Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Internet Related Virus or Rootkit?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Internet Related Virus or Rootkit?

Unread postby newjackridi » August 7th, 2012, 11:12 pm

The ESET scanner had no log option... It said "No Threats Found" though. Here is the log from OTL and the Malwarebytes log after.

All processes killed
========== PROCESSES ==========
========== OTL ==========
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Parent

User: Public

User: User
->Temp folder emptied: 480 bytes
->Temporary Internet Files folder emptied: 6742690 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 523 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 90 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 449 bytes

Total Files Cleaned = 7.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Parent

User: Public

User: User
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Parent

User: Public

User: User
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.56.0 log created on 08072012_203814

Files\Folders moved on Reboot...
C:\Users\User\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\User\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.07.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
User :: USER-HP [administrator]

8/7/2012 8:43:47 PM
mbam-log-2012-08-07 (20-43-47).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 204966
Time elapsed: 4 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
newjackridi
Regular Member
 
Posts: 82
Joined: December 22nd, 2011, 5:35 pm
Advertisement
Register to Remove

Re: Internet Related Virus or Rootkit?

Unread postby newjackridi » August 7th, 2012, 11:17 pm

I'm sorry about the malwarebytes site link that was just part of the log i only copy & pasted I promise.
newjackridi
Regular Member
 
Posts: 82
Joined: December 22nd, 2011, 5:35 pm

Re: Internet Related Virus or Rootkit?

Unread postby deltalima » August 8th, 2012, 4:17 am

Hi newjackridi,

The logs are showing no indication af a Malware issue and I suspect your issues may not be malware related.

Could you give me more details of the security certificate issues, the exact wording of the error?
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Internet Related Virus or Rootkit?

Unread postby newjackridi » August 8th, 2012, 6:21 pm

Something like "The certificate is not valid. Someone may be trying to trick you." Or something along those lines. Is it possible that a hacker is attacking my computer via my IP address?
newjackridi
Regular Member
 
Posts: 82
Joined: December 22nd, 2011, 5:35 pm

Re: Internet Related Virus or Rootkit?

Unread postby deltalima » August 9th, 2012, 3:23 am

I really need to know the exact error message. How often does it happen?
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Internet Related Virus or Rootkit?

Unread postby newjackridi » August 9th, 2012, 6:35 pm

It's the same error message you get every time you get a certificate error. It says not to continue to the site, etc. It hasn't happened since a couple days ago, so I don't know the exact wording.
If it is a hacker is there any way to protect my computer?
newjackridi
Regular Member
 
Posts: 82
Joined: December 22nd, 2011, 5:35 pm

Re: Internet Related Virus or Rootkit?

Unread postby newjackridi » August 9th, 2012, 6:39 pm

There is a problem with this website's security certificate.


The security certificate presented by this website was issued for a different website's address.

Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.
We recommend that you close this webpage and do not continue to this website.
newjackridi
Regular Member
 
Posts: 82
Joined: December 22nd, 2011, 5:35 pm

Re: Internet Related Virus or Rootkit?

Unread postby newjackridi » August 9th, 2012, 9:11 pm

Now I'm getting it like every other hour.
newjackridi
Regular Member
 
Posts: 82
Joined: December 22nd, 2011, 5:35 pm

Re: Internet Related Virus or Rootkit?

Unread postby deltalima » August 10th, 2012, 3:00 am

Hi newjackridi,

ComboFix
Image
Please download ComboFix.exe... © Copyrighted to sUBs. Save it to your desktop. <<--- IMPORTANT!! .
If you previously downloaded ComboFix, please delete that version and download it again. This tool is frequently updated.

The first thing you need to do is print out How-To-Use-ComboFix. Read these instructions thoroughly.
You will not have Internet access when you execute ComboFix.
Please disable any Antivirus or Firewall you have active, as shown in this topic. Close all open application windows.

  1. Double click the ComboFix.exe icon on your desktop to begin execution. If you receive the "Open File - Security Warning"... press Run.
  2. Press Yes to the Disclaimer prompt.
    ComboFix screen appears... preparing to run. ComboFix will now begin creating a System Restore Point and then backup your registry.
  3. For XP users: If not already installed... Press "Yes" to any "Recovery Console" prompts.
    Do Not use your keyboard or mouse click anywhere in the ComboFix window, as this may cause the program to stall or crash!
    When finished... Notepad will open ... ComboFix will produce a log file called "ComboFix.txt".
  4. Please copy/paste the contents of ComboFix.txt... in your next reply.
Do NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is a powerful tool intended by its creator to be used under the guidance and supervision of an expert, NOT for general public or personal use. Using this tool incorrectly could lead to serious problems with your operating system such as preventing it from ever starting again. This site, sUBs and myself will not be responsible for any damage caused to your machine by misusing or running ComboFix on your own. Please read Combofix's Disclaimer.

** Enable your Antivirus and Firewall, before connecting to the Internet again! **
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Internet Related Virus or Rootkit?

Unread postby newjackridi » August 10th, 2012, 6:22 pm

Before I use ComboFix, is there a reason why I'm using ComboFix? It seems dangerous, I'm not an experienced computer user, so I don't want to mess up and ruin my computer. Is there a safer alternative? Can I please just get a detailed explanation as to why I need to use ComboFix and if there is any other solution?
newjackridi
Regular Member
 
Posts: 82
Joined: December 22nd, 2011, 5:35 pm

Re: Internet Related Virus or Rootkit?

Unread postby deltalima » August 11th, 2012, 10:40 am

Hi newjackridi,

is there a reason why I'm using ComboFix? It seems dangerous


The scans that have been run so far have failed to identify any significant signs of malware on the computer and so we need to use more powerful tools to investigate further.

Whilst there can be no guarantees of safety, in this case I am of the opinion that Combofix is the appropriate tool to use. The choice however is yours.

Please let me know how you would like to continue.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Internet Related Virus or Rootkit?

Unread postby newjackridi » August 11th, 2012, 7:24 pm

Is there something else? I don't have a printer so I can't print out the directions.
newjackridi
Regular Member
 
Posts: 82
Joined: December 22nd, 2011, 5:35 pm

Re: Internet Related Virus or Rootkit?

Unread postby deltalima » August 12th, 2012, 1:13 pm

Hi newjackridi,

Due to unwillingness to run the requested tools the topic will be closed.

Please follow these steps in order to keep your computer clean and secure.


Clean up with OTL

  • Double-click OTL.exe to start the program. This will remove all the tools we used to clean your pc.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.



Update your AntiVirus Software and keep your other programs up-to-date
Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Security Updates for Windows, Internet Explorer & Microsoft Office
Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.

Happy surfing and stay clean!
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 44 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware