Think My Pc Is Heavily Infected

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by majinbuu, Jul 3, 2017.

  1. majinbuu

    majinbuu Specialist

    Hello, left my computer on this afternoon and my nephews who were staying over had access to my computer and I think they downloaded something bad. My pc has weird shortcuts on the desktop and something called Adblock.

    Avira went crazy. I disconnected my internet as it was downloading stuff at random. Please help, logs are attached.
     

    Attached Files:

    majinbuu, Jul 3, 2017
    #1
  2. majinbuu

    majinbuu Specialist

    Sorry for the additional post, but I have had my computer on since the infection because I'm scared to turn it off in case there is some malware on startup. If no one is able to help me with my computer at the moment, could you please let me know if it's safe to turn my computer off, it has been on since Monday. Please help.
     
    majinbuu, Jul 6, 2017
    #2
  3. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Other than the PUP's that MBAM found, I am not seeing any malware in your logs. What malware issues are you having?
     
    TimW, Jul 7, 2017
    #3
  4. majinbuu

    majinbuu Specialist

    There are icons on my desktop that I have taken pictures of and attached below. In the properties tab of these icons they link to websites I have never heard of. I have also uploaded the icon properties to imgur if it's easier to read http://imgur.com/jpp5ARf
     

    Attached Files:

    Last edited: Jul 7, 2017
    majinbuu, Jul 7, 2017
    #4
  5. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    They appear to be games your nephews downloaded. Just delete them.
     
    TimW, Jul 7, 2017
    #5
  6. majinbuu

    majinbuu Specialist

    Ok I have deleted them and nothing out of the ordinary seems to be happening. Can you please let me know what to do next? I noticed in the logs I posted apart from the MBAM log there are a lot of PUPS and some firefox and chrome extensions, Adblocker service is also running in task manager. Can you let me know which ones need to be removed and how to do it please. Thank you
     
    majinbuu, Jul 7, 2017
    #6
  7. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    They are fine and do not need removing. Your logs are clean, the only thing you have to do is the final cleanup:

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
    2. Renable your Disk Emulation software with Defogger if you had disabled it in step 4 of the READ & RUN ME.
    3. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
    4. If running Vista, Win 7 or Win 8 or 10, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Now goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    6. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    7. After doing the above, you should work thru the below link:
     
    TimW, Jul 7, 2017
    #7
  8. majinbuu

    majinbuu Specialist

    AdblockerService is running in my background processes and I did not install that myself, and there is a firefox and chrome extension called Tables that I did not install, but has now appeared. How do I get rid of these properly?
     
    majinbuu, Jul 7, 2017
    #8
  9. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You probably want adblocker......you should be able to go into both firefox and chrome and delete the extensions you don't want.
     
    TimW, Jul 7, 2017
    #9
  10. majinbuu

    majinbuu Specialist

    Adblocker was installed on Monday after my nephews were playing with my PC. It is running as a background process but is not showing as an extension in Chrome or Firefox. I use uBlock Origin as my adblocker instead,

    Also, which Pups should I remove that were found in my Roguekiller, Hitman and AdwCleaner logs?
     
    majinbuu, Jul 7, 2017
    #10
  11. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    There would be no harm in removing everything ADW found.
     
    TimW, Jul 7, 2017
    #11
  12. majinbuu

    majinbuu Specialist

    I have attached new logs which show what I have deleted. Can you please look at them and let me know if I have to do anything with Mgtools as I do not know how to use that.
     

    Attached Files:

    majinbuu, Jul 7, 2017
    #12
  13. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Your logs are clean. You can just follow the final instructions I gave you. It will remove MGTools.
     
    TimW, Jul 7, 2017
    #13
  14. majinbuu

    majinbuu Specialist

    My PC is still not clean as my Chrome browser is full of popups and redirects. Could you please recheck the logs in particular the MGTools one. Something is seriously wrong.
     
    majinbuu, Jul 8, 2017
    #14
  15. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    TimW, Jul 8, 2017
    #15
  16. majinbuu

    majinbuu Specialist

    I have reset Chrome, but the pop ups and redirects still occur.
     
    majinbuu, Jul 8, 2017
    #16
  17. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista,Seven,Eight or 10, right-mouse click it and select Run as Administrator.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Attach JRT.txt to your next message.
     
    TimW, Jul 8, 2017
    #17
  18. majinbuu

    majinbuu Specialist

    I have attached the JRT log.
     

    Attached Files:

    • JRT.txt
      File size:
      1.2 KB
      Views:
      5
    majinbuu, Jul 8, 2017
    #18
  19. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    In the search field ..... or the run box, type %temp%

    and clean them out.

    Tell me if you are still having issues.
     
    TimW, Jul 8, 2017
    #19
  20. majinbuu

    majinbuu Specialist

    I have deleted the files in the %temp% folder.

    Chrome is still having issues
     
    majinbuu, Jul 8, 2017
    #20
  21. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You can try using Revo Uninstaller to remove that program. Reboot and reinstall.
     
    TimW, Jul 9, 2017
    #21
  22. majinbuu

    majinbuu Specialist

    reinstalled chrome, no more problems for now.
     
    majinbuu, Jul 9, 2017
    #22
  23. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Good to know.
     
    TimW, Jul 9, 2017
    #23

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds