Page 9 of 17 FirstFirst ... 7891011 ... LastLast
  1.    17 Nov 2015 #81
    Join Date : Apr 2015
    Posts : 12,553
    W10Prox64

    Thanks @You. Will keep those in mind if we need them. We still have a few things to accomplish before I could say we're at a standstill. So far, we are progressing as expected.
    @Writer: here is the one setting I would like you to make on the Malwarebytes anti-exploit (MBAE)

    Click image for larger version. 

Name:	mbae01.PNG 
Views:	27 
Size:	16.6 KB 
ID:	48876

    Untick the box to tooltips - they get annoying.

    Let me know when the SuperAntiSpyware (SAS) scan has completed. I will be available now for about an hour. Thanks.
      My ComputerSystem Spec
  2.    17 Nov 2015 #82
    Join Date : Sep 2014
    Posts : 421
    10 preview 64bit

    MS Defender


    Eset does not turn this program off, one of the malware progs has done this.
    It will need to be reset manually.

    Roy
      My ComputerSystem Spec
  3.    17 Nov 2015 #83
    Join Date : Sep 2015
    Posts : 66
    Windows 10
    Thread Starter

    For simrick


    I ran the Scan for SuperAntiSpyware; here is the Scan log: it is long: the Trojan files are at the very end:
    It requested that I "Reboot" afterward, so I did.

    SUPERAntiSpyware Scan Log 11-17-2015 4.35 pm.docx

    Concerning the Malwarebytes Anti-Exploit: Now I can't find the window with all of the tabs at the top. When I go to downloads and bring it up, it has me go through the installation process again. I'll continue to look for it.
      My ComputerSystem Spec
  4.    17 Nov 2015 #84
    Join Date : Apr 2015
    Posts : 12,553
    W10Prox64

    Quote Originally Posted by Writer View Post
    I ran the Scan for SuperAntiSpyware; here is the Scan log: it is long: the Trojan files are at the very end:

    SUPERAntiSpyware Scan Log 11-17-2015 4.35 pm.docx

    Concerning the Malwarebytes Anti-Exploit: Now I can't find the window with all of the tabs at the top. When I go to downloads and bring it up, it has me go through the installation process again. I'll continue to look for it.
    Thanks, I will have a look at the log.

    The MBAE icon is probably hidden. Look in the bottom right-hand corner of your screen - see all the icons? There will be a little "UP" arrow, and if you click that, a lot of other running icons will show - MBAE will be a shield there. Hover over the icon and right-click and select SHOW.
      My ComputerSystem Spec
  5.    17 Nov 2015 #85
    Join Date : Sep 2015
    Posts : 66
    Windows 10
    Thread Starter

    For simrick


    I found the Icon for Malwarebytes Anti-Exploit in the bottom-right corner. I unchecked the "Show system tray notification tooltips."

    After the SuperAntiSpyware Scan, It requested a Reboot, so I did one.
      My ComputerSystem Spec
  6.    17 Nov 2015 #86
    Join Date : Apr 2015
    Posts : 12,553
    W10Prox64

    Quote Originally Posted by Writer View Post
    I found the Icon for Malwarebytes Anti-Exploit in the bottom-right corner. I unchecked the "Show system tray notification tooltips."

    After the SuperAntiSpyware Scan, It requested a Reboot, so I did one.
    Great!

    Trojan.Agent/Gen-Qbot: Qbot is a very nasty backdoor trojan that "hooks" into the API system. It's very difficult to get rid of, but SuperAntiSpyware should have done the trick.

    Zeus/Zbot: Trojan.Agent/Gen-Zbot
    Trojan.Zbot | Symantec
    Functionality
    This Trojan has primarily been designed to steal confidential information from the computers it compromises. It specifically targets system information, online credentials, and banking details, but can be customized through the toolkit to gather any sort of information. This is done by tailoring configuration files that are compiled into the Trojan installer by the attacker. These can later be updated to target other information, if the attacker so wishes.

    Confidential information is gathered through multiple methods. Upon execution the Trojan automatically gathers any Internet Explorer, FTP, or POP3 passwords that are contained within Protected Storage (PStore). However, its most effective method for gathering information is by monitoring Web sites included in the configuration file, sometimes intercepting the legitimate Web pages and inserting extra fields (e.g. adding a date of birth field to a banking Web page that originally only requested a user name and password).

    Additionally, Trojan.Zbot contacts a command-and-control (C&C) server and makes itself available to perform additional functions. This allows a remote attacker to command the Trojan to download and execute further files, shutdown or reboot the computer, or even delete system files, rendering the computer unusable without reinstalling the operating system.
    @Writer I am not happy to see this. As a result, I will advise that you change all your passwords including email, online shopping, credit card accounts, online banking accounts, online retailers, etc. Start with email and work on from there. Hackers will target email to impersonate you, and begin the identity theft procedures. If your information has been compromised, it will be all over places like Pastebin, for the whole world to see.

    I'm really sorry about that. I will help you set up Firefox with a password manager when we are sure you are clean. For now, when changing passwords, DO NOT let your browser store them. Stored passwords in browsers are too easily stolen.

    Just write them down in a little notebook for now as you change them.
      My ComputerSystem Spec
  7.    17 Nov 2015 #87
    Join Date : Apr 2015
    Posts : 12,553
    W10Prox64

    updating the RECAP list:

    So, to recap,
    DONE-Set another restore point,
    DONE-Run ESET from Firefox, save the log file and paste it here, let it delete whatever it finds.
    DONE-Run Malwarebytes Anti-Exploit (see post #17)
    Download and install Malwarebytes Anti-Exploit
    This will help protect your browsers against zero-day attacks.
    DONE-Run SuperAntiSpyware ( see post #49)

    (a lot of instructions with pics - I will not paste here.)

    Please run one last scan of Malwarebytes Antimalware - but this time you're going to do a full scan of drive C and not just a threat scan (see my instructions in previous post #75)

    I will be unavailable now for 1-1/2 to 2 hours. Please be patient with me. I will be back later.
      My ComputerSystem Spec
  8.    17 Nov 2015 #88
    Join Date : Apr 2015
    Posts : 12,553
    W10Prox64

    One question - when you rebooted last time, did you still receive the bad DLL call error?
      My ComputerSystem Spec
  9.    17 Nov 2015 #89
    Join Date : Sep 2015
    Posts : 66
    Windows 10
    Thread Starter

    Quote Originally Posted by simrick View Post
    One question - when you rebooted last time, did you still receive the bad DLL call error?
    Yes, I still received the exact same error.

    I'm running the Malwarebytes Antimalware Scan now, it has been running for 41 minutes so far. It's now 6:09 pm EST. It's now been running for one hour and six minutes; it's 6:33 pm EST.

    MWAM has been running for 1 hour & 32 Minutes now: it is 7:00 pm EST. So far, there are 16 detected objects.

    I plugged in the Flash Drive that I have been using, and I checked the E Drive on MWAM. Will MWAM also Scan the Flash Drive?

    Concerning your recommendation not to use Microsoft Edge: Is it OK to use Internet Explorer as well as FireFox?

    That's bad news about the Trojan malware. I'll start changing my passwords as soon as possible.

    Question: What is the API System the the Trojan.Agent/Gen-Qbot infects? What does API stand for?

    The viruses have been on my computer since Monday, November 9, 2015, at about 2:00 pm; that's nine days total. The viruses made using the infected computer so difficult that I didn't use it very much. I used another computer I have that has Windows 7 Professional on it during several days after Nov. 9. Hopefully, the Trojan viruses did not have much success in collecting information. It's lucky that I heard about Windows Ten Forums, otherwise I would have been in real deep trouble.

    It has been very worthwhile to run a variety of Scans; I'm glad that you have made these recommendations.
    Last edited by Writer; 17 Nov 2015 at 19:17.
      My ComputerSystem Spec
  10.    17 Nov 2015 #90
    Join Date : Apr 2015
    Posts : 12,553
    W10Prox64

    Quote Originally Posted by Writer View Post
    One question - when you rebooted last time, did you still receive the bad DLL call error?
    Yes, I still received the exact same error.
    Okay. I hope to resolve that when we get to the Ccleaner step. Just making sure it's still on the list to fix.

    Quote Originally Posted by Writer View Post
    I'm running the Malwarebytes Antimalware Scan now, it has been running for 41 minutes so far. It's now 6:09 pm EST. It's now been running for one hour and six minutes; it's 6:33 pm EST.
    Yes, this is a full scan, not just a threat scan, and it will take some time. But, it is necessary, so we must be patient.

    Quote Originally Posted by Writer View Post
    MWAM has been running for 1 hour & 32 Minutes now: it is 7:00 pm EST. So far, there are 16 detected objects.
    Okay. Please let it finish. I will need the log file when it's done.

    Quote Originally Posted by Writer View Post
    I plugged in the Flash Drive that I have been using, and I checked the E Drive on MWAM. Will MWAM also Scan the Flash Drive?
    If you plugged in the flash drive, and it was assigned a letter, say E:\, and you checked the box to scan E:\ as well, then yes, MBAM will scan it.

    Quote Originally Posted by Writer View Post
    Concerning your recommendation not to use Microsoft Edge: Is it OK to use Internet Explorer as well as FireFox?
    Internet Explorer (IE) does not have the add-on & settings capabilities like Firefox does, which I will be recommending for you. In Firefox, we can add several extensions, and also modify certain settings to *not* allow flash and java to run without your input. I'll also recommend a password manager, all of this for your surfing safety. In this case, I would strongly suggest you stick with Firefox, and only use IE if you happen to come across a particular website which does not function in Firefox (FF) (which almost NEVER happens anymore).

    Quote Originally Posted by Writer View Post
    That's bad news about the Trojan malware. I'll start changing my passwords as soon as possible.
    Yes, I was afraid of this. That's why I kept pushing for log files. It's important to not only clean the system, but to identify exactly what was on it, so you know just how much and what kind of damage was done. There are some infections which are so bad, your only course of action is a complete wipe of the hard disk, and a fresh install. In some cases, you will even find that a hidden partition has been created by the malware on the hard drive. Even, there are some infections that survive a complete wipe and fresh install.

    Quote Originally Posted by Writer View Post
    Question: What is the API System the the Trojan.Agent/Gen-Qbot infects? What does API stand for?
    In computer programming, an application programming interface (API) is a set of routines, protocols, and tools for building software applications. An API expresses a software component in terms of its operations, inputs, outputs, and underlying types.
    Quote Originally Posted by Writer View Post
    The viruses have been on my computer since Monday, November 9, 2015, at about 2:00 pm; that's nine days total. The viruses made using the infected computer so difficult that I didn't use it very much. I used another computer I have that has Windows 7 Professional on it during several days after Nov. 9. Hopefully, the Trojan viruses did not have much success in collecting information. It's lucky that I heard about Windows Ten Forums, otherwise I would have been in real deep trouble.
    Yes, well, good that you were using a different computer; bad that the infections got as severe as they did. The problem is, anything existing on the computer could have been compromised: i.e. any passwords saved in browsers are assumed stolen now. Any tax info/social security numbers/other personal ID information that may be stored in documents on the computer are assumed compromised. The Zbot/Zeus infection affords the attacker complete control of the infected computer - you have to assume they had access to everything, and proceed accordingly.

    I'm glad we are able to help! I only wish we could have gotten to it sooner....

    Quote Originally Posted by Writer View Post
    It has been very worthwhile to run a variety of Scans; I'm glad that you have made these recommendations.
    Thank you for your patience, and following, what can be at times, some very confusing instructions.
      My ComputerSystem Spec

 
Page 9 of 17 FirstFirst ... 7891011 ... LastLast


Similar Threads
Thread Forum
BEST Anti-Virus for Windows 10 Pro ??
I have been using Norton Anti-Virus for 10 years and Norton Security the past 3 years !! I actually bought a 3-User pack on a Super Sale Price (from Norton). My Wife uses on and I have one "unused" !! Since I Upgraded to WINDOWS 10 PRO I find...
AntiVirus, Firewalls and System Security
Malware or Virus?
I usually use downmagz.com to download magazines. Today, I went to there to get some mags and when I went to the download page I got a popup that said CableONE has blocked the website. Clicked OK and then a page came up with a blue screen and...
AntiVirus, Firewalls and System Security
Solved ?Question about virus behavior.
Hi all, story; I got a virus about 6 months ago,,around then,, I had a pro-virus program, and it found virus after virus,after virus,,,,uhh infected files,,, my question is; why didnt the virus program kill the "source of the virus"? was i...
AntiVirus, Firewalls and System Security
Help with a virus
Hi everyone, So here is my issue, I installed some software but it turned out to be a fake version of that software. It installed a ton of bloat and popups and all of that. When ever I uninstalled the software it would reinstall itself and it was a...
AntiVirus, Firewalls and System Security
VIRUS TOTAL Bookmarked
While Miles was helping some one in Eight Forums he made a recommendation for the user to scan a URL with an online scanner. An then it came to me, I should have Virus Total bookmarked. https://virustotalcloud.appspot.com/static/img/logo.png ...
AntiVirus, Firewalls and System Security
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 08:25.
Find Us
Twitter Facebook Google+ Ten Forums iOS App Ten Forums Android App



Windows 10 Forums