Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ZEUS Virus detected - Call 1-800....


  • Please log in to reply
9 replies to this topic

#1 swens

swens

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:50 AM

Posted 01 April 2017 - 04:43 PM

I have a brand new Dell running Windows 10 with Kaspersky AV.  Scan did not find virus or malware.  Downloaded and ran Malwarebytes; 'no threats detected'.  While using Microsoft edge it seems my browser is being hijacked to another site telling me the "Zeus" virus has been detected and it's collecting all my personal data.  In order to get rid of it I'm being instructed to call a toll free number for solution.  It only happens on the second or third webpage I visit, then I have to use the task manager to shut it down and restart the browser, then two or three pages later the same thing happens.

 

Personally, I know this is BS and you've helped me in the past so I'm back for assistance.  After the negative AV and Malwarebytes scan, I'm lost.  Can someone instruct me how to proceed?

 

Respectfully,

 

Swens



BC AdBot (Login to Remove)

 


#2 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,236 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:02:50 AM

Posted 01 April 2017 - 06:20 PM

Hi Swens,

 

These browser things freak a lot of people out. I'm glad you're not in that group. :)

 

Let's run a few junk removal tools and get it out mate.

 

29bgcgg.jpg  Please download AdwCleaner and save to your Desktop.

  • Right click and "Run as Administrator"
  • Click on the Scan button.
  • After the scan has finished, click Clean and ok the reboot
  • When complete, your machine will restart and a log file will appear
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

 

2hrmr9e.jpg  Please download rKill to your desktop.

  • Right click the file Run As Administrator.
  • If you have any difficulty running the the tool please use an alternative from this page
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

  • Please copy and paste the log that appears in your reply

 

2zh1g08.jpg  Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Right click and "Run as Administrator".
  • The tool will open and start scanning your system.
  • On completion a log will open, note the saved JRT.txt on your desktop to copy into your reply

 

iyeji0.jpg  Please download Adware Removal Tool and run it.

  • Click Yes at the prompt and then Agree to the terms
  • Click Scan and wait for it to complete
  • Click OK and then Clean
  • Keep clicking OK at the various prompts.
  • When you get to the last screen don't click finish, but rather Save this result
  • Save to a text file, open the file and copy and paste the contents into your reply
  • Click Finish

 

34hammr.jpg Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • please copy and paste the log into your reply.

If prompted by your firewall allow DIG.exe
If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

 

Please copy and paste the 5 logs in your reply.

 

John



#3 swens

swens
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:50 AM

Posted 02 April 2017 - 09:28 AM

Here you go, I'll await your response and thanks!

 

 

AdwCleaner logs:

 

 

# AdwCleaner v6.045 - Logfile created 01/04/2017 at 17:56:21
# Updated on 28/03/2017 by Malwarebytes
# Database : 2017-03-28.2 [Local]
# Operating System : Windows 10 Home  (X64)
# Username : r_swe - DESKTOP-O6KFK77
# Running from : C:\Users\r_swe\Downloads\AdwCleaner.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support
 
***** [ Services ] *****
No malicious services found.

***** [ Folders ] *****
Folder Found:  C:\ProgramData\08d4ca3e-89a9-4539-8434-70fa3e2bc650
Folder Found:  C:\ProgramData\3e2cd925-1418-4d89-8cf4-a0d9348e6d11
Folder Found:  C:\ProgramData\4085f900-69ed-490d-a925-b54e5e85cbf8
Folder Found:  C:\ProgramData\415d72d9-f560-46bc-85f9-e8076e360016
Folder Found:  C:\ProgramData\870ea13c-7a1e-4833-a7f5-837b7a2714e3
Folder Found:  C:\ProgramData\9decdfcc-4d98-413a-bbd9-f7f42b392bb9

***** [ Files ] *****
No malicious files found.

***** [ DLL ] *****
No malicious DLLs found.

***** [ WMI ] *****
No malicious keys found.

***** [ Shortcuts ] *****
No infected shortcut found.

***** [ Scheduled Tasks ] *****
Task Found:  pcdeventlaunchertask

***** [ Registry ] *****
No malicious registry entries found.

***** [ Web browsers ] *****
No malicious Firefox based browser items found.
No malicious Chromium based browser items found.
*************************
C:\AdwCleaner\AdwCleaner[S0].txt - [1380 Bytes] - [01/04/2017 17:56:21]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1453 Bytes] ##########
 
# AdwCleaner v6.045 - Logfile created 01/04/2017 at 17:57:00
# Updated on 28/03/2017 by Malwarebytes
# Database : 2017-03-28.2 [Local]
# Operating System : Windows 10 Home  (X64)
# Username : r_swe - DESKTOP-O6KFK77
# Running from : C:\Users\r_swe\Downloads\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support
 
***** [ Services ] *****
 
***** [ Folders ] *****
[-] Folder deleted: C:\ProgramData\08d4ca3e-89a9-4539-8434-70fa3e2bc650
[-] Folder deleted: C:\ProgramData\3e2cd925-1418-4d89-8cf4-a0d9348e6d11
[-] Folder deleted: C:\ProgramData\4085f900-69ed-490d-a925-b54e5e85cbf8
[-] Folder deleted: C:\ProgramData\415d72d9-f560-46bc-85f9-e8076e360016
[-] Folder deleted: C:\ProgramData\870ea13c-7a1e-4833-a7f5-837b7a2714e3
[-] Folder deleted: C:\ProgramData\9decdfcc-4d98-413a-bbd9-f7f42b392bb9

***** [ Files ] *****
 
***** [ DLL ] *****
 
***** [ WMI ] *****
 
***** [ Shortcuts ] *****
 
***** [ Scheduled Tasks ] *****
[-] Task deleted: pcdeventlaunchertask

***** [ Registry ] *****
 
***** [ Web browsers ] *****
 
*************************
:: "Tracing" keys deleted
:: Winsock settings cleared
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [1230 Bytes] - [01/04/2017 17:57:00]
C:\AdwCleaner\AdwCleaner[S0].txt - [1532 Bytes] - [01/04/2017 17:56:21]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1376 Bytes] ##########

 

rKill log:

 

 

Rkill 2.8.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2017 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 04/02/2017 08:59:14 AM in x64 mode.
Windows Version: Windows 10 Home
Checking for Windows services to stop:
 * No malware services found to stop.
Checking for processes to terminate:
 * No malware processes found to kill.
Checking Registry for malware related settings:
 * No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
 * Windows Defender Disabled
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
Checking Windows Service Integrity:
 * Security Center (wscsvc) is not Running.
   Startup Type set to: Automatic (Delayed Start)
 * gagp30kx [Missing Service]
 * IEEtwCollectorService [Missing Service]
 * IoQos [Missing Service]
 * nv_agp [Missing Service]
 * TimeBroker [Missing Service]
 * uagp35 [Missing Service]
 * uliagpkx [Missing Service]
 * WcsPlugInService [Missing Service]
 * wpcfltr [Missing Service]
 * WSService [Missing Service]
 * agp440 [Missing ImagePath]
 * AJRouter => %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted [Incorrect ImagePath]
 * WpnService => %systemroot%\system32\svchost.exe -k netsvcs [Incorrect ImagePath]
 * vmicrdv => %SystemRoot%\System32\icsvcext.dll [Incorrect ServiceDLL]
 * vmicvss => %SystemRoot%\System32\icsvcext.dll [Incorrect ServiceDLL]
Searching for Missing Digital Signatures:
 * No issues found.
Checking HOSTS File:
 * No issues found.
Program finished at: 04/02/2017 09:01:13 AM
Execution time: 0 hours(s), 1 minute(s), and 59 seconds(s)

 

Junkware Removal Tool log:

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.2 (03.10.2017)
Operating System: Windows 10 Home x64
Ran by r_swe (Administrator) on Sun 04/02/2017 at  9:05:49.95
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

File System: 1
Successfully deleted: C:\WINDOWS\system32\Tasks\PCDoctorBackgroundMonitorTask (Task)
 
Registry: 1
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CDEB38EA-1C7F-4016-BC84-A76A116F7DF3} (Registry Key)
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 04/02/2017 at  9:06:58.27
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Adware Removal Tool log:

 

 

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Adware Removal Tool 5.1
Time: 2017_04_02_09_09_14
OS: Windows 10 Home - x64 Bit
Account Name: r_swe
Adware Definition: 03272017
Elapsed time: 08:54
Scan Status:- Automatic Done
\\\\\\\\\\\\\\\\\\\\\\\ Scan Logs \\\\\\\\\\\\\\\\\\\\\\

No results found
 

 

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Adware Removal Tool 5.1
Time: 2017_04_02_09_09_14
OS: Windows 10 Home - x64 Bit
Account Name: r_swe
Adware Definition: 03272017
Elapsed time: 08:54
Repair Status:- Automatic Done
\\\\\\\\\\\\\\\\\\\\\\\ Repair Logs \\\\\\\\\\\\\\\\\\\\\\

No results found

 

Security Check log:

 

 Results of screen317's Security Check version 1.014 --- 12/23/15 
   x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Kaspersky Internet Security  
Windows Defender             
Malwarebytes                 
 Antivirus out of date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
````````Process Check: objlist.exe by Laurent```````` 
 Kaspersky Lab Kaspersky Secure Connection 1.0 ksde.exe 
 Kaspersky Lab Kaspersky Secure Connection 1.0 ksdeui.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````

 

Done!



#4 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,236 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:02:50 AM

Posted 02 April 2017 - 04:51 PM

Please uninstall PC Doctor.

 

Bleeping Computer does not recommend the use of PC Optimizers, Driver Updaters or Registry Cleaners. Please see this excellent post on the subject by Quietman7.

I would recommend that you uninstall this program. Using such programs can cause computer issues, and I speak from personal experience. You are well advised to stay away from these applications. They are all "snake oil" as well as being dangerous to the health and performance of your computer. Generally speaking all of the functions that these program classes perform are either already built into Windows or should not be done automatically, only when the need arises.

 

Please update Kaspersky.

 

Does the problem still persist?



#5 swens

swens
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:50 AM

Posted 03 April 2017 - 07:37 AM

My Kaspersky is set to update automatically so I'm surprised it needed updating but I have done so.  Pertaining to the PC Doctor; I've never installed it and if it is installed I have no idea where it is.  I've checked the file explorer, I've used the control panel uninstall platform and it's not listed there either.  Can you please help me find and uninstall it?  If I don't need it, I definitely don't want it and would like to get rid of it.

 

Thanks for your support and by the way, the PC is running much better!

 

Swens


Edited by swens, 03 April 2017 - 07:38 AM.


#6 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,236 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:02:50 AM

Posted 03 April 2017 - 03:03 PM

Hi Swens,

 

I just researched the task a bit that I was referring to and I see I made a mistake. The PC Doctor that I was referring to is actually a pre-installed Dell PUP (potentially unwanted  program), not a 3rd party registry cleaner. As it is we've removed it anyway. :) It's a sad reality that OEM pc manufacturers install a lot of crap on new machines and Dell is one of the worst for it on consumer grade machines. Feel free to go through your installed programs looking at the installed Dell applications, do a quick Google search on them to see if they're necessary, and then uninstall them. Decrapifier is a handy tool that may make the process easier for you. ;)

 

With new Dell machines (I've seen recently) there is a Dell system update application, keep that. It works pretty good.

 

To finish up, let's remove the tools we have used...

BWuhenj.png Download DelFix and move the executable to your Desktop;

  • Right-click on DelFix.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Check the following options :
    • Remove disinfection tools;
    • Create registry backup;
    • Purge system restore;
  • Once all the options mentioned above are checked, click on Run;
  • After DelFix is done running a log will open. Please copy and paste the log in your next reply

 

John



#7 swens

swens
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:50 AM

Posted 04 April 2017 - 08:44 AM

# DelFix v1.013 - Logfile created 04/04/2017 at 08:39:33
# Updated 17/04/2016 by Xplode
# Username : r_swe - DESKTOP-O6KFK77
# Operating System : Windows 10 Home  (64 bits)
~ Removing disinfection tools ...
Deleted : C:\AdwCleaner
Deleted : C:\Users\r_swe\Desktop\JRT.exe
Deleted : C:\Users\r_swe\Desktop\JRT.txt
Deleted : C:\Users\r_swe\Desktop\rkill.exe
Deleted : C:\Users\r_swe\Desktop\Rkill.txt
Deleted : C:\Users\r_swe\Desktop\SecurityCheck.exe
Deleted : C:\Users\r_swe\Downloads\AdwCleaner.exe
~ Creating registry backup ... OK
~ Cleaning system restore ...
Deleted : RP #11 [Windows Update | 03/15/2017 14:25:52]
Deleted : RP #12 [Scheduled Checkpoint | 03/24/2017 18:55:51]
Deleted : RP #13 [JRT Pre-Junkware Removal | 04/02/2017 14:05:53]
New restore point created !
########## - EOF - ##########

 

I believe this completes the task.



#8 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,236 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:02:50 AM

Posted 04 April 2017 - 12:20 PM

Yeah, that's it. You're good to go. :thumbup2:



#9 swens

swens
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:50 AM

Posted 04 April 2017 - 12:27 PM

Thanks so much for your help, your work is done here! :thumbsup: 



#10 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,236 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:02:50 AM

Posted 04 April 2017 - 12:38 PM

You're welcome. :)






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users