Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Gave admin rights to a virus by mistake.


  • Please log in to reply
6 replies to this topic

#1 akki28

akki28

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 23 August 2017 - 12:06 PM

A few days ago I plugged in a pendrive to my win7x64 PC. Here was a virus with icon of folder so I tried to open it and it asked me admin permission . Because some folders in C drive require admin permission so I allowed it. Since then I have unstable PC . I usually see blue screen , laggy PC , sometimes mouse and keyboard stop responding and I am unable to update Windows too. I tried to install a few antivirus but either installation fails or PC freezes after installation of av In short I am unable to scan my PC by any means. I tried windows defender iso boot but it asked me to update first and there was no means to connect to internet because wifi was not working and USB tethering didn't do any good. Please help me to make my OS stable.
Note: I never used antivirus before the virus attack. I have installed sp1 too.


Edited by hamluis, 23 August 2017 - 12:28 PM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,391 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:12:34 AM

Posted 23 August 2017 - 12:38 PM

If you have access to another computer download the requested programs and install these in the computer with the problem.  It is very important that you run the programs in the order they are listed.
 
The tools I'm going to suggest can't be used in the Windows forums, for this reason I will request to have this topic to the Am I Infected, What Do I Do forum.
 
Please download and run RKill

RKill is an easy to use tool that kills known processes and removes Windows Registry entries that stop a user from using their normal security applications.  RKill will not remove any of the processes it stops, you will need to run security scans to remove any malware found.  These settings will remain until the computer is rebooted, for this reason you must run your security applications before the computer is rebooted.  

Please download RKill and install it.

RKill will start immediately after it is downloaded and installed.

When RKill has finished running a log will be displayed showing all of the processes that were terminated by RKill.

AttentionAt this time you need to run your security applications listed below.  Do not turn of the computer until all of the scans have been run.

While RKill is running you may see a message from the malware stating that the program could not be run because it is a virus or is infected.  This is the malware trying to protect itself.  Two methods that you can try to get past this and allow RKill to run are:

1)  Rename Rkill so that it has a .com extension.

2)  Download a version that is already renamed as files that are commonly white-listed by malware. The main Rkill download page contains individual links to renamed versions.  

After the application has run successfully and you have run the requested scans you should reboot the computer to restore the processes and Windows Registry entries.
 
 
Please download Malwarebytes Anti-Malware 2.2.

1)  Double-click on mbam-setup.exe, then click on Run to install the application, follow the prompts through the installation.

2)  Malwarebytes will automatically open, click on Update Now to update to the newest definitions.

3)  Click on Settings, when Settings opens click on Detection and Protection, then under Non-Malware Protection, click on the down arrow for PUP (Potentially Unwanted Programs) detections and select Treat detections as malware.  Under Detection Options place a check in the box for Scan for rootkits

4)  Click on Scan (next to Settings), then click on Scan Now.  The scan will automatically run now.

5)  When the scan is complete the results will be displayed.  Click on Delete All.

6)  Please post the Malwarebytes log.

To find the Malwarebytes log do the following.  Copy and paste the log in your topic.

*Open Malwarebytes Anti-Malware.
*Click the Scan Tab at the top.
*Click the View detailed log link on the right.
*Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
*Alternatively, you can click Export and save the log as a .txt file on yout Desktop or another location.
*Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
 
 
Please download AdwCleaner and install it.

When AdwCleaner opens click on Scan to start the scan.

Once the search is complete a list of the pending items will be displayed.  If you see any which you do not want removed, remove the check mark next to it.

If there are no malicious programs are found you will receive a message informing you of this.  
 
Click on Clean to remove the selected items.  If you have any questions about any items in the list please copy and paste the list in your topic so we can review it.  
 
You will receive a message telling you that all programs will be closed so that the infections can be removed.  Click on OK.  The computer will be restarted to complete the cleaning process.
 
When the cleaning process is complete a log of what was removed will be presented.  Please copy and the paste this log in your topic.


Please run the ESET OnlineScan

This scan takes quite a long time to run, so be prepared to allow this to run
till it is completed.

***Please note. If you run this scan using Internet Explorer you won't need
to download the Eset Smartinstaller.***

ESET Online Scanner

  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that
    here
    .
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • If threats are found click on Save to text file in Documents.
  • Open Documents, find the report, copy and paste it in your topic.

Edited by dc3, 23 August 2017 - 12:40 PM.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#3 akki28

akki28
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 24 August 2017 - 09:13 AM

Sir I followed your steps...

First i installed rkill and run it . After that as soon as i clicked scan now on malwarebytes antimalware my pc showed blue screen and rebooted.

Then i again ran rkill and scanned with malwarebytes and it found 101 threats the details you asked are as follow:

rkill:

Rkill 2.9.1 by Lawrence Abrams (Grinler)
Copyright 2008-2017 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 08/24/2017 01:32:32 PM in x64 mode.
Windows Version: Windows 7 Enterprise Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * Cannot edit the HOSTS file.
 * Permissions Fixed. Administrators can now edit the HOSTS file.
 
 * HOSTS file entries found: 
 
  128.199.121.125                   sknisaadp.com
  128.199.121.125                   onhax.net
  127.0.0.2                   www.onhax.net
  128.199.121.125                   do2dear.net
  128.199.121.125                   cloudanna.com
  128.199.121.125                   www.fullstuff.net
  128.199.121.125                   www.masterkreatif.com
  128.199.121.125                   keyscity.net
  128.199.121.125                   piratecity.net
 
Program finished at: 08/24/2017 01:35:35 PM
Execution time: 0 hours(s), 3 minute(s), and 3 seconds(s)
 
 
 
malwarebytes antimalware:
Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 8/24/17
Scan Time: 1:36 PM
Log File: 1bff14b6-88a3-11e7-b619-000000000000.json
Administrator: Yes
 
-Software Information-
Version: 3.2.2.2018
Components Version: 1.0.186
Update Package Version: 1.0.2649
License: Free
 
-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: AKSHAY-PC\AKSHAY
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 306926
Threats Detected: 110
Threats Quarantined: 110
Time Elapsed: 9 min, 21 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 11
PUP.Optional.SearchManager, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pilplloabdedfmialnfchjomjmpjcoej, Quarantined, [516], [260991],1.0.2649
PUP.Optional.SearchManager, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\pilplloabdedfmialnfchjomjmpjcoej, Quarantined, [516], [260991],1.0.2649
PUP.Optional.ProductSetup, HKU\S-1-5-21-1659720006-1261659101-388190566-1000\SOFTWARE\PRODUCTSETUP, Quarantined, [13942], [242047],1.0.2649
PUP.Optional.WinYahoo, HKU\S-1-5-21-1659720006-1261659101-388190566-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Quarantined, [71], [247049],1.0.2649
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Quarantined, [71], [247049],1.0.2649
PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, Quarantined, [71], [247049],1.0.2649
PUP.Optional.InstallCore, HKU\S-1-5-21-1659720006-1261659101-388190566-1000\SOFTWARE\csastats, Quarantined, [2], [260986],1.0.2649
PUP.Optional.SearchManager, HKU\S-1-5-21-1659720006-1261659101-388190566-1000\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pilplloabdedfmialnfchjomjmpjcoej, Quarantined, [516], [183362],1.0.2649
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0CE02FFA-A6B0-46F6-BA2F-BD32C3630126}, Quarantined, [71], [247047],1.0.2649
PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0CE02FFA-A6B0-46F6-BA2F-BD32C3630126}, Quarantined, [71], [247047],1.0.2649
PUP.Optional.WinYahoo, HKU\S-1-5-21-1659720006-1261659101-388190566-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0CE02FFA-A6B0-46F6-BA2F-BD32C3630126}, Quarantined, [71], [247047],1.0.2649
 
Registry Value: 4
PUP.Optional.ProductSetup, HKU\S-1-5-21-1659720006-1261659101-388190566-1000\SOFTWARE\PRODUCTSETUP|TB, Quarantined, [13942], [242047],1.0.2649
PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, Quarantined, [71], [247049],1.0.2649
PUP.Optional.WinYahoo, HKU\S-1-5-21-1659720006-1261659101-388190566-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0CE02FFA-A6B0-46F6-BA2F-BD32C3630126}|URL, Quarantined, [71], [247047],1.0.2649
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0CE02FFA-A6B0-46F6-BA2F-BD32C3630126}|URL, Quarantined, [71], [247049],1.0.2649
 
Registry Data: 3
PUP.Optional.WinYahoo, HKU\S-1-5-21-1659720006-1261659101-388190566-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Replaced, [71], [292990],1.0.2649
PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Replaced, [71], [293458],1.0.2649
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Replaced, [71], [293458],1.0.2649
 
Data Stream: 0
(No malicious items detected)
 
Folder: 11
PUP.Optional.SearchManager, C:\Users\AKSHAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.56_0\content\images\weather, Quarantined, [516], [331417],1.0.2649
PUP.Optional.SearchManager, C:\Users\AKSHAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.56_0\content\images\icons, Quarantined, [516], [331417],1.0.2649
PUP.Optional.SearchManager, C:\Users\AKSHAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.56_0\content\images, Quarantined, [516], [331417],1.0.2649
PUP.Optional.SearchManager, C:\Users\AKSHAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.56_0\content\fonts, Quarantined, [516], [331417],1.0.2649
PUP.Optional.SearchManager, C:\Users\AKSHAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.56_0\skin\icons, Quarantined, [516], [331417],1.0.2649
PUP.Optional.SearchManager, C:\Users\AKSHAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.56_0\_metadata, Quarantined, [516], [331417],1.0.2649
PUP.Optional.SearchManager, C:\Users\AKSHAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.56_0\content, Quarantined, [516], [331417],1.0.2649
PUP.Optional.SearchManager, C:\Users\AKSHAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.56_0\vendor, Quarantined, [516], [331417],1.0.2649
PUP.Optional.SearchManager, C:\Users\AKSHAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.56_0\skin, Quarantined, [516], [331417],1.0.2649
PUP.Optional.SearchManager, C:\Users\AKSHAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.56_0, Quarantined, [516], [331417],1.0.2649
PUP.Optional.SearchManager, C:\USERS\AKSHAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\EXTENSIONS\pilplloabdedfmialnfchjomjmpjcoej, Quarantined, [516], [331417],1.0.2649
 
File: 81
PUP.Optional.SearchManager, C:\USERS\AKSHAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\chrome-extension_pilplloabdedfmialnfchjomjmpjcoej_0.localstorage, Quarantined, [516], [260990],1.0.2649
PUP.Optional.SearchManager, C:\Users\AKSHAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.56_0\content\fonts\HelveticaNeue-Thin.otf, Quarantined, [516], [331417],1.0.2649
PUP.Optional.SearchManager, C:\Users\AKSHAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.56_0\content\fonts\HelveticaNeueLT-Roman.woff, Quarantined, [516], [331417],1.0.2649
PUP.Optional.SearchManager, C:\Users\AKSHAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.56_0\content\fonts\neue-bold.woff, Quarantined, [516], [331417],1.0.2649
PUP.Optional.SearchManager, C:\Users\AKSHAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.56_0\content\fonts\neue.woff, Quarantined, [516], [331417],1.0.2649
PUP.Optional.SearchManager, C:\Users\AKSHAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.56_0\content\images\icons\128.png, Quarantined, [516], [331417],1.0.2649
PUP.Optional.SearchManager, C:\Users\AKSHAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.56_0\content\images\icons\16.png, Quarantined, [516], [331417],1.0.2649
PUP.Optional.SearchManager, C:\Users\AKSHAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.56_0\content\images\icons\48.png, Quarantined, [516], [331417],1.0.2649
PUP.Optional.SearchManager, C:\Users\AKSHAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.56_0\content\images\icons\close.png, Quarantined, [516], [331417],1.0.2649
PUP.Optional.SearchManager, C:\Users\AKSHAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.56_0\content\images\icons\favicon.ico, Quarantined, [516], [331417],1.0.2649
PUP.Optional.SearchManager, C:\Users\AKSHAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.56_0\content\images\icons\trends.svg, Quarantined, [516], [331417],1.0.2649
PUP.Optional.SearchManager, C:\Users\AKSHAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.56_0\content\images\weather\01d.svg, Quarantined, [516], [331417],1.0.2649
PUP.Optional.SearchManager, C:\Users\AKSHAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.56_0\content\images\weather\01n.svg, Quarantined, [516], [331417],1.0.2649
PUP.Optional.SearchManager, C:\Users\AKSHAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.56_0\content\images\weather\02d.svg, Quarantined, [516], [331417],1.0.2649
PUP.Optional.SearchManager, C:\Users\AKSHAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.56_0\content\images\weather\02n.svg, Quarantined, [516], [331417],1.0.2649
PUP.Optional.SearchManager, C:\Users\AKSHAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.56_0\content\images\weather\03d.svg, Quarantined, [516], [331417],1.0.2649
PUP.Optional.SearchManager, C:\Users\AKSHAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.56_0\content\images\weather\03n.svg, Quarantined, [516], [331417],1.0.2649
PUP.Optional.SearchManager, C:\Users\AKSHAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.56_0\content\images\weather\04d.svg, Quarantined, [516], [331417],1.0.2649
PUP.Optional.SearchManager, C:\Users\AKSHAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.56_0\content\images\weather\04n.svg, Quarantined, [516], [331417],1.0.2649
PUP.Optional.SearchManager, C:\Users\AKSHAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.56_0\content\images\weather\09d.svg, Quarantined, [516], [331417],1.0.2649
PUP.Optional.SearchManager, C:\Users\AKSHAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.56_0\content\images\weather\09n.svg, Quarantined, [516], [331417],1.0.2649
PUP.Optional.SearchManager, C:\Users\AKSHAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.56_0\content\images\weather\10d.svg, Quarantined, [516], [331417],1.0.2649
PUP.Optional.SearchManager, C:\Users\AKSHAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.56_0\content\images\weather\10n.svg, Quarantined, [516], [331417],1.0.2649
PUP.Optional.SearchManager, C:\Users\AKSHAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.56_0\content\images\weather\11d.svg, Quarantined, [516], [331417],1.0.2649
PUP.Optional.SearchManager, C:\Users\AKSHAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.56_0\content\images\weather\11n.svg, Quarantined, [516], [331417],1.0.2649
PUP.Optional.SearchManager, C:\Users\AKSHAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.56_0\content\images\weather\13d.svg, Quarantined, [516], [331417],1.0.2649
PUP.Optional.SearchManager, C:\Users\AKSHAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.56_0\content\images\weather\13n.svg, Quarantined, [516], [331417],1.0.2649
PUP.Optional.SearchManager, C:\Users\AKSHAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.56_0\content\images\weather\50d.svg, Quarantined, [516], [331417],1.0.2649
PUP.Optional.SearchManager, C:\Users\AKSHAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.56_0\content\images\weather\50n.svg, Quarantined, [516], [331417],1.0.2649
PUP.Optional.SearchManager, C:\Users\AKSHAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.56_0\content\images\hero-bg.jpg, Quarantined, [516], [331417],1.0.2649
PUP.Optional.SearchManager, C:\Users\AKSHAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.56_0\content\images\bing.png, Quarantined, [516], [331417],1.0.2649
PUP.Optional.SearchManager, C:\Users\AKSHAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.56_0\content\images\bing_large.png, Quarantined, [516], [331417],1.0.2649
PUP.Optional.SearchManager, C:\Users\AKSHAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.56_0\content\images\bluesky-bg.jpg, Quarantined, [516], [331417],1.0.2649
PUP.Optional.SearchManager, C:\Users\AKSHAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.56_0\content\images\brush.png, Quarantined, [516], [331417],1.0.2649
PUP.Optional.SearchManager, C:\Users\AKSHAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.56_0\content\images\bt.png, Quarantined, [516], [331417],1.0.2649
PUP.Optional.SearchManager, C:\Users\AKSHAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.56_0\content\images\clock.png, Quarantined, [516], [331417],1.0.2649
PUP.Optional.SearchManager, C:\Users\AKSHAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.56_0\content\images\cloud.png, Quarantined, [516], [331417],1.0.2649
PUP.Optional.SearchManager, C:\Users\AKSHAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.56_0\content\images\cupcake-bg.jpg, Quarantined, [516], [331417],1.0.2649
PUP.Optional.SearchManager, C:\Users\AKSHAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.56_0\content\images\desk-bg.jpg, Quarantined, [516], [331417],1.0.2649
PUP.Optional.SearchManager, C:\Users\AKSHAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.56_0\content\images\doodle.png, Quarantined, [516], [331417],1.0.2649
PUP.Optional.SearchManager, C:\Users\AKSHAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.56_0\content\images\down.png, Quarantined, [516], [331417],1.0.2649
PUP.Optional.SearchManager, C:\Users\AKSHAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.56_0\content\images\eyeglass.png, Quarantined, [516], [331417],1.0.2649
PUP.Optional.SearchManager, C:\Users\AKSHAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.56_0\content\images\google.png, Quarantined, [516], [331417],1.0.2649
PUP.Optional.SearchManager, C:\Users\AKSHAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.56_0\content\images\google_large.png, Quarantined, [516], [331417],1.0.2649
PUP.Optional.SearchManager, C:\Users\AKSHAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.56_0\content\images\just-the-box-empty.png, Quarantined, [516], [331417],1.0.2649
PUP.Optional.SearchManager, C:\Users\AKSHAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.56_0\content\images\just-the-box.png, Quarantined, [516], [331417],1.0.2649
PUP.Optional.SearchManager, C:\Users\AKSHAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.56_0\content\images\mountain-bg.jpg, Quarantined, [516], [331417],1.0.2649
PUP.Optional.SearchManager, C:\Users\AKSHAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.56_0\content\images\pointer2.png, Quarantined, [516], [331417],1.0.2649
PUP.Optional.SearchManager, C:\Users\AKSHAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.56_0\content\images\radio-selected.svg, Quarantined, [516], [331417],1.0.2649
PUP.Optional.SearchManager, C:\Users\AKSHAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.56_0\content\images\radio-unselected.svg, Quarantined, [516], [331417],1.0.2649
PUP.Optional.SearchManager, C:\Users\AKSHAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.56_0\content\images\sea-bg.jpg, Quarantined, [516], [331417],1.0.2649
PUP.Optional.SearchManager, C:\Users\AKSHAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.56_0\content\images\settings.png, Quarantined, [516], [331417],1.0.2649
PUP.Optional.SearchManager, C:\Users\AKSHAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.56_0\content\images\star-unselected.svg, Quarantined, [516], [331417],1.0.2649
PUP.Optional.SearchManager, C:\Users\AKSHAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.56_0\content\images\star.svg, Quarantined, [516], [331417],1.0.2649
PUP.Optional.SearchManager, C:\Users\AKSHAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.56_0\content\images\toggle-off.svg, Quarantined, [516], [331417],1.0.2649
PUP.Optional.SearchManager, C:\Users\AKSHAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.56_0\content\images\toggle-on.svg, Quarantined, [516], [331417],1.0.2649
PUP.Optional.SearchManager, C:\Users\AKSHAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.56_0\content\images\transparent_img.png, Quarantined, [516], [331417],1.0.2649
PUP.Optional.SearchManager, C:\Users\AKSHAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.56_0\content\images\yahoo.png, Quarantined, [516], [331417],1.0.2649
PUP.Optional.SearchManager, C:\Users\AKSHAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.56_0\content\images\yahoo.svg, Quarantined, [516], [331417],1.0.2649
PUP.Optional.SearchManager, C:\Users\AKSHAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.56_0\content\images\yahoo_large.png, Quarantined, [516], [331417],1.0.2649
PUP.Optional.SearchManager, C:\Users\AKSHAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.56_0\content\bundle.v0.0.1.min.css, Quarantined, [516], [331417],1.0.2649
PUP.Optional.SearchManager, C:\Users\AKSHAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.56_0\skin\icons\16.png, Quarantined, [516], [331417],1.0.2649
PUP.Optional.SearchManager, C:\Users\AKSHAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.56_0\vendor\md5.min.js, Quarantined, [516], [331417],1.0.2649
PUP.Optional.SearchManager, C:\Users\AKSHAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.56_0\vendor\react-dom.min.js, Quarantined, [516], [331417],1.0.2649
PUP.Optional.SearchManager, C:\Users\AKSHAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.56_0\vendor\react-with-addons.min.js, Quarantined, [516], [331417],1.0.2649
PUP.Optional.SearchManager, C:\Users\AKSHAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.56_0\vendor\underscore-min.js, Quarantined, [516], [331417],1.0.2649
PUP.Optional.SearchManager, C:\Users\AKSHAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.56_0\_metadata\verified_contents.json, Quarantined, [516], [331417],1.0.2649
PUP.Optional.SearchManager, C:\Users\AKSHAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.56_0\2bfc185be71f44cd73ac81511fc1f5a5.woff, Quarantined, [516], [331417],1.0.2649
PUP.Optional.SearchManager, C:\Users\AKSHAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.56_0\b495e340f4ef8924fea0284c1bf9e7ac.woff, Quarantined, [516], [331417],1.0.2649
PUP.Optional.SearchManager, C:\Users\AKSHAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.56_0\background.html, Quarantined, [516], [331417],1.0.2649
PUP.Optional.SearchManager, C:\Users\AKSHAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.56_0\background.v0.0.1.min.js, Quarantined, [516], [331417],1.0.2649
PUP.Optional.SearchManager, C:\Users\AKSHAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.56_0\c5a5cbf4dbcaa7064f2bc77f52101aec.otf, Quarantined, [516], [331417],1.0.2649
PUP.Optional.SearchManager, C:\Users\AKSHAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.56_0\client.v0.0.1.min.js, Quarantined, [516], [331417],1.0.2649
PUP.Optional.SearchManager, C:\Users\AKSHAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.56_0\common.js, Quarantined, [516], [331417],1.0.2649
PUP.Optional.SearchManager, C:\Users\AKSHAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.56_0\e5d3501d500d07b0a1e952b0f8a81d78.woff, Quarantined, [516], [331417],1.0.2649
PUP.Optional.SearchManager, C:\Users\AKSHAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.56_0\e_.json, Quarantined, [516], [331417],1.0.2649
PUP.Optional.SearchManager, C:\Users\AKSHAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.56_0\index.html, Quarantined, [516], [331417],1.0.2649
PUP.Optional.SearchManager, C:\Users\AKSHAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.56_0\manifest.json, Quarantined, [516], [331417],1.0.2649
PUP.Optional.SearchManager, C:\Users\AKSHAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.56_0\popupTab2.html, Quarantined, [516], [331417],1.0.2649
PUP.Optional.SearchManager, C:\Users\AKSHAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.56_0\popupTab2.js, Quarantined, [516], [331417],1.0.2649
PUP.Optional.SearchManager, C:\Users\AKSHAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.56_0\responseConfig.json, Quarantined, [516], [331417],1.0.2649
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)
 
 
 
 
 
and i also have dump file from that blue screen crash.
 
 
 
 
then i ran adwcleaner scan:
 
 
# AdwCleaner 7.0.1.0 - Logfile created on Thu Aug 24 08:46:31 2017
# Updated on 2017/05/08 by Malwarebytes 
# Database: 08-22-2017.4
# Running on Windows 7 Enterprise (X64)
# Mode: scan
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
No malicious folders found.
 
***** [ Files ] *****
 
No malicious files found.
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
No malicious registry entries found.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries.
 
*************************
 
C:/AdwCleaner/AdwCleaner[C0].txt - [2180 B] - [2017/5/24 19:21:58]
C:/AdwCleaner/AdwCleaner[S0].txt - [3007 B] - [2017/5/24 19:21:23]
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt ##########
 
 
 
 
 
 
then i ran eset online scanner. The scan reached 13% after 1hr 30min and my internet connection was disconnected for few seconds and then it again showed blue screen and rebooted. Now i have done nothing after that. Is there anyother way to repair my pc.
Thanks for the help.
 


#4 akki28

akki28
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 24 August 2017 - 09:18 AM

here is link to dump file

https://www.dropbox.com/s/3wzom0u4oaercvy/082417-23696-01.dmp?dl=0



#5 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,391 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:12:34 AM

Posted 24 August 2017 - 09:49 AM

Malwarebytes found PUPs (Potentially Unwanted Programs), these are not malicious and usually won't cause problems.  These were quarantined and removed when you restarted the computer.  

 

Please do a System Restore.  Use a restore point dated prior to plugging in the flash drive.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#6 akki28

akki28
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 05 September 2017 - 02:49 PM

Sir, I have no system restore point available. Sorry for late reply exams kept me busy. Blue screen now just shows after few seconds if restart. I have been using Debian live USB to use my laptop. Please find me a permanent solution.

#7 akki28

akki28
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 11 September 2017 - 10:41 AM

Sir, I resolved this issue as follows:

1 As i was unable to update windows I manually downloaded packages from microsoft website (a few of them largest ones).

2.I was then able to install avast premire . I updated the virus definations and run a smart scan. Avast found some issues and they were fixed.

3. I ran a boot time scan and slept. I don't know how much time it took but after that boot time scan the blue screen and every other issue was fixed.

 

Thanks for the help.

I learned my lesson. Now i have installed avast premire permanently. You can also install bitdefender as it has highest ratings.

Thanks once again.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users