Page 2 of 4 FirstFirst 1234 LastLast
Results 11 to 20 of 34

Thread: FBI virus page

  1. #11
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,181
    Points
    1308

    Default

    Not seeing the FBI Virus.

    Please carry on with instructions

    A few items to fix

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Open notepad (Start =>All Programs => Accessories => Notepad).
    Copy/Paste the contents of the code box below into Notepad.

    Code:
    start
    CloseProcesses:
    CreateRestorePoint:
    HKLM\...\Run: [] => [X]
    HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\MountPoints2: H - H:\LaunchU3.exe -a
    HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\MountPoints2: {25fcc4e1-02ea-11e3-9780-6431508a79d6} - H:\PhotoViewer.exe
    SearchScopes: HKLM -> DefaultScope value is missing
    S2 LMIInfo; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys [X]
    S4 LMIRfsClientNP; No ImagePath
    C:\Users\Herb\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpm3shxz.dll
    C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe
    C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
    C:\Program Files\Lavasoft\Web Companion\TcpService\2.3.4.2\LavasoftTcpService.exe
    C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe
    C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe
    C:\Program Files\Lavasoft
    R2 SearchProtectionService; C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [19816 2015-05-25] ()
    R2 LavasoftTcpService; C:\Program Files\Lavasoft\Web Companion\TcpService\2.3.4.2\LavasoftTcpService.exe [2751816 2015-05-25] (Lavasoft Limited)
    R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe [670808 2015-03-10] ()
    C:\Users\Herb\AppData\Roaming\Lavasoft
    C:\Program Files\Common Files\Lavasoft
    C:\ProgramData\Lavasoft
    C:\Users\Herb\Downloads\Adaware_Installer.exe
    Ad-Aware Web Companion (Version: 2.0.1013.2086 - Lavasoft) Hidden
    AdAwareInstaller (Version: 11.6.306.7947 - Lavasoft) Hidden
    AdAwareUpdater (Version: 11.6.306.7947 - Lavasoft) Hidden
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1001_Classes\CLSID\{6D7AE628-FF41-4CD3-91DD-34825BB1A251}\localserver32 -> C:\Program Files\AutoCAD 2010\acad.exe /Automation No File
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1001_Classes\CLSID\{D70E31AD-2614-49F2-B0FC-ACA781D81F3E}\localserver32 -> C:\Program Files\AutoCAD 2010\acad.exe No File
    CMD: bitsadmin /reset /allusers
    CMD: netsh winsock reset catalog
    CMD: ipconfig /flushdns
    RemoveProxy:
    hosts:
    Emptytemp:
    Click Format and ensure Wordwrap is unchecked.
    Save as Fixlist.txt to your Desktop (Must be in this location)
    Run FRST/FRST64 and press the Fix button just once and wait.
    If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

    Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

    Next

    Please download AdwCleaner by Xplode onto your Desktop.
    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click the Scan button and wait for the process to complete.
    • Click the logfile button and the log will open in Notepad.
    • NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
    • Click on the Clean button follow the prompts.[/*]
    • A log file will automatically open after the scan has finished and the PC has rebooted.
    • Please post the content of that log file with your next answer.
    • You can find the log file at C:\AdwCleaner


    Next

    Please download Junkware Removal Tool to your Desktop.

    Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
    Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
    The tool will open and start scanning your system.
    Please be patient as this can take a while to complete, depending on your system's specifications.
    On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
    Please post the contents of JRT.txt into your reply.

    In your next reply post;

    • Fixlog.txt
    • The AdwCleaner [SO].txt Log
    • The JRT.txt Log


    Thanks
    Joe

  2. #12
    Member
    Join Date
    May 2015
    Posts
    76
    Points
    0

    Default

    Fix result of Farbar Recovery Scan Tool (x86) Version: 29-05-2015
    Ran by Herb at 2015-05-31 20:34:26 Run:1
    Running from C:\Users\Herb\Desktop
    Loaded Profiles: Herb (Available Profiles: Herb & Admiis)
    Boot Mode: Normal

    ==============================================

    fixlist content:
    *****************
    start
    CloseProcesses:
    CreateRestorePoint:
    HKLM\...\Run: [] => [X]
    HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\MountPoints2: H - H:\LaunchU3.exe -a
    HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\MountPoints2: {25fcc4e1-02ea-11e3-9780-6431508a79d6} - H:\PhotoViewer.exe
    SearchScopes: HKLM -> DefaultScope value is missing
    S2 LMIInfo; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys [X]
    S4 LMIRfsClientNP; No ImagePath
    C:\Users\Herb\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpm3shxz.dll
    C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe
    C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
    C:\Program Files\Lavasoft\Web Companion\TcpService\2.3.4.2\LavasoftTcpService.exe
    C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe
    C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe
    C:\Program Files\Lavasoft
    R2 SearchProtectionService; C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [19816 2015-05-25] ()
    R2 LavasoftTcpService; C:\Program Files\Lavasoft\Web Companion\TcpService\2.3.4.2\LavasoftTcpService.exe [2751816 2015-05-25] (Lavasoft Limited)
    R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe [670808 2015-03-10] ()
    C:\Users\Herb\AppData\Roaming\Lavasoft
    C:\Program Files\Common Files\Lavasoft
    C:\ProgramData\Lavasoft
    C:\Users\Herb\Downloads\Adaware_Installer.exe
    Ad-Aware Web Companion (Version: 2.0.1013.2086 - Lavasoft) Hidden
    AdAwareInstaller (Version: 11.6.306.7947 - Lavasoft) Hidden
    AdAwareUpdater (Version: 11.6.306.7947 - Lavasoft) Hidden
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1001_Classes\CLSID\{6D7AE628-FF41-4CD3-91DD-34825BB1A251}\localserver32 -> C:\Program Files\AutoCAD 2010\acad.exe /Automation No File
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1001_Classes\CLSID\{D70E31AD-2614-49F2-B0FC-ACA781D81F3E}\localserver32 -> C:\Program Files\AutoCAD 2010\acad.exe No File
    CMD: bitsadmin /reset /allusers
    CMD: netsh winsock reset catalog
    CMD: ipconfig /flushdns
    RemoveProxy:
    hosts:
    Emptytemp:
    *****************

    Processes closed successfully.
    Restore point was successfully created.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value not found.
    "HKU\S-1-5-21-57612297-3157999027-2505413976-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H" => key Removed successfully.
    "HKU\S-1-5-21-57612297-3157999027-2505413976-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{25fcc4e1-02ea-11e3-9780-6431508a79d6}" => key Removed successfully.
    HKCR\CLSID\{25fcc4e1-02ea-11e3-9780-6431508a79d6} => key not found.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
    LMIInfo => Service Removed successfully.
    LMIRfsClientNP => Service Removed successfully.
    "C:\Users\Herb\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpm3shxz.dll" => File/Folder not found.
    "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe" => File/Folder not found.
    C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe => Moved successfully.
    C:\Program Files\Lavasoft\Web Companion\TcpService\2.3.4.2\LavasoftTcpService.exe => Moved successfully.
    C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe => Moved successfully.
    "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe" => File/Folder not found.
    C:\Program Files\Lavasoft => Moved successfully.
    SearchProtectionService => Service Removed successfully.
    LavasoftTcpService => Service Removed successfully.
    LavasoftAdAwareService11 => Service not found.
    C:\Users\Herb\AppData\Roaming\Lavasoft => Moved successfully.
    "C:\Program Files\Common Files\Lavasoft" => File/Folder not found.
    C:\ProgramData\Lavasoft => Moved successfully.
    C:\Users\Herb\Downloads\Adaware_Installer.exe => Moved successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7ADC1B3B-06CB-4EC2-80A7-F063B2C5FE42}\\SystemComponent => value Removed successfully.
    "HKU\S-1-5-21-57612297-3157999027-2505413976-1001_Classes\CLSID\{6D7AE628-FF41-4CD3-91DD-34825BB1A251}" => key Removed successfully.
    "HKU\S-1-5-21-57612297-3157999027-2505413976-1001_Classes\CLSID\{D70E31AD-2614-49F2-B0FC-ACA781D81F3E}" => key Removed successfully.

    ========= bitsadmin /reset /allusers =========


    BITSADMIN version 3.0 [ 7.5.7601 ]
    BITS administration utility.
    (C) Copyright 2000-2006 Microsoft Corp.

    BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
    Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

    Unable to cancel {DD79BBB8-0335-4F9E-A73C-31507E20D52C}.
    0 out of 1 jobs canceled.

    ========= End of CMD: =========


    ========= netsh winsock reset catalog =========


    Sucessfully reset the Winsock Catalog.
    You must restart the computer in order to complete the reset.


    ========= End of CMD: =========


    ========= ipconfig /flushdns =========


    Windows IP Configuration

    Successfully flushed the DNS Resolver Cache.

    ========= End of CMD: =========


    ========= RemoveProxy: =========

    HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value Removed successfully.
    HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value Removed successfully.
    HKU\S-1-5-21-57612297-3157999027-2505413976-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value Removed successfully.
    HKU\S-1-5-21-57612297-3157999027-2505413976-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value Removed successfully.


    ========= End of RemoveProxy: =========

    "C:\Windows\System32\Drivers\etc\hosts" => Could not move.
    Hosts restored successfully.
    EmptyTemp: => Removed 383.7 MB temporary data.


    The system needed a reboot.

    ==== End of Fixlog 20:35:15 ====

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.8.6 (05.31.2015:1)
    OS: Windows 7 Professional x86
    Ran by Herb on Sun 05/31/2015 at 20:52:54.51
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Tasks



    ~~~ Registry Values

    Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_6F9A4A8CE3698DD8CD7DB1498B0D00E1



    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders



    ~~~ Chrome


    [C:\Users\Herb\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

    [C:\Users\Herb\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

    [C:\Users\Herb\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

    [C:\Users\Herb\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sun 05/31/2015 at 20:55:12.71
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    # AdwCleaner v4.206 - Logfile created 31/05/2015 at 20:45:25
    # Updated 01/06/2015 by Xplode
    # Database : 2015-05-31.5 [Server]
    # Operating system : Windows 7 Professional Service Pack 1 (x86)
    # Username : Herb - HERB-PC
    # Running from : C:\Users\Herb\Desktop\adwcleaner_4.206.exe
    # Option : Cleaning

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\Users\Admiis\AppData\LocalLow\HPAppData
    File Deleted : C:\prefs.js

    ***** [ Scheduled tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
    Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
    Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BDF61FAE-9D19-40F0-8F34-688DEB334CA9}
    Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp

    ***** [ Web browsers ] *****

    -\\ Internet Explorer v11.0.9600.17801

    Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

    -\\ Google Chrome v43.0.2357.81


    *************************

    AdwCleaner[R0].txt - [1843 bytes] - [12/01/2014 16:36:01]
    AdwCleaner[R1].txt - [1476 bytes] - [16/03/2014 09:36:29]
    AdwCleaner[R2].txt - [3747 bytes] - [29/06/2014 11:33:28]
    AdwCleaner[R3].txt - [1727 bytes] - [31/05/2015 20:40:24]
    AdwCleaner[R4].txt - [1786 bytes] - [31/05/2015 20:43:13]
    AdwCleaner[S0].txt - [1930 bytes] - [12/01/2014 16:37:41]
    AdwCleaner[S1].txt - [1547 bytes] - [16/03/2014 10:21:05]
    AdwCleaner[S2].txt - [3858 bytes] - [29/06/2014 11:37:06]
    AdwCleaner[S3].txt - [1642 bytes] - [31/05/2015 20:45:25]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1701 bytes] ##########

    Thanks for your help so far and I will be back tomorrow.

  3. #13
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,181
    Points
    1308

    Default

    ok.

    Everything looks good so far.

  4. #14
    Member
    Join Date
    May 2015
    Posts
    76
    Points
    0

    Default

    Thanks Joe, the page with the "FBI virus" popped up but I did not click anything just immediately shut down the browser and rebooted the laptop. What should I do next, do you need any other log reports or should I just uninstall the programs you had me install? Going forward Spybot and Ad Aware are not recommended by you? Is Avast AV ok or should I use something else? At work right now so it will not be until tonite I can do anything further just thought I would respond now.

  5. #15
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,181
    Points
    1308

    Default

    Hello,

    You don't have the FBI Virus it looks like a pop up window only. Lets reset the Chrome browser.

    Reset your Chrome browser settings
    1.In the top-right corner of the browser window, click the Chrome menu
    2.Select Settings.
    3.At the bottom, click Show advanced settings.
    4.Under the section "Reset settings,” click Reset settings.
    5.In the dialog that appears, click Reset.

    Avast is all you need. If you want you may reinstall spybot we remove that because it gets in the way of fixing. I'll clean up the tools we downloaded when time comes.

    Please run this scan too. It may take quite a while.

    ESET Online Scanner

    Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

    • Please go >>HERE<< then click on:

      Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the icon to install.

      All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
    • Select the option YES, I accept the Terms of Use then click on:
    • When prompted allow the Add-On/Active X to install.
    • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
    • Now click on Advanced Settings and select the following:
      1. Scan for potentially unwanted applications
      2. Scan for potentially unsafe applications
      3. Enable Anti-Stealth Technology
    • Now click on:
    • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
    • When completed the Online Scan will begin automatically.
    • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
    • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
    • Copy and paste that log as a reply to this topic.
    • Now click on:
      (Selecting Uninstall application on close if you so wish)


    Post the ESET scan report in your next reply

  6. #16
    Member
    Join Date
    May 2015
    Posts
    76
    Points
    0

    Default

    ESETSmartInstaller@High as CAB hook log:
    OnlineScanner.ocx - registred OK

  7. #17
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,181
    Points
    1308

    Default

    Nothing found so that's good.

    Still getting pop up of FBI Page in Chrome ?

  8. #18
    Member
    Join Date
    May 2015
    Posts
    76
    Points
    0

    Default

    ESETSmartInstaller@High as CAB hook log:
    OnlineScanner.ocx - registred OK

  9. #19
    Member
    Join Date
    May 2015
    Posts
    76
    Points
    0

    Default

    no never saw it again

  10. #20
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,181
    Points
    1308

    Default

    Almost done,


    Download Security Check by screen317 from Here or Here
    Save it to your Desktop.
    Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.

Page 2 of 4 FirstFirst 1234 LastLast