Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

WaterFox Warning "Security Update Error 0xB6201879"


  • This topic is locked This topic is locked
5 replies to this topic

#1 DM2-Inc

DM2-Inc

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:29 PM

Posted 12 September 2016 - 01:02 PM

Normally I think I'm a pretty good web surfer, but this morning WaterFox displayed the below message while on "Underwriter Laboratories" site so I don't think it's an issue with the web page.

Message:

 

A username and password are being requested by http://will.manufacturevs.top. The site says:
"Security Update Error 0xB6201879 Help Desk: +1 (888) 944-5714 (TOLL-FREE)"

What I've done so far:

  1. Ran "AdwCleanear" version 6.010 - I allowed AdwCleaner to clean the check issues (there were 25), and rebooted.
  2. Ran "Farbar Recovery Scan Tool", 64 bit version because that's my OS.  I ran this as the Administrator and saved both the "FRST.TXT" and "Addition.txt", which are uploaded in this post
  3. Ran "Junkware Removal Tool" as an administrator and have uploaded the "JRT.TXT" file in this post.

My System:

  • Computer - Dell Precision M6800
  • Memory - 32Mb
  • OS - Windows 7, Service Pack 1, 64 Bit

I've restarted WaterFox and haven't seen the message posted in "Quote" above yet, but it's only been about 1 hour.

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,922 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:29 PM

Posted 13 September 2016 - 07:50 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Nothing suspicious was found on your logs.
I suggest you clean these items.

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll => No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin HKU\S-1-5-21-4109533768-3781963708-1875491839-1132: LWA64Plugin15.8 -> C:\Users\DMarr.AFP\AppData\Roaming\Mozilla\Plugins\npLWAPlugin15.8.dll [No File]
CHR Extension: (Google Wallet) - C:\Users\DMarr.AFP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-18]
S3 SWUMX20; no ImagePath
S1 CSN5PDTS82; System32\Drivers\CSN5PDTS82.sys [X]
S1 rkcllttd; \??\C:\Windows\system32\drivers\rkcllttd.sys [X]
C:\Users\DMarr.AFP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Let me know if you have any issues with this computer.

#3 DM2-Inc

DM2-Inc
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:29 PM

Posted 13 September 2016 - 08:33 AM

Odd that you didn't find anything in the log files I submitted.  It must simply have been the web site I was at.

 

I've uploaded the "FIXLOG.TXT" file.

 

Thanks for your help...

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,922 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:29 PM

Posted 13 September 2016 - 12:02 PM

There could be some remnant items that have not been reported.
====

When time permits run this online scan.

Please scan your computer with ESET Online Scanner.
  • Click on this link to open ESET Online Scanner in a new window.
    • Click on the Scan Now button to download the esetonlinescanner_enu.exe file. Save it to your Desktop.
    • Close all your programs and browsers.
    • Please disable your antivirus program to avoid potential conflicts, improve the performance and speed up the scan.
    • Double click on esetonlinescanner_enu.exe to start ESET Online Scanner. It will open a window with the Terms of Use.
  • Check mark Download latest version of ESET Online Scanner and click the Accept button.
  • Accept any security warnings that may appear.
  • Under Computer scan settings, check mark Enable detection of potentially unwanted applications.
  • Then click Advanced settings and check mark the following options:
    • Enable detection of potentially unsafe applications
    • Clean threats automatically
  • Click the Scan button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats.
  • Click Export, and save the file to your Desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
Note: If nothing is found, it will not produce a log.

Please re-enable your antivirus program.
===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

#5 DM2-Inc

DM2-Inc
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:29 PM

Posted 14 September 2016 - 07:07 AM

NASDAQ,

I didn't want you to think I forgot about you so It thought I'd give you an update on the progress.

 

I started the scan yesterday, but had to cancel it because I started it too late in the day and had to head to the house (had to shutdown my laptop).  I'm starting again this morning and will advise when it's complete. 



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,922 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:29 PM

Posted 20 September 2016 - 09:47 AM

Are you still with me?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users