C:\Users\Edwin\Desktop\AdwCleaner.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****

[-] File Deleted : C:\Users\Edwin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.mpc.am_0.localstorage
[-] File Deleted : C:\Users\Edwin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.mpc.am_0.localstorage-journal

***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\{94ebd7b5-82ae-449t-b679-3d04078ed154}

***** [ Web browsers ] *****

[-] [C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : search.yahoo.com
[-] [C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Edwin\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Edwin\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Edwin\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : searchinterneat-a.akamaihd.net
[-] [C:\Users\Edwin\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : mpc safe search
[-] [C:\Users\Edwin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : search.mpc.am
[-] [C:\Users\Edwin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider_Data] Deleted : hxxp://search.mpc.am?q={searchTerms}&cx=partner-pub-3796753109442372:3837783968
[-] [C:\Users\Edwin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Deleted : search.mpc.am
[-] [C:\Users\max\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\max\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [14995 bytes] - [16/04/2016 22:10:30]
C:\AdwCleaner\AdwCleaner[C2].txt - [1292 bytes] - [16/04/2016 23:19:19]
C:\AdwCleaner\AdwCleaner[C3].txt - [2705 bytes] - [07/05/2016 20:37:15]
C:\AdwCleaner\AdwCleaner[R0].txt - [3340 bytes] - [08/08/2015 19:37:17]
C:\AdwCleaner\AdwCleaner[S0].txt - [3224 bytes] - [08/08/2015 19:43:08]
C:\AdwCleaner\AdwCleaner[S1].txt - [16606 bytes] - [16/04/2016 22:04:15]
C:\AdwCleaner\AdwCleaner[S2].txt - [1124 bytes] - [16/04/2016 23:13:48]
C:\AdwCleaner\AdwCleaner[S4].txt - [1442 bytes] - [26/04/2016 17:52:16]
C:\AdwCleaner\AdwCleaner[S5].txt - [3044 bytes] - [07/05/2016 19:02:20]

########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [3217 bytes] ##########

 

 

Malwarebytes clean log;

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/7/2016
Scan Time: 8:45 PM
Logfile:
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.05.07.05
Rootkit Database: v2016.05.06.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Edwin

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 525267
Time Elapsed: 1 hr, 18 min, 56 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 3
PUP.Optional.DNSio, HKLM\SOFTWARE\CLASSES\CLSID\{FD20C151-A061-4097-955D-682F317A7035}, Quarantined, [7f920dc67425a1955a8279c9dd250cf4],
PUP.Optional.IDSCProduct, HKLM\SOFTWARE\MICROSOFT\TRACING\idscservice_RASAPI32, Quarantined, [30e17e554851a39372ab7e4e7a891de3],
PUP.Optional.IDSCProduct, HKLM\SOFTWARE\MICROSOFT\TRACING\idscservice_RASMANCS, Quarantined, [d33e785b960344f2889518b4c73c6e92],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

Good Do you still have the pop-ups mentionned in your first post?

yes work now also delete Program Files (x86)\Microsoft Corporation too

So is there any issues left that needs to be addressed?