Suspect Malware Oct-2017

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by BluGoat, Oct 24, 2017.

  1. BluGoat

    BluGoat Private E-2

    Hello,

    It seems I've picked up a few bugs, plus. Some of the things I remember experiencing:
    • Using updated Firefox for Win 8.1; browser windows pop up behind my browser
    • I recently find FoxitReader running FoxitReaderProxy.exe (or something very close to that). I "end task"
    • Found a few days ago, Firefox was using 99% memory resources
    • My Admin account is unable to make some config changes as the options are greyed out
    • RE: RK Scan - I do not know what the following is:User = LL1 ... OK and User = LL2 ... OK
    RE: AdW Cleaner – I hit the clean button after the scan (I was not certain from MG’s instructions what to do. I did not do this after subsequent scans.

    I have attached two zip files with logs.

    Thanks for any help you can provide!

    ~Blu
     

    Attached Files:

    BluGoat, Oct 24, 2017
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Please rerun RogueKiller and remove these items:

    ¤¤¤ Registry : 4 ¤¤¤
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 206.248.154.22 206.248.154.170 ([X][X]) -> Found
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8590F306-8F7D-45B6-99A5-7178427F5A3A} | DhcpNameServer : 206.248.154.22 206.248.154.170 ([X][X]) -> Found

    ¤¤¤ Files : 2 ¤¤¤
    [PUP.Gen1][Folder] C:\ProgramData\SecTaskMan -> Found
    [PUP.Gen1][Folder] C:\ProgramData\SecTaskMan -> Found

    Now right click the start button and click run and type this in: %temp%

    Remove all it found. Then empty your recycle bin.

    Next, go back to run and type this in:
    sfc /scannow

    Note the space between sfc and /scannow.

    Let that run ( you may be asked to reboot)

    If not, when it is done, reboot and rescan with RogueKiller and attach the new log.

    Then do this:

    Reset Mozilla Firefox to defaults
     
    TimW, Oct 24, 2017
    #2
  3. BluGoat

    BluGoat Private E-2

    Hi Tim,
    Some of the files in the temp folder were 'in use' and would not delete or shred so I booted in safe mode and was then able to shred them.

    I did not delete the new entries found by RK, they are quarantined while I wait for instructions.

    ON entering the 'scannow' command from 'run', the command prompt window would not display so I opened it by right clicking on start and entered the command directly into the window - the scan reports, "no integrity violations found".

    I uninstalled Firefox with Revo uninstaller and will reinstall it, however, my personal settings appear to remain the same. I will go to FF's site and try to find the default setting. I have not found it on my own yet. Would you advise I also reinstall I.E.???

    How to Access default computer account win 8.1?
     

    Attached Files:

    BluGoat, Oct 25, 2017
    #3
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    TimW, Oct 25, 2017
    #4
  5. BluGoat

    BluGoat Private E-2

    Thank you Tim. I appreciate your help!
     
    BluGoat, Oct 31, 2017
    #5
  6. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    No problem.

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
    2. Re-enable your Disk Emulation software with Defogger if you had disabled it in step 4 of the READ & RUN ME.
    3. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
    4. If running Vista, Win 7 or Win 8 or 10, it is time to make sure you have re-enabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Now go to the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 or 10 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    6. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    7. After doing the above, you should work thru the below link:
     
    TimW, Oct 31, 2017
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds