Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Taking precautions: Mindspark and Spoofed email


  • Please log in to reply
2 replies to this topic

#1 ChicagoMel

ChicagoMel

  • Members
  • 110 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:49 PM

Posted 10 April 2017 - 12:10 AM

I'm not sure if there's anything still on my PC or not. Someone got what I think was a spoof spam email, and I also found some Mindspark PUPs when I ran MBAM. Removed them after the scan finished. Here's what else I've done:

 

ESET:

Found these, cleaned and removed.

 

C:\AdwCleaner\Quarantine\C\Users\Melinda\AppData\Roaming\Mozilla\Firefox\Profiles\lfj0o4nd.default-1354510197761\Extensions\{462be121-2b54-4218-bf00-b9bf8135b23f}\chrome\CT3244149\content\popup.js.vir Win32/Conduit.SearchProtect.BC potentially unwanted application
C:\Users\Melinda\Downloads\Unconfirmed 213996.crdownload a variant of MSIL/Packed.Confuser.J suspicious application
C:\Users\Melinda\Downloads\Unconfirmed 291697.crdownload a variant of MSIL/Packed.Confuser.J suspicious application
C:\Users\Melinda\Downloads\Unconfirmed 713377.crdownload a variant of MSIL/Packed.Confuser.J suspicious application
C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.66.0__db937bc2d44ff139\System.Data.SQLite.dll a variant of MSIL/Toolbar.Linkury.BM potentially unwanted application
 
Ran ADWCleaner, it found nothing. 
 
rkill:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.2 (03.10.2017)
Operating System: Windows 10 Home x64 
Ran by Melinda (Administrator) on Sun 04/09/2017 at 22:40:10.97
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 5 
 
Successfully deleted: C:\Users\Melinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdalhedleemkkdjddjgfjmcnbpejpapp (Folder) 
Successfully deleted: C:\WINDOWS\SysWOW64\sho241.tmp (File) 
Successfully deleted: C:\WINDOWS\SysWOW64\sho4039.tmp (File) 
Successfully deleted: C:\WINDOWS\SysWOW64\shoBB51.tmp (File) 
Successfully deleted: C:\WINDOWS\SysWOW64\shoCC0C.tmp (File) 
 
 
 
Registry: 1 
 
Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_AF6E61B1C087A4D28B80F90CDACF9225 (Registry Value) 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 04/09/2017 at 22:46:33.27
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
I tried to run Trend Micro complete scan, but it was like five hours in and still going, which I hear is not too unusual...
 
Ran Malwarebytes again, it did not find anything. Is there anything else I should do to make sure i'm clean or am I probably OK?

Edited by ChicagoMel, 10 April 2017 - 12:11 AM.

Was using Firefox...until Chrome took over.

One God, One Truth, One Savior-Jesus


BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • BC Advisor
  • 12,908 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:11:49 PM

Posted 11 April 2017 - 07:00 AM

If you are not seeing any symptoms of adware or malware then the cleaning you have done is good enough. Suggest you run the

two programs below to clean and to check security.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

  • Please download Security Check by glax24 and save the file to the Desktop
  • Run the tool by accepting all the Security prompts
  • when complete the tool will produce a log file C:\SecurityCheck\SecurityCheck.txt and also copy the contents to the Clipboard
  • Simply Paste the log to your reply

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#3 ChicagoMel

ChicagoMel
  • Topic Starter

  • Members
  • 110 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:49 PM

Posted 22 April 2017 - 12:03 PM

Ok thanks.

Was using Firefox...until Chrome took over.

One God, One Truth, One Savior-Jesus





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users