Need to get malware off computer

August 6, 2018 at 13:05:47
Specs: Windows 10
I have either malware or a virus popping up for the last several days saying my puter is infected and collecting my information and I need to call a number immediately ot it would shut my puter down. I have just re booted and it would do fine but now it's popping up regularly. Need som advice on freeware to try. Susan

See More: Need to get malware off computer

Reply ↓  Report •

#1
August 6, 2018 at 13:33:48
Definitely do NOT call any phone number which pops up, for whatever reason.

Basic pest removers to use for a start.

Malwarebytes

https://www.malwarebytes.com/mwb-do...

Adwcleaner.

https://www.bleepingcomputer.com/do...

ccleaner

https://www.ccleaner.com/ccleaner/d...

All have free versions; all safe and easy to use.

Install each using custom/manual option - not the proffered/default automatic. Watch for and uncheck all prechecked boxes other than the one for the utility in question. That way you avoid installing all manner of junk, malware, system changes you neither need nor want; and frequently a PIA to eradicate.

Johnw and a few others here (pest removal types) will likely chip in advise a more thorough clean up routine, which would be wise to follow. The pest remover gurus here are tops...

message edited by trvlr


Reply ↓  Report •

#2
August 6, 2018 at 16:14:03
Hi Susan, Copy & Paste the contents of the Malwarebytes & Adwcleaner logs in your reply please.

Reply ↓  Report •

#3
August 6, 2018 at 23:46:10
Hi, I had been running Malwarebytes every day recently and downloaded CCCleaner this evening snd used it also. I downloaded AdwCleaner tonight and ran it twice. This was what the log had shown.
# -------------------------------
# Malwarebytes AdwCleaner 7.2.1.0
# -------------------------------
# Build: 06-26-2018
# Database: 2018-07-25.1
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 08-07-2018
# Duration: 00:00:01
# OS: Windows 10 Home
# Cleaned: 1
# Failed: 2


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\ProgramData\BSD\DriverHiveEngine

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Not Deleted HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

Not Deleted websearch.ask.com


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [6437 octets] - [07/08/2018 00:52:01]
AdwCleaner[C00].txt - [5569 octets] - [07/08/2018 00:54:46]
AdwCleaner[S01].txt - [1512 octets] - [07/08/2018 01:34:00]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########


Reply ↓  Report •

Related Solutions

#4
August 7, 2018 at 00:35:05
Thanks Susan, lets dig a bit further.

Please download Dr.Web CureIt and save it to your Desktop. DO NOT perform a scan, until you get it on your desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop. (If this is not possible, this program is portable, and runs right from the location it is downloaded to, like a USB drive or SD card.)
http://www.softpedia.com/get/Antivi...
http://filehippo.com/download_dr_we...
http://www.freedrweb.com/cureit//
http://www.freedrweb.com/cureit/?ln...
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
Documentation
http://download.geo.drweb.com/pub/d...

Copy & Paste the contents of the log into a text file & upload it here.
No time delays/Captcha-I'm not a Robot/account/registration needed. Give us the link please.
http://www.fileconvoy.com/index.php
https://i.imgur.com/7UiiqWr.gif
https://i.imgur.com/6N1gfOj.gif

message edited by Johnw


Reply ↓  Report •

#5
August 7, 2018 at 16:56:42

I hope I did this correctly. Had an awful time downloading Cureit. the malware or what everit is called popped up immediately when I went to the Filehippo site and I had to shut the computer down and then three more times soon after but I finally got it done I think. Thank you for all your help. Susan

http://www.fileconvoy.com/dfl.php?i...


Reply ↓  Report •

#6
August 7, 2018 at 17:03:01
Well done Susan, got the log Ok.

Do you still have a problem?

Next step.

Please download Farbar Recovery Scan Tool and save it onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
http://www.bleepingcomputer.com/dow...
If we have to run Farbar more than once, refer this SS.
http://i.imgur.com/yUxNw0j.gif
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the Desktop.
The first time the tool is run, it makes also another log (Addition.txt) on the Desktop.
The logs are large, upload them using one of these. No time delays/Captcha-I'm not a Robot/account/registration needed. Give us the links please.
http://www.fileconvoy.com/index.php
https://i.imgur.com/7UiiqWr.gif
https://i.imgur.com/6N1gfOj.gif


Reply ↓  Report •

#7
August 8, 2018 at 12:04:17
Here is the link to the files for Farbar Recovery Scan Tool.

http://www.fileconvoy.com/dfl.php?i...

THE MALWARE JUST POPPED UP SINCE I RAN THE FARBAR.

message edited by Pfoot


Reply ↓  Report •

#8
August 8, 2018 at 17:03:22
Whilst I go through the Farbar logs.

Run ESET Online Scanner. Copy and Paste the contents of the log in your reply please. This scan may take a very long while, so please be patient. Maybe start it before going to work or bed.
Make sure these options are checked/ticked in Advanced settings.

Remove found threats, Scan archives, Scan for potentially unsafe applications, Enable Anti-Stealth technology.
http://www.eset.com/us/online-scann...
http://www.eset.com/home/products/o...
http://fs5.directupload.net/images/...
If your comp is unbootable, or won't let you download, you will have to download ESET from a good computer, put it on a flash/thumb/pen/usb drive & run it from there.
Create a ESET SysRescue CD or USB drive
http://www.eset.com/int/support/sys...
How do I use my ESET SysRescue CD or USB flash drive to scan and clean my system?
http://support.eset.com/kb3509/?loc...
http://support.eset.com/kb3509/#create
http://support.eset.com/kb2921/?loc...
Configure ESET this way & disable your AV.
http://i.imgur.com/wZF1Ppi.gif
How to Temporarily Disable your Anti-virus
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
3: Which web browsers are compatible with ESET Online Scanner?
http://support.eset.com/kb405/?loca...
My ESET product detected a threat—what should I do?
http://support.eset.com/kb117/
Once onto a machine, malware can disable antivirus programs, prevent antimalware programs from downloading updates, or prevent a user from running antivirus scans or installing new antivirus software or malware removal tools. At this point even though you are aware the computer is infected, removal is very difficult.
5: Why does the ESET Online Scanner run slowly on my computer?
http://support.eset.com/kb405/?view...
If you have other antivirus, antispyware or anti-malware programs running on your computer, they may intercept the scan being performed by the ESET Online Scanner and hinder performance. You may wish to disable the real-time protection components of your other security software before running the ESET Online Scanner. Remember to turn them back on after you are finished.
17: How can I view the log file from ESET Online Scanner?
http://support.eset.com/kb405/?view...
The ESET Online Scanner saves a log file after running, which can be examined for further analysis. The path to the log file is "C:\Program Files\ESET\EsetOnlineScanner\log.txt" (on 64-bit systems this directory will be "C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt"). You can view this file by navigating to the directory and double-clicking it in Windows Explorer, or by copying and pasting the path specification above (including the quotation marks) into the Start > Run dialog box from the Start Menu on the Desktop.
If no threats are found, you will simply see an information window that no threats were found.
http://www.trishtech.com/security/s...


Reply ↓  Report •

#9
August 9, 2018 at 09:34:52
Well, I downloaded and ran the ESET Online Scanner last night and this morning it had found 4 considered threats and should have deleted them. (The 4 were some that have popped up every so often as possible threats with my antivirus. Two were my coupon printer, can't remember the other two.) I really do not feel like they were the malware problems I am having but what do I know LOL. I tried to save the log like it said and it wanted to save it to document as a text document. I would click the save button but it did not seem to work. It would not save. I've looked in all the places the instructions have said and it is not there so I guess I did not do something right. Needless to say I have no scan log to send you. Should I try to scan it again tonight?

Just found out that my email were not sending. The incredimail that I use on the puter acts like it has sent it but no one receives it. Even tried to send to my yahoo address and never received anything. I tried to go into the email properties and make sure the setting were correct and the properties button would not let me click it for it to come up. Was receiving email fine but now after a few hours away from puter it says I cannot receive because all of my email addresses were working at once. I only have one on there. I assume the malware can do this too? It's definitely starting to reak havok LOL. I will worry about that later in hopes of finding and fixing this that you are trying to help me with. Thought I'd mention it in case it gave you any ideas as to a type of malware or virus. I'm definitely puter illiterate. I get by and that is it.

Just popped up again saying a virus was stealing everything and for me to call a number or it will shut everything down. Also yesterday I had a page to pop up with a nasty game name and cartoon nudity too.

message edited by Pfoot


Reply ↓  Report •

#10
August 9, 2018 at 16:57:11
"Should I try to scan it again tonight?"
No.

Your Farbar logs show you are infected with a rootkit, I can try to fix or you may prefer to do a clean install.

In the meantime, regardless of which route you choose.

Your computer has been compromised with a Backdoor trojan. This allows hackers to remotely control your computer, steal critical system information, download and execute files.
You should disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to advise them of your situation.
I can still clean this machine, but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

Your computer has/had some serious infections with rootkit/backdoor capabilities.
Backdoors provide outsiders full access to your computer, enabling them to record key strokes, steal passwords, spread malwares, and even using it for other illegal activities.
If your computer has been used for important or sensitive data such as online banking, shopping or any other financial transactions, I strongly recommend you to do the following:
Disconnect from the Internet and any network immediately.
Inform your financial institutions that you may be a victim of identity theft and to put a watch on all your accounts or change them.
Change all your online passwords from a clean computer.
Take any other steps that you may think is necessary to prevent financial distress due to identity theft.
How to report ID theft, fraud, drive-by installs, hijacking and malware?
http://www.dslreports.com/faq/10451


Reply ↓  Report •

#11
August 9, 2018 at 22:16:58
Ok, will change passwords on a laptop and shut this one down. for now. a clean install is when you just put it back to factory settings like when you first purchased it. Isn't it. I have done that when we would get a disk when you purchased a puter but now they do not give you one. I may or may not have a copy like they ask you to first do when you purchase it. If I can not find it, will I have to purchase a windows 10 to install? this is an old desk top. I may need to just purchase a new puter.

Reply ↓  Report •

#12
August 9, 2018 at 23:43:41
"put it back to factory settings like when you first purchased it"
Nope, not good enough, you will have the rootkit infection lurking all over the place.

A clean install involves deleting all the partitions during the install.
You keep hitting delete until Format & Delete are greyed out.

"If I can not find it, will I have to purchase a windows 10 to install?"
No, you download Media creation tool
http://windows.microsoft.com/en-us/...
https://www.microsoft.com/en-au/sof...

Skip putting in the product number, it should find it when you go online.
Also skip getting a Microsoft account.

Windows 10 - Clean Install
https://www.tenforums.com/tutorials...
http://www.expertreviews.co.uk/soft...
http://www.expertreviews.co.uk/soft...
http://www.groovypost.com/howto/cle...
http://answers.microsoft.com/en-us/...
http://www.tenforums.com/tutorials/...
http://jayl.ee/blog/2015/07/29/micr...
How to do a Clean Install of Windows 10, the Easy Way
http://www.howtogeek.com/224342/how...

How to install Windows 10 without Microsoft account
http://winaero.com/blog/how-to-inst...
Install Windows 10 without a Microsoft account
http://www.intowindows.com/how-to-i...
You Can Run Windows 10 Without a Microsoft Account
https://windows.gadgethacks.com/how...
Install Windows 10 without a Microsoft Account
http://www.baldnerd.com/install-win...
Windows 10 Drops Reliance on Microsoft Account
https://www.thurrott.com/windows/wi...
How to set up Windows 10 without a Microsoft account
http://www.techadvisor.co.uk/how-to...

Windows 10 tip: Switch back to a local account from a Microsoft account
http://www.zdnet.com/article/window...

message edited by Johnw


Reply ↓  Report •

#13
August 10, 2018 at 21:42:05
Thank you so much for all your help. I have decided that I will probably just buy a new desktop as the other one was about 9 years old anyway. I have taken all the steps at the bank and with my passwords to secure everything I can think of. I do need to ask another question. If I copy my graphics, and some documents will they be safe to put on another computer. Would they have the trogan on them.

Reply ↓  Report •

#14
August 10, 2018 at 22:13:58
"If I copy my graphics, and some documents will they be safe to put on another computer. Would they have the trogan on them"
Maybe, all you can do is run all your scans on them & if they come up clean, take the chance that your scans haven't been outsmarted by the author of the rootkit.

"Two were my coupon printer, can't remember the other two"
If had had proceeded with trying to remove the rootkit, that was on my list. It is a very old nasty, been around a long time.
Google everything you don't know or understand.

Coupon Printer for Windows5.0.1.8)
http://bit.ly/2MFZfcM


Reply ↓  Report •

#15
August 22, 2018 at 04:52:27
I would no reccomend you to use Spyware Doctor and Avast. As an IT security specialist I always reccomend to use two antivirus software due to higher security level. You can check some reviews and download really good software. Please check https://reviewedbypro.com/security/

message edited by JohnMc77


Reply ↓  Report •

Ask Question