Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Clicked on spambot Twitter link


  • Please log in to reply
18 replies to this topic

#1 Machine__Man

Machine__Man

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:14 PM

Posted 19 April 2018 - 05:15 PM

I am so sorry to keep posting threads but I m at my wits end. Those that are on Twitter, you know those spambots than hijack accounts and pump out spam Tweets? I accidentally clicked on such a link.

I have run MWB, Zamana, RogueKiller anti-mwalware and Hitman Pro.

The onlt thing found was cookies by Hitman Pro. What dod I need to do to stop it pumping-out spam Tweets, what else should I run to cleanup?

Thanks, folks.



BC AdBot (Login to Remove)

 


#2 Machine__Man

Machine__Man
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:14 PM

Posted 19 April 2018 - 05:28 PM

It's called 'Trendico' if that helps.



#3 buddy215

buddy215

  • Moderator
  • 13,312 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:14 AM

Posted 19 April 2018 - 06:44 PM

I'm in the dark as to Twitter. But, according to what I have read on the web you can go to the settings on

your Twitter account and change the password which will end all connections to your Twitter account after you

change the password and logout of the account.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#4 Machine__Man

Machine__Man
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:14 PM

Posted 20 April 2018 - 03:44 AM

Thanks, Buddy215.

What shall I do about getting rid of any malware that its installed?



#5 buddy215

buddy215

  • Moderator
  • 13,312 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:14 AM

Posted 20 April 2018 - 06:26 AM

Did changing your password end the spamming from your Twitter account?

 

Along with the programs you already scanned with, you can use the programs below to clean, remove adware and remove malware.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of Google Chrome and Avast.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Download AdwCleaner by Xplode onto your desktop. (compatible with Windows 7, 8 and 10)

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

Download and run the FREE online scanner from Free Virus Scan | Online Virus Scan from ESET | ESET

  • Download esetsmartinstaller_enu.exe and save it to your Desktop
  • Double click the icon
  • Check YES, I accept the Terms of Use
  • Click the Start button
  • Accept any security warnings from your browser
  • Click Advanced settings
  • Check the following items

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Start
  • ESET will then download updates and begin scanning your computer
  • If no threats are found simply click Uninstall application on close and hit Finish
  • If threats are found click List of found threats
  • Click Export to text file
  • Save the file on your Desktop as ESET.txt
  • Click Back
  • Review the list of entries and if there are any you want to keep stop and copy/paste the ESET.txt report in your reply for my review
  • If you do not wish to keep any of the entries check Uninstall application on close and Delete quarantined files
  • Click Finish
  • Close the ESET Online Scanner window
  • Copy and paste the contents of ESET.txt in your reply

If something was installed in the browser you were using when the spamming started and the programs above haven't

removed it, you will need to reset it. Let me know which browser you were using. If it was Google Chrome...follow these directions:

 

Reset Chrome back to defaults to completely clear out issues with Chrome.

  • First, go to >> Google Sync << and sign into your account. Make sure you know your password as this will clear it from the browser.
  • Scroll down until you see the  reset_chrome_sync.png.c04f40073c8950690b "reset sync" button to clear your data from the server and remove your passphrase.
  • Now, close all Chrome windows. Chrome cannot be running for the next step. If needed, print this information or use another browser to read the information.
  • Press the Windows key + R at the same time, to bring up the run dialog box.
    • run_command.png.b7de635070cd76eabbc0061d
  • Type in (or copy/paste) the following and press Enter:     %localappdata%\Google\Chrome\User Data\Default\
  1. Press Ctrl + A to select all the files and folders.
  2. Hold down Ctrl + A and click once on the files "Bookmarks" and "Bookmarks.bak". This will unselect them.
  3. With all the files selected (except for your Bookmarks), press the Delete key and click Yes to delete the files and folders.
  4. Example of all files and folders selected, except Bookmarks

chrome_files_folders.png.ca8091b73232581

 

Restart your computer now and make sure there are no longer any redirects or other browser issues or blocks and let me know.


Edited by buddy215, 20 April 2018 - 06:27 AM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#6 Machine__Man

Machine__Man
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:14 PM

Posted 20 April 2018 - 07:45 AM

Hello Buddy, it is difficult to tell because it doesn't churn them out constantly, there seems to be one a day.

I will run the steps you advise, thanks SO much for your help here. 

Logs to follow.



#7 Machine__Man

Machine__Man
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:14 PM

Posted 20 April 2018 - 07:56 AM

ADWCleaner log:

 

# -------------------------------
# Malwarebytes AdwCleaner 7.1.0.0
# -------------------------------
# Build:    04-12-2018
# Database: 2018-04-19.1
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    04-20-2018
# Duration: 00:00:03
# OS:       Windows 10 Home
# Cleaned:  6
# Failed:   0
 
 
***** [ Services ] *****
 
No malicious services cleaned.
 
***** [ Folders ] *****
 
Deleted       C:\Users\Public\Desktop\..\App Explorer
 
***** [ Files ] *****
 
No malicious files cleaned.
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
No malicious tasks cleaned.
 
***** [ Registry ] *****
 
Deleted       HKU\S-1-5-21-2875009034-3976775195-3721198771-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service
Deleted       HKU\S-1-5-21-2875009034-3976775195-3721198771-1000\Software\Host App Service
Deleted       HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel|Homepage
Deleted       HKLM\Software\Wow6432Node\Classes\Interface\{7BCA6879-A9F8-47DE-AE05-F5CE7EA3A474}
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries cleaned.
 
***** [ Chromium URLs ] *****
 
Deleted       Ask Jeeves
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries cleaned.
 
***** [ Firefox URLs ] *****
 
No malicious Firefox URLs cleaned.
 
 
*************************
 
[+] Delete Tracing Keys
[+] Reset Winsock
 
*************************
 
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########


#8 Machine__Man

Machine__Man
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:14 PM

Posted 20 April 2018 - 08:07 AM

For some reason, Eset won't run. I have uninstalled my other protection software, bit to no avail. Is there anything else to run?



#9 jonuk76

jonuk76

  • Members
  • 2,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wales, UK
  • Local time:04:14 PM

Posted 20 April 2018 - 08:29 AM

If something/someone has access to your Twitter account, it doesn't need access to your machine to send spam.  In other words, chances are that if several scans are showing your machine is "clean" - then it probably is.  Note - I can't be the judge of that as I'm not a malware helper...

 

With regards to Twitter itself, first step is to make sure your account has a strong password.  IF you can live with two factor authentication then you can enable this.  Secondly, within your account "Settings and Privacy" page, check the "Apps" section and review any apps that have access to your account.  Revoke access on any you don't remember authorising/don't like the look of etc.  Some of these third party apps have permissions to send/read tweets, and do other things like add follows on your behalf.


7sbvuf-6.png


#10 buddy215

buddy215

  • Moderator
  • 13,312 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:14 AM

Posted 20 April 2018 - 09:07 AM

jonuk76's advice should be heeded since he is more familiar with Twitter than I and he is known here for giving good advice and comments.

 

You can forgo the Eset scan. What AdwCleaner found and deleted could be related to Pokki. Look in your list of installed programs and

uninstall Pokki if it is there. It could also be something unneeded that Lenovo included if you have a Lenovo computer.

 

Which browser are you using when you see the spam? If it was Chrome...did you reset it per instructions in my first post?


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#11 Machine__Man

Machine__Man
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:14 PM

Posted 20 April 2018 - 10:41 AM

I do use Chrome and will get around to that step, next, Buddy in about an hour or so.
 

Yes, I know of these spambots that someohow commandeer your Twitter account (wthout necessarily installing anything elsewhere) but was concerned that, as I clicked on en external link the spambot uses, it may have installed nasties for its nefarious ends. 

 

There was nothing called 'Pokki' in the Control Panel, do I need to look anywhere else?

 

My previous PC was Lenovo, has it somehow left traces behind on my Router or something?! (I am totally clueless, as you can see! :-D)


PS - at a loss as to how Pokki or anything from it got on here, I have never even heard of it!


Edited by Machine__Man, 20 April 2018 - 10:44 AM.


#12 buddy215

buddy215

  • Moderator
  • 13,312 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:14 AM

Posted 20 April 2018 - 12:03 PM

That was just two possibilities for host app service being on your computer. There could easily of been other reasons. I just

saw those two mentioned on the web and knowing Pokki is often found installed without the user knowing it.

 

I don't see any reason to suspect adware or malware is on your computer. If at all, it is likely in the browser which will be cleared

once you reset your Chrome since that was the browser you are using at the time you clicked on that link in Twitter.

Actually, you can forgo the Chrome cleanup if you have followed jonuk76's advice and just wait and see if the spam is still happening

when you sign in to your Twitter account. Up to you. If you do reset/ cleanup Chrome then be cautious as to what extensions or other

add-ons you install on it. Certainly only use the Google store. But, even the Google store has often been found to host malicious extensions

and apps.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#13 Machine_Man2

Machine_Man2

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:14 PM

Posted 20 April 2018 - 01:17 PM

Hello Buddy, yes this is me. The Google cleanup deleted my password for here and I couldn't remember it for the life of me!

I couldn't complete the first part of the cleanup because I don't have a Google account. But I cleaned-up from the 'Windows + R' part to open the Comman box, and took it from there.

Thank you all for all your help. 

I shall try to be more careful in future!

Are there any other programs I should run, just to be sure I'm clear?



#14 buddy215

buddy215

  • Moderator
  • 13,312 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:14 AM

Posted 20 April 2018 - 03:31 PM

If you see that spam again then I will suggest another step....best to wait until that happens. You're welcome...


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#15 Machine_Man2

Machine_Man2

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:14 PM

Posted 21 April 2018 - 04:54 AM

Ran ADWCleaner again and it found 1 PUP...Is it Ask Jeeves?!

It's not there in the Control Panel list  of programs, nor in Google Chrome extensions, if so. 

Also, whenever I restart after running cleanup software like this, an error message which says

"A problem has occurred in BitDefender Threat Scanner. A file containing information. A file containing error information has been created at c:\windows\temp\BitDefender Threat Scanner.dmp. You are strongly encouraged to send the file to the developers of the application for further investigation of the error."

 

I found this link on it, is this anything to be concerned about? https://appuals.com/fix-problem-occurred-bitdefender-threat-scanner/
 
# -------------------------------
# Malwarebytes AdwCleaner 7.1.0.0
# -------------------------------
# Build:    04-12-2018
# Database: 2018-04-19.1
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    04-21-2018
# Duration: 00:00:02
# OS:       Windows 10 Home
# Cleaned:  0
# Failed:   1
 
 
***** [ Services ] *****
 
No malicious services cleaned.
 
***** [ Folders ] *****
 
No malicious folders cleaned.
 
***** [ Files ] *****
 
No malicious files cleaned.
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
No malicious tasks cleaned.
 
***** [ Registry ] *****
 
No malicious registry entries cleaned.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries cleaned.
 
***** [ Chromium URLs ] *****
 
Not Deleted   Ask Jeeves
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries cleaned.
 
***** [ Firefox URLs ] *****
 
No malicious Firefox URLs cleaned.
 
 
*************************
 
[+] Delete Tracing Keys
[+] Reset Winsock
 
*************************
 
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########

Buddy I am indebted for your help here. Is there a charity/cause that you are particularly fond of that I could donate to?  I would like to support it as a way of thanks. You'll have to take it on trust that I will, but I solemnly promise to.

 

Edited by Machine_Man2, 21 April 2018 - 04:59 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users