Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can someone help me with this virus? ''clkmon''


  • Please log in to reply
11 replies to this topic

#1 VictorV

VictorV

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Naples
  • Local time:03:47 PM

Posted 31 March 2017 - 01:18 PM

Hi everyone , lately i noticed that everytime i make a research on google, some weird results appear. https://gyazo.com/a117ad84add0a79010fa9dd13755de32

also, when i'm browsing online some weird pages like scam and ads may appear, like ''mega offers''. I made some research and this virus should be called ''clkmon''

I tried many antimalware like:

ccleaner / malwarebytes / ADWcleaner

but nothing changed. I also figured out that only google chrome seems to be infected. Can you help me? i really don't know what should i do.


Edited by VictorV, 31 March 2017 - 02:33 PM.


BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,090 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:47 AM

Posted 31 March 2017 - 03:22 PM

Welcome to BC...

 

Use the programs below to clean, remove adware and remove malware.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

After using those two programs do a clean uninstall of Google Chrome. That includes deleting your profile which contains your bookmarks and passwords.

You can save those before uninstalling Chrome....Import or export bookmarks - Chrome Help

 


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 VictorV

VictorV
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Naples
  • Local time:03:47 PM

Posted 31 March 2017 - 08:47 PM

Hi again! I'm happy to inform you that my problem is solved.

As you asked this is the following report from the scan:

 

C:\Program Files (x86)\Freemake\Freemake Audio Converter\SetupUpdate.exe    a variant of Win32/FusionCore.K potentially unwanted application,a variant of Win32/FusionCore.I potentially unwanted application    cleaned by deleting
C:\Users\Vittorio\AppData\Local\Temp\FreemakeAudioConverterFull.exe    a variant of Win32/FusionCore.K potentially unwanted application,a variant of Win32/FusionCore.I potentially unwanted application    cleaned by deleting
C:\Users\Vittorio\Downloads\FreemakeAudioConverterSetup.exe    a variant of Win32/FusionCore.I potentially unwanted application    cleaned by deleting
D:\Metal Gear Solid V Phantom Pain\3dmgame.dll    a variant of Win32/Packed.VMProtect.AAA trojan    cleaned by deleting
D:\Metal Gear Solid V Phantom Pain\steamclient64.dll    a variant of Win32/Packed.VMProtect.AAA trojan    cleaned by deleting
E:\ASUS-PC\Backup Set 2014-05-11 191736\Backup Files 2014-05-11 191736\Backup files 1.zip    Win32/DownWare.L potentially unwanted application,a variant of MSIL/HipgnosisBrains.A potentially unwanted application    deleted
E:\ASUS-PC\Backup Set 2014-05-11 191736\Backup Files 2014-05-11 191736\Backup files 2.zip    JS/Lightning.B potentially unwanted application,JS/Lightning.A potentially unwanted application    deleted
E:\ASUS-PC\Backup Set 2014-05-11 191736\Backup Files 2014-05-11 191736\Backup files 4.zip    JS/Lightning.B potentially unwanted application    deleted
E:\ASUS-PC\Backup Set 2014-05-28 184425\Backup Files 2014-05-28 184425\Backup files 1.zip    Win32/DownWare.L potentially unwanted application,a variant of MSIL/HipgnosisBrains.A potentially unwanted application    deleted
E:\ASUS-PC\Backup Set 2014-05-28 184425\Backup Files 2014-05-28 184425\Backup files 2.zip    JS/Lightning.B potentially unwanted application,JS/Lightning.A potentially unwanted application    deleted
E:\ASUS-PC\Backup Set 2014-05-28 184425\Backup Files 2014-05-28 184425\Backup files 4.zip    JS/Lightning.B potentially unwanted application    deleted
E:\ASUS-PC\Backup Set 2014-05-28 184425\Backup Files 2014-06-01 190001\Backup files 1.zip    Win32/AdWare.SmartApps.E application    deleted
 

thank you again.



#4 buddy215

buddy215

  • Moderator
  • 13,090 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:47 AM

Posted 01 April 2017 - 04:29 AM

Okay...you're welcome


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 VictorV

VictorV
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Naples
  • Local time:03:47 PM

Posted 03 April 2017 - 10:30 AM

Hi! it's me again, and i have bad news. As far as i can see one problem is solved.

When i made a research the results from it are clean and safe. But sometimes when i click on a random spot on the page (any page any spot)

some adverts pop out. This happens only with chrome. Would you help me again? Sorry if i'm bothering you



#6 buddy215

buddy215

  • Moderator
  • 13,090 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:47 AM

Posted 03 April 2017 - 12:07 PM

Two things you haven't tried....but first run CCleaner per instructions above.

 

  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

 

If JRT doesn't fix the problem then you will need to do a clean UNinstall of Chrome. That means deleting your saved passwords and Bookmarks.

You can backup those first before uninstalling Chrome.....Import or export bookmarks - Chrome Help

  1. On your computer, close all Chrome windows and tabs.
  2. Click the Start menu > Settings.
  3. Click System.
  4. On the left, click Apps & features.
  5. Find and click Google Chrome.
  6. Click Uninstall.
  7. Confirm by clicking Uninstall.
  8. To delete your profile information, like bookmarks and history, check "Also delete your browsing data."
  9. Click Uninstall.

Edited by buddy215, 03 April 2017 - 12:10 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#7 VictorV

VictorV
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Naples
  • Local time:03:47 PM

Posted 03 April 2017 - 02:12 PM

the scan has finished. here you go:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.2 (03.10.2017)
Operating System: Windows 10 Pro x64
Ran by Vittorio (Administrator) on 03/04/2017 at 20:48:46,41
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 7

Successfully deleted: C:\ProgramData\1464104227.bdinstall.bin (File)
Successfully deleted: C:\ProgramData\1464104287.1636.bin (File)
Successfully deleted: C:\ProgramData\1464104287.8920.bin (File)
Successfully deleted: C:\ProgramData\1464104631.bdinstall.bin (File)
Successfully deleted: C:\ProgramData\1464291936.bdinstall.bin (File)
Successfully deleted: C:\ProgramData\1464291937.bdinstall.bin (File)
Successfully deleted: C:\Users\Public\thunder network (Folder)

Deleted the following from C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\l9mnyj5n.default-1443956070891\prefs.js
user_pref(browser.urlbar.suggest.searches, true);



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03/04/2017 at 21:09:26,85
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#8 buddy215

buddy215

  • Moderator
  • 13,090 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:47 AM

Posted 03 April 2017 - 02:38 PM

Likely you will need to perform the clean uninstall of Chrome per instructions above.

Be sure to download Chrome from Chrome for Desktop after the clean uninstall and rebooting.

 

You may benefit from running this scan:

  • Please download Security Check by glax24 and save the file to the Desktop
  • Run the tool by accepting all the Security prompts
  • when complete the tool will produce a log file C:\SecurityCheck\SecurityCheck.txt and also copy the contents to the Clipboard
  • Simply Paste the log to your reply

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#9 VictorV

VictorV
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Naples
  • Local time:03:47 PM

Posted 05 April 2017 - 04:26 PM

There you go:

 

SecurityCheck by glax24 & Severnyj v.1.4.0.47 [25.03.17]
WebSite: www.safezone.cc
DateLog: 05.04.2017 23:21:26
Path starting: C:\Users\Vittorio\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: Vittorio
VersionXML: 4.06is-02.04.2017
___________________________________________________________________________

Windows 10(6.3.14393) (x64) Professional Lang: Italian(0410)
Installation date OS: 10.02.2017 15:28:30
LicenseStatus: Windows®, Professional edition The machine is permanently activated.
LicenseStatus: Office 15, OfficeProPlusVL_KMS_Client edition Volume activation will expire : 254795 minutes
LicenseStatus: Office 16, Office16ProPlusVL_KMS_Client edition Volume activation will expire : 254795 minutes
Boot Mode: Normal
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
SystemDrive: C: FS: [NTFS] Capacity: [244 Gb] Used: [191 Gb] Free: [53 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 11.953.14393.0
User Account Control enabled
Automatically download and schedule installation
Windows Update (wuauserv) - The service is running
Centro sicurezza PC (wscsvc) - The service is running
Registro di sistema remoto (RemoteRegistry) - The service has stopped
Individuazione SSDP (SSDPSRV) - The service is running
Servizi Desktop remoto (TermService) - The service has stopped
Servizio Pubblicazione sul Web (W3SVC) - The service is running
Gestione remota Windows (WS-Management) (WinRM) - The service has stopped
---------------------------- [ Antivirus_WMI ] ----------------------------
Windows Defender (disabled and up to date)
avast! Antivirus (enabled and up to date)
--------------------------- [ FirewallWindows ] ---------------------------
Windows Firewall (MpsSvc) - The service is running
--------------------------- [ AntiSpyware_WMI ] ---------------------------
Windows Defender (disabled and up to date)
avast! Antivirus (enabled and up to date)
---------------------- [ AntiVirusFirewallInstall ] -----------------------
Avast Free Antivirus v.12.1.2272
-------------------------- [ SecurityUtilities ] --------------------------
Malwarebytes Anti-Malware versione 2.2.1.1043 v.2.2.1.1043
--------------------------- [ OtherUtilities ] ----------------------------
WinRAR 5.21 (64-bit) v.5.21.0 Warning! Download Update
Microsoft Silverlight v.5.1.50905.0
TeamViewer 10 v.10.0.36897 Warning! Download Update
VLC media player v.2.2.1 Warning! Download Update
TeamViewer 10 (TeamViewer) - The service has stopped
--------------------------------- [ IM ] ----------------------------------
Skype™ 7.34 v.7.34.102
--------------------------------- [ P2P ] ---------------------------------
BitTorrent v.7.9.9.43389 Warning! P2P-client.
µTorrent v.3.4.7.42330 Warning! P2P-client.
-------------------------------- [ Java ] ---------------------------------
Java 8 Update 65 v.8.0.650.17 Warning! Download Update
Uninstall old version and install new one (jre-8u121-windows-i586.exe).
--------------------------- [ AppleProduction ] ---------------------------
Bonjour v.3.1.0.1
iTunes v.12.4.3.1 Warning! Download Update
^Please use Apple Software Update tool.^
 Servizio Bonjour (Bonjour Service) - The service is running
--------------------------- [ AdobeProduction ] ---------------------------
Adobe Flash Player 20 NPAPI v.20.0.0.286 Warning! Download Update
Adobe Acrobat Reader DC - Italiano v.15.023.20070
------------------------------- [ Browser ] -------------------------------
Google Chrome v.57.0.2987.133
Mozilla Firefox 52.0.2 (x86 it) v.52.0.2
--------------------------- [ RunningProcess ] ----------------------------
C:\Program Files (x86)\Mozilla Firefox\firefox.exe v.52.0.2.6291
------------------ [ AntivirusFirewallProcessServices ] -------------------
Avast Antivirus (avast! Antivirus) - The service is running
C:\Program Files\AVAST Software\Avast\AvastSvc.exe v.12.1.3076.0
C:\Program Files\AVAST Software\Avast\avastui.exe v.12.1.3076.11
C:\Program Files\Windows Defender\MsMpEng.exe v.4.10.14393.953
C:\Program Files\Windows Defender\MpCmdRun.exe v.4.10.14393.953
Servizio Windows Defender (WinDefend) - The service is running
Servizio Controllo rete di Windows Defender (WdNisSvc) - The service has stopped
----------------------------- [ End of Log ] ------------------------------
 



#10 buddy215

buddy215

  • Moderator
  • 13,090 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:47 AM

Posted 05 April 2017 - 05:20 PM

Have you done a clean UNinstall of Chrome?

 

Using P2Ps to download free stuff is a sure way to get infected....over half are bundled with adware/ malware....and downloads may be illegal, too.

 

Unistall these programs:

Adobe Flash Player 20 NPAPI v.20.0.0.286

Java 8 Update 65 v.8.0.650.17


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#11 VictorV

VictorV
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Naples
  • Local time:03:47 PM

Posted 06 April 2017 - 06:29 AM

before unistalling i wanted to ask why should i unistall ''adobe flash player'' and ''java'' considering that i have these two program since the very beginning.



#12 buddy215

buddy215

  • Moderator
  • 13,090 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:47 AM

Posted 06 April 2017 - 07:00 AM

Both programs are malware magnets unless latest security updates are installed. Most users don't use or need Java.

 

You can easily update both if you need them. Just be aware that both will attempt to install bundled software....so watch carefully

while updating and UNcheck those items. As you can see in the Security Check log....update links are provided.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users