Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Audio "Trojan Horse" Message and Tab: Help!


  • Please log in to reply
10 replies to this topic

#1 jono'sbook

jono'sbook

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:08:01 PM

Posted 27 February 2017 - 02:15 PM

Hi.

 

Today I was interrupted by the sudden opening of a new tab (in Chrome, Windows 10) and audio saying I'd been subjected to a Trojan horse. I did not click anything in the tab, but I had to hold the Power button on my computer and restart. I then ran CCleaner and MalwareBytes. Am I okay now, or is there something more I can do?

 

Please help!


Edited by hamluis, 27 February 2017 - 02:18 PM.
Moved from MRL to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,313 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:01 PM

Posted 28 February 2017 - 03:10 PM

If you are not seeing the criminal's ad since rebooting then that problem is solved. But there may be adware on the computer that permitted that

ad to show or some legit ad purveyor or website was involved.

 

You can block ads using an ad blocker such as Adblock Plus. If you haven't got one and install it then be sure to click on its ABP icon at the

top of each browser it is installed in and choose Filter Preferences. Then UNcheck the box next to Allow some non-intrusive advertisements.

Adblock Plus - Chrome Web Store   Adblock Plus :: Add-ons for Firefox  Adblock Plus for IE   Adblock Plus for Edge browser

 

You can block the ad and tracking cookies from installing in your browsers. Once blocked...run CCleaner to remove the existing ones.

How to disable third-party cookies in all major web browsers

 

Use the programs below remove adware and remove malware.

 

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

download Zemana AntiMalware and install it

  • Run the application
  • Click "Next" and then Scan
  • When the scan has finished click Next to remove any threats.
  • Click the bars in the top right corner to display the logs, double click your log
  • copy and paste the log into your reply

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 jono'sbook

jono'sbook
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:08:01 PM

Posted 02 March 2017 - 09:40 AM

Okay, thanks. I'll do all of that later today.



#4 jono'sbook

jono'sbook
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:08:01 PM

Posted 05 March 2017 - 10:19 AM

  # AdwCleaner v6.044 - Logfile created 05/03/2017 at 10:01:46 # Updated on 28/02/2017 by Malwarebytes # Database : 2017-03-02.1 [Server] # Operating System : Windows 10 Home  (X64) # Username : Larry - MOBEY2 # Running from : C:\Users\Larry\Desktop\AdwCleaner.exe # Mode: Clean # Support : https://www.malwarebytes.com/support 

 
 
 
***** [ Services ] ***** 
 
 
 
***** [ Folders ] ***** 
 
[-] Folder deleted: C:\Users\Larry\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof 
 
 
***** [ Files ] ***** 
 
 
 
***** [ DLL ] ***** 
 
 
 
***** [ WMI ] ***** 
 
 
 
***** [ Shortcuts ] ***** 
 
 
 
***** [ Scheduled Tasks ] ***** 
 
 
 
***** [ Registry ] ***** 
 
 
 
***** [ Web browsers ] ***** 
 
[-] [C:\Users\Larry\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com [-] [C:\Users\Larry\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com [-] [C:\Users\Larry\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: mysearch.avg.com 
[-] [C:\Users\Larry\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: ndibdjnfmopecpmkdieinmbadjfpblof 
 
 
************************* 
 
:: "Tracing" keys deleted :: Winsock settings cleared 
 
************************* 
 
C:\AdwCleaner\AdwCleaner[C0].txt - [1335 Bytes] - [05/03/2017 10:01:46] C:\AdwCleaner\AdwCleaner[S0].txt - [1633 Bytes] - [05/03/2017 09:54:56] 
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1481 Bytes] ########## 


#5 jono'sbook

jono'sbook
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:08:01 PM

Posted 05 March 2017 - 10:30 AM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.1 (02.11.2017)
Operating System: Windows 10 Home x64 
Ran by Larry (Administrator) on Sun 03/05/2017 at 10:24:01.44
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 1 
 
Successfully deleted: C:\Users\Larry\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof (Folder) 
 
 
 
Registry: 2 
 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{13754B8C-506E-461F-9E44-020173B2CA75} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{13754B8C-506E-461F-9E44-020173B2CA75} (Registry Key)
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 03/05/2017 at 10:26:51.79
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#6 jono'sbook

jono'sbook
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:08:01 PM

Posted 05 March 2017 - 10:48 AM

Zemana AntiMalware 2.72.179.101 (Installed)
 
-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2017/3/5
Operating System       : Windows 10 64-bit
Processor              : 4X Intel® Core™ i5-5200U CPU @ 2.20GHz
BIOS Mode              : UEFI
CUID                   : 1221845F80F78CAC9918E7
Scan Type              : System Scan
Duration               : 11m 28s
Scanned Objects        : 68530
Detected Objects       : 0
Excluded Objects       : 0
Read Level             : Normal
Auto Upload            : Enabled
Detect All Extensions  : Disabled
Scan Documents         : Disabled
Domain Info            : WORKGROUP,0,2
 
Detected Objects
-------------------------------------------------------
 
No threats detected


#7 buddy215

buddy215

  • Moderator
  • 13,313 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:01 PM

Posted 05 March 2017 - 10:58 AM

The first two scans removed AVG's adware....Search Protect...

 

Last scan:

  • download Security Check by glax24 and save the file to the Desktop
  • Run the tool by accepting all the Security prompts
  • when complete the tool will produce a log file C:\SecurityCheck\SecurityCheck.txt and also copy the contents to the Clipboard
  • Simply Paste the log to your reply

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#8 jono'sbook

jono'sbook
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:08:01 PM

Posted 05 March 2017 - 01:16 PM

SecurityCheck by glax24 & Severnyj v.1.4.0.46 [22.09.16]
WebSite: www.safezone.cc
DateLog: 05.03.2017 13:12:54
Path starting: C:\Users\Larry\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: Larry
VersionXML: 3.98is-04.03.2017
___________________________________________________________________________
 
Windows 10(6.3.14393) (x64) Core Lang: English(0409)
Installation date OS: 10.09.2016 20:33:32
LicenseStatus: Windows®, Core edition The machine is permanently activated.
LicenseStatus: Office 15, OfficeO365HomePremR_SubTrial5 edition Windows is in Notification mode
LicenseStatus: Office 15, OfficeO365HomePremR_Grace edition Windows is in Notification mode
Boot Mode: Normal
Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
SystemDrive: C: FS: [NTFS] Capacity: [903.7 Gb] Used: [55.2 Gb] Free: [848.5 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 11.576.14393.0
User Account Control enabled
Automatically download and schedule installation
Windows Update (wuauserv) - The service is running
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service is running
Remote Desktop Services (TermService) - The service has stopped
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
------------------------------ [ MS Office ] ------------------------------
Microsoft Office 2007 v.12.0.6612.1000
---------------------------- [ Antivirus_WMI ] ----------------------------
Windows Defender (enabled and up to date)
McAfee Anti-Virus and Anti-Spyware (disabled)
---------------------------- [ Firewall_WMI ] -----------------------------
McAfee Firewall
--------------------------- [ AntiSpyware_WMI ] ---------------------------
Windows Defender (enabled and up to date)
McAfee Anti-Virus and Anti-Spyware (disabled)
---------------------- [ AntiVirusFirewallInstall ] -----------------------
McAfee LiveSafe v.15.0.179
-------------------------- [ SecurityUtilities ] --------------------------
Malwarebytes Anti-Malware version 2.2.1.1043 v.2.2.1.1043
Zemana AntiMalware v.2.72.101
--------------------------- [ OtherUtilities ] ----------------------------
7-Zip 9.20 (x64 edition) v.9.20.00.0 Warning! Download Update
Uninstall old version and install new one.
--------------------------------- [ IM ] ----------------------------------
Skype™ 7.31 v.7.31.104 Warning! Download Update
^Optional update.^
--------------------------- [ AppleProduction ] ---------------------------
Bonjour v.3.0.0.10 Warning! Download Update
^Please use Apple Software Update tool.^
Bonjour Service (Bonjour Service) - The service is running
--------------------------- [ AdobeProduction ] ---------------------------
Adobe Shockwave Player 12.0 v.12.0.4.144 Warning! Download Update
------------------------------- [ Browser ] -------------------------------
Google Chrome v.56.0.2924.87
Mozilla Firefox 45.0.1 (x86 en-US) v.45.0.1 Warning! Download Update
--------------------------- [ RunningProcess ] ----------------------------
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe v.56.0.2924.87
------------------ [ AntivirusFirewallProcessServices ] -------------------
C:\Program Files\Common Files\McAfee\systemcore\mfemms.exe v.15.4.0.822
McAfee Validation Trust Protection Service (mfevtp) - The service is running
C:\Windows\System32\mfevtps.exe
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe v.1.4.1.681
McAfee Firewall Core Service (mfefire) - The service is running
C:\Program Files\Common Files\McAfee\systemcore\mfefire.exe v.15.4.0.822
McAfee AP Service (McAPExe) - The service is running
C:\Program Files\mcafee\msc\McAPExe.exe v.15.0.179.0
McAfee Personal Firewall Service (McMPFSvc) - The service is running
C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe v.6.0.151.0
C:\PROGRA~1\COMMON~1\McAfee\platform\McUICnt.exe v.8.0.150.0
McAfee CSP Service (mccspsvc) - The service is running
C:\Program Files\Common Files\McAfee\CSP\1.9.829.0\McCSPServiceHost.exe v.1.9.829.0
McAfee Scanner (McODS) - The service has stopped
McAfee Service Controller (mfemms) - The service is running
C:\Program Files\Common Files\McAfee\systemcore\mfemms.exe v.15.4.0.822
McAfee Module Core Service (ModuleCoreService) - The service is running
C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe v.1.3.118.0
McAfee Home Network (HomeNetSvc) - The service is running
McAfee VirusScan Announcer (McNaiAnn) - The service is running
McAfee OOBE Service2 (McOobeSv2) - The service has stopped
McAfee Platform Services (mcpltsvc) - The service is running
McAfee Proxy Service (McProxy) - The service is running
McAfee Boot Delay Start Service (mcbootdelaystartsvc) - The service is running
McAfee Platform Services (mcpltsvc) - The service is running
C:\Program Files\Windows Defender\MsMpEng.exe v.4.10.14393.0
C:\Program Files\Windows Defender\MpCmdRun.exe v.4.10.14393.0
C:\Program Files\Windows Defender\NisSrv.exe v.4.10.14393.0
Windows Defender Service (WinDefend) - The service is running
Windows Defender Network Inspection Service (WdNisSvc) - The service is running
ZAM Controller Service (ZAMSvc) - The service is running
C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe v.2.72.0.101
---------------------------- [ UnwantedApps ] -----------------------------
WildTangent Games v.1.0.4.0 Warning! Application is distributed through the partnership programs and bundle assemblies. Uninstallation recommended. Possible you became a victim of fraud or social engineering.
Update Installer for WildTangent Games App << Hidden Warning! Application is distributed through the partnership programs and bundle assemblies. Uninstallation recommended. Possible you became a victim of fraud or social engineering.
WildTangent Games App for HP v.4.0.11.14 << Hidden Warning! Application is distributed through the partnership programs and bundle assemblies. Uninstallation recommended. Possible you became a victim of fraud or social engineering.
Skype Click to Call v.8.5.0.9167 Warning! Browser's toolbar. It can slow down the working of your browser and have violation privacy problems.
----------------------------- [ End of Log ] ------------------------------


#9 buddy215

buddy215

  • Moderator
  • 13,313 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:01 PM

Posted 05 March 2017 - 02:01 PM

Uninstall these programs:

Wild Tangent Games

Skype Click To Call

 

Update These programs:

Firefox....open Firefox > click on Help > click on About > Check for Udate > Udate to 51 or later version

Adobe Shockwave Player 12.0 v.12.0.4.144 Warning! Download Update

 

That's it...happy surfin'


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#10 jono'sbook

jono'sbook
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:08:01 PM

Posted 05 March 2017 - 02:12 PM

Thanks. Y'know what? YOU'RE THE BEST!



#11 buddy215

buddy215

  • Moderator
  • 13,313 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:01 PM

Posted 06 March 2017 - 10:21 AM

You're welcome....


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users