Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

FRST log - advice please


  • This topic is locked This topic is locked
1 reply to this topic

#1 PhilLatterly

PhilLatterly

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:05:31 AM

Posted 02 May 2017 - 07:34 AM

I had a topic here where boopme has been helping me out.https://www.bleepingcomputer.com/forums/t/644948/malwarebytes-found-potentially-unwanted-modification-what-else-do-need-to-do/page-2 

 

I clicked on a phising email purporting to be from twitter and am worried about all sorts of infections as a result. A user on another forum has advised that I use FRST with this fix:

 

CreateRestorePoint:
CloseProcesses:
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
GroupPolicy: Restriction - Chrome <======= ATTENTION
HKU\S-1-5-21-1522325972-3429824536-1209266036-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1522325972-3429824536-1209266036-1001\Software\Microsoft\Internet Explorer\Main,Start Page =
HKU\S-1-5-21-1522325972-3429824536-1209266036-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus15.msn.com/?pc=ASTE
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
U3 iswSvc; no ImagePath
C:\Users\AsusComputer\Downloads\esetsmartinstaller _enu (4).exe
C:\Users\AsusComputer\Downloads\esetsmartinstaller _enu (3).exe
C:\Users\AsusComputer\Downloads\esetsmartinstaller _enu (2).exe
C:\Users\AsusComputer\Downloads\vlc-2.2.4-win32 (2).exe
C:\Users\AsusComputer\Downloads\vlc-2.2.4-win32 (1).exe
2017-04-25 21:34 - 2017-04-25 21:34 - 00000000 _____ C:\Users\AsusComputer\Downloads\JRT (4).exe
2017-04-25 21:33 - 2017-04-25 21:33 - 00000000 _____ C:\Users\AsusComputer\Downloads\JRT (3).exe
2017-04-25 21:20 - 2017-04-25 21:20 - 00000000 _____ C:\Users\AsusComputer\Downloads\JRT (2).exe
2017-04-25 09:40 - 2017-04-25 09:40 - 04830473 _____ C:\Users\AsusComputer\Downloads\tdsskiller (1).zip
2017-04-24 21:53 - 2017-04-24 21:53 - 04922400 _____ (AO Kaspersky Lab) C:\Users\AsusComputer\Downloads\tdsskiller (2).exe
2017-04-24 21:51 - 2017-04-24 21:51 - 04922400 _____ (AO Kaspersky Lab) C:\Users\AsusComputer\Downloads\tdsskiller (1).exe
C:\WINDOWS\System32\Tasks\McAfee
C:\ProgramData\DP45977C.lfl
CMD: ipconfig /flushdns
EmptyTemp:

 

Before I run it and post the log would you knowledegable folks agree with this fix as appropriate?

 

I have closed the Twitter account but something is amiss. Yesterday I noticed that Internet Explorer had opened a wondow and done a Bing search on holidays in Taiwan or something - I never use Explorer!

 

Any advice gratefully received, I am not sure I trust the other forum's (not a Bleeping Computer one's) experts!  :devil:  :guitar: 



BC AdBot (Login to Remove)

 


#2 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,729 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:01:31 AM

Posted 05 May 2017 - 06:29 AM

PhilLatterly:
 
No qualified Malware Response Team member here at Bleeping Computer is going to assess a FRST fix "as appropriate" without having analyzed your FRST logs.
 
We strongly discourage people from posting the same problem(s) in multiple Forums.  In fact, we normally close such topics to avoid confusion.  "Too many cooks in the kitchen!" :)
 
You don't state what Forum you posted in, nor the name of the Malware Helper assisting you.  If you want help here, you will have to conclude that topic on the other Forum, and open a new topic here.  You should follow the instructions posted here, including the posting of fresh FRST logs, before opening your new topic here.
 
To avoid any unnecessary duplication of effort and avoid confusion, I am concluding this topic.
 
Thank you and have a great day.
 
Regards,
-Phil


Member of the Unified Network of Instructors and Trusted Eliminators





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users