Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

FRST download attempts crashing browser repeatedly (see post "attack via windows


  • This topic is locked This topic is locked
1 reply to this topic

#1 MrHappyPants

MrHappyPants

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:48 PM

Posted 09 October 2017 - 03:36 PM

Original post mistakenly made to

https://www.bleepingcomputer.com/forums/t/658689/attack-via-windows-explorer/

 

I've completed up to the steps outlined here, in previous posts (was directed to begin new thread here)

 

However, my browser now crashes upon attempting to open any link promising a download of the FRST scan-from this site, as well as:

 

https://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

 

and

 

http://www.geekstogo.com/forum/files/file/435-frst-farbar-recovery-scan-tool/

 

I'm literally unable to click the links without Firefox crashing immediately. It would seem obvious that malware's responsible.

 

Any ideas?

 

I've yet to delete the malware (trojans/rootkits/various PUPs) turned up by Malwarebytes. They are quarantined, however.

 

Help! Any other options as to how to proceed/get the FRST scan downloaded?
 

Existing scanlogs

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 9/29/17
Scan Time: 5:38 PM
Log File: f39e2f30-a566-11e7-8fe6-00ffcf58dc79.json
Administrator: Yes

-Software Information-
Version: 3.2.2.2029
Components Version: 1.0.188
Update Package Version: 1.0.2917
License: Trial

-System Information-
OS: Windows 8.1
CPU: x64
File System: NTFS
User: CrappyPC\Mary

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 316627
Threats Detected: 11
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 6 min, 7 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 2
Rootkit.Fileless.MTGen, HKU\S-1-5-21-1992209377-382255440-3143550161-1001_Classes\38207d93\SHELL\OPEN\COMMAND, No Action By User, [1378], [261826],1.0.2917
Rootkit.Fileless.MTGen, HKU\S-1-5-21-1992209377-382255440-3143550161-1001_Classes\cqekijyt\SHELL\OPEN\COMMAND, No Action By User, [1378], [261826],1.0.2917

Registry Value: 4
Rootkit.Fileless.MTGen, HKU\S-1-5-21-1992209377-382255440-3143550161-1001_Classes\38207d93\SHELL\OPEN\COMMAND|, No Action By User, [1378], [261826],1.0.2917
Rootkit.Fileless.MTGen, HKU\S-1-5-21-1992209377-382255440-3143550161-1001_Classes\cqekijyt\SHELL\OPEN\COMMAND|, No Action By User, [1378], [261826],1.0.2917
Trojan.Fileless.MTGen, HKU\S-1-5-21-1992209377-382255440-3143550161-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|^PYOG, No Action By User, [364], [262349],1.0.2917
Trojan.Fileless.MTGen, HKU\S-1-5-21-1992209377-382255440-3143550161-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|^AGEC, No Action By User, [364], [262349],1.0.2917

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 2
PUP.Optional.Converter, C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\obg29jn7.default\jetpack\@Converter\simple-storage, No Action By User, [7828], [386988],1.0.2917
PUP.Optional.Converter, C:\USERS\MARY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OBG29JN7.DEFAULT\JETPACK\@CONVERTER, No Action By User, [7828], [386988],1.0.2917

File: 3
PUP.Optional.Converter, C:\USERS\MARY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OBG29JN7.DEFAULT\EXTENSIONS\@CONVERTER.XPI, No Action By User, [7828], [386989],1.0.2917
PUP.Optional.Converter, C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\obg29jn7.default\jetpack\@Converter\simple-storage\store.json, No Action By User, [7828], [386988],1.0.2917
PUP.Optional.OpenCandy, C:\USERS\MARY\DESKTOP\M\MARCO\HIJACKTHIS-D2C.EXE, No Action By User, [520], [297667],1.0.2917

Physical Sector: 0
(No malicious items detected)



BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:07:48 PM

Posted 10 October 2017 - 07:18 PM

Closing duplicate.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users