Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected by d2buh1bfg584w.cloudfront.net uoutbound connection from msiexec


  • This topic is locked This topic is locked
24 replies to this topic

#1 seagrid

seagrid

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:10 PM

Posted 24 May 2017 - 09:35 PM

A couple of days ago I was working on my assignment using Adobe Illustrator and a bunch of other designing software, then my disk crashed. My laptop rebooted and says "Windows is repairing disk error." for abour 30minutes and then every programs is like wiped.

 

for example, my photoshop extension is asking me again for the activation code. my windows explorer now will not save the "view type" i selected, so if I chose a certain folder to view in "tiles" when I close and re-open that folder it goes back to whatever the default "view type" is.

This is where it all started, my thesis paper, which is in ms.word cannot be opened. it says I need to activate. I then search for KMS online, there is one by [Sadeem-PC]. I tried it, then I just knew something is off, a lot of weird glitches then I cancel every installing programs. Sure enough, my browser (chrome is my default browser) has weird ads. I was sure this is malware.

 

I then look at the control panel "add or remove program" and remove weird recently installed programs
I downloaded Malwarebytes and scan, and clean everything. after reboot, I run AdwCleaner and scan, then cleanup again.
Then I restarted all my browser settings.

But after that, every 3-5 hours or so, i get notification from Malwarebytes (thankfully it is still in premium trial mode so it can do real-time scan), that there is a threat blocked. it is an OutBound connection from d2buh1bfg584w.cloudfront.net. the folder location is msiexec. 

I also had tried https://malwaretips.com/blogs/cloudfront-net-virus-removal/ the step mentioned here. without the hitmanpro, because i have to activate trial license by filling in email. somehow it says it "cannot connect to internet, please allow hitman pro in firewall" which I did, and still do nothing.

currently the cloudfront.net malware trying to outbound connection still comes up.

Below i attached the FRS and Addition, and also the report of malwarebyte

Attached Files


Edited by seagrid, 24 May 2017 - 09:39 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:10 AM

Posted 26 May 2017 - 08:56 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Remove these programs in bold via the Control Panel > Programs > Programs and Features.
Unity (HKLM-x32\...\Unity) (Version: 5.3.5f1 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-2419577104-1097713708-3842730424-1002\...\UnityWebPlayer) (Version: 5.3.5f1 - Unity Technologies ApS)
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:


AppInit_DLLs: C:\Windows\system32\nvinitx.dll => No File
AppInit_DLLs: , C:\WINDOWS\system32\nvinitx.dll => No File
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
Handler: osf - No CLSID Value
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
FF HKU\S-1-5-21-2419577104-1097713708-3842730424-1002\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi => not found
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\mcafee\msc\npMcSnFFPl64.dll [No File]
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll [No File]
FF Plugin HKU\S-1-5-21-2419577104-1097713708-3842730424-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Sena\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-05-09] (Unity Technologies ApS)
CHR Extension: (Avast SafePrice) - C:\Users\Sena\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-05-24]
CHR Extension: (EditThisCookie) - C:\Users\Sena\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2017-05-24]
CHR Extension: (Avast Online Security) - C:\Users\Sena\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-05-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Sena\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-05-24]
CHR Extension: (Chrome Media Router) - C:\Users\Sena\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-24]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
Task: {0AC65B6A-D0E1-4557-B76C-C16A6A8BE8F0} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {BFEC3DB2-8686-4BF8-AE9A-BDECF9FB6A45} - no filepath
Task: {C30F71A4-5E64-4B68-9A04-44137E4CF275} - \Microsoft\Windows\DeviceSettings\Rtushvomery -> No File <==== ATTENTION
Task: {DDEC246E-7B0A-424B-B3A9-E6D3A982230C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {E3030AEF-6B0D-4495-9BF0-AD180752C26B} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {E488C078-BC09-4D46-83A2-8CF39619B75C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {F3FBF3A4-1A55-4681-BD4A-27B2A329E5A7} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {F69AB78E-201B-4FAA-A0E3-C45511D65332} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {FC155FC7-AA83-4AE3-8FAA-5781AA5A26F5} - System32\Tasks\R@1n-KMS\Office16ProPlus => wmic
FirewallRules: [{23C7DBB9-138C-4B46-866C-89DA7B5B9E69}] => (Allow) C:\Windows\KMS-R@1n.exe
FirewallRules: [{8F4D93B8-D78F-4845-AF08-B3E037A0991F}] => (Allow) C:\Windows\KMS-R@1n.exe
C:\Windows\System32\Tasks\R@1n-KMS
C:\Windows\KMS-R@1n.exe

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
---

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after the update you can remove the old versions of Java via the Control Panel > Programs > Programs and Features.
Java 8 Update 91 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)

Please let me know what problem persists with this computer.

#3 seagrid

seagrid
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:10 PM

Posted 26 May 2017 - 10:32 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Remove these programs in bold via the Control Panel > Programs > Programs and Features.
Unity (HKLM-x32\...\Unity) (Version: 5.3.5f1 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-2419577104-1097713708-3842730424-1002\...\UnityWebPlayer) (Version: 5.3.5f1 - Unity Technologies ApS)
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 

Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:


AppInit_DLLs: C:\Windows\system32\nvinitx.dll => No File
AppInit_DLLs: , C:\WINDOWS\system32\nvinitx.dll => No File
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
Handler: osf - No CLSID Value
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
FF HKU\S-1-5-21-2419577104-1097713708-3842730424-1002\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi => not found
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\mcafee\msc\npMcSnFFPl64.dll [No File]
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll [No File]
FF Plugin HKU\S-1-5-21-2419577104-1097713708-3842730424-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Sena\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-05-09] (Unity Technologies ApS)
CHR Extension: (Avast SafePrice) - C:\Users\Sena\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-05-24]
CHR Extension: (EditThisCookie) - C:\Users\Sena\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2017-05-24]
CHR Extension: (Avast Online Security) - C:\Users\Sena\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-05-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Sena\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-05-24]
CHR Extension: (Chrome Media Router) - C:\Users\Sena\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-24]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
Task: {0AC65B6A-D0E1-4557-B76C-C16A6A8BE8F0} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {BFEC3DB2-8686-4BF8-AE9A-BDECF9FB6A45} - no filepath
Task: {C30F71A4-5E64-4B68-9A04-44137E4CF275} - \Microsoft\Windows\DeviceSettings\Rtushvomery -> No File <==== ATTENTION
Task: {DDEC246E-7B0A-424B-B3A9-E6D3A982230C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {E3030AEF-6B0D-4495-9BF0-AD180752C26B} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {E488C078-BC09-4D46-83A2-8CF39619B75C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {F3FBF3A4-1A55-4681-BD4A-27B2A329E5A7} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {F69AB78E-201B-4FAA-A0E3-C45511D65332} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {FC155FC7-AA83-4AE3-8FAA-5781AA5A26F5} - System32\Tasks\R@1n-KMS\Office16ProPlus => wmic
FirewallRules: [{23C7DBB9-138C-4B46-866C-89DA7B5B9E69}] => (Allow) C:\Windows\KMS-R@1n.exe
FirewallRules: [{8F4D93B8-D78F-4845-AF08-B3E037A0991F}] => (Allow) C:\Windows\KMS-R@1n.exe
C:\Windows\System32\Tasks\R@1n-KMS
C:\Windows\KMS-R@1n.exe

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
---

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after the update you can remove the old versions of Java via the Control Panel > Programs > Programs and Features.
Java 8 Update 91 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)

Please let me know what problem persists with this computer.

 

First of all, THANK YOU SO MUCH to reply me quite quickly. I was worried my malwarebyte premium trial will end.

> I removed Unity, and when I tried to remove Unity WebPlayer it says "Unity WebPlayer could have been uninstalled, would you like to remove Unity WebPlayer from programs&features list?" which i click ok.

> I already run FRST with the fixlist you gave me. then it says i have to restart. I did. I attached the following fixlog.

> I reset-ed my chrome settings. (for god knows how many times now lol)

> I cannot update my Java. I opened your link and it says the following that I attached too.



> A little bit unrelated, I openen taskmanager, on process tab, there are "svcost.exe" around 80 of them, all of them vary from system, user, network.. is it normal?
> Did the fixlist you gave me, also fix my windows explorer error function? Or shoud I post this problem on other thread of this forum?
>> Problem with my windows explorer that I notice are : 
1) the search box on "taskbar" beside the window logo hangs. I cannot even type anything
2) the icons on my desktop runs havoc. sometimes it all resets and make every icon to be oriented to left-top side of the screen. this is frustating
3) the view type of window explorer doesn't save my setting. (as i mentioned in the first post)
4) I cannot set some programs as "run this program as default for this extension". such as, torrent files, .srt files, .sai files. (for .torrent i use uTorrent, for .srt I use SubtitleWorkshop, for .sai I use PainToolSAI) 
5) I don't know whether bleeping computer supports this, but if do please tell me how to fix it. magnet links are not working with my uTorrent program. usually when i click magnet icon it instantly opens it in uTorrent 


>>>For now I will see whether the cloudfront.net re-appears.

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:10 AM

Posted 26 May 2017 - 01:31 PM



My laptop rebooted and says "Windows is repairing disk error." for abour 30minutes and then every programs is like wiped.

Some disk sector must have been damaged and they were repair.

Check the integrity of the operating system files.
How to run sfc /Scannow
http://support.microsoft.com/kb/929833

When completed refer to the Microsoft article again and follow the instructions to view details of the System File Checker process

Post the contents of the sfcdetails.txt file for my review.

Let me know if the problem persists.

p.s.
You can forget about the Adobe npapi error message.

#5 seagrid

seagrid
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:10 PM

Posted 26 May 2017 - 07:22 PM

Attached File  Screenshot_4.png   315.68KB   0 downloads

 

My laptop rebooted and says "Windows is repairing disk error." for abour 30minutes and then every programs is like wiped.

Some disk sector must have been damaged and they were repair.

Check the integrity of the operating system files.
How to run sfc /Scannow
http://support.microsoft.com/kb/929833

When completed refer to the Microsoft article again and follow the instructions to view details of the System File Checker process

Post the contents of the sfcdetails.txt file for my review.

Let me know if the problem persists.

p.s.
You can forget about the Adobe npapi error message.

 

>I did ran sfc /scannow, it says "windows resource protection did not find any integrity violation"
I also typed in     findstr /c:"[SR]" %windir%\Logs\CBS\CBS.log >"%userprofile%\Desktop\sfcdetails.txt"    but nothing happened and there is no sfxdetails.txt in the desktop. i think it's because i moved my default desktop location.. but i don't know how to change it in the command. 

>So does that mean I don't have to update my Java? because it seems I cannot update nor check my version of Java because of the adobe npapi error message.

>I left my laptop on since the fixlist you gave me, it has been overnight and no sort of cloudfront.net is detected, BUT, malwarebytes did an automatic scan and found 4 new malwares. Question, how can these malware came? I didn't install anything new or browse weird websites. Are these false positives, which are the fix you gave? I put them to quarantine for now, let me know should i delete/clean them? I attached the screenshot of the report. Thank You



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:10 AM

Posted 27 May 2017 - 07:42 AM

The items found by Malwarebytes were part of the infection. Good thing you quarantined them.

---


Remove this program in bold via the Control Panel > Programs > Programs and Features.
Adobe Flash Player 1*NPAPI*Version:*Adobe Systems Incorporated)

While in the Add/Remove program list remove these if still present.

Java 8 Update 91 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)

Restart the computer normally.


Install Java you should be Version 131 or above.

#7 seagrid

seagrid
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:10 PM

Posted 27 May 2017 - 12:10 PM

>Oh Thank God! and Thank You!! I deleted the items in malwarebyte's quarantine.
 
>There is no Adobe Flash Player NPAPI, only Adobe Flash Professional which is a designing software I use to make flash animation.
 
>I uninstalled Java 8 Update 91 both the 64bit and the other one. Then I restarted and donwload an offline installer of java, installed the version 131. successfully. thank you.


>>For the sfc /scannow and some corrupted services / disk errors, i am still annoyed by the problem i mentioned above. and i cannot save a "sfcdetails.txt" because of reason that i mentioned too. question, should I just take this problem to other part of this forum? since it's been 1 day and the cloudfront.net malware has not been detected since then.. while the title of this post is "infected by cloudfront malware"
another question, would re-installing my windows solve this problem? so if all is tried / i am too dumb to follow the steps and/or confused, in the near future i back up all my data then do a reinstall of windows it would all be fine and well again


#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:10 AM

Posted 27 May 2017 - 01:12 PM


my windows explorer now will not save the "view type" i selected, so if I chose a certain folder to view in "tiles" when I close and re-open that folder it goes back to whatever the default "view type" is.


Can this page help you?
https://www.tenforums.com/tutorials/7923-change-folder-template-windows-10-a.html#option3

===

my photoshop extension is asking me again for the activation code


I do not know about this problem. Can you reinstall the application?

This page may help.
http://blogs.adobe.com/crawlspace/2012/07/help-with-downloading-installing-activating.html

#9 seagrid

seagrid
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:10 PM

Posted 27 May 2017 - 06:24 PM

 

> A little bit unrelated, I openen taskmanager, on process tab, there are "svcost.exe" around 80 of them, all of them vary from system, user, network.. is it normal?
> Did the fixlist you gave me, also fix my windows explorer error function? Or shoud I post this problem on other thread of this forum?
>> Problem with my windows explorer that I notice are : 
1) the search box on "taskbar" beside the window logo hangs. I cannot even type anything
2) the icons on my desktop runs havoc. sometimes it all resets and make every icon to be oriented to left-top side of the screen. this is frustating
3) the view type of window explorer doesn't save my setting. (as i mentioned in the first post)
4) I cannot set some programs as "run this program as default for this extension". such as, torrent files, .srt files, .sai files. (for .torrent i use uTorrent, for .srt I use SubtitleWorkshop, for .sai I use PainToolSAI) 
5) I don't know whether bleeping computer supports this, but if do please tell me how to fix it. magnet links are not working with my uTorrent program. usually when i click magnet icon it instantly opens it in uTorrent 


 

 

I am sorry, what I meant by they are still annoying me, are these problems. Especially the search box since I do "run" some programs by searching for it. I cannot even open commandprompt from it, because when i click on search, it will pop-up but it freezes. I cannot type anything, and just stuck like that. also, when i wanted to run calculator yesterday, I had to run "calc.exe" by pressing windows+R. Even that is lagging. It's like the windows 10's apps are crashing..

 

 

my windows explorer now will not save the "view type" i selected, so if I chose a certain folder to view in "tiles" when I close and re-open that folder it goes back to whatever the default "view type" is.


Can this page help you?
https://www.tenforums.com/tutorials/7923-change-folder-template-windows-10-a.html#option3

===

my photoshop extension is asking me again for the activation code


I do not know about this problem. Can you reinstall the application?

This page may help.
http://blogs.adobe.com/crawlspace/2012/07/help-with-downloading-installing-activating.html

 

I already googled and found that page too, sadly it is not what I meant. That page is just setting folder "A" to one of the "template folder" (which are general, video, pictures, music, etc) where, for example, we can set "general" to, say, "tiles", then "pictures" to "medium thumbnail". Then, set folder "A" to one of the template.

So if I set "general" as a template for folder "A" it will follow whatever viewtype "general" is.

My problem, however, is I want to set folder "A" to whatever viewtype I want, regardless of any template that I set on folder "A". 


In sumary,
Usually, normal user of windows will browse his/her windows explorer, when he come to a folder, he can change his "view type" and windows will save that setting for that specific folder, right? well mine doesn't, since the disk repairing.. 

=====

Sorry to state the unclear, what I meant was, that ever since the disk repairing, it's like the softwares are losing my "saved" data or "temp" files or "cache".. maybe.. I don't know the technical terms, it's just like it erased the data of my setting on that software... I logged in again on my photoshop extension and all is well


======

Anyway, the viewtypes is not much of a problem, I meant are those 5 points that i state on the very top of this reply.



#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:10 AM

Posted 28 May 2017 - 07:51 AM

Lets repair some important services.

Please Download Tweaking.com - Windows Repair from Here

  • Install and then run the program
  • Execute the instructions on Step 1 Important
  • Click Next on Step 2 Optional, do the Pre Scan skip Step 3 and 4 Optional for now.
  • On Step 5 Backup System Restore Do a Registry backup. When you have completed this click Next
  • Click Repairs - Open Repairs in the bottom right corner
  • Uncheck the All repair button then select just the item(s) listed below

  • 01 - Repair Registry Permissions
    03 - Reset Service permissions
    04 - Register System Files
    05 - Repair WMI
    10 - Remove Policies Set By Infections
    11 - Repair Start Menu Icons Removed by Infections
    12 - Repair Icons
    20 - Repair Windows Sidebar/Gadgets
    21 - Repair MSI (Windows Installer)
    26 - Restore Important Windows Services
    27 - Set Windows Service to Default Startup
    
  • Click the Start button and let the process run to completion. Copy any error messages into Notepad, Save it on your Desktop. ( Reboot if asked to do so)
  • Please copy and paste the Contents of this file on your next reply.

  • ===

    Restart the computer normally.

    How is the computer running now?

    =======================

    p.s.
    You can also add to the list above the File Association section if you think it can help.

    23 - Repair File Associations (12)
    .. 23.01 - Repair bat Associations
    .. 23.02 - Repair cmd Associations
    .. 23.03 - Repair com Associations
    .. 23.04 - Repair Directory Associations
    .. 23.05 - Repair Drive Associations
    .. 23.06 - Repair exe Associations
    .. 23.07 - Repair Folder Associations
    .. 23.08 - Repair inf Associations
    .. 23.09 - Repair lnk (Shortcut) Associations
    .. 23.10 - Repair msc Associations
    .. 23.11 - Repair reg Associations
    .. 23.12 - Repair scr Associations





#11 seagrid

seagrid
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:10 PM

Posted 28 May 2017 - 09:27 AM

OMGGG.. I followed every single instruction, I ran the repair and it STUCK. It freezes, cannot move my cursor. And i am too afraid to do anything else. Please what should I do?? Is it safe if I hard reset it or should I just wait?? OMG tomorrow is my thesis defense... I am panicking...!

#12 seagrid

seagrid
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:10 PM

Posted 28 May 2017 - 09:29 AM

This is what my.laptop screen looks like. Freezing.

Attached Files



#13 seagrid

seagrid
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:10 PM

Posted 28 May 2017 - 09:37 AM

#update

I got blue screen, it's too fast i cannot read it. But if im not wrong it says "your pc run into problems... (Didnt read the rest)" with a HUGE. :(. Smiley face

#14 seagrid

seagrid
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:10 PM

Posted 28 May 2017 - 09:47 AM

Then it sort of restarted and now i am waiting for it to boot..

It got in, BUT everything is black. I can see my cursor, i can move it around, but its just plain BLACK without desktop, shortcuts or anything. I can press alt ctrl del and it logs out and i can choose some options like task manager, sign out, etc. So i restarted the laptop through there.

It restarted like it is fine, then it's the same. I sign in, and black. Nothing appears.
I think the explorer is missing, how can I do anything without it???

#15 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:10 AM

Posted 28 May 2017 - 12:39 PM


Can you boot in Safe mode (with internet Connection if you can)?
http://www.digitalcitizen.life/4-ways-boot-safe-mode-windows-10

If the answer is yes then it's not missing Explorer it's most likely a driver problem or A video card problem.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users