New
#21
OK, that gives you a clean queue - if it returns there may be an app. that's putting those in there and that app needs to be removed.
Good luck.
OK, that gives you a clean queue - if it returns there may be an app. that's putting those in there and that app needs to be removed.
Good luck.
Thanks @Superfly.
@tkrisz0403 Cloudfront.net is part of AWS (Amazon Web Services), but has been used by the bad guys in the past. If the problem reappears, we'll need to perform some malware removal steps. Please leave the thread open for a few days to see if all is well. If not, post back and we will begin trouble-shooting. If all is good, you can mark the thread as solved.
Cheers!
You're welcome budette, as you say, we won't know if that is in fact the cause until @tkrisz0403 reports back how things go - hopefully it's not malware and merely a once-off glitch with AWS.
Thanks guys, I'll let you know the result but have not popped up, yet.
You're welcome... glad we have made some progress - Holding thumbs, buddy!
After a couple of days run the powershell command again, even if just to check what's happening in the background.
@Hydranix - nice idea - but I think BitsAdmin will always have cmd.exe as parent - maybe the bits service itself may have a calling property... something we could look into.
No, not always. Good call on that powershell command by the way.
Run bitsadmin.exe from the start menu and you'll see the parent is explorer.exe. Same goes for CreateProcess(), the parent being the process which called the function (which is what I was hoping for). The fact that a shell was invoked, then bitsadmin.exe was executed in the context of that shell makes me think that maybe the function system() (or similar) was used to execute bitsadmin. It would make sense as you cannot hide the command prompt when using system(), and the only software bad enough to use it would be malware. It could also be a script or something similar.
I do know that nothing in Windows 10 or even from Microsoft would be calling bitsadmin.exe for any reason, especially since it's deprecation. Those links that the powershell command returned look dubious as well.
tkrisz0403, I'd recommend that you don't put any personal/financial information through this computer until you're certain it's safe to do so.
If you want to check for malware, let's do this:
Download and run ADWCleaner. Do the scan, save the log and post it here. Do not "clean" until we have evaluated the log. The log can be found at C:\Adwcleaner.
Once we've reviewed the log, we will determine if everything it flagged should be cleaned, or if some are FPs (false positives).
If we find problems, we may then want to run an ESET Online Scan.
Detailed instructions on how to run and manipulate the ESET scan can be found in this thread:
BSOD after boot up, during login or right after, (bad spool header?) Solved - Page 3 - Windows 7 Help Forums
.
Hi.
Read about Hola.org here:
Adios, Hola! - Why you should immediately uninstall Hola
And here:
Hola Review
Read about Pokki here:What is very interesting about the service is that it works like a P2P mesh network, meaning that one user can tunnel his browsing traffic through other user’s network. The advantage of this feature is that users can benefit from many country locations, including small countries where data centers aren’t common. The problem is that if you are a peer, you may get into trouble if other users tunneling the connection through your PC are into illegal activities like hacking or accessing illegal web content.....We discovered that a proxy connection was established mostly on port 22222 and all traffic was in clear-text.
C’mon Lenovo. Superfish hooked, but Pokki Start Menu still roaming free • The Register
Reimage is another problem:
http://answers.microsoft.com/en-us/p...9-c5075a454441
Conduit is considered a browser hijacker.
I think everything ADWCleaner found is good to get rid of. You could create a restore point before "cleaning", but I'm pretty sure you need to get rid of everything it found.
Might want to go ahead and run the ESET Online Scan. It will take quite a while. Be sure to post that log as well. Thanks.
Last edited by simrick; 14 Mar 2017 at 20:35.
ADWCleaner deleted all unwanted files, and it didn't find any other file second time. I run full Kaspersky Total Security and it didn't find any infected data. I also ran ESET Online Scan as you mentioned and it found four infected files after one and a half hours. Unfortunately, then it stopped at 99 percent as the attached image shows then Windows asked me to close the program as did not respond. I run the scan again but the same result at the end, however, I saw that ESET marked CCleaner installation file as an infected file. What can I do now?