Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


I need some peace of mind!

  • Please log in to reply
6 replies to this topic

#1 TwilightRonin


  • Members
  • 9 posts
  • Local time:01:07 AM

Posted 29 December 2017 - 01:12 PM

I apologize in advance if I'm wasting your time by posting blurred screencaps but I'm concerned about potential repercussions.


I've seen this in http://archive.is/hzCzU

"To see if you're infected:
1) click the start button
2) enter cmd in the search field
3) type netstat in the command prompt

If you see more than 5 connections you're f..."


This was the result. I just don't know what's this supposed to mean.








Edit: I didn't notice any issues except one. I don't know whether it may be relevant but I had a problem with Malwarebytes not opening. I tried to uninstall it but I encountered an error, "unins000.dat does not exist". I downloaded a setup file from the site, it had to uninstall the old version and it couldn't for the same reason. I found this Revo Uninstaller which managed to remove it. Just scanned and I only see two PUP.Optional entries.

Edited by hamluis, 30 December 2017 - 11:19 AM.
Moved from Win 8 to Am I infected - Hamluis.

BC AdBot (Login to Remove)


#2 rp88


  • Members
  • 3,061 posts
  • Gender:Not Telling
  • Local time:10:07 PM

Posted 30 December 2017 - 12:15 AM

This is a common scam, a scammer will tell you to open cmd (known as command prompt) and will say that if certain things occur you have a virus. But infact the scammer knows that for almost every computer this thing, in this case seeing a lot of results after typing the netstat command, will occur. Seeing many netstat entries is common, I just ran it now, I'm only connected to a small number of sites right now (bleepingcomputer.com in one browser tab and the bbc website in another) and have barely any background tasks running yet still get over 10 entries.

And the scammer chose to suggest this command because he thinks the word "foreign address" sounds scary, the sort of thing to terrify the types of people who imagine all hackers to be lurking abroad somewhere. In reality "netstat" in command prompt just prints out a list of all the TCP protocol connections between your computer and elsewhere, "foreign address" just means where the other end of the connection is going to, the "local address" says where on your system it connects from. The names may sound technical, and may be hard to interpret, but in general are nothing to be afraid of.

More concerning is what other actions you may have taken after reading those instructons about "see more than 5 connections and you are infected", did you do anything else? Did you download any "virus removal tools" which the archive.is page (I have not visited it and suspect it is the sort of page that no-one else will want to risk visiting given what you describe it's content to be) may have suggested? Did it advise any actions on your part for what to do if you saw more than 5 connections, did you take any actions? If you took no actions and downloaded no files you are probably fine, however running a scan with your antivirus, and downloading a fresh copy of malwarebytes (reinstall it if it is failing to open) is good practice. If you did download and run anything from the webpage which gave you this scam warning then go to the "am i infected" forum of bleepingcomputer.com and ask for help there, someone will be along to tell you which tools to run to let them diagnose your system. If after trying to reinstall malwarebytes still keeps failing then ask in the "antivirus and antimalware software" forum about how to fix it.

P.S. blurring out the text in that screenshot probably was a wise idea to some extent, it could in some cases be possible to work out things about what domains (upper level parts of websites, the web address before the first / ) you were visiting at the time if the full log was shown. The local addresses will not be such an issue, they will identify individual devices on your local network but not in the context of the wider internet, so everything there will almost always be 192.168.1.x for everyone where x is between 0 and 255

Edited by hamluis, 30 December 2017 - 11:20 AM.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#3 TwilightRonin

  • Topic Starter

  • Members
  • 9 posts
  • Local time:01:07 AM

Posted 30 December 2017 - 12:59 AM

Thank you for the detailed response. I suppose I'll let it rest for now and try to see what each of them implies later on. After posting this thread I did get the idea of ending the firefox and utorrent tasks and still got a lot of them but I guess I should have just restarted. The person who recommended that didn't say anything else, may be a prank or hearsay.

#4 dc3


    Bleeping Treehugger

  • Members
  • 30,714 posts
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:03:07 PM

Posted 30 December 2017 - 11:15 AM

Welcome to Bleeping Computer.


The prudent thing to do at this point would be to run some security scans to see if there is any evidence of malware.  These security scans cannot be run in the Windows forums, I will request that this topic be moved to the Am I Infected, What Can I Do? forum.


Please run the scans in the order they are requested.  Post the logs in your topic, do not use a host website to post these logs.  Do not wrap the logs in quotes or code.



Please run the scans suggested below in the order that they are requested, this is a must for RKill.  Post the logs generated by these scans in your topic in the order they were run.  Please do not wrap your logs in quotes or code brackets or use use spoilers.

Please download and run RKill

RKill attempts to terminate known malware processes so that your normal security software can then run and clean your computer of infections.  RKill will not remove any of the processes it stops, you will need to run security scans to remove any malware found.  These settings will remain until the computer is rebooted, for this reason you must run your security applications before the computer is rebooted.  

Please download RKill and install it.

When RKill is run it will display a console screen similar to the one below:


After this has run you will see another image explaining that RKill has finished running and you should be able to run the scan.  You need to click/tap on OK.


When RKill has finished running a log will be displayed showing all of the processes that were terminated by RKill.

AttentionAt this time you need to run your security applications listed below.  When the scan has finished running a lot will be posted in Notepad.  Copy and paste this log in your topic.

Importanat: There is a possibility that malware may recognize RKill and keep it from running, if this is the case do the following.

If while RKill is running you may see a message from the malware stating that the program could not be run because it is a virus or is infected.  This is the malware trying to protect itself.  Two methods that you can try to get past this and allow RKill to run are:

1)  Rename Rkill so that it has a .com extension.

2)  Download a version that is already renamed as files that are commonly white-listed by malware. The main Rkill download page contains individual links to renamed versions.  

After the application has run successfully and you have run the requested scans you should reboot the computer to restore the processes and Windows Registry entries.

Please run TDSSKiller.
Please download TDSSKiller from here and save it to your Desktop.

The log for the TDSSKiller can be very long.  If you go to the bottom of the log to where you find Scan finished you will see the results of the scan.  If it shows Detected object count: 0 and Actual detected object count: 0, this means that nothing malicious was found and you will not need to post the log.
1.  Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
2.  Check Loaded Modules, Verify Driver Digital Signature, and Detect TDLFS file system.
If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now.
3.  Click Start Scan and allow the scan process to run.

4.  If threats are detected select Cure (if available) for all of them unless otherwise instructed.  If threats are found you will see a screen like the one below.

***Do NOT select Delete!

Click on Continue.
5.  Click on Reboot computer.
Please copy the TDSSKiller.[Version]_[Date]_[Time]_log.txt file found in your root directory (in most cases this is c: Drive) and paste it into your next reply.

Note:  The log may be very long.  You may need to break it into parts to post the whole log in your topic.

Please run Malwarebytes AntiMalware

Please download Malwarebytes Anti-Malware 2.2.

1)  Double-click on mbam-setup.exe, then click on Run to install the application, follow the prompts through the installation.

2)  Malwarebytes will automatically open.  You will see an image like the one below, click on Update Now.  


3)  Click on Settings, you will see a image like the one below.


When Settings opens click on Detection and Protection, then under Non-Malware Protection, click on the down arrow for PUP (Potentially Unwanted Programs) detections and select Treat detections as malware.  Under Detection Options place a check in the box for Scan for rootkits

4)  Click on Scan (next to Settings), then click on Scan Now.  The scan will automatically run now.

5)  When the scan is complete the results will be displayed.  Click on Delete All.


6)  Please post the Malwarebytes log.

To find the Malwarebytes log do the following.  Copy and paste the log in your topic.

*Open Malwarebytes Anti-Malware.
*Click the Scan Tab at the top.
*Click the View detailed log link on the right.
*Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
*Alternatively, you can click Export and save the log as a .txt file on yout Desktop or another location.
*Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

Please download AdwCleaner and install it.

When AdwCleaner opens click on Scan to start the scan.


Once the search is complete a list of the pending items will be displayed.  If you see any which you do not want removed, remove the check mark next to it.

If there are no malicious programs are found you will receive a message informing you of this.  
Click on Clean to remove the selected items.  If you have any questions about any items in the list please copy and paste the list in your topic so we can review it.  

You will receive a message telling you that all programs will be closed so that the infections can be removed.  Click on OK.  The computer will be restarted to complete the cleaning process.
When the cleaning process is complete a log of what was removed will be presented.  Please copy and the paste this log in your topic.

Please run the ESET OnlineScan

This scan takes quite a long time to run, so be prepared to allow this to run
till it is completed.

***Please note. If you run this scan using Internet Explorer you won't need
to download the Eset Smartinstaller.***

ESET Online Scanner

  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology

  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • If threats are found click on Save to text file in Documents.
  • Open Documents, find the report, copy and paste it in your topic.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.





#5 TwilightRonin

  • Topic Starter

  • Members
  • 9 posts
  • Local time:01:07 AM

Posted 30 December 2017 - 02:07 PM

Thank you, I don't know whether I should post logs since there was only one thing. ESET Online Scanner has detected a PUP with an interesting name, JS/CoinMiner.F I searched about it and most results are from this month.

#6 TwilightRonin

  • Topic Starter

  • Members
  • 9 posts
  • Local time:01:07 AM

Posted 30 December 2017 - 02:27 PM

Uh, there's something else and I don't think it warrants its own thread. Noticed https://www.bleepingcomputer.com/forums/t/44694/slow-computer/ I have an old laptop (with 4-5 years of use) that I don't use anymore and it has that problem. Not a priority but I'd like to get it resolved and took measures along those lines to no avail. I've seen https://www.bleepingcomputer.com/forums/t/87058/slow-computerbrowser-check-here-first;-it-may-not-be-malware/ as well, I'd like to clean it up using guides someday but I did check the CPU temperature and it was high but not too high.

#7 dc3


    Bleeping Treehugger

  • Members
  • 30,714 posts
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:03:07 PM

Posted 30 December 2017 - 02:44 PM

If this is a different computer with a different problem you should open a new topic in the appropriate forum to address this.  I would suggest not adding the other problem to this topic as it will wind up becoming confusing.


Please humor me, post the requested logs in your topic.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users