Jump to content


Photo

[RESOLVED] Here are logs you need!

virus malware computer blocked cybercrime FBI

  • You cannot start a new topic
  • Please log in to reply
53 replies to this topic

#41 lclark122

lclark122

    Member

  • Topic Starter
  • Members
  • 89 posts
  • 2 topics
    • Time Online: 9d 4h 55m 24s
  • Joined September 07, 2013
  • Age: 52
  • Local time: 04:34 PM
  • Zodiac:Sagittarius
  • Gender:Female
  • OS:Windows 7
  • Country:
Offline

Posted 16 September 2013 - 02:39 PM

5 . Browercheck qualys

 

I love this. With its help I was able to a bunch of security issues in my systems.

 

I had already ran Windows update, reboot machine, ran windows update again and kept doing that until it said there was no new updates.

 

When I ran 5 Browercheck Qualys it found 24 securities issues that windows should have told me to update but didn't. Mainly office security patches and updates but still. When I clicked on it to fix it, it told me to run Windows update so I did and now it had lots more updates. So I again did as before kept installing updates, rebooting, checking for updates and kept doing this until once again it said there was no more updates available.

 

So now I reran browercheck Qualys. The only problem I have with it Opera. It says its a security risk, I click fix it and download it on desktop. Log out of browercheck and install Opera from desktop and think its good to go but when I run the browercheck Qualys it still says the same thing. I have reinstalled this tried this over and over, rebooted and everything. Still says its a security risk and to fix it you install the updated  version which I already have.

 

Not sure what to do about Opera, it should be alright but Browsercheck Qualys says otherwise.

 

I'm on step 7 now. Malwarebytes Quick scan,  I ran this and got 24 hits.

 

PUP.Optional.MultiPlug.A

PUP.Optional.Tarma.A

PUP.Optional.MultiPlug.A

PUP.Optional. EZDownloader.A

PUP.Optional.PreLoader.A

PUP.Optional.OpenCandy

Trojan.Downloader

 

The Trojan are in C:\Program Data    main folder and other folders within it.

Other hits are in my temporary folders

C:\Program data\

Programs I've never ever heard of and then in the registry.

Now the EZDownloader I uninstalled that thru Windows uninstall but this is listed in the temporary folder

 

Do I check all these and click remove selected?

Do you want to see the log after I've fixed them?

 

This surprised me because I was expecting it to say it was all clean.

By the way I've only installed programs that you told me to install since we started working on this machine. Trying to get my updates and stuff that's all.

 

But from something I clicked on I ended up getting the EZDownloader and it wasn't there before. It originally was I think but it was cleaned off. But then it appeared again while I was trying to get updates.

 

Again, do I check all these 24 things, select remove selected even though its in the registry too and one is listed as a .dll? Do you want the log?

 

Thanks again for your help!



#42 Broni Re: [RESOLVED] Here are logs you need!

Broni

    Administrator - Malware Annihilator

  • Administrators
  • 36,016 posts
  • 2,175 topics
    • Time Online: 220d 19h 37m 46s
  • Joined October 04, 2004
  • Age: 60
  • Skin: Smartest wide
  • Local time: 01:34 PM
  • Zodiac:Virgo
  • Gender:Male
  • Location:Daly City, CA
  • OS:Windows 8
  • Country:
Offline

Posted 16 September 2013 - 10:31 PM

Do I check all these and click remove selected?

Do you want to see the log after I've fixed them?

 

Yes and yes.


p22003266.jpg  p22003279.jpgp4279089.jpg


#43 lclark122 Re: [RESOLVED] Here are logs you need!

lclark122

    Member

  • Topic Starter
  • Members
  • 89 posts
  • 2 topics
    • Time Online: 9d 4h 55m 24s
  • Joined September 07, 2013
  • Age: 52
  • Local time: 04:34 PM
  • Zodiac:Sagittarius
  • Gender:Female
  • OS:Windows 7
  • Country:
Offline

Posted 16 September 2013 - 11:45 PM

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.10.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
Julie :: JULIE-HP [administrator]

9/16/2013 9:47:22 AM
mbam-log-2013-09-16 (09-47-22).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 244587
Time elapsed: 18 minute(s), 11 second(s)

Memory Processes Detected: 1
C:\ProgramData\0\ss u helper\ss u helper.exe (Trojan.Downloader) -> 2256 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 6
HKCR\CLSID\{8BC8CCB6-4E41-D093-C94C-4535B4DA24D3} (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8BC8CCB6-4E41-D093-C94C-4535B4DA24D3} (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8BC8CCB6-4E41-D093-C94C-4535B4DA24D3} (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{94B3C5F6-13DD-3AD1-4D62-31B3EB71CCD6} (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{62D82EC1-0D3A-DF54-8E3E-07E1337A5311} (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\S-195761990 (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 4
C:\ProgramData\0 (Trojan.Downloader) -> Delete on reboot.
C:\ProgramData\0\Setup (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\ProgramData\0\ss u helper (Trojan.Downloader) -> Delete on reboot.
C:\ProgramData\0\ss u helper\195761990 (Trojan.Downloader) -> Quarantined and deleted successfully.

Files Detected: 11
C:\ProgramData\SavvennshaarE\Y.dll (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.
C:\ProgramData\InstallMate\{8502FFF0-D43D-4179-A392-9C1F5EE1DD06}\Setup.exe (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\InstallMate\{8502FFF0-D43D-4179-A392-9C1F5EE1DD06}\TsuDll.dll (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\SavvennshaarE\Og.exe (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.
C:\Users\Julie\AppData\Local\Temp\00294823\Og.exe (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.
C:\Users\Julie\AppData\Local\Temp\00294823\Y.dll (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.
C:\Users\Julie\Local Settings\Temporary Internet Files\Content.IE5\ISX0WR1K\ezdownloader[1].exe (PUP.Optional.EZDownloader.A) -> Quarantined and deleted successfully.
C:\Users\Julie\Local Settings\Temporary Internet Files\Content.IE5\ISX0WR1K\l[1].exe (PUP.Optional.PreLoader.A) -> Quarantined and deleted successfully.
C:\Users\Julie\Local Settings\Temporary Internet Files\Content.IE5\X308M7J2\stubinst_pkg_en-us[1].cab (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\ProgramData\0\ss u helper\195761990.ini (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\ProgramData\0\ss u helper\ss u helper.exe (Trojan.Downloader) -> Delete on reboot.

(end)
 



#44 Broni Re: [RESOLVED] Here are logs you need!

Broni

    Administrator - Malware Annihilator

  • Administrators
  • 36,016 posts
  • 2,175 topics
    • Time Online: 220d 19h 37m 46s
  • Joined October 04, 2004
  • Age: 60
  • Skin: Smartest wide
  • Local time: 01:34 PM
  • Zodiac:Virgo
  • Gender:Male
  • Location:Daly City, CA
  • OS:Windows 8
  • Country:
Offline

Posted 16 September 2013 - 11:58 PM

If not other issues you should be good to go :)


p22003266.jpg  p22003279.jpgp4279089.jpg


#45 lclark122 Re: [RESOLVED] Here are logs you need!

lclark122

    Member

  • Topic Starter
  • Members
  • 89 posts
  • 2 topics
    • Time Online: 9d 4h 55m 24s
  • Joined September 07, 2013
  • Age: 52
  • Local time: 04:34 PM
  • Zodiac:Sagittarius
  • Gender:Female
  • OS:Windows 7
  • Country:
Offline

Posted 18 September 2013 - 01:06 AM

Finally, finished going through the list. Thank you so much for telling which programs to use weekly for maintenance. That was a question I was going to ask you but no need to now.

 

I still have a few issues here:

 

1 -  I keep getting a popup saying:

 

NP Call for Great Tech Support

Call Compute Support

1-888-981-8434

 

This popup only  comes up when I refresh the smartestcomputing page in the top right corner. Is this advertisement ya'll use to defray cost or is this another popup? If its not for advertisement purposes how do I get rid of it?

 

There was another one that I had at the bottom right corner. I think it was called coupons.com or something like that.  I finally saw on the left bottom corner where it had in extremely small writing disable. I clicked it and haven't had a problem with it since. It was quite hard to see it though. Never noticed it before. And the popup mentioned above doesn't have that.

 

2 -  Opera - BrowserCheck Qualys found it as a security risk. As I said before I have installed it to fix it, rebooted, re-run the browsercheck, etc.. Still have the same error.  I was wondering if I uninstall Opera completely, reboot then reinstall Opera from their site do you think this will fix the issue?

 

3 -  I keep getting a popup that says:

 

WARNING! You should update your Media Player immediately

 

I use Media Player a lot. But I don't remember it being listed in the - BrowserCheck Qualys page which listed security problems need to be update or the things that up to date.

 

Other than these 3 issues my computer is running fantastic.

 

Thank you so much!!!!



#46 Broni Re: [RESOLVED] Here are logs you need!

Broni

    Administrator - Malware Annihilator

  • Administrators
  • 36,016 posts
  • 2,175 topics
    • Time Online: 220d 19h 37m 46s
  • Joined October 04, 2004
  • Age: 60
  • Skin: Smartest wide
  • Local time: 01:34 PM
  • Zodiac:Virgo
  • Gender:Male
  • Location:Daly City, CA
  • OS:Windows 8
  • Country:
Offline

Posted 18 September 2013 - 01:24 AM

1. No, it's not us. Which browser?

2. I'd reinstall Opera.

3. In some browser or at any time?


p22003266.jpg  p22003279.jpgp4279089.jpg


#47 lclark122 Re: [RESOLVED] Here are logs you need!

lclark122

    Member

  • Topic Starter
  • Members
  • 89 posts
  • 2 topics
    • Time Online: 9d 4h 55m 24s
  • Joined September 07, 2013
  • Age: 52
  • Local time: 04:34 PM
  • Zodiac:Sagittarius
  • Gender:Female
  • OS:Windows 7
  • Country:
Offline

Posted 18 September 2013 - 02:15 AM

1 - I use Firefox a lot and was using that browser. I tried it on Microsoft after you mention it and no popups. I didn't even think about trying it in Microsoft IE before because I always use Firefox mainly. Except for work pages with is definitely IE.

 

2 - While I was checking out IE this McAfee alert popped up. I wasn't even using Firefox at the time. I was using IE when it popped up. So I have no clue what it is talking about nor where this IP address is located.

 

Risky Connection Blocked

 

McAfee has blocked your PC from making a risky connection.

About This Connection

IP Address  67.215.174.86

Program Firefox

About this IP address

 

3 - I was on Firefox when I got that message about updating Media Player. But I have gotten on IE before but honestly I forgot about getting this message because I thought it was fixed until it popped up again.



#48 Broni Re: [RESOLVED] Here are logs you need!

Broni

    Administrator - Malware Annihilator

  • Administrators
  • 36,016 posts
  • 2,175 topics
    • Time Online: 220d 19h 37m 46s
  • Joined October 04, 2004
  • Age: 60
  • Skin: Smartest wide
  • Local time: 01:34 PM
  • Zodiac:Virgo
  • Gender:Male
  • Location:Daly City, CA
  • OS:Windows 8
  • Country:
Offline

Posted 18 September 2013 - 02:37 AM

I took another look at your MBAM log and it looks like you got reinfected.

 

Update MBAM, re-run it and post fresh log.


p22003266.jpg  p22003279.jpgp4279089.jpg


#49 lclark122 Re: [RESOLVED] Here are logs you need!

lclark122

    Member

  • Topic Starter
  • Members
  • 89 posts
  • 2 topics
    • Time Online: 9d 4h 55m 24s
  • Joined September 07, 2013
  • Age: 52
  • Local time: 04:34 PM
  • Zodiac:Sagittarius
  • Gender:Female
  • OS:Windows 7
  • Country:
Offline

Posted 18 September 2013 - 03:05 AM

No malicious items were detected.

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.18.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
Julie :: JULIE-HP [administrator]

9/17/2013 10:47:38 PM
mbam-log-2013-09-17 (22-47-38).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 222220
Time elapsed: 12 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 



#50 Broni Re: [RESOLVED] Here are logs you need!

Broni

    Administrator - Malware Annihilator

  • Administrators
  • 36,016 posts
  • 2,175 topics
    • Time Online: 220d 19h 37m 46s
  • Joined October 04, 2004
  • Age: 60
  • Skin: Smartest wide
  • Local time: 01:34 PM
  • Zodiac:Virgo
  • Gender:Male
  • Location:Daly City, CA
  • OS:Windows 8
  • Country:
Offline

Posted 18 September 2013 - 03:13 AM

Re-run AdwCleaner and JRT.

Post both logs.


p22003266.jpg  p22003279.jpgp4279089.jpg


#51 lclark122 Re: [RESOLVED] Here are logs you need!

lclark122

    Member

  • Topic Starter
  • Members
  • 89 posts
  • 2 topics
    • Time Online: 9d 4h 55m 24s
  • Joined September 07, 2013
  • Age: 52
  • Local time: 04:34 PM
  • Zodiac:Sagittarius
  • Gender:Female
  • OS:Windows 7
  • Country:
Offline

Posted 18 September 2013 - 03:58 AM

I went to safe to to run JRT, then rebooted to normal mode again. Going to the smartestcomputing site again. This time I get a little popup in the bottom middle in FRENCH. I'm doing good to merely speak English. I don't have a clue what that was about, then the little popup on the right top corner again.

 

Here are the logs:

 

# AdwCleaner v3.004 - Report created 17/09/2013 at 23:25:08
# Updated 15/09/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Julie - JULIE-HP
# Running from : C:\Users\Julie\Desktop\AdwCleaner\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\SavvennshaarE

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [Backup.old.Start Page]
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16686


-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Users\Julie\AppData\Roaming\Mozilla\Firefox\Profiles\hm205j4t.default\prefs.js ]

Line Deleted : user_pref("extensions.helperbar.DockingPositionDown", false);
Line Deleted : user_pref("extensions.helperbar.SmartbarDisabled", false);
Line Deleted : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Line Deleted : user_pref("extensions.helperbar.Visibility", false);

*************************

AdwCleaner[R0].txt - [56434 octets] - [12/09/2013 21:17:23]
AdwCleaner[R1].txt - [1608 octets] - [17/09/2013 23:20:03]
AdwCleaner[S0].txt - [55515 octets] - [12/09/2013 21:22:15]
AdwCleaner[S1].txt - [1549 octets] - [17/09/2013 23:25:08]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1609 octets] ##########
 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.1 (09.15.2013:1)
OS: Windows 7 Home Premium x64
Ran by Julie on Tue 09/17/2013 at 23:36:30.67
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted: [Folder] C:\Users\Julie\AppData\Roaming\mozilla\firefox\profiles\hm205j4t.default\extensions\staged
Successfully deleted the following from C:\Users\Julie\AppData\Roaming\mozilla\firefox\profiles\hm205j4t.default\prefs.js

user_pref("extensions.AMAZONNEW_NS_PH.searchconf", "{\n  \"google\" : {\n    \"urlexp\" : \"hxxp(s)?:\\\\/\\\\/www\\\\.google\\\\..*\\\\/.*[?#&]q=([^&]+)\",\n    \"rankometer\
user_pref("extensions.defaulttab.config", "{\"status\": \"ok\", \"config\": {\"dns_error_handling\": \"Scenario_1,Scenario_2\", \"set_default_search\": \"Search Here|Search He
Emptied folder: C:\Users\Julie\AppData\Roaming\mozilla\firefox\profiles\hm205j4t.default\minidumps [4 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 09/17/2013 at 23:38:39.41
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#52 Broni Re: [RESOLVED] Here are logs you need!

Broni

    Administrator - Malware Annihilator

  • Administrators
  • 36,016 posts
  • 2,175 topics
    • Time Online: 220d 19h 37m 46s
  • Joined October 04, 2004
  • Age: 60
  • Skin: Smartest wide
  • Local time: 01:34 PM
  • Zodiac:Virgo
  • Gender:Male
  • Location:Daly City, CA
  • OS:Windows 8
  • Country:
Offline

Posted 18 September 2013 - 06:08 PM

Reset Firefox: https://support.mozi...x-most-problems


p22003266.jpg  p22003279.jpgp4279089.jpg


#53 lclark122 Re: [RESOLVED] Here are logs you need!

lclark122

    Member

  • Topic Starter
  • Members
  • 89 posts
  • 2 topics
    • Time Online: 9d 4h 55m 24s
  • Joined September 07, 2013
  • Age: 52
  • Local time: 04:34 PM
  • Zodiac:Sagittarius
  • Gender:Female
  • OS:Windows 7
  • Country:
Offline

Posted 19 September 2013 - 02:55 PM

I reset Firefox as you instructed.  And bingo  NO MORE POPUPs.  YEAH!!!

 

I uninstalled, rebooted then reinstalled Opera and it's doing alright too but I wanted to make sure.

 

I checked for window updates  NONE

 

I ran the FileHIppo Update Checker again and there were 7 updates I needed to get. One was Firefox.  Another one for Flash. So I go those 7 updates.

 

Then I reinstalled Qualys BrowerCheck and then ran it. Everything is great there except there is 1 security risk and there is no fix on it.  Its for Microsoft IE 10.

 

I know Microsoft automatically updated everyone's  IE 9 to IE 10 a while back without us knowing it because it was a mess about it at work. Our software wasn't compatible with 10 so technicians had to just in real quick and come up with updated software for us to use in a hurry. Hope they get the fix for 10 soon.

 

I also checked my media player. I use that a lot and I had kept getting these you need to update your media player screen popups which I guess was virus. Anyway, it works perfect too.

 

Everything's great!  It's like a freshly re-formatted computer.

 

Thank you so very much! Your help has been much appreciated!



#54 Broni Re: [RESOLVED] Here are logs you need!

Broni

    Administrator - Malware Annihilator

  • Administrators
  • 36,016 posts
  • 2,175 topics
    • Time Online: 220d 19h 37m 46s
  • Joined October 04, 2004
  • Age: 60
  • Skin: Smartest wide
  • Local time: 01:34 PM
  • Zodiac:Virgo
  • Gender:Male
  • Location:Daly City, CA
  • OS:Windows 8
  • Country:
Offline

Posted 19 September 2013 - 11:04 PM

Way to go!! p4193510.gif
Good luck and stay safe :)
 


p22003266.jpg  p22003279.jpgp4279089.jpg






Also tagged with one or more of these keywords: virus, malware, computer blocked, cybercrime, FBI

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users