Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My new computer is indeed infected


  • This topic is locked This topic is locked
18 replies to this topic

#1 ArchmageHisummoner

ArchmageHisummoner

  • Members
  • 193 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Baltimore
  • Local time:12:13 PM

Posted 25 September 2016 - 10:08 AM

Hello all,

 

It has been a while since I have been on bleeping computer. I am glad to see the site is still going strong. I costumed built my gaming computer through Ibuypower around February of this year to replace my old crappy computer. It comes installed with Windows 10. A few days ago, I noticed the computer was acting strange. The windows start button does not work when I try to left click on it and the right click shortcut menu takes 10-15 seconds to pop up when I click on an icon. Also, about 3 weeks after owning the computer my windows 10 firewall became disabled and I have not been able to re enable it for months now. Yesterday, many of my games began crashing unexpectedly and the same happened when I tried to do a malwarebytes scan. Today, I am constantly being redirected every time I go a new website and even when I am trying to post on the forums here. 

 

I know you are all busy and I will be very patient in waiting for you offer assistance. However, since I have used your website before, I am fairly versed in removing malware and other viruses after being helped so many times. I will try to use ESET online scanner and Malwarebytes again this time in safemode and see if that helps. Oh and I have attached the addition.txt file to this post.


Sincerely,

Myron Mason


BC AdBot (Login to Remove)

 


#2 ArchmageHisummoner

ArchmageHisummoner
  • Topic Starter

  • Members
  • 193 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Baltimore
  • Local time:12:13 PM

Posted 25 September 2016 - 10:10 AM

Here is the log.

Attached Files


Sincerely,

Myron Mason


#3 ArchmageHisummoner

ArchmageHisummoner
  • Topic Starter

  • Members
  • 193 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Baltimore
  • Local time:12:13 PM

Posted 25 September 2016 - 01:39 PM

Update

 

I tried to use ESET Online scanner, but even that crashed on me. I am at wits end as I am not sure what I can use for windows 10.


Sincerely,

Myron Mason


#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,940 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:13 PM

Posted 26 September 2016 - 08:30 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===


I need to see the FRST log that was created by the Farbar tool.
Please post it in with your next reply.

Wait for further instructions.

#5 ArchmageHisummoner

ArchmageHisummoner
  • Topic Starter

  • Members
  • 193 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Baltimore
  • Local time:12:13 PM

Posted 26 September 2016 - 03:34 PM

I have attached the requested files for you to review.

Attached Files


Sincerely,

Myron Mason


#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,940 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:13 PM

Posted 27 September 2016 - 08:49 AM

Try these suggestions to enable your Firewall.
http://windowsreport.com/cant-activate-firewall-windows-10/

===
Windows Start menu problems.
https://support.microsoft.com/en-us/help/12385/windows-10-troubleshoot-problems-opening-start-menu-cortana

===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} =>  No File
CHR Extension: (Chrome Web Store Payments) - C:\Users\Myron Mason\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-22]
CHR HKLM-x32\...\Chrome\Extension: [nogdfjjfhknacchjpiccacoimeelkajb] - hxxps://clients2.google.com/service/update2/crx
S3 vmci; \SystemRoot\System32\drivers\vmci.sys [X]
S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X]
C:\Users\Myron Mason\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-22]
FirewallRules: [{BB9C391E-B04C-41B8-A432-E9B82BC06558}] => (Block) C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe
FirewallRules: [{42522D42-914A-42F6-84D0-252F95E2E8AF}] => (Block) C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe
FirewallRules: [UDP Query User{079644C1-EC1D-4AD2-B539-11DA441FBCD1}C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe
FirewallRules: [TCP Query User{C4BD55F3-D1A8-4227-B4E5-7432CB412D9F}C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe
FirewallRules: [TCP Query User{86D63589-CD48-4FCB-9B6C-9F9854449C26}C:\program files (x86)\askpartnernetwork\toolbar\updater\tbnotifier.exe] => (Block) C:\program files (x86)\askpartnernetwork\toolbar\updater\tbnotifier.exe
FirewallRules: [UDP Query User{3B6A60C0-53D6-4A65-BFD3-56D7FA1BC6CE}C:\program files (x86)\askpartnernetwork\toolbar\updater\tbnotifier.exe] => (Block) C:\program files (x86)\askpartnernetwork\toolbar\updater\tbnotifier.exe
FirewallRules: [TCP Query User{0C4EB1F9-0548-477A-A9B6-E02B483E83AC}C:\program files (x86)\java\jre1.8.0_77\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_77\bin\javaw.exe
FirewallRules: [UDP Query User{A4A7D10F-9BE0-4B39-BA4B-B8D3C2345E09}C:\program files (x86)\java\jre1.8.0_77\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_77\bin\javaw.exe
FirewallRules: [TCP Query User{64BA3339-9296-49F7-B0CC-1A4828641F9B}C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [UDP Query User{A28EF885-E200-4BFE-A924-6A0B05422733}C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [TCP Query User{F1FDE8DB-6D2A-4A5E-BA61-08BFCE3D438A}C:\program files (x86)\java\jre1.8.0_91\bin\java.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_91\bin\java.exe
FirewallRules: [UDP Query User{5AFECAF2-C92B-4D1B-A7B8-AB2B4BF0BD37}C:\program files (x86)\java\jre1.8.0_91\bin\java.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_91\bin\java.exe

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please post the log and let me know what problem persists.

Edited by nasdaq, 27 September 2016 - 08:50 AM.


#7 ArchmageHisummoner

ArchmageHisummoner
  • Topic Starter

  • Members
  • 193 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Baltimore
  • Local time:12:13 PM

Posted 27 September 2016 - 07:57 PM

Well I did as you asked, and the computer entered into a blue screen of death and fixed an error before restarting. I am not sure if it was suppose to do that, but it did make the log. I am still being redirected, getting pop up ads, and the right click menu is still very slow to load up.

Attached Files


Sincerely,

Myron Mason


#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,940 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:13 PM

Posted 28 September 2016 - 10:43 AM

If this is the fixlog you got then something went wrong.

Did you create a filist.txt file?
What is saved in the same folder where the Farbar tool is located.?

Please run it again and post a fresh fixlog.txt for my review.

#9 ArchmageHisummoner

ArchmageHisummoner
  • Topic Starter

  • Members
  • 193 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Baltimore
  • Local time:12:13 PM

Posted 28 September 2016 - 07:15 PM

I moved the program and all of the .txt files to its own folder and it worked. I have attached the new fixlog.txt for you to review.

Attached Files


Sincerely,

Myron Mason


#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,940 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:13 PM

Posted 29 September 2016 - 08:23 AM

How is the computer running now?

#11 ArchmageHisummoner

ArchmageHisummoner
  • Topic Starter

  • Members
  • 193 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Baltimore
  • Local time:12:13 PM

Posted 29 September 2016 - 09:03 AM

It is the same as before. I am still being redirected on the internet, strange ads and pop ups on websites, the right click short cut menu is taking too long to open, and some programs are sluggish. The windows menus is still acting funny, but I will look at the links you post.


Edited by ArchmageHisummoner, 29 September 2016 - 09:03 AM.

Sincerely,

Myron Mason


#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,940 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:13 PM

Posted 29 September 2016 - 09:19 AM

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

Restart Chrome.

If the problem persists run these tools.

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or above, right-click the program file and select "Run as Administrator"
  • Accept the user agreements.
  • Execute the scan and wait until it has finished.
  • If a Windows opens to explain what [PUM's] are, read about it.
  • Click the RoguKiller icon on your taksbar to return to the report.
  • Click open the Report
  • Click Export TXT button
  • Save the file as ReportRogue.txt
  • Click the Remove button to delete the items in RED
  • Click Finish and close the program.
  • Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.
=======

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 3 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.

rkill.exe
rkill.com
rkill.scr

It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested on another computer and then transfer them to the desktop of the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive.

When completed it will create a log. Please post the content on your next reply.

===

#13 ArchmageHisummoner

ArchmageHisummoner
  • Topic Starter

  • Members
  • 193 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Baltimore
  • Local time:12:13 PM

Posted 29 September 2016 - 08:43 PM

Well I reset google chrome browser and the redirects and ads are gone. The results of the rootkill scan came back negative for anything. I will check the links to see if I can fix the window button and the firewall. Right click on icons still takes a few seconds longer than it should, but the computer seems fine I suppose.

Attached Files


Sincerely,

Myron Mason


#14 ArchmageHisummoner

ArchmageHisummoner
  • Topic Starter

  • Members
  • 193 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Baltimore
  • Local time:12:13 PM

Posted 29 September 2016 - 08:54 PM

So none of the firewall solutions work. Every time I try to start it, it just does not respond. And I cannot even update my computer. Everytime I retry it just says it failed to update some of the files. I still feel something is going on with my computer.


Sincerely,

Myron Mason


#15 ArchmageHisummoner

ArchmageHisummoner
  • Topic Starter

  • Members
  • 193 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Baltimore
  • Local time:12:13 PM

Posted 29 September 2016 - 09:02 PM

Task manager freezes up on me and even getting to settings and other programs are slow; this is so strange.


Sincerely,

Myron Mason





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users