Windows Defender Alert - Zeus Virus

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by deegazzo, Sep 18, 2017.

  1. deegazzo

    deegazzo Private First Class

    Hi, I have gotten the title message twice in two days. I read and ran the required scans. Attached logs and here is info on my pc:
    Lenovo All In One
    Windows 10 Home (64 bit)
    Intel (R) Pentium (R) CPU G3220T @ 2.60GHz 2.60GHz
    Installed RAM 4.00GB
    Pen & Touch; Touch Support with 5 Touch Points

    p.s. it says it is porn related. my 27 year old did move home so I'm unsure of that. if it is, please help me and direct me how to block any and all of that from my pc.
     

    Attached Files:

  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    I am not finding any malware in those logs. Can you attach the log from Defender?
     
  3. deegazzo

    deegazzo Private First Class

    It's not from any scan that Defender has ran. I'll be online in the middle of something and my screen goes to the microsoft site and there is a message across it saying
    Windows Defender Alert - Zeus Virus and it wants me to allow some download. Now, I know better than to allow that but am still concerned. And would prefer
    knowing my pc is safe.
     
  4. deegazzo

    deegazzo Private First Class

    I did try to screen shot when it happened today but whatever it is/was locked my pc down. I spent almost 20 minutes trying to get it to shut down.
    I tried opening task manager, tried ctrl/alt/delete. Ended up unplugging my pc.
     
  5. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    What browser are you using?

    In the meantime:

    Download OTM by Old Timer and save it to your Desktop.

    • Run OTM.exe by double clicking on it (Note: if using Vista, Win7, Win8, or Win10 don't double click, use right click and select Run As Administrator).
    • Paste the following code under the [​IMG] area. Do not include the word Code.

    Code:
    :Processes
    explorer.exe
    
    :files
    C:\Users\Dee\AppData\Local\Temp\dllnt_dump.dll
    C:\Users\Dee\AppData\Local\Temp\Edw)b21XEmyNZZT1.tmp.dat
    C:\Users\Dee\AppData\Local\Temp\FdnWXn4UhqNaNeQf.tmp.dat
    C:\Users\Dee\AppData\Local\Temp\Iw53$qgNhDevDu6O.tmp.dat
    C:\Users\Dee\AppData\Local\Temp\mbam
    C:\Users\Dee\AppData\Local\Temp\mb_setup.log
    C:\Users\Dee\AppData\Local\Temp\MicroThemePackDir
    C:\Users\Dee\AppData\Local\Temp\n6(PcCQMTTB962qu.tmp.dat
    C:\Users\Dee\AppData\Local\Temp\Setup Log 2017-09-18 #001.txt
    C:\Users\Dee\AppData\Local\Temp\StructuredQuery.log
    C:\Users\Dee\AppData\Local\Temp\URL4AE1.tmp
    
    :Commands
    [purity]
    [ResetHosts]
    [createrestorepoint]
    [emptytemp]
    [start explorer]
    [Reboot]
    • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
    • Push the large [​IMG] button.
    • OTM may ask to reboot the machine. Please do so if asked.
    • Copy everything in the Results window (under the green bar), and paste it in your next reply.

    Now navigate to the C:\_OTM\MovedFiles folder ( assuming your Windows drive is C). This is where your log will be saved in the form of Date and Time mmddyyyy_hhmmss.log. Just look for the most recent .log file. Attach this log file to your next message.

    NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and attach that document back here in your next post.
     
  6. deegazzo

    deegazzo Private First Class

    I use Google Chrome.

    Ok, I ran OTM, it asked for the reboot before I could copy/paste the results window.
    Log is attached.
     

    Attached Files:

  7. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

  8. deegazzo

    deegazzo Private First Class

    All right, reset Chrome before going to bed last night. This morning all has been fine up until
    just a few minutes ago. Attaching an image of what I just got :(
     

    Attached Files:

  9. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Please use Revo Uninstaller to remove Chrome. Then you can reboot and re-install Chrome. Let me know how it runs.

    Also, have you tried another browser?
     
  10. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    I also want you to run this: (it has a 15 day trial period)

    http://www.majorgeeks.com/files/details/zemana_antimalware.html

    Then run this:

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista,Seven,Eight or 10, right-mouse click it and select Run as Administrator.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Attach JRT.txt to your next message.
     
    Last edited: Sep 20, 2017
  11. deegazzo

    deegazzo Private First Class

    Ok I've ran both and have attached the jrt log.
     

    Attached Files:

    • JRT.txt
      File size:
      890 bytes
      Views:
      3
  12. deegazzo

    deegazzo Private First Class

    Sorry I missed this. I usually use chrome but do also use ie.
     
  13. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Did Zemana produce a log?

    Does the alert happen with IE?
     
  14. deegazzo

    deegazzo Private First Class

    I didn't find a Zemana log, should I run it again for you?
    Also, so far no, only in Chrome that I've noticed.
     
  15. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    I am puzzled. ADW should have found and removed it as it is adware. Are you possibly using an older version of it that is not updated?

    Did you use Revo to uninstall Chrome?

    In Chrome, have you clicked on Options, Extensions and looked for and removed all plug-ins and extensions?
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds