Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Tech support phishing scam


  • Please log in to reply
25 replies to this topic

#1 tns1

tns1

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:03:16 PM

Posted 11 December 2017 - 06:42 PM

This is meant to be a reply to "My Avast scans freeze" by kschwi

 

I also have that same tech support phishing hijacker, but on 7pro. It seems to pop up once a week with no adverse behavior other than taking control of the browser window. Easy to dismiss with task manager. It showed up shortly after installing the latest firefox 57 and the latest noscript extension. The mainrdrct....fastly.net url is the same, but each time there may be differences such as the ip address shown in the popup. No affiliation (eg microsoft) is shown. Refreshing the browser usually works for hijackers but not this one. Likewise scans with msse, mbam, mbar, adwcleaner, eset find no problems. It is simple to block the domain in the hosts file, but I'd like to learn the cause.



BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,009 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:06:16 PM

Posted 11 December 2017 - 07:15 PM

Hello tns1,

I have moved your topic from the log forum to the Am I Infected forum. The Log forum is for those receiving 1 on 1 assistance with infections that need more than the basic tools. Members are not able to reply to topics posted in that forum other than their own topic.

~ OB :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 Unworn_Kilt

Unworn_Kilt

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:08:16 AM

Posted 13 December 2017 - 01:25 AM

Hello and Welcome!

 

 

Apologies for the delay in getting to you. Your topic was showing as having a response which usually means it's been dealt with.

 

To start off, let's have a look and see what's going on using a simple tool first.

 

I should let you know that I'm just a normal member like you, not a Trained Malware Removal Expert. I have been working with computers since about 1976.

 

I'd like you to follow the instructions below please and post back the contents of any log in your Reply.......

 

 

 

 

First:......

 

Download a copy of a program called RKill (Courtesy of Grinler at Bleeping Computer) which is available at the links below:

(This program attempts to stop any running malware processes so other tools may function efficiently, plus a few other things.)

 

Save it to your Desktop so you can easily locate it.

 

(If one won't run, download the other. Malware sometimes recognises RKill.exe and tries to interfere with it.)

 

 

RKill.exe                              <<== Try this first.

 

RKill as iExplore.exe         <<== Try this one if option one doesn't work.

 

  • Right Click RKill and Select "Run As Administrator."
  • Soon after a Black Box will appear while RKill Runs. (This is normal. RKill may appear to hang. It's just working.)
  • When the RKill has finished it will Open a Report in Notepad.
  • RKill will also save a copy of its log to your Desktop called "RKill.log"
  • After RKill has run successfully Don't Restart your computer until the other tool(s) have run.
  • Please Copy and Paste the contents of the Report into your Next Reply.
  • If the RKill will not run in Normal Windows Mode, Restart in Safe Mode and Repeat the above Steps.

 

NOTES:

Please Ignore any warnings from about RKill containing Viruses or Trojans etc. If necessary, shut down or temporarily disable your Antivirus while RKill runs. Don't forget to Re-enable your Anti-Virus once RKill completes, unless I ask otherwise.

 

If RKill still won't run, please Post back here and advise me.(After trying both versions and Safe Mode.) Please note any Error messages or other useful information and Include it in your Reply.

 

 

 

 

 

Download and run the ESET Free Online Virus Scanner from:  HERE

(Please note that the Instructions may vary from time to time with version changes etc.)

  • Turn off your antivirus program. See here how to do this.
  • Accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Now click on Advanced Settings and make sure that the option Clean threats automatically is NOT checked, and select the following:
    • Enable detection of potentially unsafe applications
    • Enable detection of suspicious applications
    • Scan archives
    • Enable Anti-Stealth Technology
    • Click on the Change button and select only Operating Memory, Autostart Locations and drive(s) C:\D:\ etc., to be scanned
    • Click Start to begin the Scan.
  • The ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite a while.
  • When the scan completes, a list of found threats will open automatically (if any malicious files are found).
  • Push the SAVE to TEXT FILE button and save the file to your desktop using a unique name, such as ESETScan+Date.txt. Include the contents of this report in your next reply.
  • Push the CLEAN button.
  • Click Back, then Finish to exit ESET Online Scanner.

 

Let me know if you encounter any problems.

 

 

I'm in Australia, so the chances are there will be time zone differences.

I'll get back to you as quickly as I can.

 

If you don't hear back from me after 24 hours, please Personal Message me.

If you don't hear back after 48 hours, please Personal Message another Helper or Moderator.

 

Please remember we are Volunteers, so, please try to be a little patient.

We have other tasks and jobs that sometimes delay us here.

 

 

Cheers,

 

 

 

Kilt   :thumbup2: 


Edited by Unworn_Kilt, 13 December 2017 - 01:41 AM.

PLEASE NOTE

 

I am only a Standard Member,  NOT a Trained Malware Removal Expert. If you have ANY concerns regarding any advice I may give, please contact a Member of Staff before making changes.

 

Thanks!

 

 

** Walk Softly and Carry a Big Stick **

 

 

 


#4 Unworn_Kilt

Unworn_Kilt

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:08:16 AM

Posted 13 December 2017 - 01:34 AM

We'll dig a little deeper after we get the ESET results back in.

 

I assume, given your above comments that they should be a null result?


PLEASE NOTE

 

I am only a Standard Member,  NOT a Trained Malware Removal Expert. If you have ANY concerns regarding any advice I may give, please contact a Member of Staff before making changes.

 

Thanks!

 

 

** Walk Softly and Carry a Big Stick **

 

 

 


#5 tns1

tns1
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:03:16 PM

Posted 13 December 2017 - 02:14 PM

Eset found one item that has been on the system for a few years. I doubt it has anything to do with the issue, but cleaned it anyway.

I use the MVPS hosts file (unmodified).

 

 

 

Rkill 2.9.1 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2017 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 12/13/2017 07:27:30 AM in x64 mode.
Windows Version: Windows 7 Professional Service Pack 1

Checking for Windows services to stop:

 * Schedule Stopped. [PUP/GEN]

1 service stopped!

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1 localhost
  ::1 localhost #[IPv6]
  0.0.0.0 fr.a2dfp.net
  0.0.0.0 m.fr.a2dfp.net
  0.0.0.0 mfr.a2dfp.net
  0.0.0.0 ad.a8.net
  0.0.0.0 asy.a8ww.net
  0.0.0.0 static.a-ads.com
  0.0.0.0 abcstats.com
  0.0.0.0 a.abv.bg
  0.0.0.0 adserver.abv.bg
  0.0.0.0 adv.abv.bg
  0.0.0.0 bimg.abv.bg
  0.0.0.0 ca.abv.bg
  0.0.0.0 track.acclaimnetwork.com
  0.0.0.0 accuserveadsystem.com
  0.0.0.0 www.accuserveadsystem.com
  0.0.0.0 achmedia.com
  0.0.0.0 csh.actiondesk.com
  0.0.0.0 ads.activepower.net

  20 out of 13150 HOSTS entries shown.
  Please review HOSTS file for further entries.

Program finished at: 12/13/2017 07:28:24 AM
Execution time: 0 hours(s), 0 minute(s), and 53 seconds(s)
 

 

eset log:

C:\Users\T\Downloads\Downloads\Games\Systemshock\SYSTEMSHOCK-Portable-v1.2.2.7z    Win32/PrcView potentially unsafe application    
 



#6 Unworn_Kilt

Unworn_Kilt

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:08:16 AM

Posted 14 December 2017 - 08:07 PM

My apologies for the delay.

 

I was caught up on a rather serious case & the notification system doesn't seem to be functioning correctly.

 

I'm back with you now.

 

Have you followed the steps here?

 

Web Bar Removal Guide

 

If you wish, ensure you save any logs created and paste them back in here.

 

Personally, I believe it is possible the MVPs Hosts file may be contributing to the problem.

I had to read up on it for a recent case & it could be masking a malicious URL in my opinion.

 

I suggest you search the MVPs Hosts file for the malicious URL and remove it if found.

 

 

Please let me know how you get on.

 

 

 

Kilt   :thumbup2: 


PLEASE NOTE

 

I am only a Standard Member,  NOT a Trained Malware Removal Expert. If you have ANY concerns regarding any advice I may give, please contact a Member of Staff before making changes.

 

Thanks!

 

 

** Walk Softly and Carry a Big Stick **

 

 

 


#7 tns1

tns1
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:03:16 PM

Posted 15 December 2017 - 01:16 AM

I have no visible toolbar addon, but I went through all the cleaning anyway. Other than removing tracking cookies:

rkill - nothing found

mbam - nothing found

adwcleaner - nothing found

hitmanpro - 1 suspicious file removed: vuescan2.exe, a 3rd party printer driver, had a bad authenticode . It also complained about one hosts line: "0.0.0.0 bat.bing.com", but rather than just edit the one line it removed all entries. I restored the hosts file. I don't use bing, and this site plants tracking cookies so  I left it blocked. The hosts file does not contain the suspect url (or domain).

 

None of the cleaning convinces me the problem is fixed. The problem is fairly recent, and what was cleaned is old/inactive. 

 

One thing I should mention is that I have three antivirus products running at once on this PC: msse, mbam, superantispyware. I see no performance hit, but I have read that conflicts can exist.



#8 Unworn_Kilt

Unworn_Kilt

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:08:16 AM

Posted 15 December 2017 - 01:38 AM

G'day again,

 

 

 

Thanks for running through those steps. I'm glad we grabbed at few "unfriendlies."

 

 

I don't see a major problem with running the software you have installed.

A Layered approach to Security can be a good thing. I wouldn't run mutiple anti-virus scanners in realtime,

It's a good idea to run one antivirus program and one realtime anti-malware program. Maybe set SAS to demand scanning only.

There's a remote possibility that having MBAM and SAS running together (only if "realtime protection" is activated on both)

that you could potentially have a conflict, however, I don't think it too likely.

 

The item that ESET found was actually, according to research I did, a Trojan in the Win32\Sality family. I'm glad that's gone.

It would be a good idea to go over your passwords and change them. Also check bank statements for any unusual transactions.

Thankfully it's one of the lesser Trojans in this instance.

 

Regarding the Tech Support Scam, what other details are you able to give me. Did they contact you and access you PC remotely, or,

is it just the browser Pop-Up?

 

Are you able to give any details of what's on the Pop-Up please?

 

Watch the computer for a few days and see if the Pop-Up comes back. Let me know here or via PM if it does.

 

Please bear in mind that I'm in Australia, so our times may be out of synch a little.

 

There are other tools we can run if the problem persists, however,  think monitoring it for now should be okay.

 

 

 

Perhaps we'll run one more scan now:

 

 

 

Download Malwarebytes Anti-Rootkit (MBAR) to your desktop.

 

From Here: Malwarebytes Anti-Rootkit

  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click "Next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
  • "mbar-log-{date} (xx-xx-xx).txt"
  • "system-log.txt"



NOTE. If you see This version requires you to completely exit the Anti Malware application message right click on the Malwarebytes Anti-Malware icon in the system tray and click on Exit.

 

 (My Thanks to Broni, Bleeping Computer Advisor for the use of the above, mostly pilfered, MBAR Notes.

 

 

Please post back your results when you are done.


PLEASE NOTE

 

I am only a Standard Member,  NOT a Trained Malware Removal Expert. If you have ANY concerns regarding any advice I may give, please contact a Member of Staff before making changes.

 

Thanks!

 

 

** Walk Softly and Carry a Big Stick **

 

 

 


#9 tns1

tns1
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:03:16 PM

Posted 15 December 2017 - 01:58 PM

The item that ESET found was actually, according to research I did, a Trojan in the Win32\Sality family. I'm glad that's gone.

 

This is surprising since that .7z was a GOG.com game purchase. They have aways been very anti-drm anti-virus anti-crapware. If I download it again, I'll give it a good scan.
 

 

Regarding the Tech Support Scam, what other details are you able to give me. Did they contact you and access you PC remotely, or, is it just the browser Pop-Up?

 

Similar to the post by kschwi: https://www.bleepingcomputer.com/forums/t/664833/my-avast-scans-freeze-at-41/#entry4395377

 

just a re-direct and pop-up from mainrdrct.global.ssl.fastly.net/in/advv12612612/
The browser history log also show adverrd.global.ssl.fastly.net/?rsid=15A2EAF0DBE258

 

I have no permission to post images to this thread.

 

 

Thinking about possible conflicts between the three anti-virus programs, I selective shutdown/closed them so each could scan independantly. mbam found nothing again, but sas found and cleaned the following:

SAS:
Trojan.Agent/Gen-Sasfis
    C:\USERS\T\APPDATA\LOCAL\TEMP\VSDEL.EXE
    C:\Windows\Prefetch\VSDEL.EXE-2EAABFFB.pf

Either there was a conflict between programs before or a new signature was added in the short time I ran these last. Only msse is running real-time.


Edited by tns1, 15 December 2017 - 03:55 PM.


#10 Unworn_Kilt

Unworn_Kilt

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:08:16 AM

Posted 16 December 2017 - 09:32 AM

G'day again Mate,

 

 

I'm going to have to give this some thought. I could throw you a bunch of tools to run, but I've come across the "Global" infectors previously. They're not pleasant generally. They occasionally use an as yet unresolved mechanism to survive a full flattening and system rebuild.

 

Do you mind if I ask a) what type of phone do you run?(android or Iphone?) ,and, b ) Would you mind searching your contacts list for any contact contaning the word "*global*" just straight global should do. Please advise me of your findings.

 

If I were you, I'd shut down all but one A/V solution, run with both A/M solutions. I'm glad SAS caught the Trojan.

 

I'd be having a very good look over those banking details. Also consider changing your credit card numbers and any banking details you've used online. when I get a second, I'll paste in a link for you regarding appropriate action guidelines. In the meantime, take care. I'll see what I can dig up.

 

 

 

Cheers,

 

 

 

Kilt  :thumbup2: 


Edited by Unworn_Kilt, 16 December 2017 - 09:52 AM.

PLEASE NOTE

 

I am only a Standard Member,  NOT a Trained Malware Removal Expert. If you have ANY concerns regarding any advice I may give, please contact a Member of Staff before making changes.

 

Thanks!

 

 

** Walk Softly and Carry a Big Stick **

 

 

 


#11 tns1

tns1
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:03:16 PM

Posted 16 December 2017 - 08:49 PM

Do you mind if I ask a) what type of phone do you run?(android or Iphone?) ,and, b ) Would you mind searching your contacts list for any contact contaning the word "*global*" just straight global should do. Please advise me of your findings.

 

 

iphone, android and windows phones, but no "global" in the contacts. I would need an explanation of the mechanism for a cross-platform infection before I would take that seriously. I also have a network connected WebOS TV, blueray player, and VOIP box that could be leveraged for exploits but it would take some serious time, skill, and coincidence to make that happen.

 

I was checking other PCs on my network and while using a different PC (win10), I saw a similar tech scam popup. Even though the redirect eventually took me to a different url (http://pc-0ndra3.stream..) than the PC here, I swear I saw a brief window open with the same "global.ssl.fastly.." url shown above. Repeating the same series of AV scans found nothing. 

 

So what is common between these machines? The network itself, a similar set of utilities, same new browser, but different windows versions, and only the win7 machine runs noscript. I do sometimes use a flash drive to transfer stuff between them, but this scanned clean. I took a look at Bios and router FW, and updated what I could.

 

Should I be able to post jpg to a thread?


Edited by tns1, 16 December 2017 - 10:28 PM.


#12 tns1

tns1
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:03:16 PM

Posted 19 December 2017 - 10:33 AM

A third machine(win10) on my network showed a brocoiner miner virus/trojan. This had been caught by msse a month ago but not brought to my attn. I have to believe there is a common entry point for these.



#13 Unworn_Kilt

Unworn_Kilt

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:08:16 AM

Posted 19 December 2017 - 10:39 AM

How old is your Router?

 

Just as a matter of interest?


PLEASE NOTE

 

I am only a Standard Member,  NOT a Trained Malware Removal Expert. If you have ANY concerns regarding any advice I may give, please contact a Member of Staff before making changes.

 

Thanks!

 

 

** Walk Softly and Carry a Big Stick **

 

 

 


#14 Unworn_Kilt

Unworn_Kilt

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:08:16 AM

Posted 19 December 2017 - 11:00 AM

Let's run a couple of tools and see if there's anything obvious.

 

 

 

Do Not Enclose Reports In Quotes or Delete or Insert Any Characters - No Redaction!

Please Post All Reports in Plain Text. Ensure You Include All Report Headers.

Please Press the Return Key 3 Times Between Reports.

Don't Attach them either.....Pleeeez!

 

 

Please make sure you have Backed Up your Files and Save any Work you have Open before proceeding!

You can find Free Back Up Software in the Bleeping Computer "Downloads" Section.

It's unlikely that anything I ask you to do will wipe your data, but better to be safe than sorry.

 

 

Some Tools May Close Down Any Open Windows or Programs, Please Be Aware of This!

 

 

 

Remember that there is no such thing as a "Stupid Question." If you encounter ANY problems or difficulties along the way, STOP and Message Me!!

 

 

 

**Read All Notes Under Individual Instructions BEFORE Running the Tools.**

 

You might find it useful to print these instructions for reference.

 

 

 

 

My suggestions:

 

 

(1)

 

 

 

Download a copy of a program called RKill (Courtesy of Grinler at Bleeping Computer) which is available at the links below:

(This program attempts to stop any running malware processes so other tools may function efficiently, plus a few other things.)

 

Save it to your Desktop so you can easily locate it.

 

(If one won't run, download the other. Malware sometimes recognises RKill.exe and tries to interfere with it.)

 

 

RKill.exe                              <<== Try this first.

 

RKill as iExplore.exe         <<== Try this one if option one doesn't work.

 

  • Right Click RKill and Select "Run As Administrator."
  • Soon after a Black Box will appear while RKill Runs. (This is normal. RKill may appear to hang. It's just working.)
  • When the RKill has finished it will Open a Report in Notepad.
  • RKill will also save a copy of its log to your Desktop called "RKill.log"
  • After RKill has run successfully Don't Restart your computer until the other tool(s) have run.
  • Please Copy and Paste the contents of the Report into your Next Reply.
  • If the RKill will not run in Normal Windows Mode, Restart in Safe Mode and Repeat the above Steps.

 

NOTES:

 

Please Ignore any warnings from about RKill containing Viruses or Trojans etc. If necessary, shut down or temporarily disable your Antivirus while RKill runs. Don't forget to Re-enable your Anti-Virus once RKill completes, unless I ask otherwise.

 

If RKill still won't run, please Post back here and advise me.(After trying both versions and Safe Mode.) Please note any Error messages or other useful information and Include it in your Reply.

 

 

(2)

 

 

Please download Security Check Tool (by screen317) from HERE & save it to your Desktop.

 

 

  • Right Click SecurityCheck and Select "Run As Administrator."
  • Follow the Prompts in the Black Box which opens on your screen.
  • When the program is complete a Notepad Document called Checkup.txt should open Automatically in Notepad.
  • Please Copy & Paste the Contents of Checkup.txt into your Next Reply.

 

Please Note the Following:

 

If you receive an "UNSUPPORTED OPERATING SYSTEM! ABORTED!," please Restart Windows and Security Check should Run Fine.

Should a problem persist, please Post Back Here and include any Error Messages & Other Useful Information.

 

Security Check may require you to permit "Dig.exe" to access the internet. Please allow access through your Firewall if necessary.

It is not uncommon for Security Check to generate "false positives" from  some Anti-Virus/Anti-Malware Programs. Please Ignore These if They Occur.

 

 

(3)

 

 

Download Farbar Service Scanner onto your Desktop (FSS:)  HERE

 

 

Please Ensure the following Options are Selected:

 

 

  • RpcSs and PlugPlay <= (May be greyed out.)
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender
  • Other Services

(Please Don't Click the "Search Files" or "Export Service Buttons")

  • Click the Scan button to start scanning.
  • (FSS may take a short while to complete.)
  • When the Scan is Complete, a Report should Pop-Up in Notepad.
  • Please Copy and Paste the Contents into your Next Reply.

 

*(The Tool will create a log file called FSS.txt in the Folder the Tool is Run from.

That log will be saved. If there are any problems with the Pop-Up one, Copy from FSS.txt.)

 

 

(4)

 

 

Download MiniToolBox(By FARBAR) to your Desktop:  HERE

 

 

Right Click the Blue\Black MiniToolBox Icon and Select "Run as Administrator."

(The Tool will show Version: 17-06-2016 in the title bar.)

 

 

Select the following Check-boxes:

 

 

  • Flush DNS
  • Report IE Proxy Settings(Make sure IE is closed first please.)
  • Reset IE Proxy Settings
  • Report FF Proxy Settings (Make sure Firefox is closed first please.)
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (DO NOT change any settings for this - Only "Problems" should be set by Default.)
  • List Users, Partitions and Memory size
  • List Minidump Files
  • List Restore Points

 

Click the "Go" Button.

 

  • Report should Pop-Up on your Screen in Notepad after a short wait.
  • Please Copy an Paste the Report Contents into your Next Reply.

(If you accidentally "kill" the Notepad Report, all is not lost, it should be saved on your Desktop as MTB.txt)

 

 

 

 

 

 

Cheers,

 

 

 

Kilt   :thumbup2: 

 

 

Greetings of the Season!!

:santa:  I hope you have a Safe and Merry Christmas & Happy New Year!!   :santa:


Edited by Unworn_Kilt, 19 December 2017 - 11:03 AM.

PLEASE NOTE

 

I am only a Standard Member,  NOT a Trained Malware Removal Expert. If you have ANY concerns regarding any advice I may give, please contact a Member of Staff before making changes.

 

Thanks!

 

 

** Walk Softly and Carry a Big Stick **

 

 

 


#15 RolandJS

RolandJS

  • Members
  • 4,533 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austin TX metro area
  • Local time:05:16 PM

Posted 19 December 2017 - 11:11 AM

"...vuescan2.exe, a 3rd party printer driver..."   I use Vuescan throughout the year and the only EXE file for this scanner/printer program is vuescan.exe, you're right to be suspicious of that vuescan2.exe.


"Take care of thy backups and thy restores shall take care of thee."  -- Ben Franklin revisited.

http://collegecafe.fr.yuku.com/forums/45/Computer-Technologies/

Backup, backup, backup! -- Lady Fitzgerald (w7forums)

Clone or Image often! Backup... -- RockE (WSL)





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users