Solved getting ISP notices that my PC may be infected with a bot

April 28, 2013 at 06:09:17
Specs: Windows 7 Home premium
What is active scripting, and should I disable it? This is one of the solutions suggested by my ISP.
However, it's not clear to me whether I should enable active scripting, or disable active scripting...?
It says in the directions, "in IE, go to active scripting section, and enable or disable it" ?

See More: getting ISP notices that my PC may be infected with a bot

Report •


✔ Best Answer
May 26, 2013 at 06:38:54
Update -- I did decide to bring it to a computer fixer and they did the reinstall
for me. I still have more to do on the computer, such as changing the router
password and getting the copy of the Win 7 disc. Thank you for your answers.



#1
April 28, 2013 at 10:12:40
Run a scan with malwarebytes and make sure you do not have infected coding. Install it, update date it, run a full scan and remove what it finds, reboot as needed.
It's a start.

http://download.cnet.com/Malwarebyt...


Report •

#2
April 29, 2013 at 05:58:18
I did that -- it turns out I already had Malwarebytes on my computer. I did two scans, the quick, which found no infected items, and the full, which unfortunately disappeared when I left the room for a moment. I could not find the report of the full scan. So I don't
know what to do next, if anything. I am getting these notices about bots every other
day. Anyhow thank you for your suggestion, I will have to run the full scan again...

Report •

#3
April 29, 2013 at 06:31:32
"I will have to run the full scan again..."

C:\Users\John\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs

Replace John with your name.

Copy & Paste the contents of the log, here please.


Report •

Related Solutions

#4
May 5, 2013 at 07:58:12
I am sorry to say there doesn't seem to be a best answer. I still have the same
problem. I will most likely call my ISP, I'm just concerned that they will charge
me extra for that service.

Report •

#5
May 5, 2013 at 14:06:37
Run RogueKiller
http://www.softpedia.com/get/Securi...
http://www.softpedia.com/progScreen...
http://majorgeeks.com/RogueKiller_d...
http://www.geekstogo.com/forum/file...
http://www.sur-la-toile.com/RogueKi...
http://www.sur-la-toile.com/RogueKi...
Download & SAVE to your Desktop.
Quit all programs that you may have started.
Please disconnect any USB or external drives from the computer before you run this scan!
For Vista or Windows 7, right-click and select "Run as Administrator to start"
For Windows XP, double-click to start.
Wait until Prescan has finished ...
Then Click on "Scan" button
Wait until the Status box shows "Scan Finished"
click on "delete"
Wait until the Status box shows "Deleting Finished"
Click on "Report" and copy/paste the content of the Notepad into your next reply.
The log should be found in RKreport[1].txt on your Desktop
Exit/Close RogueKiller.

Report •

#6
May 7, 2013 at 07:08:42
okay I ran the roguekiller scan according to your directions. In the report it shows an Infection in Root.MBR, but when I clicked on fix MBR, according to their instructions,
I was not able to. ???

Report •

#7
May 7, 2013 at 14:34:56
Click on "Report" and copy/paste the content of the Notepad into your next reply.
The log should be found in RKreport[1].txt on your Desktop

Report •

#8
May 12, 2013 at 08:18:36
here it is if i've done it right

Feedback : http://www.geekstogo.com/forum/file...
Website : http://tigzy.geekstogo.com/roguekil...
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Jessica [Admin rights]
Mode : Remove -- Date : 05/07/2013 09:34:41
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD10EARS-22Y5B1 +++++
--- User ---
[MBR] b3e5d6225b863e734fe6fd8d9829c996
[BSP] f0a2be1d645d458ea4bca5217539e085 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 14000 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 28674048 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 28878848 | Size: 939753 Mo
User != LL1 ... KO!
--- LL1 ---
[MBR] 3c970993a35a4228d060d730a36b5d96
[BSP] f0a2be1d645d458ea4bca5217539e085 : Windows 7/8 MBR Code [possible maxSST in 3!]
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 14000 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 28674048 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 28878848 | Size: 939753 Mo
3 - [ACTIVE] NTFS (0x17) [HIDDEN!] Offset (sectors): 1953495040 | Size: 10 Mo
User != LL2 ... KO!
--- LL2 ---
[MBR] 3c970993a35a4228d060d730a36b5d96
[BSP] f0a2be1d645d458ea4bca5217539e085 : Windows 7/8 MBR Code [possible maxSST in 3!]
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 14000 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 28674048 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 28878848 | Size: 939753 Mo
3 - [ACTIVE] NTFS (0x17) [HIDDEN!] Offset (sectors): 1953495040 | Size: 10 Mo

Finished : << RKreport[3]_D_05072013_02d0934.txt >>
RKreport[1]_S_05072013_02d0930.txt ; RKreport[2]_D_05072013_02d0932.txt ; RKreport[3]_D_05072013_02d0934.txt


Report •

#9
May 12, 2013 at 15:08:51
Thanks, you got it right.

As we dismantle the infection bit by bit, that may allow the repeat use of programs, which may in turn pick up more.
Removal of infected parts of the system, may cause other parts to stop working, such as your Internet connection or Services. These we then, have to repair later.

If any program won't run ( due to the infection ) let me know.

1: Download & run Unhide
http://www.bleepingcomputer.com/for...
http://download.bleepingcomputer.co...
A introduction as to what this program does.
http://www.bleepingcomputer.com/for...
For those of you who no longer have the %Temp%\Smtmp folder, you will not be able to use Unhide to restore your Start Menu items. With this in mind, I have created some scripts to restore the default Start Menu for specific versions of Windows that I have access to. You can view the available versions below. I will be adding more as time goes on.
Once the program has been downloaded, double-click on the Unhide.exe icon on your desktop and allow the program to run, it does take some time, be patient. This program will remove the +H, or hidden, attribute from all the files on your hard drives. If there are any files that were purposely hidden by you, you will need to hide them again after this tool is run.
When Unhide is complete, it will create a logfile on the Windows Desktop called Unhide.txt. Let me know if it dosn't produce a log please.

2: Reboot

3: Download Security Check by screen317 from one of the following links and save it to your desktop.
http://screen317.spywareinfoforum.o...
http://screen317.changelog.fr/Secur...
* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Save it to your Desktop.
* Double click SecurityCheck.exe. If you run Windows Vista or 7, right click and choose 'Run as Administrator'.
o If you are asked by Windows to run this program or not, please click 'Yes' or 'Run'.
o When you see a console window, press any key to continue scanning.
o Wait while it scans.
o If your firewall alerts you of Security Check, please press 'Allow' or similar.
* A Notepad document should open automatically after scan is completed. It will be called checkup.txt; Please Copy and Paste the contents into your reply.
Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

4: Please download and run ListParts64 by Farbar (for 64-bit system):
http://download.bleepingcomputer.co...
Click on the Scan button.
The scan results will open in Notepad.
Please Copy and Paste the contents into your reply.

5: Malwarebytes Anti-Rootkit ( MBAR ) Different to the Malwarebytes you have already run.
http://www.softpedia.com/get/Antivi...
http://www.softpedia.com/progScreen...
http://www.malwarebytes.org/product...
How to use Malwarebytes Anti-Rootkit to remove rootkits from a Computer
http://www.bleepingcomputer.com/vir...

Unzip the contents to a folder in a convenient location.
Open the folder where the contents were unzipped and run mbar.exe
Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
Click on the Cleanup button to remove any threats and reboot if prompted to do so.
Wait while the system shuts down and the cleanup process is performed.
Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
When done, please post the contents of the two logs produced, they will be in the MBAR folder..... mbar-log.txt and system-log.txt


Report •

#10
May 19, 2013 at 07:46:57
here is the security check
.99.63 3 y Check version 0.99.63
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
[b][u]``````````````Antivirus/Firewall Check:``````````````[/b][/u]
Windows Firewall Enabled!
Windows Firewall Disabled!
Norton Security Suite
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
[b][u]`````````Anti-malware/Other Utilities Check:`````````[/b][/u]
Secunia PSI (3.0.0.6005)
Malwarebytes Anti-Malware version 1.75.0.1300
Adobe Flash Player 11.7.700.202
Adobe Reader 9
Adobe Reader XI
Mozilla Firefox 16.0.2 [color=red][b]Firefox out of Date![/b][/color]
[b][u]````````Process Check: objlist.exe by Laurent````````[/b][/u]
Norton ccSvcHst.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
[b][u]`````````````````System Health check`````````````````[/b][/u]
Total Fragmentation on Drive C: 0%
[b][u]````````````````````End of Log````````````````

Report •

#11
May 19, 2013 at 07:57:20
And the list parts
ListParts by Farbar Version: 10-05-2013
Ran by Jessica (administrator) on 19-05-2013 at 10:50:14
Windows 7 (X64)
Running From: C:\Users\Jessica\Downloads
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 34%
Total physical RAM: 6109.18 MB
Available physical RAM: 3991.2 MB
Total Pagefile: 12216.54 MB
Available Pagefile: 9714.52 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

======================= Partitions =========================

1 Drive c: (Gateway) (Fixed) (Total:917.73 GB) (Free:827.36 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B

Partitions of Disk 0:
===============

Disk ID: 2D3FCB68

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 13 GB 1024 KB
Partition 2 Primary 100 MB 13 GB
Partition 3 Primary 917 GB 13 GB
Partition 4 Primary 10 MB 931 GB

======================================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 PQSERVICE NTFS Partition 13 GB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 SYSTEM RESE NTFS Partition 100 MB Healthy System (partition with boot components)

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C Gateway NTFS Partition 917 GB Healthy Boot

======================================================================================================

Disk: 0
Partition 4
Type : 17 (Suspicious Type)
Hidden: Yes
Active: Yes

There is no volume associated with this partition.

======================================================================================================
============================== MBR Partition Table ==================

==============================
Partitions of Disk 0:
===============
Disk ID: 2D3FCB68
Partition 1: (Not Active) - (Size=14 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=918 GB) - (Type=07 NTFS)


****** End Of Log ******


Report •

#12
May 19, 2013 at 08:00:14
Should I click on "fix"? in the little list parts window

Report •

#13
May 19, 2013 at 18:43:04
"Should I click on "fix"? in the little list parts window"
Not at this stage, you have a very serious infection & your system has been compromised.

Very Important: Malware infections can possibly lead to identity theft, stolen bank funds, misuse of credit card information etc.
The use of the computer is the primary factor in the decision whether to re-format and re-install, or just disinfect.

I can proceed with the clean up, which will be a long process.
Have a think about what you would like to do. If you have been using the comp for banking etc, you will need to change passwords etc.
Obviously your security is not good enough, no need to pay for anything, it is all FREE.

If you do decide to reinstall ( this is your best option ) make sure when you reinstall, you delete ALL partitions & format to NTFS.

W7 - Click on > Drive options (advanced) Then highlight each partition & hit > Delete.
http://www.blackviper.com/os-instal...
http://www.blackviper.com/os-instal...


Report •

#14
May 23, 2013 at 06:29:08
I have been busy at work and not on the computer much at all since my last post.
The computer was used last night and now this morning will not start -- that is,
the Starting Windows screen comes up and just hangs. Nothing happens. When
I shut it off and turned back on, I entered in black screen "Start Up Repair
(Recommended)" Still nothing happened. It hung on "Windows is Loading
Files" option. I will once again try to start with the Backup Disc. But I think I
may need to use your method of reinstalling. Thank you for all your answers.
I may not be able to do this myself if I can't get the computer started.
In between computer emergencies, life happens.

Report •

#15
May 24, 2013 at 04:41:56
"But I think I may need to use your method of reinstalling"

The link I gave you previously, contains the install instructions, here is page 1.
Get someone computer savvy to help, if it looks too hard.
Don't forget to delete all partitions.
http://www.blackviper.com/os-instal...

If you don't have the W7 CD, here is where you download it from.
64-bit Windows 7 Home Premium x64 ISO
Digital River: http://msft-dnl.digitalrivercontent...
64-bit Windows 7 Professional x64 ISO
Digital River: http://msft-dnl.digitalrivercontent...
Windows 7 Direct Download Links
http://www.heidoc.net/joomla/techno...

For your Product number to work, you must download the correct version.

Be aware, you lose all your previous files & information.

How to report ID theft, fraud, drive-by installs, hijacking and malware?
http://www.dslreports.com/faq/10451
Change your router password if it is not strong or still uses the default one.
Hack lets intruders sneak into home routers
http://tinyurl.com/4pz64fc
http://compnetworking.about.com/od/...


Report •

#16
May 26, 2013 at 06:38:54
✔ Best Answer
Update -- I did decide to bring it to a computer fixer and they did the reinstall
for me. I still have more to do on the computer, such as changing the router
password and getting the copy of the Win 7 disc. Thank you for your answers.


Report •

#17
May 26, 2013 at 14:20:54
"Thank you for your answers"
YW Georgiecat.

No need to pay for any AV.

I use MSE with Windows firewall.

Microsoft Security Essentials ( MSE )
http://www.softpedia.com/get/Antivi...
http://www.softpedia.com/progScreen...
http://www.techsupportalert.com/9be...
http://www.techsupportalert.com/bes...
http://www.microsoft.com/security_e...
http://www.microsoft.com/security_e...

System requirements
http://www.microsoft.com/en-us/secu...
Check list for installing Microsoft Security Essentials
http://experts.windows.com/w/expert...

Can Microsoft Security Essentials ( MSE ) protect me from online banking and shopping.
http://answers.microsoft.com/en-us/...

If you choose to use Security Essentials, please follow the steps in this thread first, especially the part about removing all existing realtime antimalware:
http://kb.eset.com/esetkb/index?pag...


Report •

Ask Question