Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer slow, browser hijacked


  • This topic is locked This topic is locked
6 replies to this topic

#1 dIRECT0R

dIRECT0R

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:46 PM

Posted 07 March 2017 - 11:14 AM

My computer is slow to the point of near non-functionality. My browser (Google Chrome) starts off on "motius.com", the settings are apparently gone, and the search engine looks off.
 
I ran Malwarebytes Threat Scan, quarantined the threats (scan results pasted below). I then ran JRT as admin, removed threats (JRT.txt pasted below). After that I continued to experience basically the same problems. So I ran FRST to get a fresh report: the latest FRST.txt & Addition.txt from said scan are posted below.
 
Thank you in advance for your time and assistance!
 
 
Malwarebytes (free version) Threat Scan results:
Spoiler

 

Here's JRT.txt:

Spoiler

 

 

 

After those two I ran FRST (64 bit). Here's FRST.txt:

Spoiler

 

..and here's Addition.txt:

Spoiler

 

I also attached the two latter files.

Attached Files


Edited by dIRECT0R, 08 March 2017 - 06:08 AM.


BC AdBot (Login to Remove)

 


#2 dIRECT0R

dIRECT0R
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:46 PM

Posted 08 March 2017 - 06:19 AM

UPDATE: In the meantime I used AdwCleaner and EEK. The computer seems to be working rather normally from what I can gauge - but my browser is still hijacked (if that's the correct term?). It always opens on "motius.com" and uses some kind of weird, suspicious Google Custom Search whenever I search online.

 

Here are the very latest FRST reports. FRST.txt:

Spoiler
 
..and Addition.txt:
Spoiler


#3 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,895 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:05:46 PM

Posted 08 March 2017 - 08:06 AM

dIRECTOR:

 
:welcome: to the Bleeping Computer Virus, Trojans, Spyware, and Malware Removal Logs Forum.  My name is Phil and I would like to address you by your first name, if that is alright with you since we will be working together.
 
I will be assisting you with your computer issues.  I will endeavor to respond within a reasonable time, normally 48 hours after your last post.
 
I will need some time to review your FRST logs.  That could take a day or two.
 
PLEASE DO NOT RUN ANY ADDITIONAL SCANS OR ANTI-MALWARE REMOVAL TOOLS UNTIL YOU HAVE RECEIVED A RESPONSE FROM ME.
Doing so would complicate the situation and it would cause further delays in resolving your issues.  It could also potentially result in harm to your computer because my "fix" will be based on the FRST scan logs you have already submitted.
 
Thank you and have a great day.
 
Regards,
-Phil

Graduate of the Bleeping Computer Malware Removal Study Hall


#4 dIRECT0R

dIRECT0R
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:46 PM

Posted 08 March 2017 - 08:12 AM

Understood, I won't be running any more tools. I just had to render my computer functional, but that's done now.

 

Thank you, look forward to hearing from you.


Edited by dIRECT0R, 08 March 2017 - 08:13 AM.


#5 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,895 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:05:46 PM

Posted 08 March 2017 - 09:38 AM

dIRECTOR:

Thank you for your post. I have started reviewing your newest FRST logs.

Before we start dealing with the problems you are experiencing, I would ask that you to take note of the following points:

  • I am a Bleeping Computer volunteer, so I ask you to be patient. I know it is frustrating when your computer is not working properly, but malware removal takes time.
  • Please also remember that I only dedicate a limited number of hours a day to helping people. We may live in different time zones, which may cause delays in responding.
  • If I have not responded to you within 48 hours, please send me a personal message. Likewise, I expect you to respond within 48 hours, and sooner is better because we can fix your computer faster.
  • If I have not heard from you in three days, I will "bump" your post. After five days of no response, I will consider that you no longer need my assistance and this thread will be closed.
  • Logs can take a while to research, so please be patient.
  • Some issues just cannot be solved so you must be prepared for this.
  • Please read and follow the instructions in the exact sequence that they are posted to avoid making a bad situation worse.
  • Please print or copy and save the instructions.
  • Back up all your data and important files on another (external) drive before starting to run malware removal tools.
  • You should try to limit your browsing with this computer until you are given the "All Clear." Some malware applications steal passwords.
  • Please do not install or uninstall any applications, unless directed. Don't run any scripts or tools on your own because unsupervised usage may cause more harm than good.
  • Please use only the tools you have been instructed to use.
  • If you are using CD/DVD emulation software, this should be uninstalled or disabled as it can interfere with the removal of some malware. It can be turned off with Defogger and then turned back on when you get the "All Clear."
  • Please copy and paste the requested log files inside your post, unless otherwise instructed.
  • There are no silly questions. Ask for clarification, if you have any questions or concerns.
  • Bleeping Computer does not support any piracy. Evidence of illegal OS, software, cracks/keygens, etc., will be revealed by scan logs, and if found, further assistance may be suspended. Uninstall such software before proceeding!
  • Any P2P software such as uTorrent, BitTorrent, Kazaa, etc. must be uninstalled or completely disabled. P2P software is a major security risk to your computer and may have been the route the malware used to infect your computer.
  • Failure to follow these guidelines may result in assistance being withdrawn and your thread being closed.
  • I am volunteering my time to help you, and I will need you to help me. Together, we can, hopefully, disinfect your computer and get if functioning properly again. That is my only aim.

.

OK, let's get started ...

.

Unfortunately, in going over your logs, I see evidence of a software utility, or utilities, used to evade software licensing requirements for one or more programs. You might not be aware of this program, so I am NOT accusing you of knowingly installing this on your computer.

Bleeping Computer does not condone software piracy. I am going to have to ask you to remove any and all software that you do not own, and to remove the software that is evading licensing requirements. If you are not aware of that software utility, or utilities, then you must agree, that as a part of my "fix" for your computer, I will remove/disable any, and all, such software, tasks, etc., designed to evade legal software licencing requirements that I detect in the scan logs.

If that is agreeable to you, then after you have uninstalled any illicit software or agreed to my proposed course of action, please run the following scan for me:


:step1: ckscanner.jpg Scan with CKScanner

Download CKScanner by askey127 and save it to your desktop.

  • Right-click on ckscanner.jpg icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • click Search For Files.
  • When finished, click Save List To File.
  • Remember to run this tool once only, if not asked to run it again.

Please copy and paste the content of CKFiles.txt into your next reply.

.


:step2: Please run a fresh FRST scan. Please copy and paste the contents of both the "FRST.txt" and "Addition.txt" scan logs into your next reply.

.

Thank you and have a great day.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#6 dIRECT0R

dIRECT0R
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:46 PM

Posted 08 March 2017 - 12:11 PM

I don't want to take up more of your time: I'm not entirely sure, but it looks like the issue has "gone away". Like I said above, the previous utilities I ran while waiting for a response fixed the CPU lag, and as for the browser issues, I just ran Google's cleanup utility for Chrome - and everything is back to normal there as well.

 

Thank you for your time, much appreciated.



#7 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,895 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:05:46 PM

Posted 08 March 2017 - 12:14 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Graduate of the Bleeping Computer Malware Removal Study Hall





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users