Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

http://destyy.com/qNHR3u


  • Please log in to reply
9 replies to this topic

#1 TheUnspeakable

TheUnspeakable

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:40 PM

Posted 10 August 2017 - 07:41 AM

Every day a tab opens up on my browser (Firefox) to http://destyy.com/qNHR3u
 
Thankfully NoScript and AdBlock have prevented it from installing anything from that page but that tab still opens.
 
I found a task set in Task Scheduler for FreeAntiVirus that opened the page.  I deleted that.  It still happens.
 
Windows 10's built it antivirus found nothing.  Nothing else I have found anything.

Edited Dangerous link ~~~boopme

Edited by boopme, 10 August 2017 - 09:50 AM.


BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 56,082 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:11:40 AM

Posted 10 August 2017 - 08:27 AM

Related info:  https://www.quora.com/Computer-Security-How-can-I-remove-shorte-st-virus .  Note that I am not advising you to follow any suggestions in that article...it's provided only for informational purposes.  Someone with more knowledge than I will assist you in this forum :).

 

Louis



#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,404 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:40 PM

Posted 10 August 2017 - 09:56 AM

Hello, this is an Adware... Please run these next. Skip TDSSKiller.

MiniToolBox
  • Please download MiniToolBox, save it to your desktop and run it.
  • Checkmark the following checkboxes:
    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP conf[iguration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Installed Programs
    • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
SXvL3ZF.pngTDSSKiller
  • Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
zcMPezJ.pngAdwCleaner
  • Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
lv0mVRW.pngJunkware Removal Tool
  • Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
And finally I'd like us to scan your machine with ESET OnlineScan:
  • It is recommended to turn off your antivirus program. Click on the E5rfZI9.png button to see which antivirus is currently enabled:
c4VVzVO.png
  • Turn off your antivirus program. See here how to do this.
  • Check the option beside: Enable detection of potentially unwanted applications.
  • Now click on Advanced Settings and make sure that the option Clean threats automatically is NOT checked, and select the following:
Enable detection of potentially unsafe applications
Enable detection of suspicious applications
Scan archives
Enable Anti-Stealth Technology
  • Click on the Change button and select only Operating memory, Autostart locations and drive C:\ to be scanned.
yKulboi.jpg
  • Push the dtoGjAL.png button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
8L8IBHJ.png
  • When the scan completes a list of found threats will open automatically (if any malicious files are found).
imxEgHt.png
  • Push thecRhRYZ8.png button and save the file to your desktop using a unique name, such as ESETScan.txt. Include the contents of this report in your next reply.
  • Push the 9IjfdXq.png button.
  • Check the box beside RHzfZB1.png to uninstall the application when closed.
  • Push Vc3btaC.png and the close the application clicking the X in upper right corner.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 TheUnspeakable

TheUnspeakable
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:40 PM

Posted 10 August 2017 - 12:55 PM

MTB.txt

Spoiler

 

AdwCleaner.txt

Spoiler

 

Junkware Removal found nothing

 

ESet found nothing

 

Thankyou,

-TheUnspeakable


Edited by TheUnspeakable, 10 August 2017 - 12:56 PM.


#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,404 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:40 PM

Posted 10 August 2017 - 01:32 PM

Rerun ADWCleaner and select clean. Reboot and see if its gone


Edited by boopme, 10 August 2017 - 01:32 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 TheUnspeakable

TheUnspeakable
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:40 PM

Posted 10 August 2017 - 01:50 PM

Done, I guess I find out if it works in 24 hours or so.

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,404 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:40 PM

Posted 10 August 2017 - 02:01 PM

OK, let us know.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 TheUnspeakable

TheUnspeakable
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:40 PM

Posted 12 August 2017 - 07:59 PM

Well, it's been well over a day and no new tabs have opened.  Thankyou boopme!



#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,404 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:40 PM

Posted 13 August 2017 - 08:31 PM

You're welcome from us all!!
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 h_ackcare

h_ackcare

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:40 AM

Posted 10 September 2017 - 07:57 AM

The following might help:

1. Using schtasks.exe to query all scheduled tasks (command: schtasks.exe /Query).

2. Identify malicious tasks.

3. Using schtasks.exe to remove malicious tasks (command: schtasks.exe /Delete  /TN Taskname).






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users