Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

can i get a malware infection checkup


  • This topic is locked This topic is locked
11 replies to this topic

#1 skyathatoneguy

skyathatoneguy

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:36 AM

Posted 13 June 2017 - 03:16 PM

hey guys was refereed by someone to ask here for a malware infection checkup on my computer. some things have definitely been acting strange on my computer. also not sure if this is in the same category as malware but i have definitely been getting hacked lately my eBay got hacked and my Hotmail and maybe my Facebook it said i had a log in from a suspicious location but he didnt do anything on my Facebook like he did my eBay. i only log onto those from this computer and im pretty protective of my computer never click weird links or goto weird websites so not 100% sure. anyways any help with malware or help with being hacked would be greatly appreciated thank you!

made a new post as asked.

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:36 AM

Posted 14 June 2017 - 08:23 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

No malware was found on your logs.

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.


Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [No File
Task: {1B9BE425-0B26-436D-B1C9-2F92E5A2447E} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {226EA731-4DF0-4D9B-9714-2BFB6F94D64E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {2A41155C-7B6F-4870-B4B4-B811972E9263} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {2C887D7B-3E96-4912-9621-EA4B0DF9A170} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {3181EA62-9D3B-4F0E-84C7-3841510DD13F} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {3DE3D0E9-4723-4A1D-920B-0ACF13FF410F} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {559C2DC4-563A-475A-B7AB-317C69DF0F97} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {5E64B4EF-0025-47AB-8B47-690F8D9E89E5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {7F570490-8A91-4EC6-992B-382CB313CCAC} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {8AE41CFF-2C5B-4FB3-AC09-E58CD55AAF33} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {F08D7337-D65F-4D9D-879E-B4A987F2E496} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Sophos Virus Removal Tool

Please download Sophos Virus Removal Tool and save it to your computer's Desktop.
  • Right-click the icon and select Run as administrator.
  • Click Yes to accept any security warnings that may appear.
  • Click the Next button.
  • Select 'I accept the terms in the license agreement', then click Next twice.
  • Click the Install button and wait until the installation is complete.
  • Click the Finish button. The tool created a shortcut icon on the Desktop of your computer.
  • Now, double-click the Sophos Virus Removal Tool shortcut icon to run the tool.
  • Click Yes to accept any security warnings that may appear.
  • After it updates and a "Start Scanning" button appears in the lower right:
    • Disconnect from the Internet or physically unplug your Internet cable connection.
    • Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
    • Temporarily disable your anti-virus and real-time anti-spyware protection.
  • Click the "Start Scanning" button in the lower right to start the scan.
  • After starting the scan, do not use the computer until the scan has completed.
  • When finished, if it detected anything there will be a "Start Clean-up" button, click it and allow it to finish.
  • When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.
  • If any threats are found click Details, then View Log file (bottom left-hand corner).
  • Copy and paste its contents in your next reply and note any errors encountered.
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup.
  • Click Exit to close the program.
  • If no threats were found, please confirm that result.
Note: Whenever necessary, the log will be in the following location:

Windows Vista and above:
C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs\SophosVirusRemovalTool.log
===

If the problem persists I would change may passwords the to compromised site.
Make sure that the passwords are strong. (at least 8 Characters or more with some Upper case letters and numbers.)

Check this out.
https://lastpass.com/generatepassword.php

Keep me posted.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:36 AM

Posted 20 June 2017 - 10:11 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

#4 skyathatoneguy

skyathatoneguy
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:36 AM

Posted 04 July 2017 - 07:36 AM

ok so i deleted the program thought i was done with it so re downloaded and scaned heres the 2 new files. going to start your steps now

Attached Files


Edited by skyathatoneguy, 04 July 2017 - 07:37 AM.


#5 skyathatoneguy

skyathatoneguy
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:36 AM

Posted 04 July 2017 - 07:41 AM

heres the fixlog

EDIT: Also attached a pic just to show i downloaded and ran that virus program i followed all the steps disconnected from the internet turned off my antivirus and still didn't find any results. i haven't had any problems in the last few days but im still very worried the hacker was able to somehow find my password after i changed it 3 separate times so i know there was something going on with this computer. if you have any other ideas im willing to try them definitely dont mind since ive owned this computer for like at least 5 years and never really had a checkup.

Thanks again and happy 4th of july!

Attached Files


Edited by skyathatoneguy, 04 July 2017 - 08:06 AM.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:36 AM

Posted 04 July 2017 - 08:37 AM


Your logs are clean.

Make sure you have strong passwords.

https://www.howtogeek.com/195430/how-to-create-a-strong-password-and-remember-it/
===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===

#7 skyathatoneguy

skyathatoneguy
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:36 AM

Posted 04 July 2017 - 07:15 PM

this is just so strange im almost positive the hacker found out my passwords from somewhere. i looked over all your links and while my passwords arent as truly random as some of the ones in your links most of mine are extremely random and un guessable especially considering somehow he found out my password 3 times after changing it. i mean theres a lot of random characters in my passwords not just letters. anyways it sounds like my comps clean of virus's. is there anything else we can check while we are here like if my comp has any malware or anything like that? also noticed a few strange things going on like my mouse recently started acting weird  i tried updating it and reinstalling but still being weird like not letting me use the middle mouse button to open new tabs. i even tried borrowing my friends mouse (the exact same one ) and still had the problems. theres more then just that my minds just blanking right now.

anyways if you think theres more we can check on my computer please let me know ill gladly do it!!!! if not then thats ok thank you so much for all your help

either way have a happy 4th of july!



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:36 AM

Posted 05 July 2017 - 07:27 AM


Do you have this Newtab Addon?
https://addons.mozilla.org/en-US/firefox/addon/new-tab-tools/

If you disable it does you mouse work correctly without it?
===

Run this cleaning tool.

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zoek tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyclsid;
emptyffcache;
FFdefaults;
emptyiecache;
iedefaults;
emptychrcache;
CHRdefaults;
emptyalltemp;
emptyfolderscheck;delete
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.
===

Also, please provide an update on how the computer is behaving after running the above script.

#9 skyathatoneguy

skyathatoneguy
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:36 AM

Posted 05 July 2017 - 03:06 PM

i dont think i have the newtab addon i dont see it anywhere so pretty sure i dont. i ran zoek and attached the results file. have to go for now but will edit this msg after i get some testing in on the computer to let you know if i notice anything different

Attached Files



#10 skyathatoneguy

skyathatoneguy
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:36 AM

Posted 06 July 2017 - 04:31 AM

not sure if it was that last scan or what but now im having problems printing. mainly in Firefox i can print something on my computer but the second i try to print from Firefox i get An error occurred while printing.
i tried reinstalling Firefox went to about:config and reset print printer also deleted driver and reinstalled tried the hp printer fix tried all kinds of troubleshooting and i deleted and reinstalled Firefox like 3 different ways. any help would be greatly appreciated i use my printer a lot threw Firefox and would like to continue doing it lol thanks



#11 skyathatoneguy

skyathatoneguy
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:36 AM

Posted 06 July 2017 - 05:06 AM

ok so i did a system restore from the zoak system restore point and now i can print again my only problem was when i did the system restore firefox didnt work anymore so i had to reinstall and lost all my bookmarked favorite websites. kind of a big loss not gonna lie any idea if theres a way to get those websites back? if not its all good


EDIT: FOUND MY BOOKMARKS RECOVERED THEM ALL we are back to normal sorry about all the posts now currently my only problem is my mouse is still acting weird and has been this whole time even before the system restore


Edited by skyathatoneguy, 06 July 2017 - 05:10 AM.


#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:36 AM

Posted 06 July 2017 - 07:36 AM

Google this string.
middle mouse button unable to open new tabs

I did find many suggestions that you may try. Hope you find the problem.

===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===

Edited by nasdaq, 12 July 2017 - 06:38 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users