Page 6 of 12 FirstFirst ... 45678 ... LastLast
  1.    21 Dec 2015 #51
    Join Date : Apr 2015
    Posts : 12,999
    W10Prox64

    So, I am going through the thread, and noting everything that has been run by people infected with this:

    ESET
    Defender
    Malwarebytes Anti-rootkit
    Malwarebytes Antimalware
    TDSSKiller
    HitmanPro
    ZHPCleaner
    RogueKiller
    Comodo Rescue Disk
    Spybot
    ADWCleaner
    RKILL
    JRT
    Resetting all browsers/Flushing DNS

    Yes, I have info on how to report this to the AVs.
      My ComputerSystem Spec
  2.    21 Dec 2015 #52
    Join Date : Dec 2015
    Posts : 21
    10 64bit

    Looks like it did show up on Rkill but looked meaningless

    2015-12-09 11:30 - 2015-12-16 18:00 - 00000548 _____ C:\WINDOWS\Tasks\Adobe Acrobat Pro DC Update.job
    2015-12-09 11:30 - 2015-12-09 11:30 - 00003448 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Pro DC Update
    2015-12-09 11:30 - 2015-12-09 11:30 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Adobe Acrobat Pro DC
      My ComputerSystem Spec
  3.    21 Dec 2015 #53
    Join Date : Apr 2015
    Posts : 12,999
    W10Prox64

    Quote Originally Posted by mixolyd View Post
    Looks like it did show up on Rkill but looked meaningless

    2015-12-09 11:30 - 2015-12-16 18:00 - 00000548 _____ C:\WINDOWS\Tasks\Adobe Acrobat Pro DC Update.job
    2015-12-09 11:30 - 2015-12-09 11:30 - 00003448 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Pro DC Update
    2015-12-09 11:30 - 2015-12-09 11:30 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Adobe Acrobat Pro DC
    So RKILL temporarily stopped it, but everything goes back to status quo upon reboot. And because it's disguised as Acrobat update, it wasn't flagged by any of the AVs or other scanners.
      My ComputerSystem Spec
  4.    21 Dec 2015 #54
    Join Date : Apr 2015
    Posts : 12,999
    W10Prox64

    @mixolyd Now that you are clean, I would recommend running CryptoPrevent on your system. This program was originally written to prevent encryption infections, but also includes protection for a whole host of other infections as well. It works by setting Group Policies, preventing malware from running executables from typical places such as the App Data folder. There's a free version, which you run once, set the protection, and then occasionally manually update.
      My ComputerSystem Spec
  5.    21 Dec 2015 #55
    Join Date : Apr 2015
    Posts : 12,999
    W10Prox64

    Quote Originally Posted by moraleja39 View Post
    Here are all the things I had to wipe:

    • The scheduled task. Its name was "Adobe Acrobat Pro DC Update". You can open the task scheduler writing taskschd.msc on the start menu search bar and hitting enter.
    • A file named "settings.ini" located on %APPDATA%\Adobe Acrobat Pro DC". Full path could be "C:\Users\[username]\AppData\Roaming\Adobe Acrobat Pro DC\settings.ini".
    • In my case, two fake certificates. Open the certificate manager writing certmgr.msc on the start menu and hitting enter. The certificates are named "DO_NOT_TRUST_FiddlerRoot" and are under the folder "trusted root CAs" (or however it is in English)
    • Registry changes used to force proxy usage. In my case, I totally deleted the following values:
      • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
      • HKCU\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
      • HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnableAutoProxyResultCache

    • Just in case it is still enabled, disable the proxy. Go to control panel, internet settings, connections, LAN settings, and disable all checkboxes.


    I also will attach the removed INI and certificate files, just in case they could be of use to anybody reading this, as they are not dangerous per se.

    Thank you very much for your efforts!
      My ComputerSystem Spec
  6.    21 Dec 2015 #56
    Join Date : Dec 2015
    Posts : 21
    10 64bit

    Quote Originally Posted by simrick View Post
    @mixolyd Now that you are clean, I would recommend running CryptoPrevent on your system. This program was originally written to prevent encryption infections, but also includes protection for a whole host of other infections as well. It works by setting Group Policies, preventing malware from running executables from typical places such as the App Data folder. There's a free version, which you run once, set the protection, and then occasionally manually update.
    Will do. Thanks!
      My ComputerSystem Spec
  7.    21 Dec 2015 #57
    Join Date : Apr 2015
    Posts : 12,999
    W10Prox64

    Quote Originally Posted by flavien317 View Post
    I have Windows 10 . And sometime i have a cmd popup show and close my chrome browser. After if i do a search on google, it's redirect to a fake google. I go to internet option, connection, network configuration, i have this:


    Attachment 43714




    I have cleanup with kasperky, ccleaner, adwcleaner and doesn't work. How to solve it ?

    Here is the solution, found in post #49.
    Please perform the steps indicated and advise if that resolves things for you as well. If so, please mark the thread as solved, and modify your first post to show post #49 as the solution. Thanks.
      My ComputerSystem Spec
  8.    21 Dec 2015 #58
    Join Date : Apr 2015
    Posts : 12,999
    W10Prox64

    Quote Originally Posted by nakiel View Post
    Nah... still not gotten rid of it...

    Malwarebytes Anti-Malware found some more unwated stuff; works for now
    Quote Originally Posted by pnrao1948 View Post
    After using almost all antivirus, spyware and malware removing programs and crashing one computer, I found out a work around.
    And that is to delete the infected account and start a new account.
    Quote Originally Posted by Maintown View Post
    I am also having this EXACT problem. I have the same registry key listed above and cleared it just now (thanks, this is the only thing I have missed so far), otherwise I have run all the suggested fixes and tools to no avail. Glad I found this thread and that I am not the only one with the issue. I will update on the status of what happens with mine.
    Guys, here is the solution, found in post #49.
    Please perform the steps indicated and advise if that resolves things for you as well.

    Many thanks to @moraleja39 for the investigative work!
      My ComputerSystem Spec
  9.    22 Dec 2015 #59
    Join Date : Jul 2015
    Posts : 903
    Windows 10 Home x64

    I wonder if this is related or not...
      My ComputerSystem Spec
  10.    22 Dec 2015 #60
    Join Date : Apr 2015
    Posts : 12,999
    W10Prox64

    Quote Originally Posted by eLPuSHeR View Post
    I wonder if this is related or not...
    I don't think so, as TDSSKiller was run and did nothing on one infected system.
    Last edited by simrick; 28 Dec 2015 at 20:24.
      My ComputerSystem Spec

 
Page 6 of 12 FirstFirst ... 45678 ... LastLast


Similar Threads
Thread Forum
Solved Edge browser can't access LOCALHOST type of IP addresses (build 10122
Hi there same problem with EDGE (the new browser) - can't access localhost type of addresses. I use several media servers with Web interface for controls etc. Get around - use loopback adapter -- but why should I -- Chrome / FF / IE all work...
Browsers and Email
Solved Dont forget EDGE CAN access Localhost type IP addresses now
Hi there Edge has been modified so you CAN set it to access local host type of sites (at least in build 10240). This was mentioned a while ago but just as a reminder -- many people have servers etc that have a web interface with a localhost or...
Installation and Upgrade
Why is Edge only offering google.fr as an option, not google.co.uk?
Hi, I've just installed windows 10 which all seems to have gone very well. The only problem I can't currently fix is that google seems to think I am in France! When I go to Edge/Settings/Advanced settings/search in the address bar with the only...
Browsers and Email
Windows 10 Hyper-V stop work | fail to connect do localhost
:sick: Hi, since yesterday my Hyper-V stoped work. I have no clue of whats going on. I tried to uninstall and install it again, but didn't work. Does someone knows how to purge hyper-v configuration when remove/uninstall it? Because it seems...
Virtualization
Loopback/localhost acces in apps
This is aimed at Win 8, but should be the same for 10 As some of us have found out, modern apps such as Edge are not allowed to send network traffic to the local host, so things like media servers and routers do not work I have just been...
Software and Apps
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 09:06.
Find Us
Twitter Facebook Google+ Ten Forums iOS App Ten Forums Android App



Windows 10 Forums