Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Serious Malware??? Any Help Please


  • This topic is locked This topic is locked
14 replies to this topic

#1 deepak123

deepak123

  • Members
  • 22 posts
  • OFFLINE
  •  

Posted 08 February 2017 - 07:22 AM

Please see the R kill log attached.

 

All those Host file Entries are unknown to me.

 

Further Windows defender was disabled using group policy. I was able to start windows defender after searching the internet for a solution.

 

Thanks in Advance for any help.Attached File  Rkill.txt   3.86KB   8 downloads


Edited by deepak123, 08 February 2017 - 07:23 AM.


BC AdBot (Login to Remove)

 


#2 satchfan

satchfan

  • Malware Response Team
  • 2,661 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:05:30 AM

Posted 08 February 2017 - 08:25 AM

Hello deepak123 and welcome to Bleeping Computer.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

===================================================

Note: Please follow these instructions in the order given.

===================================================

Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.

  • run AdwCleaner by clicking on Scan
  • when it has finished, leave everything that was found checked, (ticked), then click on Clean
  • if it asks to reboot, allow the reboot
  • on reboot a log will be produced; please attach the content of the log to your next reply.

===================================================

Download and run Junkware Removal Tool

Please download Junkware Removal Tool to your desktop.

  • shut down your protection software now to avoid potential conflicts.
  • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
  • the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
  • post the contents of JRT.txt into your next message.

===================================================

Run Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • press Scan button
  • it will produce a log called Frst.txt in the same directory the tool is run from
  • please copy and paste log back here.
  • the first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the Frst.txt into your reply.

================================================

Logs to include with next post:

AdwCleaner log
JRT.txt
Frst.txt
Addition.txt


Thanks

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#3 deepak123

deepak123
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  

Posted 09 February 2017 - 07:15 AM

In normal mode, the computer normally runs fine, but when I try to run some executables ( such as R kill), the system strangely goes into a delay( screen becomes dim), perhaps due to some malware. I am a person who hates malware on any system where I have to work.

 

Due to this, I ran These 3 tools on safe mode with networking( but net I disabled)

 

Before coming starting this topic, I had tried to do certain things myself.I uninstalled bit defender, etc.

 

Here are the logs.

Attached Files


Edited by deepak123, 09 February 2017 - 07:16 AM.


#4 satchfan

satchfan

  • Malware Response Team
  • 2,661 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:05:30 AM

Posted 09 February 2017 - 09:30 AM

Run McAfee removal tool

run McAfee Removal Tool

================================================

Run Farbar Recovery Scan Tool

Open notepad (Start >All Programs > Accessories > Notepad). Please copy the entire contents of the code box below and paste it into Notepad.

CloseProcesses:
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
URLSearchHook: [S-1-5-21-958976432-2076373573-842982437-1000] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-958976432-2076373573-842982437-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
S2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [291816 2015-04-02] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [196600 2015-02-17] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [348440 2016-11-14] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [327264 2016-11-14] (McAfee, Inc.)
S3 InnovativeSolutions_monitor; C:\Program Files\Common Files\Innovative Solutions\Advanced Uninstaller\InnovativeSolutions_monitor_Svr.exe [X]
S2 RarOmFXN; "C:\ProgramData\TvdDEp\RarOmFXN.exe" [X]
S2 SAService; %SystemRoot%\system32\SAsrv.exe [X]
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [61848 2015-02-17] (McAfee, Inc.)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [371480 2016-11-18] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [286720 2016-11-18] (McAfee, Inc.)
R0 mfedisk; C:\Windows\System32\DRIVERS\mfedisk.sys [82800 2015-02-17] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [371648 2015-02-17] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [704128 2016-11-18] (McAfee, Inc.)
S3 mfeplk; C:\Windows\System32\drivers\mfeplk.sys [95184 2016-11-18] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [217584 2015-02-17] (McAfee, Inc.)
S1 BAPIDRV; system32\DRIVERS\BAPIDRV.sys [X]
S3 eppvad_simple; system32\drivers\EMP_UDAU.sys [X]
2017-02-08 10:25 - 2017-02-08 10:33 - 00000000 ____D C:\Program Files\stinger
2017-02-07 16:35 - 2017-02-07 16:35 - 00000000 ____D C:\Program Files\McAfee.com
2017-02-07 16:35 - 2017-02-07 16:35 - 00000000 ____D C:\Program Files\McAfee
2017-02-07 16:28 - 2017-02-08 11:45 - 00000000 ____D C:\ProgramData\McAfee
2017-02-07 16:28 - 2017-02-07 16:36 - 00000000 ____D C:\Program Files\Common Files\McAfee
2017-02-07 16:28 - 2016-11-14 18:33 - 00327264 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe
2016-03-11 09:39 - 2016-03-11 09:39 - 0000000 _____ () C:\Users\CAD2\AppData\Local\{045C40D8-8AFC-4DA8-800D-0C8A4D70224A}
2015-07-01 10:59 - 2015-07-01 10:59 - 0000000 _____ () C:\Users\CAD2\AppData\Local\{1F0CE5FF-7F0E-46D4-8D9F-A33D23EE2DD2}
2015-06-25 12:49 - 2015-06-25 12:49 - 0000000 _____ () C:\Users\CAD2\AppData\Local\{301937ED-0BE7-44C8-B192-FEA2618F1E32}
2015-07-01 11:10 - 2015-07-01 11:10 - 0000000 _____ () C:\Users\CAD2\AppData\Local\{59533942-559A-41DE-ADCD-D67B57174323}
2015-11-05 10:14 - 2015-11-05 10:14 - 0000000 _____ () C:\Users\CAD2\AppData\Local\{887B6455-8D33-403D-A006-BD97BBF65523}
2014-12-19 11:22 - 2014-12-19 11:23 - 0000000 _____ () C:\Users\CAD2\AppData\Local\{EE1848FD-A2AC-4124-93AE-47988B8CDACD}
Task: {1662FD43-C344-4CCD-8A51-95FA24F4477A} - \PennyBee -> No File <==== ATTENTION
Task: {31A654C0-C1E9-4432-B553-48FCD9057BD0} - \ext_coupons_updating_service -> No File <==== ATTENTION
Task: {B33356E0-E4D3-4DFD-A406-B56414F3998A} - System32\Tasks\14bc4ca5-3f52-43af-9944-89431af19805 => C:\Program Files\HD+v2.1\9b52645e-3270-43ef-8b28-641c299b2721-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\14bc4ca5-3f52-43af-9944-89431af19805.job => C:\Program Files\HD+v2.1\9b52645e-3270-43ef-8b28-641c299b2721-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\McAfee Remediation (Prepare).job => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
FirewallRules: [{AD555D93-63D1-4D84-A50B-B625A608A574}] => C:\Program Files\360\Total Security\safemon\QHSafeTray.exe
FirewallRules: [{FAEF9BA8-3A80-4BC0-9D9A-C132EB6D2A83}] => C:\Program Files\360\Total Security\safemon\QHSafeTray.exe
FirewallRules: [{0D21B108-C1BD-4D40-8D94-96378B7CF060}] => C:\Program Files\360\Total Security\LiveUpdate360.exe
FirewallRules: [{9510979B-FA3D-4755-B805-F457C6DD7982}] => C:\Program Files\360\Total Security\LiveUpdate360.exe
FirewallRules: [{367EC332-57F9-4A47-A970-C19506112F35}] => C:\Program Files\360\Total Security\safemon\QHSafeTray.exe
FirewallRules: [{C3B6392E-1FB3-4038-BE46-44BA0F5CE57B}] => C:\Program Files\360\Total Security\safemon\QHSafeTray.exe
FirewallRules: [{6A6372C8-6FBF-4A81-80E2-0870C7156FFE}] => C:\Program Files\360\Total Security\LiveUpdate360.exe
FirewallRules: [{213AD44B-0821-4730-A8BF-CCF1119E60E9}] => C:\Program Files\360\Total Security\LiveUpdate360.exe
FirewallRules: [TCP Query User{59561516-2C0C-4517-BA1F-5EA93C4DC1A0}F:\recycler\s-8-5-23-8713238403-3200827108-865856167-7814\rwjylzew.exe] => F:\recycler\s-8-5-23-8713238403-3200827108-865856167-7814\rwjylzew.exe
FirewallRules: [UDP Query User{475EA8E2-BC12-4ED7-8C4A-AD9FA88FF480}F:\recycler\s-8-5-23-8713238403-3200827108-865856167-7814\rwjylzew.exe] => F:\recycler\s-8-5-23-8713238403-3200827108-865856167-7814\rwjylzew.exe
FirewallRules: [TCP Query User{13247AE8-4799-4E15-B684-75C4FABD08B6}C:\users\cad2\appdata\roaming\microsoft\windows\start menu\programs\startup\tvnsonxr.exe] => C:\users\cad2\appdata\roaming\microsoft\windows\start menu\programs\startup\tvnsonxr.exe
FirewallRules: [UDP Query User{65EEF188-5C88-4A96-870D-C10938853A88}C:\users\cad2\appdata\roaming\microsoft\windows\start menu\programs\startup\tvnsonxr.exe] => C:\users\cad2\appdata\roaming\microsoft\windows\start menu\programs\startup\tvnsonxr.exe
FirewallRules: [TCP Query User{7F65B645-84A7-4214-A729-7D702CEC847B}C:\program files\winzip\fahwindow32.exe] => C:\program files\winzip\fahwindow32.exe
FirewallRules: [UDP Query User{152C5906-012A-4CEB-B095-989CA11A2AAD}C:\program files\winzip\fahwindow32.exe] => C:\program files\winzip\fahwindow32.exe
FirewallRules: [{C1FC3121-88DA-4074-AC3A-CDB81077297A}] => C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\System32\drivers\cfwids.sys
C:\Windows\System32\drivers\mfeaack.sys
C:\Windows\System32\drivers\mfeavfk.sys
C:\Windows\System32\DRIVERS\mfedisk.sys
C:\Windows\System32\drivers\mfefirek.sys
C:\Windows\System32\drivers\mfehidk.sys
C:\Windows\System32\drivers\mfeplk.sys
C:\Windows\System32\drivers\mfewfpk.sys
C:\Users\CAD2\AppData\Local\{045C40D8-8AFC-4DA8-800D-0C8A4D70224A}
C:\Users\CAD2\AppData\Local\{1F0CE5FF-7F0E-46D4-8D9F-A33D23EE2DD2}
C:\Users\CAD2\AppData\Local\{301937ED-0BE7-44C8-B192-FEA2618F1E32}
C:\Users\CAD2\AppData\Local\{59533942-559A-41DE-ADCD-D67B57174323}
C:\Users\CAD2\AppData\Local\{887B6455-8D33-403D-A006-BD97BBF65523}
C:\Users\CAD2\AppData\Local\{EE1848FD-A2AC-4124-93AE-47988B8CDACD}
C:\Users\CAD2\HEjHibJJòmr6Òtvnsonxr.exe
C:\Windows\Tasks\McAfee Remediation (Prepare).job
C:\Program Files\360
C:\users\cad2\appdata\roaming\microsoft\windows\start menu\programs\startup\tvnsonxr.exe
C:\program files\winzip\fahwindow32.exe
EmptyTemp:

NOTE: this script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • save the files as fixlist.txt in the same folder as FRST – NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work
  • run FRST then click Fix just once and wait
  • it will create a log (Fixlog.txt); please post it to your reply.

================================================

Please run FRST again, this time in 'normal' mode and post the new log.

Logs to include with next post:

Fixlog.txt
New Frst.txt


Thanks

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#5 deepak123

deepak123
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  

Posted 11 February 2017 - 03:29 AM

Thank you very much Satchfan.

 

I had tried running McAfee removal tool but it failed(in safe mode). That was a anti-virus I had recently tried to install, but installation was not finished( perhaps due to power failure)I have No issues with existence of software. I can run it again, but found no point in running it.

 

Then,I ran the fix in safe mode , but the FRST failed to restart the computer then.

 

then I ran FRST in normal mode.

 

I think someone is remote accessing this computer.computer is running good. now did some other program disable windows defender???, which is again running after I deleted that registry key.

 

Attached File  Fixlog.txt   19.63KB   1 downloadsAttached File  FRST.txt   22.13KB   1 downloadsAttached File  Addition.txt   43.41KB   1 downloadsAttached File  Rkill.txt   3.97KB   1 downloads



#6 satchfan

satchfan

  • Malware Response Team
  • 2,661 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:05:30 AM

Posted 11 February 2017 - 10:43 AM

Regarding Windows Defender, it is pretty useless in Windows 7 and could be interfering with cleaning processes. I suggest you leave it disabled.

 

Please try the McAfee Removal Tool again in normal mode.

 

================================================

Run Security Check

Download Security Check by screen317 from here.

  • save it to your Desktop.
  • double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • a Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE: If you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED!, try rebooting the system and then run SecurityCheck again.

Satchfan

 

 

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#7 deepak123

deepak123
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  

Posted 13 February 2017 - 06:20 AM

This is checkup log.I am still to run removal tool.Attached File  checkup.txt   989bytes   2 downloads



#8 satchfan

satchfan

  • Malware Response Team
  • 2,661 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:05:30 AM

Posted 13 February 2017 - 06:31 AM

:thumbup2:


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#9 deepak123

deepak123
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  

Posted 14 February 2017 - 06:03 AM

What about the Host file Entries in the R- Kill log? What do they mean?

 

can they be some kind of threat? If yes, how to deal with them???

 

I found a article in malwarebytes blog showing they might be dangerous.

But I do not know if it applies to this computer


Edited by deepak123, 14 February 2017 - 06:04 AM.


#10 satchfan

satchfan

  • Malware Response Team
  • 2,661 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:05:30 AM

Posted 14 February 2017 - 10:22 AM

What about the Host file Entries in the R- Kill log

They are fine.

 

How did the removal tool go?


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#11 deepak123

deepak123
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  

Posted 16 February 2017 - 06:40 AM

The Removal tool seemed to work & restarted the computer.

 

The computer seems to run fine.



#12 satchfan

satchfan

  • Malware Response Team
  • 2,661 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:05:30 AM

Posted 16 February 2017 - 09:13 AM

Good. Let me know if there are no oustanding problems and you're ready to clean up the tools we've used.


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#13 deepak123

deepak123
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  

Posted 17 February 2017 - 01:35 PM

The computer is working fine. I have not noticed anything wrong up to now. I will tell if I notice. I reset the host file.

 

Once again, Thank you very much for your help.

 

This is a very helpful forum.



#14 satchfan

satchfan

  • Malware Response Team
  • 2,661 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:05:30 AM

Posted 17 February 2017 - 05:36 PM

Once again, Thank you very much for your help.

You're very welcome.

 

Your computer appears to be clean.

Now that you’re free from malware, as long as it seems to be running well, please follow these simple steps to tidy up your computer and decrease the likelihood of getting infected again:

Uninstall AdwCleaner

  • double click on adwcleaner.exe to run the tool
  • click on Uninstall
  • confirm with Yes.

===================================================

Download & run Delfix

  • download Delfix from here to remove many of the tools we've used during the cleaning process.
  • ensure “Remove disinfection tools” is checked.

Also place a checkmark next to:


o    Create registry backup
o    Purge system restore

  • click the Run button.

You can delete all other logs and programs we’ve used that are on your desktop. Just click on them and press Delete.

===================================================

Update installed programs

Your version of Java is out-of-date and need to be removed and updated.

Having the latest updates and removing old versions ensures there are no security vulnerabilities in your system.

Uninstall:


Java 8 Update 91
 

If you are prompted for an administrator password or confirmation, type the password or provide confirmation.

NEXT

Install the latest version of Java:

Java

NOTE – when you install Java, before clicking on Install, be sure to Uncheck “Install the Ask Toolbar and make Ask my default search provider”

Even though I just had you get the latest version of Java, there is a vulnerability with regards to Java and web browsers. Therefore, we recommend to disable java in web browsers.

More information can be found here.

===================================================

Recommended programs

SpywareBlaster. SpywareBlaster protects against bad ActiveX, it immunizes your PC against them. It blocks over 11,000 bad sites and uses no resources of your computer.

======================

Update and run Malwarebytes. This really is an excellent program that you should also update and run on a regular basis, probably weekly.

======================

It’s important to keep programs up to date so that malware doesn't exploit any old security flaws.

FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated.

======================

Download WOT

Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:


green if it's safe
yellow for caution
red for unsafe
 

You can download the WOT add-on for Firefox, Chrome, Internet Explorer, Opera, and Safari browsers. It does not slow down your browsing experience, it is easy to use and free. Just click “Download” and you are ready to go!

======================

MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

A couple of links with information here and here which can answer any questions you might have about installing/using it.

======================

Unchecky

Be careful when downloading free software. Many free programs come bundled with adware, many of which cause redirects/popups and verge on being malware. There is a program that automatically “unckecks” the boxes you may not notice when downloading programs.

Download and install Unchecky .

===================================================

I also recommend that you read the following:

Best Practices for Safe Computing - Prevention of Malware Infection by miekiemoes

Simple and easy ways to keep your computer safe and secure on the Internet  by Lawrence Abrams

I will keep this open for 24 hours in case you have any problems, after which I’ll close the topic.

Safe computing

Satchfan

 

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#15 satchfan

satchfan

  • Malware Response Team
  • 2,661 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:05:30 AM

Posted 18 February 2017 - 05:06 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users