Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pop Up Says "Exploit.SWF.bd Virus" Has Infiltrated &Ask to Call 844-471-7727


  • Please log in to reply
11 replies to this topic

#1 techgnosis

techgnosis

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York City Area
  • Local time:11:00 AM

Posted 25 September 2016 - 08:40 PM

I believe I have some kind of malware/browser hijacker situation here.  I'm getting the following messages every often:

 

==============================================

Windows Firewall Security Damaged by Exploit.SWF.bd Virus

 

A suspicious connection was trying to access your logins, banking details & tracking your Internet activity

 

Windows Security Center and Firewall Services are disabled.  Error Code 0x8024402c.

 

Your TCP connection was blocked by your firewall.  Your account may be suspended until you take action.

 

Your personal information may have leaked.  IMMEDIATE RESPONSE REQUIRED.

 

Your hard disk has Exploit.SWF.bd Virus!  Please do not try to fix manually.  It may crash your data.

 

Please visit your nearest Windows Service Center or call Microsoft Windows Help Desk Now.

 

Customer Service:  1-844-471-7727 (toll free)

 

==============================================

 

Clearly that number above is not for Microsoft Windows Help Desk but for a site called 800notes.com, which seems to be a scam site.

 

Has anyone else been getting messages like this?  This doesn't seem to be ransom-ware and more like scam-ware.  However, sometimes, a broadcast is made that I must call this number to resolve the situation.

 

I use Chrome and Opera browsers.  Windows 8.1.  Now what I've also noticed is that either Opera or Chrome is downloading zipped setup folder to my C;\Users\Download folder every so often.  It is a zipped folder called Setup and there is a zipped application file also called "Setup".  When I right mouse click, no info regarding the file appears under "properties."  Could this be related to the above?

 

Have ran Eset virus, Hitman Pro, Malware Bytes but doesn't seem to think this is a virus file.


Edited by techgnosis, 25 September 2016 - 08:53 PM.


BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,254 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:00 AM

Posted 26 September 2016 - 06:47 AM

Often those 'call this number' popups can be gotten rid of by simply clearing the browser(s) caches...sometimes not so easy.

The unrequested download of zip files is something else. See if you can submit one of those files to be scanned by multiple security

programs at VirusTotal - Free Online Virus and Malware Scan . Please let me know what the results are by posting a link to the results.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 techgnosis

techgnosis
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York City Area
  • Local time:11:00 AM

Posted 26 September 2016 - 10:19 PM

Nothing detected.  But I know the malware/virus is still residing in the system.  

 

# AdwCleaner v6.020 - Logfile created 26/09/2016 at 23:08:35
# Updated on 14/09/2016 by ToolsLib
# Database : 2016-09-27.1 [Server]
# Operating System : Windows 8.1  (X64)
# Username : Sklel - RANDLESTER
# Running from : C:\Users\Sklel\Downloads\2016, 09-26\AdwCleaner.exe
# Mode: Scan
 
 
 
***** [ Services ] *****
 
No malicious services found.
 
 
***** [ Folders ] *****
 
No malicious folders found.
 
 
***** [ Files ] *****
 
No malicious files found.
 
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
 
***** [ WMI ] *****
 
No malicious keys found.
 
 
***** [ Shortcuts ] *****
 
No infected shortcut found.
 
 
***** [ Scheduled Tasks ] *****
 
No malicious task found.
 
 
***** [ Registry ] *****
 
No malicious registry entries found.
 
 
***** [ Web browsers ] *****
 
No malicious Firefox based browser items found.
No malicious Chromium based browser items found.
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [1660 Bytes] - [24/09/2016 21:41:53]
C:\AdwCleaner\AdwCleaner[C2].txt - [1849 Bytes] - [24/09/2016 21:48:37]
C:\AdwCleaner\AdwCleaner[R0].txt - [4168 Bytes] - [12/02/2015 00:26:30]
C:\AdwCleaner\AdwCleaner[R1].txt - [887 Bytes] - [16/02/2015 02:01:31]
C:\AdwCleaner\AdwCleaner[R2].txt - [951 Bytes] - [19/02/2015 01:56:55]
C:\AdwCleaner\AdwCleaner[R3].txt - [1009 Bytes] - [19/02/2015 01:58:39]
C:\AdwCleaner\AdwCleaner[S0].txt - [4629 Bytes] - [12/02/2015 00:32:16]
C:\AdwCleaner\AdwCleaner[S10].txt - [2162 Bytes] - [25/09/2016 18:19:02]
C:\AdwCleaner\AdwCleaner[S11].txt - [2236 Bytes] - [25/09/2016 20:46:50]
C:\AdwCleaner\AdwCleaner[S12].txt - [1638 Bytes] - [26/09/2016 23:08:35]
C:\AdwCleaner\AdwCleaner[S3].txt - [1751 Bytes] - [24/09/2016 21:41:33]
C:\AdwCleaner\AdwCleaner[S4].txt - [1948 Bytes] - [24/09/2016 21:47:17]
C:\AdwCleaner\AdwCleaner[S5].txt - [3576 Bytes] - [22/12/2015 02:56:22]
C:\AdwCleaner\AdwCleaner[S6].txt - [1882 Bytes] - [22/12/2015 03:17:48]
C:\AdwCleaner\AdwCleaner[S7].txt - [1940 Bytes] - [24/09/2016 22:00:39]
C:\AdwCleaner\AdwCleaner[S8].txt - [2013 Bytes] - [24/09/2016 22:28:35]
C:\AdwCleaner\AdwCleaner[S9].txt - [2086 Bytes] - [25/09/2016 17:14:19]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S12].txt - [2223 Bytes] ##########
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.8 (09.20.2016)
Operating System: Windows 8.1 x64 
Ran by Sklel (Administrator) on Mon 09/26/2016 at 23:10:52.12
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 0 
 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 09/26/2016 at 23:12:11.21
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Edited by techgnosis, 26 September 2016 - 10:20 PM.


#4 buddy215

buddy215

  • Moderator
  • 13,254 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:00 AM

Posted 27 September 2016 - 03:49 AM

What is happening that makes you think something malicious is still residing on your computer?

 

Were you able to submit one of the zip files for scanning?

 

Is the popup criminal's ad still popping up?

 

Post the three lists mentioned below using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 techgnosis

techgnosis
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York City Area
  • Local time:11:00 AM

Posted 27 September 2016 - 07:22 PM

Sorry, I forgot the first 2 steps.  It looks like it's some kind of malware.  Am I reading this correctly from the virus total site?

 

https://www.virustotal.com/en/file/3117e3c53f6db88a73d3455590ea43a07bba1d7ae487eac85a24dc5a5982fde9/analysis/1475021917/

 

Rising Malware.Heuristic!ET (rdm+) 20160927   AVware Cro-bit Ltd (fs) 20160927 VIPRE Cro-bit Ltd (fs) 20160928

#6 techgnosis

techgnosis
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York City Area
  • Local time:11:00 AM

Posted 27 September 2016 - 07:38 PM

Scheduled Tasks:
==============================
Yes Task Adobe Flash Player PPAPI Notifier Adobe Systems Incorporated C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_162_pepper.exe -check pepperplugin
Yes Task Adobe Flash Player Updater Adobe Systems Incorporated C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task Opera scheduled Autoupdate 1462899983 Opera Software C:\Program Files (x86)\Opera\launcher.exe --scheduledautoupdate $(Arg0)
No Task Optimize Start Menu Cache Files-S-1-5-21-2767479305-1133554152-2264245223-1002
Yes Task {C6DA6710-48ED-43F3-8769-9C29014B0AAF} Microsoft Corporation C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files\VDownloader\unins000.exe"
 
====================================================
Windows Startup
 
Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes HKLM:Run APSDaemon Apple Inc. "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
Yes HKLM:Run BtTray Qualcomm Atheros "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe"
Yes HKLM:Run BtvStack Qualcomm Atheros Commnucations "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe"
Yes HKLM:Run IAStorIcon Intel Corporation "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
Yes HKLM:Run iTunesHelper Apple Inc. "C:\Program Files\iTunes\iTunesHelper.exe"
No HKLM:Run Memeo AutoSync Memeo Inc. C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe --silent
No HKLM:Run Memeo Instant Backup Memeo Inc. C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui
Yes HKLM:Run RemoteControl10 CyberLink Corp. "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
Yes HKLM:Run RtHDVBg Realtek Semiconductor C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX4 
Yes HKLM:Run RTHDVCPL Realtek Semiconductor C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
Yes HKLM:Run Shwicon9106 C:\Program Files (x86)\Multimedia Card Reader(9106)\Shwicon9106.exe
Yes HKLM:Run SunJavaUpdateSched Oracle Corporation "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
No Startup User OneNote 2010 Screen Clipper and Launcher.lnk Microsoft Corporation C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
No Startup User Send to OneNote.lnk Microsoft Corporation C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
 
 
 


#7 buddy215

buddy215

  • Moderator
  • 13,254 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:00 AM

Posted 27 September 2016 - 08:58 PM

Is the criminal's popup ad still popping up?

 

The list of installed programs is missing.....You may have missed this:

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that. Delete the zip files in your download folder, too.

 

That file you submitted to be scanned is part of adware. Might be able to get rid of it after seeing the programs that are installed.....Check your add-ons/ extensions in your

browsers for anything relating to something like search protection....especially put there by free security programs. If you recognize one....delete it.

 

Disable these Tasks: Use CCleaner by clicking on each item and choosing Disable on the right.

Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task Opera scheduled Autoupdate 1462899983 Opera Software C:\Program Files (x86)\Opera\launcher.exe --scheduledautoupdate $(Arg0)
Yes Task {C6DA6710-48ED-43F3-8769-9C29014B0AAF} Microsoft Corporation C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files\VDownloader\unins000.exe"
 

Disable these Windows Startups: Use CCleaner by clicking on each item and choosing Disable on the right.

Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR

Yes HKLM:Run iTunesHelper Apple Inc. "C:\Program Files\iTunes\iTunesHelper.exe"


Edited by buddy215, 27 September 2016 - 09:07 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#8 techgnosis

techgnosis
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York City Area
  • Local time:11:00 AM

Posted 28 September 2016 - 12:09 AM

 
Is the criminal's popup ad still popping up?
 
It hasn't but if I am on the computer long enough, it usually does.  That setup file always downloads through Opera.  I've checked extensions for both Chrome (Google Docs & Google Docs Offline) and Opera (none).  
 
=====================
Are you sure this one is ok?
 
Yes Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
 
=====================
The list of installed programs
 
Adobe Acrobat Reader DC Adobe Systems Incorporated 8/4/2016 199 MB 15.017.20053
Adobe Flash Player 23 PPAPI Adobe Systems Incorporated 9/14/2016 19.5 MB 23.0.0.162
Amazon Amazon.com 7/10/2015 3.1.2.8
Amazon Kindle Amazon 3/28/2016 1.15.0.43061
Apple Application Support (32-bit) Apple Inc. 5/10/2016 117 MB 4.3
Apple Application Support (64-bit) Apple Inc. 5/10/2016 131 MB 4.3
Apple Mobile Device Support Apple Inc. 5/10/2016 28.5 MB 9.3.0.15
Apple Software Update Apple Inc. 5/10/2016 2.69 MB 2.2.0.150
Bonjour Apple Inc. 3/18/2016 2.01 MB 3.1.0.1
CCleaner Piriform 9/27/2016 5.22
CyberLink Media Suite Essentials CyberLink Corp. 3/31/2014 1.16 GB 10.0
Dell Backup and Recovery Dell Inc. 5/13/2013 1.0.0.6
Dell Backup and Recovery - Support Software Dell Inc. 5/13/2013 1.0.0.6
Dell Customer Connect Dell Inc. 9/15/2016 9.72 MB 1.4.10.0
Dell Digital Delivery Dell Products, LP 5/13/2013 2.2.2000.0
Dell Shop Dell Inc 5/29/2016 2.2.0.0
Dell Update Dell Inc. 12/23/2015 2.91 MB 1.7.1015.0
Dell WLAN and Bluetooth Client Installation Dell Inc. 5/13/2013 10.0
Dell | Getting Started with Windows 8 Dell Inc 4/2/2014 1.0.0.35
ESET NOD32 Antivirus ESET, spol. s r.o. 5/9/2016 111 MB 9.0.377.0
ESET Online Scanner v3 3/23/2016
Games Microsoft Corporation 4/4/2014 2.0.139.0
Google Chrome Google Inc. 6/2/2013 53.0.2785.116
HiJackThis Trend Micro 3/6/2016 369 KB 1.0.0
HitmanPro 3.7 SurfRight B.V. 9/25/2016 3.7.14.280
Intel® Management Engine Components Intel Corporation 12/23/2015 9.5.13.1706
Intel® Rapid Storage Technology Intel Corporation 12/23/2015 12.8.0.1016
iTunes Apple Inc. 5/10/2016 215 MB 12.3.3.17
Java 8 Update 73 Oracle Corporation 3/18/2016 88.6 MB 8.0.730.2
Kindle AMZN Mobile LLC 6/24/2015 2.1.0.2
Mail, Calendar, and People 11/25/2014
Malwarebytes Anti-Malware version 2.2.1.1043 Malwarebytes 3/19/2016 66.9 MB 2.2.1.1043
Maps Microsoft Corporation 9/11/2014 2.1.3230.2048
McAfee® Central for Dell McAfee Inc 6/4/2015 4.5.139.1
Memeo AutoSync Memeo Inc. 3/31/2014
Memeo Instant Backup Memeo Inc. 3/31/2014 4.60.0.7359
Memeo Share Memeo Inc. 3/31/2014 11.7 MB 3.1.0.3265
Microsoft Access database engine 2010 (English) Microsoft Corporation 9/15/2016 28.7 MB 14.0.6029.1000
Microsoft Office 365 - en-us Microsoft Corporation 9/19/2016 15.0.4859.1002
Microsoft Office Home and Student 2010 Microsoft Corporation 8/12/2015 14.0.7015.1000
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 5/13/2013 1.92 MB 3.1.0000
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 5/13/2013 4.84 MB 8.0.59193
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 5/13/2013 8.85 MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 6/20/2013 10.1 MB 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 Microsoft Corporation 12/23/2015 15.2 MB 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 Microsoft Corporation 12/23/2015 12.2 MB 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 Microsoft Corporation 1/24/2016 20.5 MB 11.0.61030.0
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Microsoft Corporation 2/12/2015 10.0.50903
Mozilla Firefox 45.0 (x86 en-US) Mozilla 3/14/2016 88.2 MB 45.0
Mozilla Maintenance Service Mozilla 3/14/2016 231 KB 45.0
Multimedia Card Reader Fitipower 5/13/2013 2.2.915.108
Music Microsoft Corporation 11/22/2014 2.6.476.0
NVIDIA 3D Vision Driver 326.60 NVIDIA Corporation 3/31/2014 326.60
NVIDIA Graphics Driver 326.60 NVIDIA Corporation 3/31/2014 326.60
NVIDIA HD Audio Driver 1.3.18.0 NVIDIA Corporation 5/13/2013 1.3.18.0
NVIDIA PhysX System Software 9.12.1031 NVIDIA Corporation 5/13/2013 9.12.1031
NVIDIA Update 1.14.17 NVIDIA Corporation 3/31/2014 1.14.17
Opera Stable 40.0.2308.62 Opera Software 9/24/2016 40.0.2308.62
Realtek Card Reader Realtek Semiconductor Corp. 12/23/2015 6.2.9200.30164
Realtek Ethernet Controller All-In-One Windows Driver Realtek 12/23/2015 8.18.621.2013
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 3/31/2014 6.0.1.6662
Realtek USB Audio Realtek Semiconductor Corp. 5/9/2016 6.3.9600.41
Seagate Drive Settings Installer Seagate Technologies LLC 6/18/2013 30.3 MB 1.00.0000
Shared C Run-time for x64 McAfee 5/13/2013 1.38 MB 10.0.0
Skype Skype 8/13/2014 3.1.0.1005
Sling Echostar 6/16/2016 67.0 MB 4.9.165
SUPERAntiSpyware SUPERAntiSpyware.com 3/31/2014 58.0 MB 5.6.1020
TurboTax 2012 Intuit, Inc 9/1/2015 2012.0
TurboTax 2013 Intuit, Inc 4/15/2014 2013.0
Update for Korean Microsoft IME Standard Dictionary Microsoft Corporation 4/13/2014 2.43 MB 16.0.662.1
Video Microsoft Corporation 11/14/2014 2.6.408.0
VLC media player VideoLAN 7/1/2016 2.2.4
Windows Help+Tips Microsoft Corporation 8/9/2014 6.3.9654.20559
Windows Live Essentials Microsoft Corporation 5/13/2013 16.4.3505.0912
Windows Scan Microsoft Corporation 11/5/2014 6.3.9654.17133


#9 buddy215

buddy215

  • Moderator
  • 13,254 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:00 AM

Posted 28 September 2016 - 05:56 AM

I don't know the latest concerning Opera...especially if the Chinese have any control over it at this point. But at one time it

was going to be purchased by Chinese and used for ad distribution, etc. I think you should consider not using it and uninstalling.

Chinese takeover of Norway's Opera fails, alternative proposed | Reuters

 

You can uninstall these Dell programs without causing any problems:

Dell Customer Connect Dell Inc. 9/15/2016 9.72 MB 1.4.10.0
Dell Digital Delivery Dell Products, LP 5/13/2013 2.2.2000.0
Dell Shop Dell Inc 5/29/2016 2.2.0.0
Dell Update Dell Inc. 12/23/2015 2.91 MB 1.7.1015.0
 
Uninstall these programs:
ESET Online Scanner v3 3/23/2016
HiJackThis Trend Micro 3/6/2016 369 KB 1.0.0
Java 8 Update 73 Oracle Corporation 3/18/2016 88.6 MB 8.0.730.2
McAfee® Central for Dell McAfee Inc 6/4/2015 4.5.139.1
Mozilla Firefox 45.0 (x86 en-US) Mozilla 3/14/2016 88.2 MB 45.0 (UNinstall or UPdate)
SUPERAntiSpyware SUPERAntiSpyware.com 3/31/2014 58.0 MB 5.6.1020
 
If you are not using these....uninstall: (I noted they were disabled in Startup)
Memeo AutoSync Memeo Inc. 3/31/2014
Memeo Instant Backup Memeo Inc. 3/31/2014 4.60.0.7359
Memeo Share Memeo Inc. 3/31/2014 11.7 MB 3.1.0.3265
 
Block Ad/ Tracking cookies from installing. Once blocked, run CCleaner to remove the existing ones.
 
If you don't have an ad blocker installed, I suggest this one:
 
After doing the above and the criminal's ad still pops up....you will need to start a new topic using the instructions below.
 

Please follow the instructions in the Malware Removal and Log Section Preparation Guide starting at Step 6.

  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 6 there are instructions for downloading and running FRST which will create two logs.

When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.

Start a new topic, give it a relevant title and post your log(s) along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. If you cannot produce any of the required logs...start the new topic anyway. Explain that you followed the Prep. Guide, were unable to create the logs, and describe what happened when you tried to create them. A member of the Malware Removal Team will walk you through, step by step, on how to clean your computer.

After doing this, please reply back in this thread with a link to the new topic so we can close this one.

 

DO NOT bump your new topic. Wait for a response from one of the Team Members.

 

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#10 techgnosis

techgnosis
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York City Area
  • Local time:11:00 AM

Posted 28 September 2016 - 10:18 PM

Ok, I've done all those and I even uninstalled Opera and installed Firefox instead.  I don't have the criminal message yet but within a minute of installing Firefox , I still did get some blocked messages from ESET, which said I'm accessing unsavory sites.  I never did.  I would get those messages ever so often when I was using Opera and Chrome.  Then after a while I would get the ransom/criminal message.  So not yet but I seem to be still experiencing the same pattern of browser redirecting, which is being blocked by ESET.

 

I wonder how that's possible when I just installed the latest Firefox .  I also took the steps above to disable all 3rd party cookies for both Chrome and Firefox .

 

Here're block messages from ESET.  What do you think?  Still post into a new thread?  Thanks.

 

Time;URL;Status;Application;User;IP address;Threat

9/28/2016 10:40:08 PM;http://widgets.outbrain.com/outbrain.js; Blocked by internal IP blacklist;C:\Program Files (x86)\Mozilla

 

Firefox\firefox.exe;RANDLESTER\Sklel;193.238.153.10;

9/28/2016 10:40:07 PM;http://widgets.outbrain.com/outbrain.js; Blocked by internal IP blacklist;C:\Program Files (x86)\Mozilla

 

Firefox\firefox.exe;RANDLESTER\Sklel;193.238.153.10;

9/28/2016 10:39:54 PM;http://cdn.engine.4dsply.com/Scripts/infinity.js.aspx?guid=b10a68e0-0178-42b1-a256-afeb4b619d52;Blocked by internal IP blacklist;C:\Program

 

Files (x86)\Mozilla Firefox\firefox.exe;RANDLESTER\Sklel;193.238.153.10;

9/28/2016 8:38:07 PM;http://widgets.outbrain.com/images/widgetIcons/play_100x100.png;Blocked by internal IP blacklist;C:\Program Files


Edited by techgnosis, 28 September 2016 - 10:19 PM.


#11 buddy215

buddy215

  • Moderator
  • 13,254 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:00 AM

Posted 29 September 2016 - 03:46 AM

If you downloaded Firefox from a site other than Download Firefox — Free Web Browser — Mozilla then you may have picked up some adware.

If that is the case, please do a clean uninstall of Firefox by first uninstalling from your list of installed programs. Then do a search on your computer

for Mozilla and a search for Mozilla Firefox. Delete all that is found which will include your Firefox profile.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#12 techgnosis

techgnosis
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York City Area
  • Local time:11:00 AM

Posted 29 September 2016 - 05:53 PM

Ok, thanks so much.  The ad block is definitely working and it makes a difference.  However, it does stall often and I have to kill the website.  I did download Firefox from their site.  Clearly there are still issues with the computer.  I'll follow your instructions re Malware Removal and Log Section Preparation Guides.  Thanks.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users