Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I totally messed up something


  • Please log in to reply
20 replies to this topic

#1 hrolsons

hrolsons

  • Members
  • 230 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 08 June 2017 - 09:49 PM

I downloaded something called IP Scanner from bleeping computer and then somehow my computer went berserk and install a different version of Windows.

 

Not sure what in the world is going on.  Can someone please help me run some scans?



BC AdBot (Login to Remove)

 


#2 jwoods301

jwoods301

  • Members
  • 1,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:38 AM

Posted 08 June 2017 - 09:53 PM

Have you tried using System Restore?



#3 hrolsons

hrolsons
  • Topic Starter

  • Members
  • 230 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 08 June 2017 - 10:08 PM

It only restores 3 days and this started about 8 days ago.  I need to keep the restore on a jump drive, if possible.



#4 jwoods301

jwoods301

  • Members
  • 1,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:38 AM

Posted 08 June 2017 - 11:21 PM

Wait for a malware expert to help you.

 

However, in looking at your content history, you seem to get a lot of security issues.

 

@Broni posts this at the end of every thread he has helped you with...

 

How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry3187642

 

Do you ever follow the recommendations?



#5 hrolsons

hrolsons
  • Topic Starter

  • Members
  • 230 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 09 June 2017 - 12:16 AM

Many of my posts have been for different work machines.  The post you listed is quite old, but all my users never click on attachments, they run Malwarebytes and eSet online often.

 

How can you protect 1 machine on a network, or workgroup, from getting infected by a machine that IS infected on that network or workgroup?

Can plugging in an external USB or external hard drive and looking at the contents in file explorer, but not running anything, be a problem?  What do you recomend to scan the external USB or external hard drive once it is plugged in?



#6 hrolsons

hrolsons
  • Topic Starter

  • Members
  • 230 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 09 June 2017 - 12:32 AM

I can;t even get Malwarebytes to run.



#7 jwoods301

jwoods301

  • Members
  • 1,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:38 AM

Posted 09 June 2017 - 12:44 AM

Many of my posts have been for different work machines.  The post you listed is quite old, but all my users never click on attachments, they run Malwarebytes and eSet online often.

 

How can you protect 1 machine on a network, or workgroup, from getting infected by a machine that IS infected on that network or workgroup?

Can plugging in an external USB or external hard drive and looking at the contents in file explorer, but not running anything, be a problem?  What do you recomend to scan the external USB or external hard drive once it is plugged in?

 

Actually, the last time those recommendations were posted in one of your threads was March....

 

The goal should be to protect all machines on the network. You might research the term "layered security".

 

An external USB drive or external hard drive can infect a system, and then use that system to infect the network.

 

Some AV/AM products will offer to scan external devices on connection.

 

This article has some insight, and suggestions...

 

https://www.raymond.cc/blog/automatic-scan-for-virus-when-plug-in-usb-flash-drive/

 

BTW, I searched BleepingComputer's downloads section and could find nothing with "IP Scanner" in the software title.


Edited by jwoods301, 09 June 2017 - 12:51 AM.


#8 hrolsons

hrolsons
  • Topic Starter

  • Members
  • 230 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 09 June 2017 - 03:25 AM

I will read it.(again, pretty old link)

 

Turns out, "IP Scanner" was from FileHippo.


Edited by hrolsons, 09 June 2017 - 03:35 AM.


#9 jwoods301

jwoods301

  • Members
  • 1,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:38 AM

Posted 09 June 2017 - 03:51 PM

I will read it.(again, pretty old link)

 

Turns out, "IP Scanner" was from FileHippo.

 

If it was this tool from FileHippo (4 search results on FileHippo - this was the first), there is nothing wrong with it...

 

http://filehippo.com/download_advanced_ip_scanner/

 

I scanned it with my tools, and uploaded it to VirusTotal.com and it's totally clean.

 

I ran the tool in a test environment, and the scan itself makes no changes.

 

However, changes can be made to the entries in the scan list.

 

If everything was running fine on your system before you used this tool, it is highly unlikely you are infected, and highly likely you made a change that trashed your system.

 

If you are using Windows 10, your best bet to start would be a refresh install using the Keep my files option...

 

http://www.tenforums.com/tutorials/4090-refresh-windows-10-a.html

 

Read the instructions carefully, and follow them to the letter.

 

Before making any changes to your system, at the least, manually create a System Restore point.

 

Doing frequent full disk image backups and backing up volatile personal files on a daily basis is a best practice you might consider


Edited by jwoods301, 09 June 2017 - 04:06 PM.


#10 hrolsons

hrolsons
  • Topic Starter

  • Members
  • 230 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 09 June 2017 - 04:17 PM

Thank you for all your help.  I'd like to isolate the problem.  

 

How do I get a malware expert to help me run some scans???



#11 jwoods301

jwoods301

  • Members
  • 1,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:38 AM

Posted 09 June 2017 - 04:37 PM

Go to the malware forum and read the Preparation Guide...

 

https://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/



#12 hrolsons

hrolsons
  • Topic Starter

  • Members
  • 230 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 11 June 2017 - 02:19 PM

Got impatient and decided to run what https://www.bleepingcomputer.com/forums/u/187687/broni/ in my last post.

 

 


 Results of screen317's Security Check version 1.014 --- 12/23/15  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Windows Defender     
Malwarebytes         
360 Total Security   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Secunia PSI (3.0.0.11005)   
 Java 8 Update 121  
 Java version 32-bit out of Date! 
 Adobe Flash Player 25.0.0.171  
 Mozilla Firefox (51.0) 
 Google Chrome (58.0.3029.110) 
 Google Chrome (SetupMetrics...) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamtray.exe  
 Windows Defender MSASCuiL.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 
 
Farbar Service Scanner Version: 27-01-2016
Ran by basic (ATTENTION: The logged in user is not administrator) on 11-06-2017 at 12:30:08
Running from "C:\Users\basic\Downloads"
Microsoft Windows 10 Home  (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
Security Center:
============
 
 
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.
 
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****
 
Tried to run MiniToolBox and my antivirus, "Total 360" said that it was trying to change a password that it shouldn't, so I didn't run it.


#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:38 AM

Posted 19 June 2017 - 04:03 PM

Lets give this a try

Please download Rkill by Grinler and save it to your desktop.
  • Link 1
  • Link 2
    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista/Windows7, right-click on it and Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.
Malwarebytes Anti-Malware Free and Malwarebytes Chameleon

----------
  • Download Malwarebytes Anti-Malware Free and save it to your desktop
  • Double click the desktop icon, click Run, then OK
  • Click Next
  • Select I accept the agreement then continue to click Next then finally click Install
  • Uncheck Enable free trial of Malwarebytes Anti-Malware Premium if you do not want the free trial of the paid version, then click Finish
  • If you are notified the Database is out of date click Update Now
  • Click Scan Now >>
----------
  • Note: If Malwarebytes will not launch please do the following to launch Malwarebytes Chameleon:
  • Press the Windows Key + E at the same time
  • Navigate to and double click the C:\Program Files\Malwarebytes Anti-Malware\Chameleon folder
  • Double click one of the four following files (if one does not work try the next one, and so on) - A black command window will open. Follow those instructions until the Malwarebytes program starts the scan

mbam-chameleon.scr
mbam-chameleon
mbam-chameleon.exe
mbam-chameleon.com

----------
  • When completed click the down arrow on Export Log and select Text file (*.txt)
  • Save the file to your desktop as MBAM
  • Click Apply Actions then restart your computer if requested
  • Copy and past the contents of MBAM.txt in your reply

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 hrolsons

hrolsons
  • Topic Starter

  • Members
  • 230 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 20 June 2017 - 04:25 PM

It won't let me run as Administrator.  All it says when I right click is "Run in Sandbox".  I can't even post a screenshot here.

 

It won't even let me log in to Windows as Administrator, just Basic.  And, it flips out if I try to go into Control Panel, safe mode or not.



#15 jwoods301

jwoods301

  • Members
  • 1,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:38 AM

Posted 20 June 2017 - 04:35 PM

See post #9 on doing a refresh install.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users