Jump to content
Posted 19 May 2016 - 06:30 AM
Posted 19 May 2016 - 06:58 AM
Check further for more adware and malware.
Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the
Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.
After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.
Download AdwCleaner by Xplode onto your desktop.
Posted 19 May 2016 - 08:00 AM
Posted 19 May 2016 - 09:34 AM
Posted 19 May 2016 - 10:04 AM
CCleaner if used per instructions would of cleaned out temporary files, cookies, logs and program caches. Note
that I mentioned no need to use Registry cleaner and it was risky to do. CCleaner does not specifically target adware and malware.
It is not a security program.
After posting Eset Online Scan results, please do this:
Post the three lists mentioned below using CCleaner.
Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.
At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next
post. Please do that.
Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you
will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.
Posted 19 May 2016 - 12:41 PM
Hi again, Eset took a looong time (I have many files on the computer) and actually gave 6 infections - but those are files I have never executed on this computer - or any other probably - (came as reference to a programming book)
D:\....\Reference\Programming Windows\Chap11\Colors2\Release\Colors2.exe Win32/Bifrose.NCQ trojan cleaned by deleting
D:\....\Reference\Programming Windows\Chap17\ChosFont\Release\ChosFont.exe a variant of Win32/Kryptik.EDMU trojan cleaned by deleting
D:\....\Reference\Programming Windows\Chap18\Emf1\Release\Emf1.exe a variant of Win32/Kryptik.BGSN trojan cleaned by deleting
D:\....\Backup 130416\Development\Reference\Programming Windows\Chap11\Colors2\Release\Colors2.exe Win32/Bifrose.NCQ trojan cleaned by deleting
D:\....\Backup 130416\Development\Reference\Programming Windows\Chap17\ChosFont\Release\ChosFont.exe a variant of Win32/Kryptik.EDMU trojan cleaned by deleting
D:\....\Backup 130416\Development\Reference\Programming Windows\Chap18\Emf1\Release\Emf1.exe a variant of Win32/Kryptik.BGSN trojan cleaned by deleting
So... I'm hoping that these are "old spooks" - but I'm afraid it might be a "hidingplace" for an active, morphing & advanced virus... anyone who could weigh in on "old harmless" vs "new advanced hidingplace" ?
Since it had affected TWO files (same file but different instance of an old backup, located in different folders) for each trojan I'm guessing it is NOT a "new superadvanced hidingalgorithm", as such a solution would proably go for one file or several different files.
Edited by Magnus975, 19 May 2016 - 12:42 PM.
Posted 19 May 2016 - 12:51 PM
Posted 19 May 2016 - 12:59 PM
Posted 19 May 2016 - 01:10 PM
So, trying to summarize...
1) is there a way I can see if any program has manipulated my proxy-settings ?
2) is there a way to commonly trigger "redirection- / proxy-changing / browser-hijacking" malware/viruses - to see if I still have a problem ?
3) are there any "red lights" from the lists I've posted that look suspicious ?
4) how can I verify I've cleaned out the infection ? is the above programs enough - or is there more analysis that needs to be done / more lists to post ?
With a computer/workstation with this much software on - it is too much work to follow the regular "wipe & reinstall"-recommendation - as reinstall & reconfig would take weeks. Sadly I'm not in a position of either health (to deal with this myself) or funds (have no money to hire someone to set up a properly shielded/protected solution) - so I'm hoping the problem will just go away, for me to focus on recovery of life in general rather than some virus / hijacking nastyness :-(
Posted 19 May 2016 - 02:39 PM
Have any idea why some of your Windows programs show an install date of 1970?
Examples: Väder Microsoft Corporation 1970-01-01 188.8.131.520, Video Microsoft Corporation 1970-01-01 184.108.40.206
Suggest you Disable these Windows Startups: Use CCleaner by clicking on each item and choosing Disable on the right.
Yes HKCU:Run AdobeBridge
Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes HKCU:Run Spotify Web Helper Spotify Ltd "C:\Users\Magnus\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
Yes HKCU:Run Steam Valve Corporation "D:\Games\Steam\steam.exe" -silent
Yes HKLM:Run APSDaemon Apple Inc. "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
Yes HKLM:Run BlueStacks Agent BlueStack Systems, Inc. C:\Program Files (x86)\BlueStacks\HD-Agent.exe
Yes HKLM:Run Command Center MSI C:\Program Files (x86)\MSI\Command Center\StartCommandCenter.exe
Yes HKLM:Run ControlCenter3 C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
Yes HKLM:Run iTunesHelper Apple Inc. "C:\Program Files\iTunes\iTunesHelper.exe"
Disable these Tasks: Use CCleaner by clicking on each item and choosing Disable on the right.
Yes Task CreateChoiceProcessTask Microsoft Corporation C:\Windows\BrowserChoice\browserchoice.exe /launch
Yes Task GoogleUpdateTaskMachineCore C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineUA C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Uninstall these programs:
Bing Microsoft Corporation 1970-01-01 220.127.116.119
ESET Online Scanner v3 2016-05-19
Java 7 Update 60 (64-bit) Oracle 2014-06-17 118 MB 7.0.600
Mozilla Firefox 25.0.1 (x86 sv-SE) Mozilla 2013-12-01 49,3 MB 25.0.1
Mozilla Maintenance Service Mozilla 2013-12-01 221 KB 25.0.1
QuickTime 7 Apple Inc. 2016-02-17 69,1 MB 18.104.22.168 (No longer supported in Windows...risky to keep...up to you. )
I noticed that in your MBAM scan log that Scan for Rootkits was not enabled. Please follow the directions below for using MBAM
and be sure to enable Scan For Rootkits.
POST THE LOG FOR REVIEW.
Posted 20 May 2016 - 09:52 AM
Edited by quietman7, 22 May 2016 - 06:22 PM.
Posted 20 May 2016 - 01:05 PM
Yeah...I was wondering how the old Firefox was still showing in the list. I would leave it alone since it
is not causing any problem.
I see no symptom or suggestion that there is malware. I think you are good to go....
0 members, 0 guests, 0 anonymous users