Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Speedyfiledownloader.com "Your Adobe Flash player is out of Date" adware/virus


  • Please log in to reply
13 replies to this topic

#1 FatherofSquirrel

FatherofSquirrel

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:07:07 PM

Posted 20 February 2017 - 06:23 PM

I am on a Dell Windows 10 operating system.

I use google chrome for my web browser.

I have MBAM and Avast free for my protection.

I run ADWare cleaner, JRT, and TFC weekly to bi weekly.

 

When I am on EasyBib.com (a free citation website) I have to turn off adblocker to use for free. All was well and good until today. Now when I am on EasyBib and try to cite a reference, I get the following pop up.

 

Speedyfiledownloader.com warning

"Adobe Flash player is out of date. Update now."

 

I googled this and many cites said this was adware which would download a virus.

 

I ran MBAM Avast, Adware Cleaner, and Hitman Pro. 

All said no malicious files found.

I feel like this little bugger is hiding.

 

I need to be able to use EasyBib for my research papers.

 

Thank you for your help.

Tad


Edited by FatherofSquirrel, 20 February 2017 - 06:24 PM.


BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,134 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:07 PM

Posted 20 February 2017 - 07:55 PM

There may be something on your computer causing the popup and may not be. It could be that one of the

ad servers that show their ads on that site is deliberately allowing that popup or the ad server has been tricked or compromised.

 

Give these two programs a chance to find adware on your computer. Clean the computer using CCleaner.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

Please download Zemana AntiMalware and install it

  • Run the application
  • Click "Next" and then Scan
  • When the scan has finished click Next to remove any threats.
  • Click the bars in the top right corner to display the logs, double click your log
  • copy and paste the log into your reply

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 FatherofSquirrel

FatherofSquirrel
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:07:07 PM

Posted 20 February 2017 - 09:59 PM

JRT

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 10 Home x64 
Ran by Tad (Administrator) on Mon 02/20/2017 at 21:49:00.23
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 0 
 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 02/20/2017 at 21:52:53.55
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#4 FatherofSquirrel

FatherofSquirrel
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:07:07 PM

Posted 20 February 2017 - 10:22 PM

zemana log

 

Zemana AntiMalware 2.72.2.101 (Installed)
 
-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2017/2/20
Operating System       : Windows 10 64-bit
Processor              : 4X Intel® Core™ i3-5015U CPU @ 2.10GHz
BIOS Mode              : UEFI
CUID                   : 00D51DDB90FBD7464854AB
Scan Type              : System Scan
Duration               : 11m 26s
Scanned Objects        : 56920
Detected Objects       : 0
Excluded Objects       : 0
Read Level             : SCSI
Auto Upload            : Enabled
Detect All Extensions  : Disabled
Scan Documents         : Disabled
Domain Info            : WORKGROUP,0,2
 
Detected Objects
-------------------------------------------------------
 
No threats detected


#5 buddy215

buddy215

  • Moderator
  • 13,134 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:07 PM

Posted 21 February 2017 - 05:40 AM

I visited that site yesterday. For ten bucks a month you won't see any ads. Seems rather expensive.

 

Are you still seeing the malicious ad? As you know the scans found nothing. Are you seeing that ad on

any other site? If not, I would think there is nothing on your computer causing the ad to appear.

 

  • Please download Security Check by glax24 and save the file to the Desktop
  • Run the tool by accepting all the Security prompts
  • when complete the tool will produce a log file C:\SecurityCheck\SecurityCheck.txt and also copy the contents to the Clipboard
  • Simply Paste the log to your reply

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#6 FatherofSquirrel

FatherofSquirrel
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:07:07 PM

Posted 21 February 2017 - 08:40 AM

I was just on EasyBib. It didn't pop up yet. 

I will post the Security check shortly.

Thanks.



#7 FatherofSquirrel

FatherofSquirrel
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:07:07 PM

Posted 21 February 2017 - 08:43 AM

Security check

SecurityCheck by glax24 & Severnyj v.1.4.0.46 [22.09.16]
WebSite: www.safezone.cc
DateLog: 21.02.2017 08:41:20
Path starting: C:\Users\Tad\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: Tad
VersionXML: 3.93is-18.02.2017
___________________________________________________________________________
 
Windows 10(6.3.14393) (x64) Core Lang: English(0409)
Installation date OS: 25.09.2016 12:23:02
LicenseStatus: Windows®, Core edition The machine is permanently activated.
Boot Mode: Normal
Default Browser: Microsoft Edge (C:\WINDOWS\system32\LaunchWinApp.exe)
SystemDrive: C: FS: [NTFS] Capacity: [918.1 Gb] Used: [88 Gb] Free: [830.1 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 11.576.14393.0
User Account Control enabled
 
Windows Update (wuauserv) - The service has stopped
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service is running
Remote Desktop Services (TermService) - The service is running
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
---------------------------- [ Antivirus_WMI ] ----------------------------
Avast Antivirus (enabled and up to date)
Windows Defender (disabled and up to date)
--------------------------- [ FirewallWindows ] ---------------------------
Windows Firewall (MpsSvc) - The service is running
--------------------------- [ AntiSpyware_WMI ] ---------------------------
Windows Defender (disabled and up to date)
Avast Antivirus (enabled and up to date)
---------------------- [ AntiVirusFirewallInstall ] -----------------------
Avast Free Antivirus v.17.1.2286
Sophos Virus Removal Tool v.2.5.6
-------------------------- [ SecurityUtilities ] --------------------------
Malwarebytes Anti-Malware version 2.2.1.1043 v.2.2.1.1043
Secunia PSI (3.0.0.11005) v.3.0.0.11005
Zemana AntiMalware v.2.72.101
--------------------------- [ OtherUtilities ] ----------------------------
7-Zip 15.14 (x64) v.15.14 Warning! Download Update
Uninstall old version and install new one.
7-Zip 16.02 (x64 edition) v.16.02.00.0 Warning! Download Update
Uninstall old version and install new one.
Foxit Reader v.8.2.0.2051
OpenOffice 4.1.3 v.4.13.9783
------------------------------- [ Browser ] -------------------------------
Google Chrome v.56.0.2924.87
--------------------------- [ RunningProcess ] ----------------------------
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe v.56.0.2924.87
------------------ [ AntivirusFirewallProcessServices ] -------------------
Avast Antivirus (avast! Antivirus) - The service is running
C:\Program Files\AVAST Software\Avast\AvastSvc.exe v.17.1.3394.0
aswbIDSAgent (aswbIDSAgent) - The service is running
C:\Program Files\AVAST Software\Avast\AvastUI.exe v.17.1.3394.42
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe v.2.3.173.0
MBAMScheduler (MBAMScheduler) - The service is running
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe v.3.1.7.0
MBAMService (MBAMService) - The service is running
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe v.3.2.21.0
Windows Defender Service (WinDefend) - The service has stopped
Windows Defender Network Inspection Service (WdNisSvc) - The service has stopped
ZAM Controller Service (ZAMSvc) - The service is running
C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe v.2.72.0.101
----------------------------- [ End of Log ] ------------------------------


#8 buddy215

buddy215

  • Moderator
  • 13,134 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:07 PM

Posted 21 February 2017 - 08:55 AM

Sometimes the website or the ad server will spot the malicious ad or someone like yourself will report it to the website and

the ad is prevented from displaying. Good that you knew not to click on it.

 

Security Check shows you run a tight ship.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#9 FatherofSquirrel

FatherofSquirrel
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:07:07 PM

Posted 21 February 2017 - 09:35 AM

Okay. Thank you.

 

Yeah, I've learned to be suspicious of every fix or update I haven't requested.

 

Should I delete Zemana or just keep it and use it as a back up? 

I didn't know if it would slow down my computer.

 

Thank you for all of your help.



#10 buddy215

buddy215

  • Moderator
  • 13,134 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:07 PM

Posted 21 February 2017 - 10:17 AM

Whether to keep Zemana or not is up to you. I think I would delete and reinstall the free version when needed so as to have the latest version.

It won't slow down your computer. It doesn't offer real time protection, so it doesn't use any of your computer resources except when you perform a scan.

 

You're welcome...happy surfin'


Edited by buddy215, 21 February 2017 - 10:18 AM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#11 FatherofSquirrel

FatherofSquirrel
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:07:07 PM

Posted 21 February 2017 - 09:51 PM

I appreciate your help so far.

 

But now I my avast is popping up with a threat detected warning.

It identifies it as a 

 

VBS:Malware-gen

 

But when I run avast it doesn't find anything.

 

Can you help me with this?

I just ran MBAM and it found no threats either.


Edited by FatherofSquirrel, 21 February 2017 - 09:51 PM.


#12 FatherofSquirrel

FatherofSquirrel
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:07:07 PM

Posted 21 February 2017 - 09:54 PM

I did just read an article on the avast forum about a potential false positive. So I am not sure what to do now.

Thanks.



#13 buddy215

buddy215

  • Moderator
  • 13,134 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:07 PM

Posted 22 February 2017 - 06:00 AM

If you get that warning again today after cleaning the computer with CCleaner....then I suggest you start a new topic in the malware removal forum.

Use the instructions below for posting in the malware removal forum.

 

Please follow the instructions in the Malware Removal and Log Section Preparation Guide starting at Step 6.

  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 6 there are instructions for downloading and running FRST which will create two logs.

When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.

Start a new topic, give it a relevant title and post your log(s) along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. If you cannot produce any of the required logs...start the new topic anyway. Explain that you followed the Prep. Guide, were unable to create the logs, and describe what happened when you tried to create them. A member of the Malware Removal Team will walk you through, step by step, on how to clean your computer.

After doing this, please reply back in this thread with a link to the new topic so we can close this one.

 

DO NOT bump your new topic. Wait for a response from one of the Team Members.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#14 buddy215

buddy215

  • Moderator
  • 13,134 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:07 PM

Posted 22 February 2017 - 11:19 AM

I just responded to another user of Avast...the same VBS:Malware-gen report from Avast.

I suggest if you are not having any problems that could be caused by malware or adware to hold off for today and

wait for Avast to update a couple of times before taking further action.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users