Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

being redirected to securepccleaner.com when trying to download


  • Please log in to reply
14 replies to this topic

#1 MrMajeika

MrMajeika

  • Members
  • 125 posts
  • OFFLINE
  •  
  • Local time:07:43 AM

Posted 11 May 2016 - 02:32 PM

I have a laptop here that belongs to a friend. It is an HP laptop with windows 7 home premium. I don't think he ever took care of it there are no antivirus or antimalware installed. i thought i might start by installing panda antivirus but the download links redirect to securepccleaner.com. Other links to other software do the same thing. The computer probably needs a complete cleanup and i'm not really sure where to start



BC AdBot (Login to Remove)

 


#2 Humannpower

Humannpower

  • Members
  • 136 posts
  • OFFLINE
  •  
  • Local time:02:43 AM

Posted 11 May 2016 - 02:40 PM

Get a flash drive and install Emsisoft Emergency kit on it using a clean computer. After installing it run it once to update the malware signatures. Boot the infected computer into safe mode and plug the flash drive in and run the custom scan on the computer and make sure all drives are selected which should be done by default. After the inital scan is done and everything found is deleted reboot the computer and allow it to boot up normally and run Emsisoft again to catch any stragglers. Please post the logs of both scans here please when finished.



#3 Agouti

Agouti

  • Members
  • 1,548 posts
  • OFFLINE
  •  
  • Local time:03:43 AM

Posted 11 May 2016 - 02:44 PM

Is this the same machine from this topic?  http://www.bleepingcomputer.com/forums/t/613608/how-to-clean-and-speed-up-an-old-laptop/



#4 MrMajeika

MrMajeika
  • Topic Starter

  • Members
  • 125 posts
  • OFFLINE
  •  
  • Local time:07:43 AM

Posted 11 May 2016 - 02:49 PM

Is this the same machine from this topic?  

 

 

yes my apologies. i just thought i should post in here to see if it is a virus as i hadn't actually seen the machine yet when i did the other post



#5 MrMajeika

MrMajeika
  • Topic Starter

  • Members
  • 125 posts
  • OFFLINE
  •  
  • Local time:07:43 AM

Posted 11 May 2016 - 03:03 PM

Get a flash drive and install Emsisoft Emergency kit on it using a clean computer. After installing it run it once to update the malware signatures. Boot the infected computer into safe mode and plug the flash drive in and run the custom scan on the computer and make sure all drives are selected which should be done by default. After the inital scan is done and everything found is deleted reboot the computer and allow it to boot up normally and run Emsisoft again to catch any stragglers. Please post the logs of both scans here please when finished

 

sorry pardon my ignorance. after installing it run it to update the malware signatures. that should be done on the clean computer?



#6 Humannpower

Humannpower

  • Members
  • 136 posts
  • OFFLINE
  •  
  • Local time:02:43 AM

Posted 11 May 2016 - 03:25 PM

sorry pardon my ignorance. after installing it run it to update the malware signatures. that should be done on the clean computer?

 

 

Yes the install and update will both be done on a clean computer. 



#7 MrMajeika

MrMajeika
  • Topic Starter

  • Members
  • 125 posts
  • OFFLINE
  •  
  • Local time:07:43 AM

Posted 11 May 2016 - 04:10 PM

Plugged in the flash drive and started a custom scan. It immediately detected 30 items but has now stopped on 42%. It doesn't seem to be doing anything and the number of items scanned has stuck too. It's been like this for a while

Edited by MrMajeika, 11 May 2016 - 04:13 PM.


#8 Humannpower

Humannpower

  • Members
  • 136 posts
  • OFFLINE
  •  
  • Local time:02:43 AM

Posted 11 May 2016 - 04:12 PM

You'll need to give it time to run. You're running this while the computer is in safe mode, right?



#9 MrMajeika

MrMajeika
  • Topic Starter

  • Members
  • 125 posts
  • OFFLINE
  •  
  • Local time:07:43 AM

Posted 11 May 2016 - 04:13 PM

Yes it is in safe mode. It's continuing now. I should be more patient ha

Edited by MrMajeika, 11 May 2016 - 04:15 PM.


#10 Humannpower

Humannpower

  • Members
  • 136 posts
  • OFFLINE
  •  
  • Local time:02:43 AM

Posted 11 May 2016 - 04:17 PM

Yeah. Just remember the old saying "A watched pot never boils." Lol



#11 MrMajeika

MrMajeika
  • Topic Starter

  • Members
  • 125 posts
  • OFFLINE
  •  
  • Local time:07:43 AM

Posted 11 May 2016 - 04:29 PM

The laptop just randomly shut down in the middle of the scan. I rebooted and it came up with the error message that it powered off to prevent overheating. What should I do now

#12 Humannpower

Humannpower

  • Members
  • 136 posts
  • OFFLINE
  •  
  • Local time:02:43 AM

Posted 11 May 2016 - 04:32 PM

Does the bottom of the laptop feel really hot anywhere?



#13 MrMajeika

MrMajeika
  • Topic Starter

  • Members
  • 125 posts
  • OFFLINE
  •  
  • Local time:07:43 AM

Posted 11 May 2016 - 04:39 PM

Feels quite hot on the left side. Wouldn't say it's much hotter than my laptop

#14 Humannpower

Humannpower

  • Members
  • 136 posts
  • OFFLINE
  •  
  • Local time:02:43 AM

Posted 11 May 2016 - 04:44 PM

If you have a cooling pad I would recommend using it and trying it again or you could just put the laptop next to a fan blowing full blast. 



#15 MrMajeika

MrMajeika
  • Topic Starter

  • Members
  • 125 posts
  • OFFLINE
  •  
  • Local time:07:43 AM

Posted 12 May 2016 - 11:37 AM

i did a scan in safe mode then rebooted it and left it to run another scan overnight. there doesn't seem to be a a log for the second scan. i selected o shut down on completion. It seemed to be over half when done before i went to sleep and it was clean. Here is  the log from the safe mode scan

 

Emsisoft Emergency Kit - Version 11.0
Last update: 11/05/2016 21:47:13
User account: Beast\Aaron
 
Scan settings:
 
Scan type: Custom Scan
Objects: Rootkits, Memory, Traces, C:\, D:\, E:\
 
Detect PUPs: On
Scan archives: On
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off
 
Scan start: 11/05/2016 22:49:29
C:\Program Files (x86)\dictionaryboss detected: Application.AppInstall (A)
C:\ProgramData\Yahoo! Companion detected: Application.AdInstall (A)
C:\Users\Aaron\AppData\LocalLow\HPAppData detected: Application.AdInstall (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\IMSIDE1EGATE.APPLICATION.1 detected: Application.Win32.WebToolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\IMSIDE1EGATE.APPLICATION.1 detected: Application.Win32.WebToolbar (A)
Value: HKEY_USERS\S-1-5-21-2480289427-1735491169-3158046666-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A)
Key: HKEY_USERS\S-1-5-21-2480289427-1735491169-3158046666-1000\SOFTWARE\YAHOOPARTNERTOOLBAR detected: Application.Win32.YTool (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670} detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\IMSIDE1EGATE.APPLICATION.1 detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\IMSIDE1EGATE.APPLICATION.1 detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PROTECTOR_DLL.PROTECTORBHO detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PROTECTOR_DLL.PROTECTORBHO detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PROTECTOR_DLL.PROTECTORBHO.1 detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PROTECTOR_DLL.PROTECTORBHO.1 detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\DICTIONARYBOSS detected: Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} detected: Application.AdInstall (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} detected: Application.AdInstall (A)
Key: HKEY_USERS\S-1-5-21-2480289427-1735491169-3158046666-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{02478D38-C3F9-4EFB-9B51-7695ECA05670} detected: Application.AdInstall (A)
Key: HKEY_USERS\S-1-5-21-2480289427-1735491169-3158046666-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{EF99BD32-C1FB-11D2-892F-0090271D4F88} detected: Application.AdInstall (A)
Key: HKEY_USERS\S-1-5-21-2480289427-1735491169-3158046666-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} detected: Application.AdInstall (A)
Key: HKEY_USERS\S-1-5-21-2480289427-1735491169-3158046666-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{02478D38-C3F9-4EFB-9B51-7695ECA05670} detected: Application.AdInstall (A)
Key: HKEY_USERS\S-1-5-21-2480289427-1735491169-3158046666-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{EF99BD32-C1FB-11D2-892F-0090271D4F88} detected: Application.AdInstall (A)
Key: HKEY_USERS\S-1-5-21-2480289427-1735491169-3158046666-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} detected: Application.AdInstall (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR -> {EF99BD32-C1FB-11D2-892F-0090271D4F88} detected: Application.AdInstall (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} detected: Application.AdInstall (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{02478D38-C3F9-4EFB-9B51-7695ECA05670} detected: Application.AdInstall (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{EF99BD32-C1FB-11D2-892F-0090271D4F88} detected: Application.AdInstall (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\YAHOO! COMPANION detected: Application.AdInstall (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\YAHOO! TOOLBAR detected: Application.AdInstall (A)
C:\Users\Aaron\AppData\Local\Temp\bbhcabfdgdb.exe detected: Application.Bundler.JU (B)
C:\Users\Aaron\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\13cd1780-529bd41a -> durdom/Ester.class detected: Java.Trojan.Downloader.OpenConnection.AS (B)
C:\Users\Aaron\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\13cd1780-529bd41a -> durdom/Glocker.class detected: Java.Trojan.Downloader.OpenConnection.AS (B)
C:\Users\Aaron\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\13cd1780-529bd41a -> durdom/huiak$1.class detected: Java.Trojan.Downloader.OpenConnection.AS (B)
C:\Users\Aaron\Downloads\Unconfirmed 984319.crdownload detected: Application.BrowserExt (A)
C:\Users\Aaron\Downloads\Unconfirmed 233240.crdownload detected: Application.BrowserExt (A)
 
Scanned 401553
Found 36
 
Scan end: 12/05/2016 00:06:32
Scan time: 1:17:03
 
C:\Users\Aaron\Downloads\Unconfirmed 233240.crdownload Application.BrowserExt (A)
C:\Users\Aaron\Downloads\Unconfirmed 984319.crdownload Application.BrowserExt (A)
C:\Users\Aaron\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\13cd1780-529bd41a Java.Trojan.Downloader.OpenConnection.AS (B)
C:\Users\Aaron\AppData\Local\Temp\bbhcabfdgdb.exe Application.Bundler.JU (B)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\YAHOO! TOOLBAR Application.AdInstall (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\YAHOO! COMPANION Application.AdInstall (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Application.AdInstall (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Application.AdInstall (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} Application.AdInstall (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR -> {EF99BD32-C1FB-11D2-892F-0090271D4F88} Application.AdInstall (A)
Key: HKEY_USERS\S-1-5-21-2480289427-1735491169-3158046666-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} Application.AdInstall (A)
Key: HKEY_USERS\S-1-5-21-2480289427-1735491169-3158046666-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Application.AdInstall (A)
Key: HKEY_USERS\S-1-5-21-2480289427-1735491169-3158046666-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Application.AdInstall (A)
Key: HKEY_USERS\S-1-5-21-2480289427-1735491169-3158046666-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} Application.AdInstall (A)
Key: HKEY_USERS\S-1-5-21-2480289427-1735491169-3158046666-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Application.AdInstall (A)
Key: HKEY_USERS\S-1-5-21-2480289427-1735491169-3158046666-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Application.AdInstall (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} Application.AdInstall (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} Application.AdInstall (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\DICTIONARYBOSS Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PROTECTOR_DLL.PROTECTORBHO.1 Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PROTECTOR_DLL.PROTECTORBHO Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Application.AdReg (A)
Key: HKEY_USERS\S-1-5-21-2480289427-1735491169-3158046666-1000\SOFTWARE\YAHOOPARTNERTOOLBAR Application.Win32.YTool (A)
Value: HKEY_USERS\S-1-5-21-2480289427-1735491169-3158046666-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR Setting.DisableTaskMgr (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\IMSIDE1EGATE.APPLICATION.1 Application.Win32.WebToolbar (A)
C:\Users\Aaron\AppData\LocalLow\HPAppData Application.AdInstall (A)
C:\ProgramData\Yahoo! Companion Application.AdInstall (A)
C:\Program Files (x86)\dictionaryboss Application.AppInstall (A)
 
Deleted 29





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users