Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with some kind of browser hijacker (browser keeps opening on its own)


  • This topic is locked This topic is locked
6 replies to this topic

#1 Vanch

Vanch

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:31 PM

Posted 28 February 2017 - 09:24 PM

I stupidly allowed a family member to access my PC for an hour yesterday, and it seems that whatever they went on (Bingo gambling sites I would assume) has now infected my PC.

 

My default browser (Firefox) keeps opening every 30 minutes or so on its own and going to random websites which are just full of ads, etc.  My homepage was also set to Mail.RU, which is malware as far as I know.

 

I have run Spybot Search & Destroy, AdAware, and Malwarebytes anti-malware although they didn't find much and the problem still seems to be persisting.

 

 

Anyway, I have attached the requested logs and will await any further instructions.

 

 

Regards.Attached File  FRST.txt   28.15KB   6 downloadsAttached File  Addition.txt   37.51KB   4 downloads

 

 

EDIT:  I think I may actually have a b2.ijquery11.com browser redirect issue.  I keep checking my browser history when the ad sites appear, and this website is always the first that is opened.  I checked online and it seems to be a known issue, but I won't mess around with anything until I get some advice here.

 

Thanks.


Edited by Vanch, 01 March 2017 - 01:49 AM.


BC AdBot (Login to Remove)

 


#2 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,623 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:05:31 PM

Posted 01 March 2017 - 01:14 PM

Vanch:

 
:welcome: to the Bleeping Computer Virus, Trojans, Spyware, and Malware Removal Logs Forum.  My name is Phil and I would like to address you by your first name, if that is alright with you since we will be working together.
 
I will be assisting you with your computer issues.  I will endeavor to respond within a reasonable time, normally 48 hours after your last post.
 
I will need some time to review your FRST logs.  That could take a day or two.
 
PLEASE DO NOT RUN ANY ADDITIONAL SCANS OR ANTI-MALWARE REMOVAL TOOLS UNTIL YOU HAVE RECEIVED A RESPONSE FROM ME.
Doing so would complicate the situation and it would cause further delays in resolving your issues.  It could also potentially result in harm to your computer because my "fix" will be based on the FRST scan logs you have already submitted.
 
Thank you and have a great day.
 
Regards,
-Phil

Member of the Unified Network of Instructors and Trusted Eliminators


#3 Vanch

Vanch
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:31 PM

Posted 01 March 2017 - 01:30 PM

Hi Phil, that's brilliant, I'll wait for your reply.  My name is Sam by the way.



#4 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,623 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:05:31 PM

Posted 02 March 2017 - 08:33 AM

Sam:

Thank you for your patience while I analyzed your FRST logs and for permission to address you by your first name.

In future, I would ask that you copy and paste, rather than attach, the content of all scan and fix logs that I request, into your replies. That makes it much faster for me to analyze. Thank you for your cooperation.

Before we start dealing with the problems you are experiencing, I would ask that you to take note of the following points:

  • I am a Bleeping Computer volunteer, so I ask you to be patient. I know it is frustrating when your computer is not working properly, but malware removal takes time.
  • Please also remember that I only dedicate a limited number of hours a day to helping people. We may live in different time zones, which may cause delays in responding.
  • If I have not responded to you within 48 hours, please send me a personal message. Likewise, I expect you to respond within 48 hours, and sooner is better because we can fix your computer faster.
  • If I have not heard from you in three days, I will "bump" your post. After five days of no response, I will consider that you no longer need my assistance and this thread will be closed.
  • Logs can take a while to research, so please be patient.
  • Some issues just cannot be solved so you must be prepared for this.
  • Please read and follow the instructions in the exact sequence that they are posted to avoid making a bad situation worse.
  • Please print or copy and save the instructions.
  • Back up all your data and important files on another (external) drive before starting to run malware removal tools.
  • You should try to limit your browsing with this computer until you are given the "All Clear." Some malware applications steal passwords.
  • Please do not install or uninstall any applications, unless directed. Don't run any scripts or tools on your own because unsupervised usage may cause more harm than good.
  • Please use only the tools you have been instructed to use.
  • If you are using CD/DVD emulation software, this should be uninstalled or disabled as it can interfere with the removal of some malware. It can be turned off with Defogger and then turned back on when you get the "All Clear."
  • Please copy and paste the requested log files inside your post, unless otherwise instructed.
  • There are no silly questions. Ask for clarification, if you have any questions or concerns.
  • Bleeping Computer does not support any piracy. Evidence of illegal OS, software, cracks/keygens, etc., will be revealed by scan logs, and if found, further assistance may be suspended. Uninstall such software before proceeding!
  • Any P2P software such as uTorrent, BitTorrent, Kazaa, etc. must be uninstalled or completely disabled. P2P software is a major security risk to your computer and may have been the route the malware used to infect your computer.
  • Failure to follow these guidelines may result in assistance being withdrawn and your thread being closed.
  • I am volunteering my time to help you, and I will need you to help me. Together, we can, hopefully, disinfect your computer and get if functioning properly again. That is my only aim.

.

OK, let's get started ...
 
.
 
Unfortunately, in going over your logs, I see evidence of a software utility, or utilities, used to evade software licensing requirements for one or more programs. You might not be aware of this program, so I am NOT accusing you of knowingly installing this on your computer.

Bleeping Computer does not condone software piracy. I am going to have to ask you to remove any and all software that you do not own, and to remove the software that is evading licensing requirements. If you are not aware of that software utility, or utilities, then you must agree, that as a part of my "fix" for your computer, I will remove/disable any, and all, such software, tasks, etc., designed to evade legal software licencing requirements that I detect in the scan logs.

If that is agreeable to you, then after you have uninstalled any illicit software, please run the following scan for me.

:step1: ckscanner.jpg Scan with CKScanner

Download CKScanner by askey127 and save it to your desktop.

  • Right-click on ckscanner.jpg icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • click Search For Files.
  • When finished, click Save List To File.
  • Remember to run this tool once only, if not asked to run it again.

Please copy and paste the content of CKFiles.txt into your next reply.

.

Thank you and have a great day.

Regards,
-Phil
 


Member of the Unified Network of Instructors and Trusted Eliminators


#5 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,623 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:05:31 PM

Posted 02 March 2017 - 09:48 AM

Sam:

 

I forgot to mention that when you have run the CKScanner program, I would then like you to run a fresh set of FRST scan logs for me.

 

Please run FRST again.  Please copy and paste the contents of the "FRST.txt" and "Addition.txt" files into your next reply.

 

Thank you and have a great day.

 

Regards,

-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#6 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,623 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:05:31 PM

Posted 05 March 2017 - 08:07 AM

Sam:

 
Are you still there?  Do you still require assistance?  It has been three days since I last posted to you.
 
According to Forum policy, topics must be concluded after five days of non-response from the Topic Starter.
 
If I have not heard from you in another two days, I will conclude your topic.  You can always reopen it by sending a Personal Message to a Moderator.
 
Thank you and have a great day.
 
Regards,
-Phil

Member of the Unified Network of Instructors and Trusted Eliminators


#7 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,623 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:05:31 PM

Posted 07 March 2017 - 10:02 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Member of the Unified Network of Instructors and Trusted Eliminators





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users