Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

trojan alert from Avast when opening yahoo.com news


  • Please log in to reply
15 replies to this topic

#1 Glenski

Glenski

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:01:49 AM

Posted 09 September 2017 - 07:07 AM

Starting a couple of weeks ago, I began getting the Avast alert whenever I clicked on a yahoo.com news article headline.

 

Thread secured

We've safely aborted connection on www.yahoo.com because it was infected with JS:ScriptPE-inf [Trj].

More threats may be lurking!

(scan my PC) 

 

Details show:

Thread name   JS:ScriptPE-inf [Trj]

Severity   (minimal sign on the bar scale)

URL   https://www.yahoo.com/_td_remote

Process   C:\Program Files\Mozilla Firefox\firefox.exe

Detected by Web Shield

Status Connection aborted

 

I don't click the scan button. I just X out of the warning. I have not lost any Yahoo connection and can just proceed with the news story.

 

I run Avast scans every Saturday, same with Superantispyware. Avast never finds a virus. Superantispyware finds 800-1200 cookies.

I run both only after updating them.

My Windows Update is set to automatic.

 

I have an NEC LaVie laptop with Japanese OS (I live in Japan).

Windows 7

I never use Internet Explorer. Only Firefox.

My computer is run through a home wifi system, not on any multi-user network.

 

What is the problem? What can I do?
Thanks in advance.



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • BC Advisor
  • 12,883 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:11:49 AM

Posted 09 September 2017 - 08:44 AM

You can forgo the Super Antispyware scan as it has become not as near as useful as it once was. Those cookies it keeps finding

can be blocked from installing. Once you have blocked them.....then run CCleaner to remove the existing ones.

How to disable third-party cookies in all major web browsers  (Third party cookies....also known as ad and tracking cookies)

 

Do you have an ad blocker installed in your browsers?

 

Use the programs below to clean, remove adware and remove malware. (Some articles in Yahoo have the label "Sponsored" which may be the source of the alert from Avast)

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Malwarebytes - Clean Mode

  • Download and install the free version of Malwarebytes
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point
  • Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the little arrow by Scan Status in the middle right pane for it to do so
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan
  • Let the scan run, the time required to complete the scan depends of your system and computer specs
  • Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected button
    • If it asks you to restart your computer to complete the removal, do so
  • Click on Export Summary after the deletion (in the bottom-left corner) and select Copy to Clipboard. Paste the content in your next reply

If you are unable to run a scan using MBAM:

Follow the instructions in the thread below. Make sure to download the MBAR linked in it. Let me know if you're not able to launch it and run a scan.
https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/

 

 

Download AdwCleaner by Xplode onto your desktop. (compatible with Windows 7, 8 and 10)

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

Edited by buddy215, 09 September 2017 - 08:45 AM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#3 Glenski

Glenski
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:01:49 AM

Posted 09 September 2017 - 09:03 PM

Thanks for those instructions.

 

Yes, I have AdBlock Plus as an adblocker.

 

I have completed all of the instructions in full and in order. It took me a while to figure out how to block third-party cookies, but I have done so. Also, Windows 7 does not have direct access to the clipboard anymore, so I downloaded Windows NT Clipboard Viewer.

 

Anyway, here are the 3 scan results you requested:

 

MALWAREBYTES

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2017/09/10
Scan Time: 9:38
Logfile: malwarebyte scan 09102017.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2017.09.09.07
Rootkit Database: v2017.08.02.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Owner

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 373547
Time Elapsed: 31 min, 57 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0

 

ADW

# AdwCleaner 7.0.2.1 - Logfile created on Sun Sep 10 01:24:05 2017
# Updated on 2017/29/08 by Malwarebytes
# Database: 09-08-2017.1
# Running on Windows 7 Home Premium (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.Legacy, C:\Program Files (x86)\GreenTree Applications
PUP.Optional.Legacy, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader
PUP.Optional.Legacy, C:\ProgramData\ytd video downloader
PUP.Optional.Legacy, C:\ProgramData\Application Data\ytd video downloader
PUP.Optional.Legacy, C:\Users\All Users\ytd video downloader


***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\CLSID\{554EBE31-AEC1-4E34-BCE3-606467760D88}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{02F878DF-E2BE-4B85-8CB4-A0D2D4E2ED7F}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{2AF343DD-3102-4F9D-AC95-DCA4C95382C7}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{3137BC14-D8D7-4B67-8FFA-2E0B2E9D541B}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{4CA2AC92-971B-47B1-ACB6-357B552155AC}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{52C5395B-1FCD-47FA-A834-FD830701C2D5}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{5D3DCC39-9233-4330-94E9-DA92BE49CA1A}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{615FACDF-DADB-440D-AC91-8AAB0AE9E3AD}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{762D463B-C45A-456D-A80D-8689C297C91E}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{7A6BE473-7960-44D0-BD54-D23DA76353DF}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{803F550E-BAAE-42BB-8917-64BA0006AB17}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{8D5BC51D-C9D3-43B9-B728-B30677B7C7E8}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{991C9D8D-A789-4DB9-BDFC-5F33398B04BF}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{A5ACC874-D943-483F-A2D1-14598D51F872}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{B0474212-0D9D-4361-90B3-B89D1A44275D}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{BFDE183A-C6FE-41D2-80F9-586C29210AC2}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{DD260902-9420-4055-A956-9152EB4F3E6A}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{EB1F9F3C-5526-4DAE-BD4B-3EAA7715DA9F}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{F68DC16C-9C2B-455B-8853-7E4D34BAA3F4}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{FBA8498F-B3A0-4942-A2BF-E0CB7BC7E000}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{655847A1-FA36-46ED-923B-A5CD523696EA}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{EBBC143E-44AC-4B9C-BCCE-9A0E42921F2A}
Adware.pokki, [Value] - HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\TBDEn | SBOEM2


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [2094 B] - [2014/3/8 9:19:36]
C:/AdwCleaner/AdwCleaner[S1].txt - [1703 B] - [2014/4/27 1:44:16]


########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt ##########

 

JUNKWARE REMOVAL

Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 7 Home Premium x64
Ran by Owner (Administrator) on 2017/09/10 at 10:51:26.46
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 15

Successfully deleted: C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LM009QIP (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LM009QIP (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\SysWOW64\REN24C2.tmp (File)
Successfully deleted: C:\Windows\SysWOW64\REN3FEE.tmp (File)
Successfully deleted: C:\Windows\SysWOW64\REN564A.tmp (File)
Successfully deleted: C:\Windows\SysWOW64\REN7A7F.tmp (File)
Successfully deleted: C:\Windows\SysWOW64\REN9157.tmp (File)

Deleted the following from C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ehcmom1z.default-1398562197452\prefs.js
user_pref(browser.urlbar.suggest.searches, false);



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2017/09/10 at 10:55:11.91
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#4 buddy215

buddy215

  • BC Advisor
  • 12,883 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:11:49 AM

Posted 10 September 2017 - 04:48 AM

Rerun AdwCleaner and be sure to click on Clean when scan finishes.

 

Click on the ABP icon and choose Filter Preferences. Then UNcheck the box next to Allow some non-intrusive advertisements.

 

  • download Security Check by glax24 and save the file to the Desktop
  • Run the tool by accepting all the Security prompts
  • when complete the tool will produce a log file C:\SecurityCheck\SecurityCheck.txt and also copy the contents to the Clipboard
  • Simply Paste the log to your reply

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#5 Glenski

Glenski
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:01:49 AM

Posted 10 September 2017 - 07:01 AM

Thanks, buddy215,

 

I redid the AdW. I also reset the AdBlock as you suggested. Here is the ADW scan.

# AdwCleaner 7.0.2.1 - Logfile created on Sun Sep 10 11:41:23 2017
# Updated on 2017/29/08 by Malwarebytes
# Running on Windows 7 Home Premium (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

No malicious folders deleted.

***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

No malicious registry entries deleted.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[C0].txt - [3659 B] - [2017/9/10 1:25:16]
C:/AdwCleaner/AdwCleaner[S0].txt - [2094 B] - [2014/3/8 9:19:36]
C:/AdwCleaner/AdwCleaner[S1].txt - [1703 B] - [2014/4/27 1:44:16]
C:/AdwCleaner/AdwCleaner[S2].txt - [3821 B] - [2017/9/10 1:24:5]
C:/AdwCleaner/AdwCleaner[S3].txt - [1218 B] - [2017/9/10 11:41:2]


########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt ##########

 

 

However, after downloading the Security Check program, I had problems.

Double clicked, and allowed the first security check.

Then it seemed to start doing something normal, but it stopped with an error message that I could send to Microsoft or not. I opted not to. I tried again to run it, but it gave the same error. I can't understand what it means. Neither my Japanese wife nor I can decipher the Japanese words. Here is the only thing in English that was in the details.

 

C:\Users\Owner\AppData\Local\Temp\WERB692.tmp.WERInternalMetadata.xml
  C:\Users\Owner\AppData\Local\Temp\WERC246.tmp.appcompat.txt
  C:\Users\Owner\AppData\Local\Temp\WERC266.tmp.mdmp

 

What's next?



#6 buddy215

buddy215

  • BC Advisor
  • 12,883 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:11:49 AM

Posted 10 September 2017 - 07:22 AM

Okay...instead of the Security Check...do this:

 

Post the three lists mentioned below using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#7 Glenski

Glenski
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:01:49 AM

Posted 10 September 2017 - 07:35 AM

Gotcha. You're going to see some Japanese characters in some of this information.
 
STARTUP
No    HKCU:Run    CCleaner Monitoring    Piriform Ltd    "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
No    HKCU:Run    SUPERAntiSpyware        C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Yes    HKLM:Run    Apoint    Alps Electric Co., Ltd.    C:\Program Files\Apoint2K\Apoint.exe
Yes    HKLM:Run    AvastUI.exe    AVAST Software    "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
Yes    HKLM:Run    AVDM     NEC Corporation, NEC Personal Products, Ltd.    C:\Program Files\AVDm\DelayRun.exe /w:"彩りの設定-起動遅延" /t:40000 "C:\Program Files\AVDm\AVDm.exe /RESIDENT"
Yes    HKLM:Run    DelaypluginInstall        C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe
Yes    HKLM:Run    DispSw    NEC Corporation, NEC Personal Products, Ltd.    C:\Program Files\DispSw\DispSw.exe
Yes    HKLM:Run    Dropbox    Dropbox, Inc.    "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
Yes    HKLM:Run    ECOViewer    NEC Corporation, NEC Personal Products, Ltd.    C:\Program Files\EcoViewer\ecoviewerd.exe
Yes    HKLM:Run    EvtMgr6    Logicool, Inc.    C:\Program Files\SetPointP\SetPoint.exe /launchGaming
Yes    HKLM:Run    HotKeysCmds    Intel Corporation    C:\Windows\system32\hkcmd.exe
Yes    HKLM:Run    IgfxTray    Intel Corporation    C:\Windows\system32\igfxtray.exe
Yes    HKLM:Run    IJNetworkScannerSelectorEX    CANON INC.    C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
Yes    HKLM:Run    IME14 JPN Setup    Microsoft Corporation    C:\PROGRA~2\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE /SetPreload /JPN /Log
Yes    HKLM:Run    iTunesHelper    Apple Inc.    "C:\Program Files\iTunes\iTunesHelper.exe"
Yes    HKLM:Run    NECBatt    NEC Corporation, NEC Personal Products, Ltd.    C:\Program Files\NECBatt\nbSched.exe
Yes    HKLM:Run    NECMFK    NEC Corporation, NEC Personal Products, Ltd.    C:\Program Files\necmfk\necmfk.exe
Yes    HKLM:Run    NPSpeed    NEC Corporation, NEC Personal Products, Ltd.    C:\Program Files\NPSpeed\NPSpeed.exe
Yes    HKLM:Run    NUSB3MON    Renesas Electronics Corporation    "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
Yes    HKLM:Run    Persistence    Intel Corporation    C:\Windows\system32\igfxpers.exe
Yes    HKLM:Run    RtHDVCpl    Realtek Semiconductor    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
Yes    HKLM:Run    SmartUpdate    NEC Personal Computers,Ltd.    "C:\Program Files (x86)\NEC\SmartUpdate\reservesu.exe"
Yes    HKLM:Run    SoftNavi    NEC Corporation / NEC Personal Products, Ltd.    "C:\Program Files (x86)\Softnavi\ImgLnch.exe" /RESIDENT
Yes    HKLM:Run    SunJavaUpdateSched    Oracle Corporation    "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
No    HKLM:Run    Wondershare Helper Compact.exe    Wondershare    C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
 
SCHEDULED TASKS
Yes    Task    Adobe Acrobat Update Task    Adobe Systems Incorporated    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Yes    Task    Adobe Flash Player Updater    Adobe Systems Incorporated    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Yes    Task    CCleanerSkipUAC    Piriform Ltd    "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes    Task    DropboxUpdateTaskMachineCore    Dropbox, Inc.    C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /c
Yes    Task    DropboxUpdateTaskMachineUA    Dropbox, Inc.    C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler
Yes    Task    GoogleUpdateTaskMachineCore    Google Inc.    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes    Task    GoogleUpdateTaskMachineUA    Google Inc.    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes    Task    SafeZone scheduled Autoupdate 1493474078    Avast Software    C:\Program Files\AVAST Software\SZBrowser\launcher.exe --scheduledautoupdate $(Arg0)
Yes    Task    {55973317-C0A1-49AE-97AA-288DB64AD968}    Microsoft Corporation    C:\Windows\system32\pcalua.exe -a C:\Users\Owner\Desktop\classic_doom_3.1.3.1.exe -d C:\Users\Owner\Desktop
Yes    Task    {F696468E-206D-410E-8C92-2CDAC8FD084A}    Microsoft Corporation    C:\Windows\system32\pcalua.exe -a C:\Users\Owner\Downloads\wlsetup-web(4).exe -d C:\Users\Owner\Downloads
 

UNINSTALL (It doesn't say list of programs installed. It says Programs to Remove.)
Adobe Acrobat Reader DC    Adobe Systems Incorporated    2017/08/30    255 MB    17.012.20098
Adobe Flash Player 26 ActiveX    Adobe Systems Incorporated    2017/08/08    5.05 MB    26.0.0.151
Adobe Flash Player 26 NPAPI    Adobe Systems Incorporated    2017/08/08    5.49 MB    26.0.0.151
Apple Application Support(32 ビット)    Apple Inc.    2017/09/03    127 MB    5.6
Apple Application Support(64 ビット)    Apple Inc.    2017/09/03    143 MB    5.6
Apple Mobile Device Support    Apple Inc.    2017/07/09    27.5 MB    10.3.2.3
Apple Software Update    Apple Inc.    2017/07/09    2.70 MB    2.3.0.177
Audacity 2.0.5    Audacity Team    2014/02/09    45.5 MB    2.0.5
Avast Free Antivirus    AVAST Software    2017/09/02        17.6.2310
Bonjour    Apple Inc.    2015/09/22    2.09 MB    3.1.0.1
Canon IJ Network Scanner Selector EX        2014/02/09       
Canon IJ Network Tool    Canon Inc.    2014/02/09        3.1.1
Canon MG6200 series MP Drivers    Canon Inc.    2014/02/09       
Canon MP Navigator EX 5.0        2014/02/09       
CCleaner    Piriform    2017/04/08        5.28
CutePDF Writer 3.0    CutePDF.com    2014/03/06         3.0
Dropbox    Dropbox, Inc.    2017/09/09        34.4.20
Extended Asian Language font pack for Adobe Acrobat Reader DC    Adobe Systems Incorporated    2016/09/06    95.6 MB    15.007.20033
Finale NotePad 2012J    MakeMusic    2017/05/28        2012..r2.0
FlyFolder    NEC Corporation, NEC Personal Products, Ltd.    2014/02/08        3.0.0.14
Free Windows Cleanup Tool        2017/07/09       
GIMP 2.8.22    The GIMP Team    2017/07/15    291 MB    2.8.22
Google Chrome    Google Inc.    2014/04/03        60.0.3112.113
inSSIDer    MetaGeek    2016/05/14    4.32 MB    2.1.6
Intel® Graphics Media Accelerator Driver    Intel Corporation    2014/02/08        8.15.10.2202
iTunes    Apple Inc.    2017/09/03    429 MB    12.6.2.20
Java 8 Update 144    Oracle Corporation    2017/07/28    27.4 MB    8.0.1440.1
Java 8 Update 144 (64-bit)    Oracle Corporation    2017/07/28    30.6 MB    8.0.1440.1
Juniper Networks, Inc. Setup Client    Juniper Networks, Inc.    2015/03/14    800 KB    7.3.10.42895
Juniper Networks, Inc. Setup Client 64-bit Activex Control    Juniper Networks, Inc.    2015/03/14        2.1.1.1
Juniper Networks, Inc. Setup Client Activex Control    Juniper Networks, Inc.    2015/03/14        2.1.1.1
LAME v3.99.3 (for Windows)        2014/02/09    1.52 MB   
Malwarebytes Anti-Malware version 2.2.1.1043    Malwarebytes    2016/03/27    66.8 MB    2.2.1.1043
Media Go    Sony    2017/02/26    198 MB    3.2.191
Media Go Video Playback Engine 2.20.107.05220    Sony    2017/02/26    21.0 MB    2.20.107.05220
Microsoft .NET Framework 4.7    Microsoft Corporation    2017/08/25    38.8 MB    4.7.02053
Microsoft .NET Framework 4.7 (日本語)    Microsoft Corporation    2017/08/27    2.93 MB    4.7.02053
Microsoft Office 2010    Microsoft Corporation    2014/02/06        14.0.7015.1000
Microsoft Office ナビ 2010    Microsoft Corporation    2014/02/06    16.9 MB    14.0.7015.1000
Microsoft Silverlight    Microsoft Corporation    2017/06/15    795 MB    5.1.50907.0
Microsoft SQL Server 2005 Compact Edition [ENU]    Microsoft Corporation    2014/02/09    1.69 MB    3.1.0000
Microsoft Visual C++ 2005 Redistributable    Microsoft Corporation    2015/12/25    298 KB    8.0.61001
Microsoft Visual C++ 2005 Redistributable (x64)    Microsoft Corporation    2010/05/11    620 KB    8.0.61000
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729    Microsoft Corporation    2010/05/11    792 KB    9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17    Microsoft Corporation    2014/02/08    242 KB    9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148    Microsoft Corporation    2010/05/11    788 KB    9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161    Microsoft Corporation    2014/02/06    788 KB    9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729    Microsoft Corporation    2010/05/11    608 KB    9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148    Microsoft Corporation    2010/05/11    596 KB    9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161    Microsoft Corporation    2014/02/06    600 KB    9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219    Microsoft Corporation    2015/02/13    13.8 MB    10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219    Microsoft Corporation    2015/02/13    11.1 MB    10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030    Microsoft Corporation    2016/01/14    20.5 MB    11.0.61030.0
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030    Microsoft Corporation    2016/01/15    17.3 MB    11.0.61030.0
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005    Microsoft Corporation    2014/12/13    20.5 MB    12.0.21005.1
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005    Microsoft Corporation    2015/12/25    17.1 MB    12.0.21005.1
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215    Microsoft Corporation    2017/03/16    21.5 MB    14.0.24215.1
Microsoft Visual J# 2.0 Redistributable Package    Microsoft Corporation    2014/02/08       
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)    Microsoft Corporation    2015/02/13        10.0.50903
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - 日本語    Microsoft Corporation    2015/02/13        10.0.50903
Mozilla Firefox 55.0.3 (x64 en-US)    Mozilla    2017/08/26    133 MB    55.0.3
Mozilla Maintenance Service    Mozilla    2017/04/30    466 KB    53.0
MP3 Skype recorder    Domit LTD    2016/07/18    13.4 MB    4.24.1.0
MSXML 4.0 SP3 Parser    Microsoft Corporation    2010/05/11    1.42 MB    4.30.2100.0
MSXML 4.0 SP3 Parser (KB2721691)    Microsoft Corporation    2014/12/13    195 KB    4.30.2114.0
MSXML 4.0 SP3 Parser (KB2758694)    Microsoft Corporation    2014/02/06    1.48 MB    4.30.2117.0
MSXML 4.0 SP3 Parser (KB973685)    Microsoft Corporation    2010/05/11    1.47 MB    4.30.2107.0
NFC Port Software    Sony Corporation    2014/02/09        5.3.3.1
NX PAD Driver    NEC    2010/09/21        7.105.909.703



#8 buddy215

buddy215

  • BC Advisor
  • 12,883 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:11:49 AM

Posted 10 September 2017 - 08:41 AM

Suggest Disabling these Startups: Use CCleaner by clicking on each item and choosing Disable on the right.

Yes    HKLM:Run    DelaypluginInstall        C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe

Yes    HKLM:Run    IgfxTray    Intel Corporation    C:\Windows\system32\igfxtray.exe
Yes    HKLM:Run    IJNetworkScannerSelectorEX    CANON INC.    C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE

Yes    HKLM:Run    iTunesHelper    Apple Inc.    "C:\Program Files\iTunes\iTunesHelper.exe"

Yes    HKLM:Run    SunJavaUpdateSched    Oracle Corporation    "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

 

Disable these Tasks: Use CCleaner by clicking on each item and choosing Disable on the right.

Yes    Task    CCleanerSkipUAC    Piriform Ltd    "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes    Task    DropboxUpdateTaskMachineCore    Dropbox, Inc.    C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /c
Yes    Task    DropboxUpdateTaskMachineUA    Dropbox, Inc.    C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler

Yes    Task    GoogleUpdateTaskMachineUA    Google Inc.    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes    Task    SafeZone scheduled Autoupdate 1493474078    Avast Software    C:\Program Files\AVAST Software\SZBrowser\launcher.exe --scheduledautoupdate $(Arg0)
Yes    Task    {55973317-C0A1-49AE-97AA-288DB64AD968}    Microsoft Corporation    C:\Windows\system32\pcalua.exe -a C:\Users\Owner\Desktop\classic_doom_3.1.3.1.exe -d C:\Users\Owner\Desktop
Yes    Task    {F696468E-206D-410E-8C92-2CDAC8FD084A}    Microsoft Corporation    C:\Windows\system32\pcalua.exe -a C:\Users\Owner\Downloads\wlsetup-web(4).exe -d C:\Users\Owner\Downloads

 

Uninstall these programs:

Free Windows Cleanup Tool        2017/07/09

 

After completing the above and rebooting....please let me know if the original problem still exists.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#9 Glenski

Glenski
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:01:49 AM

Posted 10 September 2017 - 09:17 AM

So far, so good. Have clicked on a dozen or more yahoo.com news articles and not a one has come up with that problem. Will let you know if it recurs.

Meanwhile, thanks a million!



#10 buddy215

buddy215

  • BC Advisor
  • 12,883 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:11:49 AM

Posted 10 September 2017 - 09:51 AM

Good...because the next step was going to be a clean uninstall of Firefox...including your Firefox profile after backing up your bookmarks

and passwords.

 

You're welcome...happy surfin'


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#11 Glenski

Glenski
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:01:49 AM

Posted 10 September 2017 - 07:14 PM

Looks like we will have to do that after all. I opened the computer this morning and immediately got the same trojan alert on the very first Yahoo news article.

Oddly enough, none of this happens when my wife uses the yahoo.co.jp site.

 

Sigh. Let me have it. What do I do?



#12 buddy215

buddy215

  • BC Advisor
  • 12,883 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:11:49 AM

Posted 11 September 2017 - 04:52 AM

If the problem is only happening in Firefox then UNinstall it. Once uninstalled, do a search...click on Start, enter Firefox in search box, delete all files found including your Firefox profile.

Do another search using Mozilla....delete all files found.

 

You can backup your passwords and Bookmarks before uninstalling Firefox. Or you can import them into your Google Chrome and then once Firefox is reinstalled you can import them

back into Firefox.

 

Open CCleaner and allow it to clean. Then Reinstall Firefox....Internet for people, not profit — Mozilla


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#13 Glenski

Glenski
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:01:49 AM

Posted 11 September 2017 - 06:41 AM

Thanks again for the advice.

 

I just checked IE and Chrome to see if the problem exists with I use yahoo.com there.

Chrome is ok.

IE shows the same problem, so I didn't uninstall Firefox. You said if it's only in Firefox, to uninstall it.

 

What's the next plan?



#14 buddy215

buddy215

  • BC Advisor
  • 12,883 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:11:49 AM

Posted 11 September 2017 - 08:18 AM

Start a new topic in the malware removal forum.

 

Please follow the instructions in the Malware Removal and Log Section Preparation Guide starting at Step 6.

  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 6 there are instructions for downloading and running FRST which will create two logs.

When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.

Start a new topic, give it a relevant title and post your log(s) along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. If you cannot produce any of the required logs...start the new topic anyway. Explain that you followed the Prep. Guide, were unable to create the logs, and describe what happened when you tried to create them. A member of the Malware Removal Team will walk you through, step by step, on how to clean your computer.

After doing this, please reply back in this thread with a link to the new topic so we can close this one.

 

DO NOT bump your new topic. Wait for a response from one of the Team Members.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#15 buddy215

buddy215

  • BC Advisor
  • 12,883 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:11:49 AM

Posted 13 September 2017 - 06:31 AM

I see you have a new topic in the malware removal forum but you did not follow the instructions correctly. You need to include the FRST logs.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users