Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware Infection after software install


  • This topic is locked This topic is locked
4 replies to this topic

#1 Exodius999

Exodius999

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:07 PM

Posted 04 April 2018 - 06:09 AM

I have a Windows 7 Enterprise system that started exhibiting evidence of malware after installation of an AV package from an old backup.

 

Initial signs were obvious with run away processes, additional software items being installed (visible in Control Panel - Uninstall programs) etc etc. Mostly Adware & a Miner.

 

Most of these were easily enough dealt with using staple tools - HijackThis, AVG, MalwareBytes, ADWCleaner, RKill, Rogue Killer etc.  However as I though I was coming to the end of the process I've run into persistent malware/possible re-infection and the system has seemed cleaner at times, and less clean at others.

 

Current behaviours include not allowing Windows Security Centre to start, certain security tools to be installed (Safe mode or not), AV/Security software settings not being able to be changed/maintained in AV/security software etc.  ADWCleaner also reports System Table in Firefox/Chrome but has been unable thus far to complete its removal.

 

 

I'm assuming I should probably track back to run FRST and post here but would like to check whether that's where I should start...  Can someone please advise?

 

Edit (Additional):  I've been doing some research while waiting for someone to respond to this post, and in the process I recalled seeing AppInit_dll (or similar) messages prior to my taking to cleaning what I thought were 'just' adware/browser hijack-type processes, so I'm wondering whether there's a dll redirection occurring?.  Looking forward to hearing from someone soon. Thanks.

 

 


Edited by Exodius999, 04 April 2018 - 08:45 PM.


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:07 PM

Posted 04 April 2018 - 10:02 PM

Please follow the instructions in THIS GUIDE starting at Step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it HERE. Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 Exodius999

Exodius999
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:07 PM

Posted 04 April 2018 - 11:38 PM

OK, Managed to run FRST64 in Safe Mode and have created a new topic in the Removal Logs forum here...

 

https://www.bleepingcomputer.com/forums/t/674844/unspecified-malware-possible-dll-redirect

 

Thanks in advance for all your help...



#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:07 PM

Posted 05 April 2018 - 08:42 PM

p22003888.gif


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:07 PM

Posted 08 April 2018 - 07:20 AM

Since you are now receiving help from the Malware Response Team, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Response Team member...nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log(s) you already posted. Further, any modifications you make on your own may cause confusion for the member assisting you and could complicate the malware removal process or make things worst which would extend the time it takes to clean your computer.

The Malware Response Team should be the only members that you take advice from, until they have verified your system is clean.

To avoid confusion, I am closing this topic.

Good luck.
The BC Staff
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users