Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

JTI/SUSPECT!131076 REMOVAL (Assistance Needed)


  • Please log in to reply
6 replies to this topic

#1 AgentHoopla

AgentHoopla

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:55 AM

Posted 04 July 2017 - 09:20 PM

Hey All,

Just wanted to say thank you for reading my post. I am a little worried about an infection that I received recently on a brand new laptop that I bought literally a week ago.

I was browsing the internet (looking at news articles, etc) and all of a sudden the Anti-Virus program that I use "Mcafee Total Protection" had a small popup appear on the bottom right of my screen telling me something was quarantined. I thought this was weird, and suspicious. So I decided to take an additional look.

I have attached two pictures of my screen on what Mcafee told me the file was suspected to be and the file path.

http://imgur.com/hSrnFlZ
http://imgur.com/URSiAuD

I searched JTI/SUSPECT!131076 in google and got some disturbing results, it seems like a really bad worm. I have no idea on what programs that it was tied to, or how I could have gotten it.

So I went ahead and went into the file path on my computer and tried to find the file, and I did. I uploaded APPLEID-NOTIFICATION[766].pdf into VirusTotal and nothing came up as suspicious.

The 762 folder was created on 7/3/2017 at 8:37pm,the EXACT time Mcafee flagged it and quarantined the single file, so that tells me that once it was created, it was flagged and caught.

There were also a few more files (about 5 or 6) other files (in the 762 folder) named things such as Business Proposal!.Docx, MysteryShopper.PNG and other weird file names. I uploaded Business Proposal!.DocX into VirusTotal and only one program said it was some sort of Phishing Warning out of the 62 or so.

So, While the file was in Quarantine I updated Windows Defender, Mcafee and downloaded Malwarebytes and ran 5 Full System Scans.

First Scan: Mcafee Full System Scan - NO THREATS FOUND

Second Scan: Windows Defender Scan - NO THREATS FOUND

Third Scan: Windows Defender Offline Mode - NO THREATS FOUND

Fourth Scan: Malware Bytes - NO THREATS FOUND

Fifth Scan : Mcafee Full System Scan - NO THREATS FOUND

Sixth Scan: Windows Defender Full System Scan - NO THREATS FOUND

I than deleted the file APPLEID-NOTIFICATION[766].PDF via the Mcafee software from quarantine and went back to the file location of said worm to verify it was gone. The file was still there, but had a file size of 0KB. I than highlighted EVERYTHING (including the 5 or 6 weird file names) and used Mcafee's "File Shred" option to permanently delete them from my computer.

I wanted to write this post to get some input on the following questions

1) Is the virus still in my computer?

2) Did I do the correct order of operations for virus removal?

3) Should I worry about another possible infection that might reoccur?

4) Is my system compromised?

5) What do I do now?
 

 



BC AdBot (Login to Remove)

 


#2 jwoods301

jwoods301

  • Members
  • 1,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:55 PM

Posted 04 July 2017 - 09:23 PM

Do the following...

Download and run AdwCleaner -

https://www.bleepingcomputer.com/download/adwcleaner/

Download and run the portable version of Zemana Anti-Malware

https://www.zemana.com/en-US/Download

Download and run Junkware Removal Tool -

https://www.bleepingcomputer.com/download/junkware-removal-tool/

Create a System Restore point first.



#3 AgentHoopla

AgentHoopla
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:55 AM

Posted 04 July 2017 - 09:45 PM

Do the following...

Download and run AdwCleaner -

https://www.bleepingcomputer.com/download/adwcleaner/

Download and run the portable version of Zemana Anti-Malware

https://www.zemana.com/en-US/Download

Download and run Junkware Removal Tool -

https://www.bleepingcomputer.com/download/junkware-removal-tool/

Create a System Restore point first.

 

AdwCleaner - LOGFILE BELOW

 

# AdwCleaner v6.047 - Logfile created 04/07/2017 at 16:33:48
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-07-04.2 [Server]
# Operating System : Windows 10 Home  (X64)
# Username : J-fow - SPECTRE
# Running from : C:\Users\J-fow\Downloads\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****



***** [ Files ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****



***** [ Web browsers ] *****

[-] [C:\Users\J-fow\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\J-fow\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [969 Bytes] - [04/07/2017 16:33:48]
C:\AdwCleaner\AdwCleaner[S0].txt - [1522 Bytes] - [04/07/2017 16:32:31]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1114 Bytes] ##########

 

Zemana - Clean

 

Junkware Removal Tool - LOGFILE BELOW

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 10 Home x64
Ran by J-fow (Administrator) on Tue 07/04/2017 at 16:37:12.20
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0




Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 07/04/2017 at 16:39:18.15
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 



#4 jwoods301

jwoods301

  • Members
  • 1,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:55 PM

Posted 05 July 2017 - 01:27 AM

Looks like your system is clean.



#5 AgentHoopla

AgentHoopla
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:55 AM

Posted 05 July 2017 - 02:01 AM

Did I do the right things when the worm was discovered from the anti virus program?

 

Thank you for the useful tools


Edited by AgentHoopla, 05 July 2017 - 02:02 AM.


#6 jwoods301

jwoods301

  • Members
  • 1,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:55 PM

Posted 05 July 2017 - 02:07 AM

Did I do the right things when the worm was discovered from the anti virus program?

 

Thank you for the useful tools

 

I think you did nice job.



#7 AgentHoopla

AgentHoopla
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:55 AM

Posted 05 July 2017 - 02:10 AM

 

Did I do the right things when the worm was discovered from the anti virus program?

 

Thank you for the useful tools

 

I think you did nice job.

 

Thank you for the information. Ill make sure to keep your tools in mind for anything that comes up in the future.

 

Hope you had a good 4th of July!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users