Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Infection, Internet Unstable only on this PC


  • This topic is locked This topic is locked
6 replies to this topic

#1 Beings

Beings

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Gold Coast, Australia
  • Local time:05:03 PM

Posted 01 September 2017 - 03:30 AM

Hola, for a few days, I have had troubles with my internet on my gaming PC. This problem started to happen around when the last episode of Game of Thrones was released, 27~28th of August. I do use WiFi, as it would be difficult to run an Ethernet into my room. With that, I had troubles with my Internet when I first moved in, four months ago, but I fixed it by changing my WiFi channel to 6 instead of 12. I have tried other devices, and they seem okay a little interference, but that is normal. It will still happen when I'm the only one on my network.

This problem is even odder; it happens at random points I would have a stable connection for a few hours, then out of nowhere, I would have constant random lag. Hope I'm not apart of some botnet, that would suck  :axe:

 

I thought it may be a DNS issue, random lag? slow internet? only on my PC? I've tried flushing DNS, resetting network settings with Tweaking Windows Repair, reinstall of my Dlink dwa-192 wireless device, running JRT/Malwarebytes and Rkill. I've tried different browsers, (which wouldn't make a difference as it will lag while I play Counter Strike, I mean actually unplayable). The weird thing is, I'm not sure if this was a coincidence, probably was, to be honest, but if I download games from Steam, it won't be affected. But, if I download something on Firefox, for example, it will have every slow Internet speeds (200KB/s, instead of 1+MB/s). Youtube seems to be okay most of the time as well.

 

Average Speeds: https://i.gyazo.com/4c701360f9f34b4d0f80c3ad57d49397.png

Two minutes later: https://i.gyazo.com/a0d6a3e022ab42aeab4c832c565d9581.png

 

I have Paste binned my FRST logs below

 

FRST: https://pastebin.com/xkYK9EhJ

Additional: https://pastebin.com/Z6AgxQrB

 

Have a great day,

Beings



BC AdBot (Login to Remove)

 


#2 Slurppa

Slurppa

  • Malware Study Hall Senior
  • 666 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:03 AM

Posted 05 September 2017 - 02:11 AM

Hi Beings

My name is Slurppa and I will be handling your log(s) to help you get cleaned up. Please give me some time to look it over and I will get back to you as soon as possible.

Next time please paste your log files straight to this thread. This way it will be easier for future helpers to find information.


Please familiarize yourself with the following guidelines:
  • Complete all the steps in their given order.
  • Update me about the current state of your computer.
  • If you have any problems or questions please let me know. If your are unsure how to continue please let me know.
  • Do not run any other fixes/programs that I have not instructed.
  • Copy and paste all logs into your post directly unless otherwise instructed. Don't attach logs.
  • Lack of symptoms does not mean the computer is clean. Please stick with me until I give you green light.


#3 Slurppa

Slurppa

  • Malware Study Hall Senior
  • 666 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:03 AM

Posted 07 September 2017 - 12:24 PM

Hi Beings!

Your logs look clean.

I noticed that you have utorrent installed.
I recommend that you uninstall it as p2p programs are a security risk.
You can find more information here.

Did you set these proxy settings on purpose?

FF NetworkProxy: Mozilla\Firefox\Profiles\8p6hwfqh.default -> http", "86.51.26.11"
FF NetworkProxy: Mozilla\Firefox\Profiles\8p6hwfqh.default -> http_port", 8080
FF NetworkProxy: Mozilla\Firefox\Profiles\8p6hwfqh.default -> socks_version", 4
FF NetworkProxy: Mozilla\Firefox\Profiles\8p6hwfqh.default -> ssl", "218.207.195.206"
FF NetworkProxy: Mozilla\Firefox\Profiles\8p6hwfqh.default -> ssl_port", 443
FF NetworkProxy: Mozilla\Firefox\Profiles\8p6hwfqh.default -> type", 0

I also noticed that you have Private Internet Access VPN installed. VPN connections can affect
your connection stability and speed as they rely on third-party endpoints. Have you tried turning your VPN
off to see if that makes a difference?

Referring to this line have you created any Windows Defender restrictions yourself?
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION

You seem to have Realtek WLAN usb adapter dongle driver installed. Are you using the dongle at the same time with your DLINK adapter?

Let's run Malware scanner just in case:

Emsisoft Emergency Kit

Please download Emsisoft Emergency Kit and save it to your desktop. Double click on the EmsisoftEmergencyKit file you downloaded to extract its contents and create a shortcut on the desktop. Leave all settings as they are and click the Extract button at the bottom. A folder named EEK will be created in the root of the drive (usually c:\).

  • After extraction please double-click on the new Start Emsisoft Emergency Kit icon on your desktop.
  • The first time you launch it, Emsisoft Emergency Kit will recommend that you allow it to download updates. Please click Yes so that it downloads the latest database updates.
  • When update is complete, click Malware Scan. When asked if you want the scanner to scan for Potentially Unwanted Programs, click Yes. Emsisoft Emergency Kit will start scanning.
  • When the scan is completed click Quarantine selected objects. Note, this option is only available if malicious objects were detected during the scan.
  • When the threats have been quarantined, click the View report button in the lower-right corner, and the scan log will be opened in Notepad.
  • Please save the log in Notepad on your desktop and post the contents in your next reply.
  • When you close Emsisoft Emergency Kit, it will give you an option to sign up for a newsletter. This is optional, and is not necessary for the malware removal process.


#4 Beings

Beings
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Gold Coast, Australia
  • Local time:05:03 PM

Posted 08 September 2017 - 08:30 AM


FF NetworkProxy: Mozilla\Firefox\Profiles\8p6hwfqh.default -> http", "86.51.26.11"
FF NetworkProxy: Mozilla\Firefox\Profiles\8p6hwfqh.default -> http_port", 8080
FF NetworkProxy: Mozilla\Firefox\Profiles\8p6hwfqh.default -> socks_version", 4
FF NetworkProxy: Mozilla\Firefox\Profiles\8p6hwfqh.default -> ssl", "218.207.195.206"
FF NetworkProxy: Mozilla\Firefox\Profiles\8p6hwfqh.default -> ssl_port", 443
FF NetworkProxy: Mozilla\Firefox\Profiles\8p6hwfqh.default -> type", 0

 

 

 

Yes, I had these proxies down a year ago, I have removed them now but I had these disabled anyways.

 

I also noticed that you have Private Internet Access VPN installed. VPN connections can affect
your connection stability and speed as they rely on third-party endpoints. Have you tried turning your VPN
off to see if that makes a difference?

 

 


 

PIA is mostly disabled most of the times, I rarly use it but have it there when I need privacy.

 

Referring to this line have you created any Windows Defender restrictions yourself?
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION

 

 

I disabled defender manually but I didn't touch any registry keys. Windows defender can be very hyper-active so I hardly use it.

 

You seem to have Realtek WLAN usb adapter dongle driver installed. Are you using the dongle at the same time with your DLINK adapter?

 

Yes, I beleive so. I'm am currenly using a Dlink dwa-192 wireless device

 

----

 

Emsisoft Emergency Kit - Version 2017.8
Last update: 08-Sep-17 9:54:03 PM
User account: DESKTOP-2GVT57B\dismay666
Computer name: DESKTOP-2GVT57B
OS version: Windows 10x64

Scan settings:

Scan type: Custom Scan
Objects: Rootkits, Memory, Traces, C:\, D:\, F:\

Detect PUPs: On
Scan archives: On
Scan mail archives: Off
ADS Scan: On
File extension filter: Off
Direct disk access: Off

Scan start:    08-Sep-17 9:54:53 PM
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\F     detected: Application.AdReg (A) [271742]
C:\$Recycle.Bin\S-1-5-21-16546458-2743964678-2514580854-1001\$R6YKU2D.exe     detected: Gen:Variant.Razy.201830 (B) [krnl.xmd]
C:\$Recycle.Bin\S-1-5-21-16546458-2743964678-2514580854-1001\$RFNFM7X.exe     detected: Gen:Variant.Razy.207615 (B) [krnl.xmd]
C:\$Recycle.Bin\S-1-5-21-16546458-2743964678-2514580854-1001\$RHPMP84.exe     detected: Gen:Heur.Zygug.5 (B) [krnl.xmd]
C:\$Recycle.Bin\S-1-5-21-16546458-2743964678-2514580854-1001\$RISVV9S.exe     detected: Gen:Heur.Zygug.5 (B) [krnl.xmd]
C:\$Recycle.Bin\S-1-5-21-16546458-2743964678-2514580854-1001\$RITI4P4.exe     detected: Gen:Variant.Razy.201830 (B) [krnl.xmd]
C:\Users\dismay666\AppData\Local\Temp\vmpB9B1.tmp     detected: Gen:Heur.Zygug.5 (B) [krnl.xmd]
C:\Users\dismay666\Desktop\fskinz\fskinz\$BACKUPInject.zip -> inject.exe     detected: Gen:Heur.Zygug.5 (B) [krnl.xmd]
C:\Users\dismay666\Desktop\OverwatchRevealer_cra0_[unknowncheats.me]_\OverwatchRevealer_cra0_[unknowncheats.me]_.zip -> CVOW_Revealer.exe     detected: Gen:Variant.Razy.143714 (B) [krnl.xmd]
C:\Users\dismay666\Desktop\OverwatchRevealer_cra0_[unknowncheats.me]_\CVOW_Revealer.exe     detected: Gen:Variant.Razy.143714 (B) [krnl.xmd]
D:\Programming\nskinz\.git\objects\7a\714e936c3610b450c92e083a1810cac32f1b7c -> inject.exe     detected: Gen:Heur.Zygug.5 (B) [krnl.xmd]
D:\Programming\nskinz\$BACKUPInject.zip -> inject.exe     detected: Gen:Heur.Zygug.5 (B) [krnl.xmd]

Scanned    681772
Found    12

Scan end:    08-Sep-17 11:24:02 PM
Scan time:    1:29:09

D:\Programming\nskinz\$BACKUPInject.zip     Gen:Heur.Zygug.5 (B)
D:\Programming\nskinz\.git\objects\7a\714e936c3610b450c92e083a1810cac32f1b7c     Gen:Heur.Zygug.5 (B)
C:\Users\dismay666\Desktop\fskinz\fskinz\$BACKUPInject.zip     Gen:Heur.Zygug.5 (B)
C:\Users\dismay666\AppData\Local\Temp\vmpB9B1.tmp     Gen:Heur.Zygug.5 (B)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\F     Application.AdReg (A)

Quarantined    5
 

 

---

 

Mostly all of these are false postive, the ones I am not aware of are listed below

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\F     detected: Application.AdReg (A) [271742]

and

C:\Users\dismay666\AppData\Local\Temp\vmpB9B1.tmp     detected: Gen:Heur.Zygug.5 (B) [krnl.xmd]

 

I have quarantine all of them other than CVOW_Revealer.exe as I am 100% sure it's safe.



#5 Slurppa

Slurppa

  • Malware Study Hall Senior
  • 666 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:03 AM

Posted 10 September 2017 - 10:31 AM

Hi Beings

Sorry for delay.

Your computer looks clean.

Personally I wouldn't trust these third party cheat injectors as they often contain nasty surprises.

I don't recommend keeping Windows Defender disabled. If you are not happy with it you could try
other free alternatives:
Avira
Avast
FortiClient

This sounds more like a problem with your D-Link device.
Have you tried using it with other computer it or in other USB port?



#6 Slurppa

Slurppa

  • Malware Study Hall Senior
  • 666 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:03 AM

Posted 13 September 2017 - 07:01 AM

Hi Beings

 

Are you still with me?



#7 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:03 AM

Posted 21 February 2018 - 02:03 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users