Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

New laptop instant infection when I loaded Chrome


  • Please log in to reply
1 reply to this topic

#1 DogStar5988

DogStar5988

  • Members
  • 116 posts
  • OFFLINE
  •  
  • Local time:06:20 AM

Posted 25 February 2018 - 11:27 AM

Hey there,

 

My husband just got a new laptop and I got everything downloaded when Kaspersky informed me of an infection and wanted to remove it. I told it to do so, then windows started throwing this error "C:\WINDOWS\system32\OnDemandConnRouterHelper.dll is either not designed to run on Windows or it contains an error". Kaspersky then went into "Advanced Disinfection" mode and I guess undid some of the damage. I immediatly downloaded Malwarebytes and did a full scan and the report is below. I also ran sfc /scannow and let that complete as well. Since then the computer has been acting a little odd and I've noticed when I run full screen games it randomly switches back to the desktop. I want to believe the virus is gone and didn't leave any lasting damage but I would like to make sure. The computer is so new a factory reset is still a pretty easy option but I'd still rather not if I don't have to.

 

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 2/24/18
Scan Time: 6:05 PM
Log File: a73e282a-19bf-11e8-bd82-8cec4b261ab0.json
Administrator: Yes

-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.262
Update Package Version: 1.0.4086
License: Trial

-System Information-
OS: Windows 10 (Build 16299.15)
CPU: x64
File System: NTFS
User: DESKTOP-7BKKB0Q\tiger

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 272687
Threats Detected: 43
Threats Quarantined: 43
Time Elapsed: 1 min, 45 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 12
PUP.Optional.Spigot.Generic, C:\Users\tiger\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\iheaaibbfinfpdglhahcoeejfndieakn, Quarantined, [2140], [454579],1.0.4086
PUP.Optional.Spigot.Generic, C:\Users\tiger\AppData\Local\Google\Chrome\User Data\Default\Extensions\iheaaibbfinfpdglhahcoeejfndieakn\6.4_0\_locales\en, Quarantined, [2140], [454579],1.0.4086
PUP.Optional.Spigot.Generic, C:\Users\tiger\AppData\Local\Google\Chrome\User Data\Default\Extensions\iheaaibbfinfpdglhahcoeejfndieakn\6.4_0\html\popup, Quarantined, [2140], [454579],1.0.4086
PUP.Optional.Spigot.Generic, C:\Users\tiger\AppData\Local\Google\Chrome\User Data\Default\Extensions\iheaaibbfinfpdglhahcoeejfndieakn\6.4_0\_metadata, Quarantined, [2140], [454579],1.0.4086
PUP.Optional.Spigot.Generic, C:\Users\tiger\AppData\Local\Google\Chrome\User Data\Default\Extensions\iheaaibbfinfpdglhahcoeejfndieakn\6.4_0\js\popup, Quarantined, [2140], [454579],1.0.4086
PUP.Optional.Spigot.Generic, C:\Users\tiger\AppData\Local\Google\Chrome\User Data\Default\Extensions\iheaaibbfinfpdglhahcoeejfndieakn\6.4_0\_locales, Quarantined, [2140], [454579],1.0.4086
PUP.Optional.Spigot.Generic, C:\Users\tiger\AppData\Local\Google\Chrome\User Data\Default\Extensions\iheaaibbfinfpdglhahcoeejfndieakn\6.4_0\newtab, Quarantined, [2140], [454579],1.0.4086
PUP.Optional.Spigot.Generic, C:\Users\tiger\AppData\Local\Google\Chrome\User Data\Default\Extensions\iheaaibbfinfpdglhahcoeejfndieakn\6.4_0\html, Quarantined, [2140], [454579],1.0.4086
PUP.Optional.Spigot.Generic, C:\Users\tiger\AppData\Local\Google\Chrome\User Data\Default\Extensions\iheaaibbfinfpdglhahcoeejfndieakn\6.4_0\css, Quarantined, [2140], [454579],1.0.4086
PUP.Optional.Spigot.Generic, C:\Users\tiger\AppData\Local\Google\Chrome\User Data\Default\Extensions\iheaaibbfinfpdglhahcoeejfndieakn\6.4_0\js, Quarantined, [2140], [454579],1.0.4086
PUP.Optional.Spigot.Generic, C:\Users\tiger\AppData\Local\Google\Chrome\User Data\Default\Extensions\iheaaibbfinfpdglhahcoeejfndieakn\6.4_0, Quarantined, [2140], [454579],1.0.4086
PUP.Optional.Spigot.Generic, C:\USERS\TIGER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\IHEAAIBBFINFPDGLHAHCOEEJFNDIEAKN, Quarantined, [2140], [454579],1.0.4086

File: 31
PUP.Optional.Spigot.Generic, C:\USERS\TIGER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [2140], [454579],1.0.4086
PUP.Optional.Spigot.Generic, C:\USERS\TIGER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [2140], [454579],1.0.4086
PUP.Optional.Spigot.Generic, C:\Users\tiger\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\iheaaibbfinfpdglhahcoeejfndieakn\000003.log, Quarantined, [2140], [454579],1.0.4086
PUP.Optional.Spigot.Generic, C:\Users\tiger\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\iheaaibbfinfpdglhahcoeejfndieakn\CURRENT, Quarantined, [2140], [454579],1.0.4086
PUP.Optional.Spigot.Generic, C:\Users\tiger\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\iheaaibbfinfpdglhahcoeejfndieakn\LOCK, Quarantined, [2140], [454579],1.0.4086
PUP.Optional.Spigot.Generic, C:\Users\tiger\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\iheaaibbfinfpdglhahcoeejfndieakn\LOG, Quarantined, [2140], [454579],1.0.4086
PUP.Optional.Spigot.Generic, C:\Users\tiger\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\iheaaibbfinfpdglhahcoeejfndieakn\LOG.old, Quarantined, [2140], [454579],1.0.4086
PUP.Optional.Spigot.Generic, C:\Users\tiger\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\iheaaibbfinfpdglhahcoeejfndieakn\MANIFEST-000001, Quarantined, [2140], [454579],1.0.4086
PUP.Optional.Spigot.Generic, C:\USERS\TIGER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, Replaced, [2140], [454579],1.0.4086
PUP.Optional.Spigot.Generic, C:\USERS\TIGER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\IHEAAIBBFINFPDGLHAHCOEEJFNDIEAKN\6.4_0\CHROMERESTORE.JS, Quarantined, [2140], [454579],1.0.4086
PUP.Optional.Spigot.Generic, C:\Users\tiger\AppData\Local\Google\Chrome\User Data\Default\Extensions\iheaaibbfinfpdglhahcoeejfndieakn\6.4_0\css\description.css, Quarantined, [2140], [454579],1.0.4086
PUP.Optional.Spigot.Generic, C:\Users\tiger\AppData\Local\Google\Chrome\User Data\Default\Extensions\iheaaibbfinfpdglhahcoeejfndieakn\6.4_0\css\popup.css, Quarantined, [2140], [454579],1.0.4086
PUP.Optional.Spigot.Generic, C:\Users\tiger\AppData\Local\Google\Chrome\User Data\Default\Extensions\iheaaibbfinfpdglhahcoeejfndieakn\6.4_0\html\popup\description.html, Quarantined, [2140], [454579],1.0.4086
PUP.Optional.Spigot.Generic, C:\Users\tiger\AppData\Local\Google\Chrome\User Data\Default\Extensions\iheaaibbfinfpdglhahcoeejfndieakn\6.4_0\html\popup\popup.html, Quarantined, [2140], [454579],1.0.4086
PUP.Optional.Spigot.Generic, C:\Users\tiger\AppData\Local\Google\Chrome\User Data\Default\Extensions\iheaaibbfinfpdglhahcoeejfndieakn\6.4_0\js\popup\popup.js, Quarantined, [2140], [454579],1.0.4086
PUP.Optional.Spigot.Generic, C:\Users\tiger\AppData\Local\Google\Chrome\User Data\Default\Extensions\iheaaibbfinfpdglhahcoeejfndieakn\6.4_0\js\userNewTab.js, Quarantined, [2140], [454579],1.0.4086
PUP.Optional.Spigot.Generic, C:\Users\tiger\AppData\Local\Google\Chrome\User Data\Default\Extensions\iheaaibbfinfpdglhahcoeejfndieakn\6.4_0\newtab\slim_product.html, Quarantined, [2140], [454579],1.0.4086
PUP.Optional.Spigot.Generic, C:\Users\tiger\AppData\Local\Google\Chrome\User Data\Default\Extensions\iheaaibbfinfpdglhahcoeejfndieakn\6.4_0\_locales\en\messages.json, Quarantined, [2140], [454579],1.0.4086
PUP.Optional.Spigot.Generic, C:\Users\tiger\AppData\Local\Google\Chrome\User Data\Default\Extensions\iheaaibbfinfpdglhahcoeejfndieakn\6.4_0\_metadata\verified_contents.json, Quarantined, [2140], [454579],1.0.4086
PUP.Optional.Spigot.Generic, C:\Users\tiger\AppData\Local\Google\Chrome\User Data\Default\Extensions\iheaaibbfinfpdglhahcoeejfndieakn\6.4_0\after.js, Quarantined, [2140], [454579],1.0.4086
PUP.Optional.Spigot.Generic, C:\Users\tiger\AppData\Local\Google\Chrome\User Data\Default\Extensions\iheaaibbfinfpdglhahcoeejfndieakn\6.4_0\background.js, Quarantined, [2140], [454579],1.0.4086
PUP.Optional.Spigot.Generic, C:\Users\tiger\AppData\Local\Google\Chrome\User Data\Default\Extensions\iheaaibbfinfpdglhahcoeejfndieakn\6.4_0\contentscript.js, Quarantined, [2140], [454579],1.0.4086
PUP.Optional.Spigot.Generic, C:\Users\tiger\AppData\Local\Google\Chrome\User Data\Default\Extensions\iheaaibbfinfpdglhahcoeejfndieakn\6.4_0\icon.png, Quarantined, [2140], [454579],1.0.4086
PUP.Optional.Spigot.Generic, C:\Users\tiger\AppData\Local\Google\Chrome\User Data\Default\Extensions\iheaaibbfinfpdglhahcoeejfndieakn\6.4_0\manifest.json, Quarantined, [2140], [454579],1.0.4086
PUP.Optional.Vosteran, C:\USERS\TIGER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, Replaced, [6653], [455253],1.0.4086
PUP.Optional.Vosteran, C:\USERS\TIGER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [6653], [455253],1.0.4086
PUP.Optional.Conduit, C:\USERS\TIGER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, Replaced, [528], [454832],1.0.4086
PUP.Optional.Conduit, C:\USERS\TIGER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [528], [454832],1.0.4086
PUP.Optional.Conduit, C:\USERS\TIGER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [528], [454832],1.0.4086
PUP.Optional.Vosteran, C:\USERS\TIGER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [6653], [455253],1.0.4086
PUP.Optional.Vosteran, C:\USERS\TIGER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [6653], [455253],1.0.4086

Physical Sector: 0
(No malicious items detected)


(end)



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:05:20 AM

Posted 25 February 2018 - 12:07 PM

Looks like you downloaded some free stuff bundled with adware.

 

Use the programs below to clean, remove adware.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of Google Chrome and Avast.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Download AdwCleaner by Xplode onto your desktop. (compatible with Windows 7, 8 and 10)

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

If you don't have an ad blocker installed I suggest using Adblock Plus.

Adblock Plus :: Add-ons for Firefox     Adblock Plus - Chrome Web Store

Adblock Plus for Edge browser   Adblock Plus for IE

 

You can block the ad and tracking cookies from installing on your computer by blocking third party cookies.

How to disable third-party cookies in all major web browsers

Once you have blocked the install of those cookies then run CCleaner to remove the existing ones.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users