Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help in cleaning my computer


  • This topic is locked This topic is locked
13 replies to this topic

#1 kunalthechamp

kunalthechamp

  • Members
  • 186 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:45 AM

Posted 09 August 2018 - 12:18 AM

I received a ransom email, and asked for help, but was told to ignore the same and move on, but the problem is that I still experience random weird pop-ups on Chrome and new tabs open up redirecting automatically to spam websites. Hence would appreciate some help in cleaning up the computer. Since I am on a network of 5 computers, I will deal with each one of them individually (experience the same pop-ups on at least one other computer). 

 

Have attached the FRST logs with the post, since it won't allow a long copy paste.

Attached Files


If I am helping you with a problem and I have not responded within 48 hours please send me a PM.

 

Follow BleepingComputer on: Facebook | Twitter | Google+


BC AdBot (Login to Remove)

 


#2 kunalthechamp

kunalthechamp
  • Topic Starter

  • Members
  • 186 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:45 AM

Posted 10 August 2018 - 12:15 AM

So I know I've been asked to not worry and move on, but I have received at least 5 more emails with the same contents. 


If I am helping you with a problem and I have not responded within 48 hours please send me a PM.

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 Tenis

Tenis

    Bleepin' FX


  • Malware Study Hall Senior
  • 1,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:45 AM

Posted 11 August 2018 - 11:52 PM

Hi kunalthechamp,

 

My name is Tenis and i will help you solve this issue.

 

While i'm looking at your log please go through few notes.

  • I am currently in training and analyzing logs takes time.My reply need to be approved by instructor so my responses might be delayed. I will generally reply within 48 hours - if this is not possible, I will let you know.

  • Please do not seek assistance elsewhere without letting me know.

  • Please do not run any malware removal tools unless directed.

  • Make sure to read my instructions fully before attempting a step.

  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you.If you don't reply after 5 days, it'll be closed.

  • Please understand that I am a volunteer, so I may get busy in real life, and that can further delay my responses.

-Tenis



#4 kunalthechamp

kunalthechamp
  • Topic Starter

  • Members
  • 186 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:45 AM

Posted 13 August 2018 - 05:08 AM

Ok thanks Tenis


If I am helping you with a problem and I have not responded within 48 hours please send me a PM.

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 Tenis

Tenis

    Bleepin' FX


  • Malware Study Hall Senior
  • 1,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:45 AM

Posted 15 August 2018 - 12:40 AM

Hi,

 

I will post a reply soon.Please wait a little longer.



#6 Tenis

Tenis

    Bleepin' FX


  • Malware Study Hall Senior
  • 1,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:45 AM

Posted 15 August 2018 - 03:28 AM

Hi,

Thank you for waiting.Please do following things.
 
Farbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.

  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users).
  • Copy and Paste following script into search box.
CHR HKLM-x32\...\Chrome\Extension: [pkijdmeepjhpenmighhaodgfoogncnlk] - C:\Program Files (x86)\Offline Explorer\mpoe.crx <not found>
CHR HKU\S-1-5-21-674566640-1698649700-413755185-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx

NYA5Cbr.png

  • Click on the Fix button.
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad.
  • Attach fixlog.txt (located in same folder where you ran FRST) in your next reply.


#7 Tenis

Tenis

    Bleepin' FX


  • Malware Study Hall Senior
  • 1,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:45 AM

Posted 18 August 2018 - 07:17 AM

Are you still with us?

#8 kunalthechamp

kunalthechamp
  • Topic Starter

  • Members
  • 186 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:45 AM

Posted 20 August 2018 - 12:42 AM

On following your above instructions, it gives me an error: No fixlist.txt found. The fixlist.txt should be in the same folder/directory the tool is located. 


If I am helping you with a problem and I have not responded within 48 hours please send me a PM.

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 Tenis

Tenis

    Bleepin' FX


  • Malware Study Hall Senior
  • 1,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:45 AM

Posted 21 August 2018 - 07:26 PM

Okay let's try another method.

 

 

Farbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.

  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users).
  • Copy and Paste following script into Notepad and save it as fixlist.txt(in same folder where FRST.exe is located)
CHR HKLM-x32\...\Chrome\Extension: [pkijdmeepjhpenmighhaodgfoogncnlk] - C:\Program Files (x86)\Offline Explorer\mpoe.crx <not found>
CHR HKU\S-1-5-21-674566640-1698649700-413755185-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx

NYA5Cbr.png

  • Click on the Fix button.
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad.
  • Copy/paste the content from fixlog.txt (located in same folder where you ran FRST) in your next reply.

Edited by Tenis, 21 August 2018 - 07:27 PM.


#10 kunalthechamp

kunalthechamp
  • Topic Starter

  • Members
  • 186 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:45 AM

Posted 22 August 2018 - 12:45 AM

Fix result of Farbar Recovery Scan Tool (x64) Version: 19.08.2018 02
Ran by Kunal (22-08-2018 11:12:36) Run:1
Running from C:\Users\Kunal\Downloads
Loaded Profiles: Kunal (Available Profiles: Kunal & DefaultAppPool)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CHR HKLM-x32\...\Chrome\Extension: [pkijdmeepjhpenmighhaodgfoogncnlk] - C:\Program Files (x86)\Offline Explorer\mpoe.crx <not found>
CHR HKU\S-1-5-21-674566640-1698649700-413755185-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
*****************
 
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pkijdmeepjhpenmighhaodgfoogncnlk" => removed successfully
"HKU\S-1-5-21-674566640-1698649700-413755185-1001\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh" => removed successfully
 
==== End of Fixlog 11:12:42 ====

If I am helping you with a problem and I have not responded within 48 hours please send me a PM.

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 Tenis

Tenis

    Bleepin' FX


  • Malware Study Hall Senior
  • 1,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:45 AM

Posted 23 August 2018 - 10:09 AM

Hi kunalthechamp,

How's your system now? Are you still getting pop-ups at this point?

#12 kunalthechamp

kunalthechamp
  • Topic Starter

  • Members
  • 186 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:45 AM

Posted 27 August 2018 - 06:19 AM

None that I can notice, since they were random to begin with anyways. 


If I am helping you with a problem and I have not responded within 48 hours please send me a PM.

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 Tenis

Tenis

    Bleepin' FX


  • Malware Study Hall Senior
  • 1,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:45 AM

Posted 28 August 2018 - 01:52 PM

Well, good to hear that.Your machine looks clean.
 
Are you having any additional problem at this point? Please let me know if so.
 
Just few things to do before we close this thread.

 

-------

Delfix by Xplode

  • Download Delfix and save it to your Desktop
  • Double click the icon
  • Place checkmarks in:
    • Remove disinfection tools
    • Create registry backup
    • Purge system restore
  • Click Run.

------
Please take the time to read below on how to stay secure.



#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,252 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:15 AM

Posted 01 September 2018 - 01:48 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users