I Think I Am Infected

I was directed here from the SW forum (in this thread - http://forums.majorgeeks.com/index.php?threads/windos-10-strange-web-browser-default-issue.316153/) on my Windows 10 PC

Symptoms I see (first reported to me by my wife a few days ago):-

Windows 10 PC: On one account ( a local, administrator account), the follwing happens:
- trying to follow a URL from email or Word doc generates a list of browsers to choose from, and selecting Edge and ticking the "Make this one default" does not prevent the same thing happening the next time I click on a link

- Trying to set Edge as the default browser via the default option in PC settings is not possible, the icon just remains blank no matter which browser I try to set

- Trying to use Set Default Programs in Control Panel also does not work;

- Trying to change associations for file types htm, html and protocols http and https does not work

All the above are seen on just the one account, but not on the other three

Now in all the default browser options Chrome was listed as one of the Browser options. We dotn use Chrome so I tired to force the issue by uninstalling it - however in the program lists in both Control Panel "Progrmas and Features"and in IOBit Uninstaller Chrome is not listed. Further investigation shows that there is no Chrome folder in "Program Files" or in "Program Files (x86)", however I did find chroime.exe in the following locations :

program files(x86)\Altoe\Application
program files(x86)\Bangcar\Application
program files(x86)\Tooleat\Application
program files(x86)\Willjob\Application

Having fixed some other related issues with help in the SW forum I was directed here for the above, as the suspicion is this is malware.

I have followed the readme and attach logs for AdwCleaner, MalwareBytes, RogueKiller, HitmanPro and MGTools.

Note that MalwareBytes did not run as explained in the readme, but I think I got the right stuff ... let me know if I need to run it again

Looking forward to your expert advice

 

As I mentioned MBAM did not run as described in the instructions at http://forums.majorgeeks.com/index.php?threads/using-malwarebytes-anti-malware.154672.

Firstly tjhe file I downloaded was called mb3-setup-comsumer-3.0.6.1469.exe & not mbam-setup.exe, secondly it appeared to kick off an automatic scan, while I tried to start a scan manually by clocking on SCAN NOW as described, so it is possible i missed something. Can you advise how I shoudl be using this (seemingly) newer version?

I'll try again per your direction, tomorrow, & repost the logs

 

I set time aside this evening to redo the scans; did not run as smoothly as (maybe) expected, but hopefully this is progress of some sort

Firstly - because I had issues with MalwareBytes yesterday I uninstalled & then reinstalled it first (I hope this isn't the cause of some of my subsequent issues).

It seems the instructions at http://forums.majorgeeks.com/index.php?threads/using-malwarebytes-anti-malware.154672 are for v2.0, but the install file is for v3.0, so it wasn't possible to do exactly as the process suggests, but I made some educated guesses and proceeded as follows :

- switched off real time protection layers in Settings (that was what caused me issues yesterday I think)
- Clicked on "Update now" on main dashboard to update database
- Scan Tab - Threat Scan checked, clicked on blue "Start Scan" button
- There was no "Remove Selected" button, so I chose "Quarantine Selected"
- I wasn't prompted to restart the PC so I did it myself

At this stage I hit a problem - my attempt to login to Windows failed with a message "The User Profile service failed the sign in. User profile cannot be loaded". However restarting the PC again seemed to get around this

When I got back in I opened MalwareBytes again. There is no "History" tab as the process suggests, but there is a "Reports" tab (which was where I took the log from yesterday) - but there were no reports in it this time. I looked around on the hard drive to see if I could find one, but to no avail.

So I decided to proceed - ran RogueKiller, then clicked on "Remove Selected" then took a copy of the log. It then prompted me to restart the PC again, which I did

Once again I got the user profile issue (on both admin accounts), but, after a few restarts, got in

So now on to hitmanpro - ran this & when completed selected "delete" & "apply to all"; at this stage I had to activate a one-time license. It appeared to delete all, but did not give me the option (this time) to save the log, instead it forced a reboot.

Interestingly this time I did NOT encounter the user profile issue

So onto the next phase - run them all again & capture the logs (where possible)

1) MalwareBytes - using options as above, this time I did get a log. Although not prompted & I assume nothing was removed I rebooted to be on the safe side (again no user profile issue this time)

2) RogueKiller - ran per instructions & took log

3) HitManPro - ran per instructions & took log

Logs from 1,2,3 above all attached. I did not run MGtools as you did not explicitly state that, but if you want me to do so let me know & I'll post the results

Original symptoms seem to have now gone;but I have restarted the PC 5 times since I completed the above scans and encountered the "user profile" issue, that I noted above, on 4 of the 5 restarts. So it seems to be very much a problem now.

 

Awesome - many thanks

One question - I have McAfee LiveSafe on the PC. How come that wasn't enough to protect me?