Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan:HTML/Phish


  • Please log in to reply
5 replies to this topic

#1 psg905

psg905

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:21 AM

Posted 27 April 2018 - 08:11 PM

Hi, my windows defender anti virus detected and quarantined this virus. Could someone help me see if it is completely gone?



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,320 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:21 AM

Posted 28 April 2018 - 09:46 AM

Welcome to BC...

 

If you haven't run a full scan using Windows Defender...you should.

 

Use the programs below to clean, remove adware and remove malware.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of Google Chrome and Avast.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Malwarebytes - Clean Mode

  • Download and install the free version of Malwarebytes
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point
  • Once Malwarebytes is installed, launch it and let it update its database. You might have to click on the little arrow by Scan Status in the middle right pane for it to do so
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan
  • Let the scan run, the time required to complete the scan depends of your system and computer specs
  • Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected button
    • If it asks you to restart your computer to complete the removal, do so
  • Click on Export Summary after the deletion (in the bottom-left corner) and select Copy to Clipboard. Paste the content in your next reply

Download AdwCleaner by Xplode onto your desktop. (compatible with Windows 7, 8 and 10)

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

Download and run the FREE online scanner from Free Virus Scan | Online Virus Scan from ESET | ESET

  • Download esetsmartinstaller_enu.exe and save it to your Desktop
  • Double click the icon
  • Check YES, I accept the Terms of Use
  • Click the Start button
  • Accept any security warnings from your browser
  • Click Advanced settings
  • Check the following items

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Start
  • ESET will then download updates and begin scanning your computer
  • If no threats are found simply click Uninstall application on close and hit Finish
  • If threats are found click List of found threats
  • Click Export to text file
  • Save the file on your Desktop as ESET.txt
  • Click Back
  • Review the list of entries and if there are any you want to keep stop and copy/paste the ESET.txt report in your reply for my review
  • If you do not wish to keep any of the entries check Uninstall application on close and Delete quarantined files
  • Click Finish
  • Close the ESET Online Scanner window
  • Copy and paste the contents of ESET.txt in your reply

 

  • download Security Check by glax24 and save the file to the Desktop
  • Run the tool by accepting all the Security prompts
  • when complete the tool will produce a log file C:\SecurityCheck\SecurityCheck.txt and also copy the contents to the Clipboard
  • Simply Paste the log to your reply

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 psg905

psg905
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:21 AM

Posted 30 April 2018 - 10:39 PM

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 4/30/18
Scan Time: 11:37 PM
Log File: fa0aeae8-4cf0-11e8-8534-b06ebf2b3a8a.json
Administrator: Yes

-Software Information-
Version: 3.4.5.2467
Components Version: 1.0.342
Update Package Version: 1.0.4932
License: Free

-System Information-
OS: Windows 10 (Build 16299.371)
CPU: x64
File System: NTFS
User: DESKTOP-803O7RB\Jacky PC

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 298912
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 0 min, 30 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)


# -------------------------------
# Malwarebytes AdwCleaner 7.1.1.0
# -------------------------------
# Build:    04-27-2018
# Database: 2018-04-30.1
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    04-30-2018
# Duration: 00:00:00
# OS:       Windows 10 Pro
# Cleaned:  2
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

Deleted       Ask
Deleted       AOL

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock



#4 psg905

psg905
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:21 AM

Posted 30 April 2018 - 11:52 PM

C:\Windows\KMS-R@1n.exe    a variant of Win64/HackKMS.H potentially unsafe application    cleaned by deleting
C:\Windows\KMS-R@1nHook.dll    a variant of Win64/HackKMS.D potentially unsafe application    cleaned by deleting
C:\Windows\KMS-R@1nHook.exe    a variant of Win64/HackKMS.C potentially unsafe application    cleaned by deleting
E:\Downloads\ccsetup542pro.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    cleaned by deleting
 



#5 psg905

psg905
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:21 AM

Posted 30 April 2018 - 11:59 PM

SecurityCheck by glax24 & Severnyj v.1.4.0.53 [27.10.17]
WebSite: www.safezone.cc
DateLog: 01.05.2018 00:58:16
Path starting: C:\Users\Jacky PC\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: Jacky PC
VersionXML: 4.97is-30.04.2018
___________________________________________________________________________

Windows 10(6.3.16299) (x64) Professional Release: 1709 Lang: English(0409)
Installation date OS: 26.03.2018 20:51:11
LicenseStatus: Windows®, Professional edition Volume activation will expire : 259192 minutes
Boot Mode: Normal
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
SystemDrive: C: FS: [NTFS] Capacity: [110.5 Gb] Used: [34.6 Gb] Free: [75.9 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 11.371.16299.0
User Account Control enabled (Level 3)
Windows Update (wuauserv) - The service is running
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service has stopped
Remote Desktop Services (TermService) - The service has stopped
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
System Restore Disable
---------------------------- [ Antivirus_WMI ] ----------------------------
Windows Defender (enabled and up to date)
--------------------------- [ FirewallWindows ] ---------------------------
Windows Defender Firewall (MpsSvc) - The service is running
--------------------------- [ AntiSpyware_WMI ] ---------------------------
Windows Defender (enabled and up to date)
-------------------------- [ SecurityUtilities ] --------------------------
Malwarebytes version 3.4.5.2467 v.3.4.5.2467
--------------------------- [ OtherUtilities ] ----------------------------
WinRAR 5.60 beta 1 (64-bit) v.5.60.1 [+]
--------------------------- [ AppleProduction ] ---------------------------
iTunes v.12.7.4.76 Warning! Download Update
^Please use Apple Software Update tool.^
Bonjour v.3.1.0.1
Bonjour Service (Bonjour Service) - The service is running
------------------------------- [ Browser ] -------------------------------
Mozilla Firefox 59.0.3 (x64 en-US) v.59.0.3 [+]
Google Chrome v.65.0.3325.181 Warning! Download Update
--------------------------- [ RunningProcess ] ----------------------------
C:\Program Files\Mozilla Firefox\firefox.exe v.59.0.3.6691
------------------ [ AntivirusFirewallProcessServices ] -------------------
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe v.3.0.0.1429
Malwarebytes Service (MBAMService) - The service is running
C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe v.3.1.0.643
C:\ProgramData\Microsoft\Windows Defender\Platform\4.14.17639.18041-0\MsMpEng.exe v.4.14.17639.18041
C:\ProgramData\Microsoft\Windows Defender\Platform\4.14.17639.18041-0\NisSrv.exe v.4.14.17639.18041
C:\Program Files\Windows Defender\MSASCuiL.exe v.4.12.16299.15
Windows Defender Antivirus Service (WinDefend) - The service is running
Windows Defender Antivirus Network Inspection Service (WdNisSvc) - The service is running
---------------------------- [ UnwantedApps ] -----------------------------
puush v.1.0.0.0 Warning! Suspected Adware! If this program is not familiar to you it is recommended to uninstall it and execute PC scanning using Malwarebytes Anti-Malware and Malwarebytes AdwCleaner. Before uninstallation and scanning it is necessary to consult in the forum where cure is provided for you!!!
----------------------------- [ End of Log ] ------------------------------
 



#6 buddy215

buddy215

  • Moderator
  • 13,320 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:21 AM

Posted 01 May 2018 - 04:37 AM

Your Windows 10 is illegally avoiding activation.

Just so you know, KMS-R@1n is a piece of software used to circumvent the activation of Microsoft products (Windows and Office), which makes it illegal to use in many countries. This program isn't installed by mistake. You should know that downloading, installing and using these kind of programs is one of the sure ways to end up infected.

 

The practice of using keygens, cracking tools, warez, torrents or any pirated software is not only considered illegal activity....it is a security risk which can make your system susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Please read this topic...

Using these types of programs or the websites visited to get them is a guaranteed way to get yourself infected!!


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users