Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

iSkySoft Helper Compact asks me to install upon startup; scans show no malware


  • This topic is locked This topic is locked
6 replies to this topic

#1 Akureyr

Akureyr

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:52 PM

Posted 25 June 2016 - 12:01 PM

A few days ago I clicked on a Facebook post about some cute donkey or other, and unlike most occasions (where you are redirected to a video), I was redirected to a very dodgy site. I thought nothing of it as my Spybot (Search and Destroy) and Avast had shown no malware alerts, and scans revealed no issues. 

 

But recently I've noticed changes after I updated the computer and shut it down ("shut down" was replaced with this option in Windows, this seemed normal to me since Windows updates typically seem to come on this computer that way, long before I clicked the dodgy link). The main noticeable change is that iSkySoft Helper Compact (with user info from some guy in a province in China) appear upon start up, and I am given the option to allow the program to make changes to my hard drive. (I selected "No" every time). I'm tired of seeing the startup message and worry that malware might be slowing my computer down (though it has had dust issues which I resolved a few months back). 

 

Any help would be appreciated. FRST and Addition text logs are attached to this post.

 

Attached File  FRST.txt   56.24KB   10 downloads

Attached File  Addition.txt   36.03KB   6 downloads



BC AdBot (Login to Remove)

 


#2 Jo*

Jo*

  • Malware Response Team
  • 3,428 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:52 PM

Posted 27 June 2016 - 05:32 AM

:welcome: to BleepingComputer.

Hi there,

my name is Jo and I will help you with your computer problems.


Please follow these guidelines:
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / music / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


:step1: Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


:step2: Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


:step3: Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
    The actual line should say "Pending. Please uncheck elements you do not want to remove" => scan is complete.
  • After the scan has finished, click on the Logfile button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 Akureyr

Akureyr
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:52 PM

Posted 29 June 2016 - 02:55 PM

Results of screen317's Security Check version 1.014 --- 12/23/15  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Windows Defender   
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Spybot - Search & Destroy 
 Google Chrome (51.0.2704.103) 
 Google Chrome (51.0.2704.84) 
 Google Chrome (SetupMetrics.pma..) 
````````Process Check: objlist.exe by Laurent````````
 Spybot Teatimer.exe is disabled!
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast avastui.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````
 
 
Malwarebytes Anti Rootkit found no malware. :(
 

AdwCleaner,txt:

 

***** [ Files ] *****
 
 
***** [ DLL ] *****
 
 
***** [ WMI ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd
 
***** [ Web browsers ] *****
 
[C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : fcfenmboojpjinhpgggodefccipikbpd
 
*************************
 
C:\AdwCleaner\AdwCleaner[S1].txt - [998 bytes] - [25/06/2016 18:20:14]
C:\AdwCleaner\AdwCleaner[S2].txt - [914 bytes] - [29/06/2016 21:53:29]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [986 bytes] ##########
 

Edited by Akureyr, 29 June 2016 - 02:56 PM.


#4 Jo*

Jo*

  • Malware Response Team
  • 3,428 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:52 PM

Posted 29 June 2016 - 03:34 PM

Hello,

:step1: Run Malwarebytes Anti-Rootkit again: Right-click mbar.exe and select Run As Administrator
  • Scan your system for malware
  • If malware is found, click on the Cleanup
  • button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • then please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


:step2: Double click on AdwCleaner.exe to run the tool again.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • When the scan has finished, the actual line should say "Pending. Please uncheck elements you do not want to remove". Look through the scan results and uncheck any entries that you do not wish to remove.
  • This time, click on the Cleaning button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[C#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

***


:step3: Please download Junkware Removal Tool from HERE and save it to your desktop.
Shutdown your antivirus to avoid any potential conflicts.
Double click JRT.exe to run the tool.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • JRT will begin to backup your registry and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, the log JRT.txt is saved on your desktop and will automatically open.
Enable your antivirus!
Post the contents of JRT.txt into your next reply.


***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#5 Jo*

Jo*

  • Malware Response Team
  • 3,428 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:52 PM

Posted 02 July 2016 - 03:03 AM

Hi,

it has been several days since I sent my last set of instructions to help with your computer problem.

Please let me know if you are having problems and still need help.

Note: Thread will be closed if no response after 3 days.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#6 Akureyr

Akureyr
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:52 PM

Posted 02 July 2016 - 03:18 PM

Hello, sorry for the absence. My friend took a look at it today and found that there was an iSkySoft file in C\Users\[My Name]\AppData\Local\iSkySoft that was causing the issues after the iSkySoft program itself was uninstalled. After he deleted the file, I haven't found the startup issue anymore. It's strange that no programs considered it to be malware--after having another Malwarebytes Anti-Rootkit scan, the computer was once again deemed clean. Odd. 

 

I appreciate the help though! Without those initial scans turning up no malware I would have not asked my friend to take a look. I will return to this forum again if (God forbid) another mysterious issue like this occurs, or if something more serious (like a virus or Trojan) hits.



#7 Jo*

Jo*

  • Malware Response Team
  • 3,428 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:52 PM

Posted 02 July 2016 - 04:53 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users