Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Amazon Account Info Hacked & Malware Bytes Not Scanning


  • Please log in to reply
10 replies to this topic

#1 d3v1lducky

d3v1lducky

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas
  • Local time:11:10 PM

Posted 07 January 2017 - 01:15 PM

I'm pretty sure my computer is infected. The biggest red flags I've encountered so far are someone was able to gift themselves a $13 e-book through Amazon with my account information. Then, I got the full version of Malwarebytes and any time it does a scan, it takes one second and finds nothing wrong. 

 

Other weird things that are happening are when I scroll over a picture on FB, it blinks black, the progress bar on videos doesn't move unless I mouse over it, my printer randomly picks a different tray to print from, videos freeze but sound continues. Also, when I type an address in the address bar of a new tab, it doesn't show up. It's just blank until I hit enter and then it does go to the site.

 

I'm using Windows 10 and my virus protections are Windows Defender and Malwarebytes.

 

Thank you in advance to anyone who can help!


Edited by d3v1lducky, 07 January 2017 - 01:32 PM.


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:10 AM

Posted 11 January 2017 - 07:28 PM

Please download AdwCleaner and perform a scan following these instructions.-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

Copy and paste the contents of AdwCleaner[CX].txt in your next reply.



Please download Emsisoft Emergency Kit and perform a scan following these instructions.Copy and paste the contents of EEK's log (a2scan_Date-Time.txt) in your next reply.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 d3v1lducky

d3v1lducky
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas
  • Local time:11:10 PM

Posted 11 January 2017 - 09:06 PM

# AdwCleaner v6.042 - Logfile created 11/01/2017 at 20:08:02
# Updated on 06/01/2017 by Malwarebytes
# Database : 2017-01-11.1 [Server]
# Operating System : Windows 10 Home  (X64)
# Username : madem - DESKTOP-CTK8O4S
# Running from : C:\Users\madem\Downloads\AdwCleaner (1).exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
 
 
***** [ Folders ] *****
 
 
 
***** [ Files ] *****
 
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
[-] Key deleted: HKU\S-1-5-21-2575844175-868003686-4260135442-1001\Software\APN PIP
[#] Key deleted on reboot: HKCU\Software\APN PIP
[#] Key deleted on reboot: [x64] HKCU\Software\APN PIP
 
 
***** [ Web browsers ] *****
 
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [991 Bytes] - [21/08/2016 14:09:57]
C:\AdwCleaner\AdwCleaner[C2].txt - [1016 Bytes] - [11/01/2017 20:08:02]
C:\AdwCleaner\AdwCleaner[S0].txt - [1128 Bytes] - [21/08/2016 14:09:32]
C:\AdwCleaner\AdwCleaner[S1].txt - [1412 Bytes] - [11/01/2017 20:05:02]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1235 Bytes] ##########

Edited by d3v1lducky, 11 January 2017 - 09:10 PM.


#4 d3v1lducky

d3v1lducky
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas
  • Local time:11:10 PM

Posted 11 January 2017 - 09:12 PM

After reboot I got a message from Malewarebytes saying, "Real-Time Protection Layers Turned Off One or more Real-Time Protection layers are turned off. turn on all Real-Time Protection layers to block and prevent threats." So I clicked Turn On.

 

Then Malewarebytes did a scan. Here are the results of it. Should I be worried that it says "Rootkits disabled?"

 

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 1/11/17
Scan Time: 8:10 PM
Logfile: mbscanresults.txt
Administrator: Yes
 
-Software Information-
Version: 3.0.5.1299
Components Version: 1.0.43
Update Package Version: 1.0.974
License: Premium
 
-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: System
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 388293
Time Elapsed: 2 min, 58 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 0
(No malicious items detected)
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)

Edited by d3v1lducky, 11 January 2017 - 09:16 PM.


#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:10 AM

Posted 11 January 2017 - 09:56 PM

Did you run the Emsisoft Scan?

Nothing of significance in your AdwCleaner scan report.

Malwarebytes Anti-Rootkit was integrated into the scanner starting in MBAM v2.0 but it is not enabled by default. If "Scan for rootkits" is enabled, it will increase the length of the average scan time from previous versions and sometimes cause the scanner to freeze (hang) or even crash. This defeats the purpose of routinely using the recommended "Threat Scan" to quickly check the most prevalent places for active malware..

Why is scan for rootkit off by default?.

Because rootkit scanning tends to take substantially longer, due to how thorough and low-level this is, Scan for rootkit is disabled by default. However, rootkit scanning is an important part of the protection offered by Malwarebytes Anti-Malware. As such, we recommend that users schedule a weekly scan that incorporates rootkit scanning, in addition to their existing scans.


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 d3v1lducky

d3v1lducky
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas
  • Local time:11:10 PM

Posted 11 January 2017 - 09:58 PM

Emsisoft Emergency Kit - Version 12.0
Last update: 1/11/2017 8:48:26 PM
User account: DESKTOP-CTK8O4S\madem
Computer name: DESKTOP-CTK8O4S
OS version: Windows 10x64 
 
Scan settings:
 
Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files
 
Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Direct disk access: Off
 
Scan start: 1/11/2017 8:54:53 PM
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96} detected: Application.AdReg (A) []
 
Scanned 83029
Found 1
 
Scan end: 1/11/2017 8:57:02 PM
Scan time: 0:02:09
 
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96} Application.AdReg (A)
 
Deleted 1


#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:10 AM

Posted 12 January 2017 - 06:53 AM

Again, nothing of significant concern and no sign of a malware infection.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 d3v1lducky

d3v1lducky
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas
  • Local time:11:10 PM

Posted 12 January 2017 - 01:47 PM

Okay, so do you think there's not an infection? What could cause these weird glitches I'm experiencing? When I try to type in a new website address, it doesn't show up in the address bar until after I've hit enter. So, I'll be typing but there's no text showing. Also, on Facebook, when I try to reply to someone's post, it won't post it. The cursor just stays at the end of the sentence. But then, when I go back to the post later, the reply is there. It's very strange. Why did the settings on Malewarebytes change? I'm sorry for so many questions. I just want to make sure. 



#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:10 AM

Posted 12 January 2017 - 02:40 PM

I can only go by what the actual scan logs show (what was detected, removed) and your description of whatever signs or symptoms of infection you are experiencing.

As for Malwarebytes, there have been reports of various issues and glitches with the new version so that may be something you want to ask them about at the Malwarebytes 3.0 Support Forum so the development team can investigate.

If you want a more comprehensive look at your system for possible malware by experts, there are advanced tools which can be used to investigate but they are not permitted in this forum. Please follow the instructions in the Malware Removal and Log Section Preparation Guide. When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.

If you choose to post a log, please reply back in this thread with a link to the new topic.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 d3v1lducky

d3v1lducky
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas
  • Local time:11:10 PM

Posted 17 January 2017 - 02:41 PM

Okay, thank you so much!



#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:10 AM

Posted 17 January 2017 - 02:55 PM

You're welcome.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users