Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

mail.ru problem with chrome/firefox


  • This topic is locked This topic is locked
5 replies to this topic

#1 defraz

defraz

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:35 PM

Posted 02 February 2017 - 03:29 PM

Hi,

 

2 days ago I ran a infected Russian .exe file to complete a fresh installation of win7 on my new hp laptop (cheapest around but good for my job). Operative system is windows7 SP1 ultimate fresh installed. But with that I downloaded some unwanted programs to my computer. The virus open mail.ru homepage on the browser, and aggressively open spam pages and/or redirect on the browsers, then directs me various advertising sites. I scanned my computer with AVG that detected something at first but now doesn't see anything irregular.

I dowloaded FRST64 and i attach the scanning results.

 

I hope there is a way to avoid reinstalling everything and learn something about win security, i'm a long time linux, mac and also (less) windows user but never got this trojan, in Italy we say that the stupid hour come for everyone.

 

It's really amazing to have a place to ask for help and for someone who can teach you something so i would like to thank you in advance for your time and effort.

 

Best

Enrico

Attached Files



BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,692 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:07:35 AM

Posted 02 February 2017 - 07:13 PM

Welcome. :)

Download the attached file and save it in the same directory FRST64 is saved.
  • Start FRST64 with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.
Please copy and paste its contents in your next reply.

Please download Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
  • Download AdwCleaner from here. Save the file to the desktop.

    Download AdwCleaner from here
    NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

    Close all open windows and browsers.
    • XP users: Double click the AdwCleaner icon to start the program.
    • Vista/7/8/10 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
      You will see the following console:
    AdwScan.jpg?
    • Click the Scan button and wait for the scan to finish.
    • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
    • Click the Clean button.
    • Everything checked will be deleted.
    • When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this
    adwcleaner_delete_restart.jpg
    • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 defraz

defraz
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:35 PM

Posted 03 February 2017 - 10:40 AM

Hi, thank you for your help,

 

i went through the suggested step and i attach the related logs.

 

Browsers seems more clean, even if some popup window try again to open (controlled by avast).

 

Can i make again cleaning?

Or try to redo some step?

 

Thank you

Enrico

 

p.s. how can i male a donation to help your work?

Attached Files



#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,692 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:07:35 AM

Posted 03 February 2017 - 03:28 PM

Except for the fixlist.txt, you may update and run these applications, and I am sure it will help. For the fixlist.txt, you must be a trained user for the FRST application.
 
Lets see if your computer is completely clean.
 

  • Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.

Extra Note:
 
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

The log is available throughout History ->Application logs. Please post it contents in your next reply.

 

ESETOnline.png Scan with ESET Online Scanner

Temporarily disable your AntiVirus and AntiSpyware protection - instructions here.

  • Please visit the ESET Online Scanner website
  • Click the SCAN NOW button to download the esetonlinescanner_enu.exe file to the Desktop
  • Double click esetonlinescanner_enu.exe. Accept the Terms of Use
  • Select Enable detection of potentially unwanted applications
  • In Advanced Settings: make sure that Clean threats automatically is unchecked 
  • And Enable detection of potentially unsafe applications, Enable detection of suspicious applications, Scan archives, and Enable Anti-Stealth technology are all checked.
  • Click Scan
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan.
  • When completed it'll show a list of "Threats found", click beneath it on Save to text file.... and save it as ESET log.txt on your Desktop.
  • Then click Do not clean. Place a checkmark at Delete application's data on close, click Finish and close the program.

Don't forget to re-enable previously switched-off protection software!


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,692 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:07:35 AM

Posted 12 February 2017 - 09:13 PM

Are you still with us?


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,692 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:07:35 AM

Posted 18 February 2017 - 02:41 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.


Edited by JSntgRvr, 18 February 2017 - 10:44 PM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users