Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I clicked on a link a coworker sent to me.


  • This topic is locked This topic is locked
9 replies to this topic

#1 exactprecisions

exactprecisions

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:25 PM

Posted 12 April 2017 - 07:47 PM

Original-

https://www.google.com/url?sa=t&url=%68%74%74%70%3A%2F%2F%63%31%38%30%2E%72%75&usg=AFQjCNH_g8JjdMW99gF9Mu1E37g0TR0b7g&id=exactprecisions

https://www.google.com/url?sa=t&url=http://c180.ru&usg=AFQjCNH_g8JjdMW99gF9Mu1E37g0TR0b7g&id=exactprecisions


I mistakenly clicked on this link and knew after that I did something wrong. What happened is it pointed me to that domain and then redirected me back to google. I don't know if it did any harm but can somebody please help me? I would greatly appreciate it!

 

Mod edit

Links deactivated

NickAu

Attached Files


Edited by NickAu, 12 April 2017 - 08:43 PM.
Links deactivated


BC AdBot (Login to Remove)

 


#2 exactprecisions

exactprecisions
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:25 PM

Posted 12 April 2017 - 08:50 PM

I ran scans with:

 

KAV- found infected php files and removed.

MBAR- found nothing

AdwCleaner- found nothing

JRT-
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 10 Home x64 
Ran by exact (Administrator) on Wed 04/12/2017 at 20:36:17.85
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
File System: 3 
 
Successfully deleted: C:\ProgramData\productdata (Folder) 
Successfully deleted: C:\WINDOWS\system32\Tasks\Driver Booster Scheduler (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\Driver Booster SkipUAC (exact) (Task)
 
Registry: 0 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 04/12/2017 at 20:39:14.35
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#3 exactprecisions

exactprecisions
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:25 PM

Posted 12 April 2017 - 08:59 PM

I just ran Malwarebytes and it found nothing

 

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 4/12/17
Scan Time: 8:56 PM
Logfile: report.txt
Administrator: Yes
 
-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.96
Update Package Version: 1.0.1716
License: Trial
 
-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: DESKTOP-IMLVBA8\exact
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 353141
Time Elapsed: 1 min, 40 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 0
(No malicious items detected)
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)


#4 iangcarroll

iangcarroll

  • Members
  • 658 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Birmingham, MI
  • Local time:07:25 PM

Posted 13 April 2017 - 08:14 AM

Hi exactprecisions,

Thanks for the logs. I will review them and give you more instructions soon. As I am still in training, my replies will need to be reviewed by another person before they can be posted, so there may be a small delay.

Ian Carroll https://ian.sh • Certly Inc
 
Member of the Bleeping Computer A.I.I. early response team!


#5 exactprecisions

exactprecisions
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:25 PM

Posted 13 April 2017 - 08:19 PM

Hi exactprecisions,

Thanks for the logs. I will review them and give you more instructions soon. As I am still in training, my replies will need to be reviewed by another person before they can be posted, so there may be a small delay.

 

Okay. Thank you!



#6 iangcarroll

iangcarroll

  • Members
  • 658 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Birmingham, MI
  • Local time:07:25 PM

Posted 13 April 2017 - 10:09 PM

Hi exactprecisions,

I do not see anything too bad in the log. A couple questions, though:
 

ProxyServer: [S-1-5-21-553067883-302301137-3149142778-1001] => 192.168.43.1:8000


Did you setup this proxy?
 

155.254.23.140 airflowandshade.com www.airflowandshade.com


Did you add this to your hosts file/do you know what that site is?

Looks like JRT removed some bits leftover from Driver Booster as well. The link you posted does not seem to be malicious, though it is likely some kind of spam. Assuming you did not download and run anything, Chrome is generally a safe browser, so if the answers to those questions are "they're my doing", then you should be fine. :)

Let me know if you have any other questions.

Ian Carroll https://ian.sh • Certly Inc
 
Member of the Bleeping Computer A.I.I. early response team!


#7 exactprecisions

exactprecisions
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:25 PM

Posted 14 April 2017 - 04:36 AM

Hi exactprecisions,

I do not see anything too bad in the log. A couple questions, though:
 

ProxyServer: [S-1-5-21-553067883-302301137-3149142778-1001] => 192.168.43.1:8000


Did you setup this proxy?
 

155.254.23.140 airflowandshade.com www.airflowandshade.com


Did you add this to your hosts file/do you know what that site is?

Looks like JRT removed some bits leftover from Driver Booster as well. The link you posted does not seem to be malicious, though it is likely some kind of spam. Assuming you did not download and run anything, Chrome is generally a safe browser, so if the answers to those questions are "they're my doing", then you should be fine. :)

Let me know if you have any other questions.

 

 

Yes I setup that proxy and it seems I left it by mistake. I also setup the hosts file for testing of something.



#8 iangcarroll

iangcarroll

  • Members
  • 658 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Birmingham, MI
  • Local time:07:25 PM

Posted 15 April 2017 - 07:28 PM

Hi exactprecisions,

Great. I don't see anything else in your log that is a cause for concern, and you seem to be running a good antivirus. Do you have any other questions?

Ian Carroll https://ian.sh • Certly Inc
 
Member of the Bleeping Computer A.I.I. early response team!


#9 iangcarroll

iangcarroll

  • Members
  • 658 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Birmingham, MI
  • Local time:07:25 PM

Posted 21 April 2017 - 08:02 AM

Hi exactprecisions,

Are you all set? If so, please let me know so we can close this topic. Otherwise, absent a reply, it will be closed for inactivity shortly.

Ian Carroll https://ian.sh • Certly Inc
 
Member of the Bleeping Computer A.I.I. early response team!


#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,581 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:25 PM

Posted 23 April 2017 - 09:17 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users