Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

REMOVING [msiexec d2buh1bf1g584w.cloudfront.net] and ic-dc.bundlessafevault.com?


  • This topic is locked This topic is locked
7 replies to this topic

#1 ForensicCactus

ForensicCactus

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:35 PM

Posted 31 March 2017 - 08:29 PM

Hi there, my PC was recently infected by the Trotux browser Hijacker and after using Hitman Pro and Malwarebytes, the problem seemed to go away, except it really hadn't.

 

I kept getting my Google Chrome shortcuts replaced and Malwarebytes kept blocking the websites d2buh1bf1g584w.cloudfront.net and ic-dc.bundlessafevault.com

 

Nothing I can do seems to prevent these two outbound connections from starting up and I came across a similar problem over on another forum post, but it seems the op hasn't responded to it yet.

 

I've attached FRST scans to this in hopes that it may help.

 

Edit: Just to clarify, these are my own PC's FRST scans. Additionally, scanning with AdwCleaner does not seem to resolve this issue.

Attached Files


Edited by ForensicCactus, 31 March 2017 - 09:15 PM.


BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,695 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:10:35 AM

Posted 31 March 2017 - 10:08 PM

Welcome. :)

Download the attached file and save it in the same directory FRST64 is saved.

  • Start FRST64 with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.

Please download Junkware Removal Tool to your Desktop.

  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.

Download AdwCleaner from here. Save the file to the desktop.


NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:

iO5EZayK.png


  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
  • Click the Clean button.
  • Everything checked will be moved to Quarantine.
  • When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this

adwcleaner_delete_restart.jpg


  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C0].txt

 

 

Reset your browsers to default. For instructions click here.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 ForensicCactus

ForensicCactus
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:35 PM

Posted 01 April 2017 - 04:54 AM

Done and done. I'll be sure to report back if the problem presists, thanks for your assitance thus far!

Attached Files



#4 ForensicCactus

ForensicCactus
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:35 PM

Posted 01 April 2017 - 05:51 AM

It seems as though the browser is still being silently replaced in the background. I'm considering wiping my hard drive, but I'd really prefer if it did'nt come to that.



#5 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,695 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:10:35 AM

Posted 01 April 2017 - 09:27 AM

The JRT report is not included. Please do.

 

Temporarily disable your AntiVirus and AntiSpyware protection - instructions here.

  • Please visit the ESET Online Scanner website
  • Click the SCAN NOW button to download the esetonlinescanner_enu.exe file to the Desktop
  • Double click esetonlinescanner_enu.exe. Accept the Terms of Use
  • Select Enable detection of potentially unwanted applications
  • In Advanced Settings: make sure that Clean threats automatically is unchecked
  • And Enable detection of potentially unsafe applications, Enable detection of suspicious applications, Scan archives, and Enable Anti-Stealth technology are all checked.
  • Click Scan
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan.
  • When completed it'll show a list of "Threats found", click beneath it on Save to text file.... and save it as ESET log.txt on your Desktop.
  • Then click Do not clean. Place a checkmark at Delete application's data on close, click Finish and close the program.


Post the ESET log.txt report.

Don't forget to re-enable previously switched-off protection software!


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#6 ForensicCactus

ForensicCactus
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:35 PM

Posted 01 April 2017 - 12:27 PM

Repeated the previous steps after disabling my anti-virus software and that seems to have done the trick! Thanks for the assistance!

 

(RESOLVED!)



#7 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,695 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:10:35 AM

Posted 01 April 2017 - 02:09 PM

You are welcome.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,695 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:10:35 AM

Posted 01 April 2017 - 02:10 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users