Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Refused access to unknown map after virus/trojan attack, am I safe?


  • Please log in to reply
35 replies to this topic

#31 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,964 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:20 PM

Posted Yesterday, 12:29 PM

Greetings Jonatan.

Sorry, I was not notified of your reply.

Please do these things.

===================================================

Farbar's Recovery Scan Tool Fix

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
  • The information will be copied invisibly and will be "pasted" into FRST automatically when you click Fix as instructed below
Start::
2018-11-08 10:24 - 2018-11-08 15:18 - 000000000 ____D C:\windows\System32\Tasks\AVAST Software
CHR HKLM\...\Chrome\Extension: [looohgelibjoplmkhecmalapkgadkfcc] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [looohgelibjoplmkhecmalapkgadkfcc] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] - hxxps://clients2.google.com/service/update2/crx
cmd: sc config WinDefend start= auto
emptytemp:
End::
  • Click Fix
  • When completed the tool will create a log on the desktop called Fixlog.txt. Copy and paste the report in your reply.
  • Please allow your computer to reboot
===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Download esetsmartinstaller_enu.exe and save it to your Desktop
  • Double click the icon
  • Check YES, I accept the Terms of Use
  • Click the Start button
  • Accept any security warnings from your browser
  • Click Advanced settings
  • Check the following items

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Start
  • ESET will then download updates and begin scanning your computer
  • If no threats are found simply click Uninstall application on close and hit Finish
  • If threats are found click List of found threats
  • Click Export to text file
  • Save the file on your Desktop as ESET.txt
  • Click Back
  • Review the list of entries and if there are any you want to keep stop and copy/paste the ESET.txt report in your reply for my review
  • If you do not wish to keep any of the entries check Uninstall application on close and Delete quarantined files
  • Click Finish
  • Close the ESET Online Scanner window
  • Copy and paste the contents of ESET.txt in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • ESET log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

BC AdBot (Login to Remove)

 


#32 JollyJonatan

JollyJonatan
  • Topic Starter

  • Members
  • 20 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Sweden
  • Local time:10:20 PM

Posted Today, 11:48 AM

Fix result of Farbar Recovery Scan Tool (x64) Version: 14.11.2018
Ran by datorn (15-11-2018 14:42:44) Run:7
Running from C:\Users\datorn\Desktop
Loaded Profiles: datorn (Available Profiles: datorn)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
2018-11-08 10:24 - 2018-11-08 15:18 - 000000000 ____D C:\windows\System32\Tasks\AVAST Software
CHR HKLM\...\Chrome\Extension: [looohgelibjoplmkhecmalapkgadkfcc] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [looohgelibjoplmkhecmalapkgadkfcc] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] - hxxps://clients2.google.com/service/update2/crx
cmd: sc config WinDefend start= auto
emptytemp:
 
*****************
 
C:\windows\System32\Tasks\AVAST Software => moved successfully
HKLM\SOFTWARE\Google\Chrome\Extensions\looohgelibjoplmkhecmalapkgadkfcc => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\looohgelibjoplmkhecmalapkgadkfcc => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mbckjcfnjmoiinpgddefodcighgikkgn => not found
 
========= sc config WinDefend start= auto =========
 
[SC] OpenService FAILED 5:
 
tkomst nekad.
 
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 10670140 B
Java, Flash, Steam htmlcache => 90396820 B
Windows/system/drivers => 4066299 B
Edge => 0 B
Chrome => 743652404 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 128 B
LocalService => 10704 B
NetworkService => 0 B
datorn => 90477334 B
 
RecycleBin => 0 B
EmptyTemp: => 903.8 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 14:42:45 ====
 
ESET
C:\AdwCleaner\Quarantine\v1\20181108.094820\20\DriverToolkitInstaller.exe#347543E8D241A00A a variant of Win32/UwS.DriverToolkit.A application cleaned by deleting
C:\AdwCleaner\Quarantine\v1\20181108.094820\3\TOTALAV.EXE#A2BC7DBF0EBFA85C a variant of MSIL/UwS.TotalAV.A application cleaned by deleting
C:\FRST\Quarantine\C\ProgramData\IObit\ASCDownloader\ASC11\Driver Booster.exe a variant of Win32/IObit.D potentially unwanted application cleaned by deleting
C:\FRST\Quarantine\C\Users\datorn\AppData\Local\plexog.dll.xBAD a variant of Win32/TrojanProxy.Agent.OBU trojan cleaned by deleting
C:\FRST\Quarantine\C\Users\datorn\AppData\Local\Temp\1532.tmp.exe.xBAD a variant of Win32/Kryptik.GMKB trojan cleaned by deleting
C:\FRST\Quarantine\C\Users\datorn\AppData\Local\Temp\CodecFixIt.exe.xBAD a variant of Win32/Kryptik.GLSL trojan cleaned by deleting
C:\FRST\Quarantine\C\Users\datorn\AppData\Local\Temp\gutbook.exe.xBAD a variant of Win32/Indiloadz.AU trojan cleaned by deleting
C:\FRST\Quarantine\C\Users\datorn\AppData\Local\Temp\taw.exe.xBAD Win32/Indiloadz.AQ trojan cleaned by deleting
C:\FRST\Quarantine\C\Users\datorn\AppData\Local\William\App.exe a variant of Win32/Spy.Socelars.K trojan cleaned by deleting
C:\FRST\Quarantine\C\Users\datorn\AppData\Local\William\trzBB16.tmp a variant of Win32/Spy.Socelars.K trojan cleaned by deleting
C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll a variant of MSIL/WebCompanion.D potentially unwanted application cleaned by deleting
C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe a variant of MSIL/WebCompanion.D potentially unwanted application cleaned by deleting
C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe a variant of MSIL/WebCompanion.D potentially unwanted application cleaned by deleting
C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanionInstaller.exe a variant of MSIL/WebCompanion.C potentially unwanted application cleaned by deleting
C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanionInstaller.exe.old.131764093029365221 a variant of MSIL/WebCompanion.C potentially unwanted application cleaned by deleting
C:\Users\datorn\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\cc84333c138e11ac\120712-0049\Att\20001ad5\Order-Q48210467 (1).pdf PDF/Phishing.A.Gen trojan cleaned by deleting
C:\Users\datorn\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\cc84333c138e11ac\120712-0049\Att\20001ad5\Order-Q48210467 (2).pdf PDF/Phishing.A.Gen trojan cleaned by deleting
C:\Users\datorn\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\cc84333c138e11ac\120712-0049\Att\20001ad5\Order-Q48210467.pdf PDF/Phishing.A.Gen trojan cleaned by deleting
C:\Users\datorn\Downloads\advanced-systemcare-setup.exe a variant of Win32/IObit.G potentially unwanted application cleaned by deleting
C:\Users\datorn\Downloads\ccsetup545.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application cleaned by deleting
C:\Users\datorn\Downloads\PCProtect.exe a variant of MSIL/UwS.TotalAV.A application cleaned by deleting
C:\Users\datorn\Downloads\uTorrent.exe a variant of MSIL/WebCompanion.A potentially unwanted application cleaned by deleting
D:\Games\Assassin's Creed IV Black Flag\Assassins Creed IV Black Flag\steam_api.dll a variant of Win32/HackTool.Crack.BL potentially unsafe application cleaned by deleting
D:\Games\Assassin's Creed IV Black Flag\Assassins Creed IV Black Flag\uplay_r1.dll Win32/HackTool.Crack.BT potentially unsafe application cleaned by deleting
D:\Games\Game Archives\Middle Earth - Shadow of Mordor\x64\steam_api64.dll a variant of Win32/Packed.VMProtect.ABD trojan cleaned by deleting
G:\Program Files (x86)\NCH Software\ExpressBurn\expressburn.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application cleaned by deleting
G:\Program Files (x86)\NCH Software\ExpressBurn\expressburnsetup_v4.68.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application deleted
G:\Program Files (x86)\NCH Software\PhotoStage\photostage.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application cleaned by deleting
G:\Program Files (x86)\NCH Software\PhotoStage\photostagesetup_v2.24.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application deleted
G:\Program Files (x86)\NCH Software\Prism\prism.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application cleaned by deleting
G:\Program Files (x86)\NCH Software\Prism\prismpsetup.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted
G:\Program Files (x86)\NCH Software\Prism\prismsetup_v1.95.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted
G:\Program Files (x86)\NCH Software\VideoPad\videopad.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application cleaned by deleting
G:\Program Files (x86)\NCH Software\VideoPad\videopadsetup_v3.14.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application deleted
G:\Program Files (x86)\NCH Software\VideoPad\videopadsetup_v3.24.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application deleted
G:\Program Files (x86)\NCH Software\WavePad\wavepad.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application cleaned by deleting
G:\Program Files (x86)\NCH Software\WavePad\wavepadsetup_v5.55.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application deleted
G:\ProgramData\InstallMate\OptimizerPro\Custom.dll Win32/InstalleRex.T potentially unwanted application cleaned by deleting
G:\ProgramData\InstallMate\{9EBDAB81-3698-433A-A1D1-7EBA455E8977}\Custom.dll a variant of Win32/InstalleRex.T potentially unwanted application cleaned by deleting
G:\Users\Tommy\AppData\Local\APN\GoogleCRXs\aaaaabfjnbeinlpljodiajipidiompfl_7.15.11.0.crx Win32/Bundled.Toolbar.Ask.P potentially unsafe application deleted
G:\Users\Tommy\AppData\Local\APN\GoogleCRXs\aaaaabfjnbeinlpljodiajipidiompfl_7.15.5.0.crx Win32/Bundled.Toolbar.Ask.P potentially unsafe application deleted
G:\Users\Tommy\AppData\Local\CRE\keedmbnfhefdkcccingfebdakloejejo.crx a variant of Win32/Toolbar.Conduit.AR potentially unwanted application deleted
G:\Users\Tommy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\aapt.exe a variant of Win32/Adware.Mobogenie.A application cleaned by deleting
G:\Users\Tommy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\CrashReport.exe a variant of Win32/Adware.Mobogenie.A application cleaned by deleting
G:\Users\Tommy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\CrashRpt.dll a variant of Win32/Adware.Mobogenie.A application cleaned by deleting
G:\Users\Tommy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe a variant of Win32/Adware.Mobogenie.A application cleaned by deleting
G:\Users\Tommy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\devcon_x64.exe a variant of Win32/Adware.Mobogenie.A application cleaned by deleting
G:\Users\Tommy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\devcon_x86.exe a variant of Win32/Adware.Mobogenie.A application cleaned by deleting
G:\Users\Tommy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DriverInstall_x64.exe a variant of Win32/Adware.Mobogenie.A application cleaned by deleting
G:\Users\Tommy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DriverInstall_x86.exe a variant of Win32/Adware.Mobogenie.A application cleaned by deleting
G:\Users\Tommy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\lsusb.exe a variant of Win32/Adware.Mobogenie.A application cleaned by deleting
G:\Users\Tommy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\mgadb.exe a variant of Win32/Adware.Mobogenie.A application cleaned by deleting
G:\Users\Tommy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\MgAssist.exe a variant of Win32/Adware.Mobogenie.A application cleaned by deleting
G:\Users\Tommy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\mgusb.exe a variant of Win32/Adware.Mobogenie.A application cleaned by deleting
G:\Users\Tommy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe a variant of Win32/Adware.Mobogenie.A application cleaned by deleting
G:\Users\Tommy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\MUServer.apk a variant of Android/Mobserv.A potentially unwanted application deleted
G:\Users\Tommy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe a variant of Win32/Adware.Mobogenie.A application cleaned by deleting
G:\Users\Tommy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\OutlookOperatorC.exe a variant of Win32/Adware.Mobogenie.A application cleaned by deleting
G:\Users\Tommy\AppData\Roaming\satoolbar.exe Win32/Toolbar.SearchAmong.A potentially unwanted application cleaned by deleting
G:\Users\Tommy\Documents\avi.codec.pack.pro.v2.4.0.setup.exe Win32/Toolbar.Widgi potentially unwanted application cleaned by deleting
G:\Users\Tommy\Documents\media.player.codec.pack.v3.9.6.setup.exe Win32/Toolbar.Widgi potentially unwanted application cleaned by deleting
G:\Users\Tommy\Documents\windows.7.codec.pack.v2.6.1.setup.exe Win32/Toolbar.Widgi potentially unwanted application cleaned by deleting


#33 JollyJonatan

JollyJonatan
  • Topic Starter

  • Members
  • 20 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Sweden
  • Local time:10:20 PM

Posted Today, 11:55 AM

My computer still seems to run well!

I managed to get windows defender running by doing the regedit fix changing the 1 to a 0, however although it says my computer is protected it also says that my real-time protection is inactivated.

 

Edit: I tried restarting my computer although it still says inactivated although I checked the box to activate it.
However the windows defender service is running seemingly on start-up when I looked in task-manager!
The map that I was originally concerned about when I opened this thread, "gmhowlka" I could see had been listed as an exception (well not anymore) in the windows defender. I've also updated the virus definitions in the Windows defender and did a quick scan that didn't detect anything.

To my relief my windows programs thus seems to now work again.


Edited by JollyJonatan, Today, 12:09 PM.


#34 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,964 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:20 PM

Posted Today, 02:22 PM

Great.

Are there any remaining issues?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#35 JollyJonatan

JollyJonatan
  • Topic Starter

  • Members
  • 20 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Sweden
  • Local time:10:20 PM

Posted Today, 03:19 PM

I kinda wonder why my windows defender won't let me activate real-time protection, or if it is on why it is telling me that it isn't.
Other than that I havn't encountered any other issues.



#36 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,964 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:20 PM

Posted Today, 04:16 PM

Let's do this.

===================================================

Farbar's Recovery Scan Tool SearchAll

--------------------
  • Right click on FRST and select Run as administrator
  • Copy/paste the following in the Search: box
SearchAll: avg;avast
  • Click Search Files button
  • When completed click OK and a Search.txt document will open on your desktop
  • Copy and paste the contents of that document your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Search.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




4 user(s) are reading this topic

1 members, 3 guests, 0 anonymous users


    JollyJonatan