Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Persistent Malware Problem


  • Please log in to reply
2 replies to this topic

#1 brucehk

brucehk

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:14 PM

Posted 12 July 2017 - 10:33 AM

I've managed to pick up a piece of very persistent Malware that is occasionally redirects Firefox to undesirable websites. I'm running Windows 7 Ultimate 64-bit. Here's what I've done so far:

 

Scanned with my regular anti-virus software, which is AVG. AVG found nothing significant.
So I Installed the following programs and used each to scan and clean my computer:
AdwCleaner
Hitman
Malware Bytes
Zemena Anti-Malware
TDSS Killer
SuperAnitSpyware
Spybot S&D

ThreatExpert

One or two found a couple of issues that seemed like the might be relevant and cleaned them up, but did not solve the problem. Otherwise these programs just found the usual list of tracking cookies and similarly minor issues.

I also uninstalled and reinstalled Firefox but since Firefox came back with all my favorites, plug-ins and so on already in place uninstalling Firefox clearly doesn't really fully uninstall Firefox.

I went through all my browsers (IE, Safari, Chrome and Firefox) and made sure there were not any unknown plug-ins or extensions and I reset the search settings.

I looked through the list of installed programs on my computer very carefully and did not see anything that shouldn't be there.

Any suggestions on what to do next?

Thanks!
Bruce


Edited by brucehk, 12 July 2017 - 02:58 PM.


BC AdBot (Login to Remove)

 


#2 britechguy

britechguy

    Been there, done that, got the T-shirt


  • Moderator
  • 9,357 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Staunton, VA
  • Local time:07:14 PM

Posted 12 July 2017 - 10:36 AM

Bruce, I am going to escort you over to the "Am I Infected? What do I do?" forum.

 

We're clearly dealing with a lingering malware issue here and that's the best starting point for getting assistance with issues like this.


Edited by britechguy, 12 July 2017 - 10:38 AM.

Brian  AKA  Bri the Tech Guy (website in my user profile) - Windows 10 Home, 64-Bit, Version 1809, Build 17763 

     Presenting the willfully ignorant with facts is the very definition of casting pearls before swine.

             ~ Brian Vogel

 

 

 

              

 


#3 brucehk

brucehk
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:14 PM

Posted 12 July 2017 - 10:42 AM

Thank you Brian.

I also just re-ran Malwarebytes and it found something suspicious which I have now quarantined.

Below is the log of that scan.

I don't yet know if the issue has been resolved since it's an intermittent issue.

Thanks,
Bruce

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 7/12/17
Scan Time: 11:31 AM
Log File:
Administrator: Yes

-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.160
Update Package Version: 1.0.2350
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: bghooke-PC\bghooke

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 415466
Threats Detected: 1
Threats Quarantined: 1
Time Elapsed: 5 min, 35 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 1
PUP.Optional.WebStart.ShrtCln, C:\USERS\BGHOOKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\A6WLIC0F.BRUCE HOOKE\SESSIONSTORE-BACKUPS\RECOVERY.JS, Replaced, [474], [332782],1.0.2350

Physical Sector: 0
(No malicious items detected)

(end)






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users