I have contracted a Virus that shows many Ads

Page 9 of 17 FirstFirst ... 7891011 ... LastLast

  1. Posts : 16,325
    W10Prox64
       #81

    Thanks @You. Will keep those in mind if we need them. We still have a few things to accomplish before I could say we're at a standstill. So far, we are progressing as expected.
    @Writer: here is the one setting I would like you to make on the Malwarebytes anti-exploit (MBAE)

    I have contracted a Virus that shows many Ads-mbae01.png

    Untick the box to tooltips - they get annoying.

    Let me know when the SuperAntiSpyware (SAS) scan has completed. I will be available now for about an hour. Thanks.
      My Computer


  2. Posts : 659
    10 preview 64bit
       #82

    MS Defender


    Eset does not turn this program off, one of the malware progs has done this.
    It will need to be reset manually.

    Roy
      My Computer


  3. Posts : 174
    Windows 10 Version 1709 as of 01-21-218
    Thread Starter
       #83

    For simrick


    I ran the Scan for SuperAntiSpyware; here is the Scan log: it is long: the Trojan files are at the very end:
    It requested that I "Reboot" afterward, so I did.

    SUPERAntiSpyware Scan Log 11-17-2015 4.35 pm.docx

    Concerning the Malwarebytes Anti-Exploit: Now I can't find the window with all of the tabs at the top. When I go to downloads and bring it up, it has me go through the installation process again. I'll continue to look for it.
      My Computer


  4. Posts : 16,325
    W10Prox64
       #84

    Writer said:
    I ran the Scan for SuperAntiSpyware; here is the Scan log: it is long: the Trojan files are at the very end:

    SUPERAntiSpyware Scan Log 11-17-2015 4.35 pm.docx

    Concerning the Malwarebytes Anti-Exploit: Now I can't find the window with all of the tabs at the top. When I go to downloads and bring it up, it has me go through the installation process again. I'll continue to look for it.
    Thanks, I will have a look at the log.

    The MBAE icon is probably hidden. Look in the bottom right-hand corner of your screen - see all the icons? There will be a little "UP" arrow, and if you click that, a lot of other running icons will show - MBAE will be a shield there. Hover over the icon and right-click and select SHOW.
      My Computer


  5. Posts : 174
    Windows 10 Version 1709 as of 01-21-218
    Thread Starter
       #85

    For simrick


    I found the Icon for Malwarebytes Anti-Exploit in the bottom-right corner. I unchecked the "Show system tray notification tooltips."

    After the SuperAntiSpyware Scan, It requested a Reboot, so I did one.
      My Computer


  6. Posts : 16,325
    W10Prox64
       #86

    Writer said:
    I found the Icon for Malwarebytes Anti-Exploit in the bottom-right corner. I unchecked the "Show system tray notification tooltips."

    After the SuperAntiSpyware Scan, It requested a Reboot, so I did one.
    Great!

    Trojan.Agent/Gen-Qbot: Qbot is a very nasty backdoor trojan that "hooks" into the API system. It's very difficult to get rid of, but SuperAntiSpyware should have done the trick.

    Zeus/Zbot: Trojan.Agent/Gen-Zbot
    Trojan.Zbot | Symantec
    Functionality
    This Trojan has primarily been designed to steal confidential information from the computers it compromises. It specifically targets system information, online credentials, and banking details, but can be customized through the toolkit to gather any sort of information. This is done by tailoring configuration files that are compiled into the Trojan installer by the attacker. These can later be updated to target other information, if the attacker so wishes.

    Confidential information is gathered through multiple methods. Upon execution the Trojan automatically gathers any Internet Explorer, FTP, or POP3 passwords that are contained within Protected Storage (PStore). However, its most effective method for gathering information is by monitoring Web sites included in the configuration file, sometimes intercepting the legitimate Web pages and inserting extra fields (e.g. adding a date of birth field to a banking Web page that originally only requested a user name and password).

    Additionally, Trojan.Zbot contacts a command-and-control (C&C) server and makes itself available to perform additional functions. This allows a remote attacker to command the Trojan to download and execute further files, shutdown or reboot the computer, or even delete system files, rendering the computer unusable without reinstalling the operating system.
    @Writer I am not happy to see this. As a result, I will advise that you change all your passwords including email, online shopping, credit card accounts, online banking accounts, online retailers, etc. Start with email and work on from there. Hackers will target email to impersonate you, and begin the identity theft procedures. If your information has been compromised, it will be all over places like Pastebin, for the whole world to see.

    I'm really sorry about that. I will help you set up Firefox with a password manager when we are sure you are clean. For now, when changing passwords, DO NOT let your browser store them. Stored passwords in browsers are too easily stolen.

    Just write them down in a little notebook for now as you change them.
      My Computer


  7. Posts : 16,325
    W10Prox64
       #87

    updating the RECAP list:

    So, to recap,
    DONE-Set another restore point,
    DONE-Run ESET from Firefox, save the log file and paste it here, let it delete whatever it finds.
    DONE-Run Malwarebytes Anti-Exploit (see post #17)
    Download and install Malwarebytes Anti-Exploit
    This will help protect your browsers against zero-day attacks.
    DONE-Run SuperAntiSpyware ( see post #49)

    (a lot of instructions with pics - I will not paste here.)

    Please run one last scan of Malwarebytes Antimalware - but this time you're going to do a full scan of drive C and not just a threat scan (see my instructions in previous post #75)

    I will be unavailable now for 1-1/2 to 2 hours. Please be patient with me. I will be back later.
      My Computer


  8. Posts : 16,325
    W10Prox64
       #88

    One question - when you rebooted last time, did you still receive the bad DLL call error?
      My Computer


  9. Posts : 174
    Windows 10 Version 1709 as of 01-21-218
    Thread Starter
       #89

    simrick said:
    One question - when you rebooted last time, did you still receive the bad DLL call error?
    Yes, I still received the exact same error.

    I'm running the Malwarebytes Antimalware Scan now, it has been running for 41 minutes so far. It's now 6:09 pm EST. It's now been running for one hour and six minutes; it's 6:33 pm EST.

    MWAM has been running for 1 hour & 32 Minutes now: it is 7:00 pm EST. So far, there are 16 detected objects.

    I plugged in the Flash Drive that I have been using, and I checked the E Drive on MWAM. Will MWAM also Scan the Flash Drive?

    Concerning your recommendation not to use Microsoft Edge: Is it OK to use Internet Explorer as well as FireFox?

    That's bad news about the Trojan malware. I'll start changing my passwords as soon as possible.

    Question: What is the API System the the Trojan.Agent/Gen-Qbot infects? What does API stand for?

    The viruses have been on my computer since Monday, November 9, 2015, at about 2:00 pm; that's nine days total. The viruses made using the infected computer so difficult that I didn't use it very much. I used another computer I have that has Windows 7 Professional on it during several days after Nov. 9. Hopefully, the Trojan viruses did not have much success in collecting information. It's lucky that I heard about Windows Ten Forums, otherwise I would have been in real deep trouble.

    It has been very worthwhile to run a variety of Scans; I'm glad that you have made these recommendations.
    Last edited by Writer; 17 Nov 2015 at 19:17.
      My Computer


  10. Posts : 16,325
    W10Prox64
       #90

    Writer said:
    One question - when you rebooted last time, did you still receive the bad DLL call error?
    Yes, I still received the exact same error.
    Okay. I hope to resolve that when we get to the Ccleaner step. Just making sure it's still on the list to fix.

    Writer said:
    I'm running the Malwarebytes Antimalware Scan now, it has been running for 41 minutes so far. It's now 6:09 pm EST. It's now been running for one hour and six minutes; it's 6:33 pm EST.
    Yes, this is a full scan, not just a threat scan, and it will take some time. But, it is necessary, so we must be patient.

    Writer said:
    MWAM has been running for 1 hour & 32 Minutes now: it is 7:00 pm EST. So far, there are 16 detected objects.
    Okay. Please let it finish. I will need the log file when it's done.

    Writer said:
    I plugged in the Flash Drive that I have been using, and I checked the E Drive on MWAM. Will MWAM also Scan the Flash Drive?
    If you plugged in the flash drive, and it was assigned a letter, say E:\, and you checked the box to scan E:\ as well, then yes, MBAM will scan it.

    Writer said:
    Concerning your recommendation not to use Microsoft Edge: Is it OK to use Internet Explorer as well as FireFox?
    Internet Explorer (IE) does not have the add-on & settings capabilities like Firefox does, which I will be recommending for you. In Firefox, we can add several extensions, and also modify certain settings to *not* allow flash and java to run without your input. I'll also recommend a password manager, all of this for your surfing safety. In this case, I would strongly suggest you stick with Firefox, and only use IE if you happen to come across a particular website which does not function in Firefox (FF) (which almost NEVER happens anymore).

    Writer said:
    That's bad news about the Trojan malware. I'll start changing my passwords as soon as possible.
    Yes, I was afraid of this. That's why I kept pushing for log files. It's important to not only clean the system, but to identify exactly what was on it, so you know just how much and what kind of damage was done. There are some infections which are so bad, your only course of action is a complete wipe of the hard disk, and a fresh install. In some cases, you will even find that a hidden partition has been created by the malware on the hard drive. Even, there are some infections that survive a complete wipe and fresh install.

    Writer said:
    Question: What is the API System the the Trojan.Agent/Gen-Qbot infects? What does API stand for?
    In computer programming, an application programming interface (API) is a set of routines, protocols, and tools for building software applications. An API expresses a software component in terms of its operations, inputs, outputs, and underlying types.
    Writer said:
    The viruses have been on my computer since Monday, November 9, 2015, at about 2:00 pm; that's nine days total. The viruses made using the infected computer so difficult that I didn't use it very much. I used another computer I have that has Windows 7 Professional on it during several days after Nov. 9. Hopefully, the Trojan viruses did not have much success in collecting information. It's lucky that I heard about Windows Ten Forums, otherwise I would have been in real deep trouble.
    Yes, well, good that you were using a different computer; bad that the infections got as severe as they did. The problem is, anything existing on the computer could have been compromised: i.e. any passwords saved in browsers are assumed stolen now. Any tax info/social security numbers/other personal ID information that may be stored in documents on the computer are assumed compromised. The Zbot/Zeus infection affords the attacker complete control of the infected computer - you have to assume they had access to everything, and proceed accordingly.

    I'm glad we are able to help! I only wish we could have gotten to it sooner....

    Writer said:
    It has been very worthwhile to run a variety of Scans; I'm glad that you have made these recommendations.
    Thank you for your patience, and following, what can be at times, some very confusing instructions.
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 06:56.
Find Us




Windows 10 Forums