Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown entity affecting personal Wi-Fi hotspot(Win7)


  • Please log in to reply
3 replies to this topic

#1 altercrossf

altercrossf

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:38 PM

Posted 24 January 2017 - 09:42 PM

Hi there, first-time poster, trying to do the sensible thing and not run every tool I see for the sake of not talking to people. orz

 

I recently had an issue on my laptop with a browser hijack: it targeted Firefox specifically and tried to open some weird Russian website whose function I never learned because it kept running its head into NoScript. That part I've managed to clean up with a liberal dose of Malwarebytes and remembering what Safe Mode is. After cleanup, Malwarebytes and a brief visit by AVG have both assured me nothing is out of sorts.

 

Here's the new issue: my internet hotspot(a MiFi 2200) disconnects every 3-10 minutes while the laptop is connected to it. This does not happen when the laptop is booted in Safe Mode with Networking, nor does it happen with any other device on the network, at least one of which is also a Windows 7 SP1 PC. It also happened when I created a fresh user account, so this is something running in normal Windows that I can't suss out. Coincidentally, this only started happening after I cleaned up the aforementioned hijack.

 

As for error messages, well... there aren't any. The closest thing I can offer is from the system log of the hotspot, but that only shows "3G Disconnected/3G Connected" when it pops on and off. Clearly I'm missing something here, and I figure two or more heads are better than one flailing around wildly running every fix they come across like some kind of rabid cyberchondriac.

 

To clarify, I'm using a HP Compaq 6910p running Windows 7 Home Premium Edition with Service Pack 1. I have Malwarebytes Anti-malware actively installed, and should have no trouble downloading any tools mentioned in proceeding posts.



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,097 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:38 PM

Posted 25 January 2017 - 07:29 AM

Welcome to BC...

 

I won't be much help with the Hotspot other than to ask if you have cable or DSL at home.

Is it possible to reset the hotspot to default settings?

 

NoScript is a great add-on...I've used it since its existence.

 

Use the programs below to clean, remove adware and remove malware.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Download 51a5f31352b88-icon_MBAR.pngMalwarebytes Anti-Rootkit (MBAR) to your desktop.

  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click "Next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
  • "mbar-log-{date} (xx-xx-xx).txt"
  • "system-log.txt"

 

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message
  • download Security Check by glax24 and save the file to the Desktop
  • Run the tool by accepting all the Security prompts
  • when complete the tool will produce a log file C:\SecurityCheck\SecurityCheck.txt and also copy the contents to the Clipboard
  • Simply Paste the log to your reply

Edited by buddy215, 25 January 2017 - 11:07 AM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 altercrossf

altercrossf
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:38 PM

Posted 08 February 2017 - 08:39 PM

Sorry for the delay, things got a little hectic for a while on my end. I updated/downloaded everything you listed(my CCleaner was an entire version behind ._.), ran everything as specified, and to make the story told by the following logs short, nada. The only thing that even came up were a couple search engines on AdwCleanerbahaha it marked AOL as a threat, everything else is squeaky clean.

 

As for the hotspot itself, it's still disconnecting when the laptop's on it normally. I was hoping to avoid a factory reset on the hotspot, though I think it's on default settings anyway. If nothing else comes up, I'll try that; the fact that it's not acting up when the laptop's in Safe Mode is still peculiar to me, and points away from the hotspot being the issue, but hey, anything can happen.

 

Logs follow:

 

MBAntirootkit:

Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
  main:    v2017.02.03.11
  rootkit: v2016.11.20.01

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
SSW :: ACCEL-V2 [administrator]

2/3/2017 7:13:58 PM
mbar-log-2017-02-03 (19-13-58).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 312019
Time elapsed: 22 minute(s), 53 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

AdwCleaner:

# AdwCleaner v6.043 - Logfile created 03/02/2017 at 19:43:29
# Updated on 27/01/2017 by Malwarebytes
# Database : 2017-02-03.2 [Server]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : SSW - ACCEL-V2
# Running from : C:\Users\SSW\Desktop\adwcleaner_6.043.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

No malicious services found.


***** [ Folders ] *****

No malicious folders found.


***** [ Files ] *****

No malicious files found.


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

No malicious task found.


***** [ Registry ] *****

No malicious registry entries found.


***** [ Web browsers ] *****

No malicious Firefox based browser items found.
Chrome pref Found:  [C:\Users\SSW\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com
Chrome pref Found:  [C:\Users\SSW\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [2731 Bytes] - [14/01/2017 20:05:49]
C:\AdwCleaner\AdwCleaner[S0].txt - [2629 Bytes] - [14/01/2017 20:05:19]
C:\AdwCleaner\AdwCleaner[S1].txt - [1305 Bytes] - [03/02/2017 19:43:29]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1378 Bytes] ##########

JRT: (for whatever reason it didn't say it was running as admin even though it was; maybe Safe Mode confused it?)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 7 Home Premium x64 
Ran by SSW (Limited) on Fri 02/03/2017 at 19:49:33.16
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 8 

Successfully deleted: C:\Users\SSW\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2YXCAUWX (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\SSW\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FHJIUY94 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\SSW\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KTTQP1E3 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\SSW\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SBZ3NZ8J (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2YXCAUWX (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FHJIUY94 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KTTQP1E3 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SBZ3NZ8J (Temporary Internet Files Folder) 



Registry: 0 





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 02/03/2017 at 19:50:55.47
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SecurityCheck: (I uninstalled Unity and Deluge after)

SecurityCheck by glax24 & Severnyj v.1.4.0.46 [22.09.16]
WebSite: www.safezone.cc
DateLog: 03.02.2017 19:52:03
Path starting: C:\Users\SSW\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: SSW
VersionXML: 3.88is-02.02.2017
___________________________________________________________________________

Windows 7(6.1.7601) Service Pack 1 (x64) HomePremium Lang: English(0409)
Installation date OS: 14.03.2014 03:43:55
Boot Mode: Normal
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
SystemDrive: C: FS: [NTFS] Capacity: [74.4 Gb] Used: [53.7 Gb] Free: [20.7 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 9.0.8112.16421 Warning! Download Update
Online installation. Last version available when Windows update is enabled throught the Internet.
User Account Control disabled
The elevation prompt for administrators disabled
^It is recommended to enable: Win+R typing UserAccountControlSettings and Enter^
Automatically download and schedule installation
Date install updates: 2016-02-25 06:03:07
Windows Update (wuauserv) - The service has stopped
Security Center (wscsvc) - The service has stopped
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service has stopped
Remote Desktop Services (TermService) - The service has stopped
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
--------------------------- [ FirewallWindows ] ---------------------------
Windows Firewall (MpsSvc) - The service is running
--------------------------- [ AntiSpyware_WMI ] ---------------------------
Windows Defender (enabled and out of date)
-------------------------- [ SecurityUtilities ] --------------------------
Malwarebytes Anti-Malware version 2.2.1.1043 v.2.2.1.1043
--------------------------- [ OtherUtilities ] ----------------------------
7-Zip 9.20 (x64 edition) v.9.20.00.0 Warning! Download Update
Uninstall old version and install new one.
VLC media player 2.1.3 v.2.1.3 Warning! Download Update
WinRAR 5.10 (32-bit) v.5.10.0 Warning! Download Update
OpenOffice.org 3.4.1 v.3.41.9593 Warning! Download Update
--------------------------------- [ IM ] ----------------------------------
Skype™ 7.18 v.7.18.109 Warning! Download Update
^Optional update.^
--------------------------------- [ P2P ] ---------------------------------
Deluge 1.3.13 Warning! P2P-client.
-------------------------------- [ Java ] ---------------------------------
Java 8 Update 111 (64-bit) v.8.0.1110.14 Warning! Download Update
Uninstall old version and install new one (jre-8u121-windows-x64.exe).
Java SE Development Kit 8 Update 11 (64-bit) v.8.0.110 Warning! Download Update
Uninstall old version and install new one (jdk-8u121-windows-x64.exe).
Java 8 Update 111 v.8.0.1110.14 Warning! Download Update
Uninstall old version and install new one (jre-8u121-windows-i586.exe).
--------------------------- [ AdobeProduction ] ---------------------------
Adobe Flash Player 16 ActiveX v.16.0.0.235 Warning! Download Update
Adobe Flash Player 23 NPAPI v.23.0.0.205 Warning! Download Update
------------------------------- [ Browser ] -------------------------------
Google Chrome v.55.0.2883.87 Warning! Download Update
Mozilla Firefox 50.1.0 (x86 en-US) v.50.1.0 Warning! Download Update
----------------------------- [ EmailClient ] -----------------------------
Windows Live Mail v.16.4.3505.0912 Warning! This software is no longer supported.
------------------ [ AntivirusFirewallProcessServices ] -------------------
Windows Defender (WinDefend) - The service is running
---------------------------- [ UnwantedApps ] -----------------------------
Unity Web Player v.4.6.5f1 Warning! Application is distributed through the partnership programs and bundle assemblies. Uninstallation recommended. Possible you became a victim of fraud or social engineering.
----------------------------- [ End of Log ] ------------------------------
 



#4 buddy215

buddy215

  • Moderator
  • 13,097 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:38 PM

Posted 09 February 2017 - 10:29 AM

Suggest you follow through with all of the warnings/ suggestions in that Security report.

 

Found some info for you on the hotspot. Suggest you secure it and check for latest firmware. Every piece of hardware that has internet access are

being hacked by criminals for use such as botnets. Novatel MiFi 2200 Troubleshooting - iFixit

 

To be sure malware is not the problem...start a new topic in the malware removal forum by following the directions below.

 

Please follow the instructions in the Malware Removal and Log Section Preparation Guide starting at Step 6.

  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 6 there are instructions for downloading and running FRST which will create two logs.

When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.

Start a new topic, give it a relevant title and post your log(s) along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. If you cannot produce any of the required logs...start the new topic anyway. Explain that you followed the Prep. Guide, were unable to create the logs, and describe what happened when you tried to create them. A member of the Malware Removal Team will walk you through, step by step, on how to clean your computer.

After doing this, please reply back in this thread with a link to the new topic so we can close this one.

 

DO NOT bump your new topic. Wait for a response from one of the Team Members.


Edited by buddy215, 09 February 2017 - 10:30 AM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users