GeekPolice Tech TutorialsLog in

 


Possible Malware

Share

descriptionSolvedRe: Possible Malware

more_horiz
I reactivated virus protection.  Still having a hard time with using browser.  Attempted to load pictures into a listing on ebay as a test, and it would not load.  Also I noted that since all the tests my memory is excessively low.

descriptionSolvedRe: Possible Malware

more_horiz
In an earlier post, you stated storage devices can get infected.  My PC has an external hard drive connected through a USB port.  My external hard drive contains important files.  Are these scans also searching for Malware in my attached external hard drive?

descriptionSolvedRe: Possible Malware

more_horiz
What should I do next?

descriptionSolvedRe: Possible Malware

more_horiz
Please defrag your hard drive and report back when that is completed. If you need help with this, please let me know.

descriptionSolvedRe: Possible Malware

more_horiz
Performed the defrag.  Tested Firefox, still hangs and will not allow me to load an image into a listing.  Checked Internet Explorer and when I type in any website address, like Ebay, I get an error message that states, "Internet Explorer cannot display the webpage", and a link to diagnose  connection problems.  I did not click on the link.

descriptionSolvedRe: Possible Malware

more_horiz
Run the Diagnostic for IE. Download a new version of FF. Uninstall and re-install FF.

descriptionSolvedRe: Possible Malware

more_horiz
This is the diagnostic report for IE,

Last diagnostic run time: 06/19/17 17:09:25 HTTP, HTTPS, FTP Diagnostic
[table style= border="1" width="640"]
[tr][td]HTTP, HTTPS, FTP connectivity
infoHTTP: Successfully connected to www.microsoft.com.
warnHTTPS: Error 12157 connecting to www.microsoft.com: An error occurred in the secure channel support
warnHTTPS: Error 12029 connecting to www.passport.net: A connection with the server could not be established
warnFTP (Passive): Error 12029 connecting to ftp.microsoft.com: A connection with the server could not be established
warnFTP (Active): Error 12029 connecting to ftp.microsoft.com: A connection with the server could not be established
errorCould not make an HTTPS connection.
errorCould not make an FTP connection.
infoRedirecting user to support call
[/td]
[/tr]
[/table]
DNS Client Diagnostic
[table style= border="1" width="640"]
[tr][td]DNS - Not a home user scenario
infoUsing Web Proxy: no
infoResolving name ok for (www.microsoft.com): yes
No DNS servers


DNS failure

[/td]
[/tr]
[/table]
Gateway Diagnostic
[table style= border="1" width="640"]
[tr][td]Gateway
infoThe following proxy configuration is being used by IE: Automatically Detect Settings:Disabled Automatic Configuration Script: Proxy Server: Proxy Bypass list:
infoThis computer has the following default gateway entry(ies): 192.168.1.254
infoThis computer has the following IP address(es): 192.168.1.248
infoThe default gateway is in the same subnet as this computer
infoThe default gateway entry is a valid unicast address
infoThe default gateway address was resolved via ARP in 1 try(ies)
infoThe default gateway was reached via ICMP Ping in 1 try(ies)
infoTCP port 80 on host 184.31.141.166 was successfully reached
infoThe Internet host www.microsoft.com was successfully reached
infoThe default gateway is OK
[/td]
[/tr]
[/table]
IP Layer Diagnostic
[table style= border="1" width="640"]
[tr][td]Corrupted IP routing table
infoThe default route is valid
infoThe loopback route is valid
infoThe local host route is valid
infoThe local subnet route is valid
Invalid ARP cache entries
actionThe ARP cache has been flushed
[/td]
[/tr]
[/table]
IP Configuration Diagnostic
[table style= border="1" width="640"]
[tr][td]Invalid IP address
infoValid IP address detected: 192.168.1.248
[/td]
[/tr]
[/table]
Wireless Diagnostic
[table style= border="1" width="640"]
[tr][td]Wireless - Service disabled


Wireless - User SSID


Wireless - First time setup


Wireless - Radio off


Wireless - Out of range


Wireless - Hardware issue


Wireless - Novice user


Wireless - Ad-hoc network


Wireless - Less preferred


Wireless - 802.1x enabled


Wireless - Configuration mismatch


Wireless - Low SNR

[/td]
[/tr]
[/table]
WinSock Diagnostic
[table style= border="1" width="640"]
[tr][td]WinSock status
infoAll base service provider entries are present in the Winsock catalog.
infoThe Winsock Service provider chains are valid.
infoProvider entry MSAFD Tcpip [TCP/IP] passed the loopback communication test.
infoProvider entry MSAFD Tcpip [UDP/IP] passed the loopback communication test.
infoProvider entry RSVP UDP Service Provider passed the loopback communication test.
infoProvider entry RSVP TCP Service Provider passed the loopback communication test.
infoConnectivity is valid for all Winsock service providers.
[/td]
[/tr]
[/table]
Network Adapter Diagnostic
[table style= border="1" width="640"]
[tr][td]Network location detection
infoUsing home Internet connection
Network adapter identification
infoNetwork connection: Name=Local Area Connection, Device=Intel(R) PRO/100 VE Network Connection, MediaType=LAN, SubMediaType=LAN
infoEthernet connection selected
Network adapter status
infoNetwork connection status: Connected
[/td]
[/tr]
[/table]
HTTP, HTTPS, FTP Diagnostic
[table style= border="1" width="640"]
[tr][td]HTTP, HTTPS, FTP connectivity
warnFTP (Passive): Error 12029 connecting to ftp.microsoft.com: A connection with the server could not be established
warnHTTPS: Error 12029 connecting to www.passport.net: A connection with the server could not be established
warnHTTPS: Error 12157 connecting to www.microsoft.com: An error occurred in the secure channel support
infoHTTP: Successfully connected to www.microsoft.com.
warnFTP (Active): Error 12029 connecting to ftp.microsoft.com: A connection with the server could not be established
errorCould not make an HTTPS connection.
errorCould not make an FTP connection.
[/td]
[/tr]
[/table]

descriptionSolvedRe: Possible Malware

more_horiz
Please download MiniToolBox to Desktop and run it.



Checkmark the following boxes:


  • Flush DNS

  • Report IE Proxy Settings

  • Reset IE Proxy Settings

  • List content of Hosts

  • List IP Configuration

  • Lst Last 10 Event Viewer Errors

  • List Users, Partitions and Memory Size


Click Go and copy/paste the log (Result.txt) into your next post.

descriptionSolvedRe: Possible Malware

more_horiz
This is the MiniToolBox log,

MiniToolBox by Farbar  Version: 17-06-2016
Ran by Teressa (administrator) on 20-06-2017 at 02:38:30
Running from "C:\Documents and Settings\Teressa\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Model: Dimension 4600i Manufacturer: Dell Computer Corporation
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
127.0.0.1       localhost
========================= IP Configuration: ================================

Intel(R) PRO/100 VE Network Connection = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration        
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



        Host Name . . . . . . . . . . . . : Prosperity

        Primary Dns Suffix  . . . . . . . :

        Node Type . . . . . . . . . . . . : Broadcast

        IP Routing Enabled. . . . . . . . : No

        WINS Proxy Enabled. . . . . . . . : No

        DNS Suffix Search List. . . . . . : attlocal.net



Ethernet adapter Local Area Connection:



        Connection-specific DNS Suffix  . : attlocal.net

        Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network Connection

        Physical Address. . . . . . . . . : 00-0C-F1-8C-7D-78

        Dhcp Enabled. . . . . . . . . . . : Yes

        Autoconfiguration Enabled . . . . : Yes

        IP Address. . . . . . . . . . . . : 192.168.1.248

        Subnet Mask . . . . . . . . . . . : 255.255.255.0

        Default Gateway . . . . . . . . . : 192.168.1.254

        DHCP Server . . . . . . . . . . . : 192.168.1.254

        DNS Servers . . . . . . . . . . . : 192.168.1.254

        Lease Obtained. . . . . . . . . . : Monday, June 19, 2017 5:56:24 PM

        Lease Expires . . . . . . . . . . : Tuesday, June 20, 2017 5:56:24 PM

Server:  dsldevice.attlocal.net
Address:  192.168.1.254

Name:    google.com
Address:  172.217.6.142



Pinging google.com [216.58.218.174] with 32 bytes of data:



Reply from 216.58.218.174: bytes=32 time=30ms TTL=53

Reply from 216.58.218.174: bytes=32 time=25ms TTL=53



Ping statistics for 216.58.218.174:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 25ms, Maximum = 30ms, Average = 27ms

Server:  dsldevice.attlocal.net
Address:  192.168.1.254

Name:    yahoo.com
Addresses:  98.138.253.109, 206.190.36.45, 98.139.180.149



Pinging yahoo.com [98.138.253.109] with 32 bytes of data:



Reply from 98.138.253.109: bytes=32 time=67ms TTL=47

Reply from 98.138.253.109: bytes=32 time=62ms TTL=47



Ping statistics for 98.138.253.109:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 62ms, Maximum = 67ms, Average = 64ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 0c f1 8c 7d 78 ...... Intel(R) PRO/100 VE Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.1.254   192.168.1.248      20
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1      1
      192.168.1.0    255.255.255.0    192.168.1.248   192.168.1.248      20
    192.168.1.248  255.255.255.255        127.0.0.1       127.0.0.1      20
    192.168.1.255  255.255.255.255    192.168.1.248   192.168.1.248      20
        224.0.0.0        240.0.0.0    192.168.1.248   192.168.1.248      20
  255.255.255.255  255.255.255.255    192.168.1.248   192.168.1.248      1
Default Gateway:     192.168.1.254
===========================================================================
Persistent Routes:
  None

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/19/2017 04:32:33 PM) (Source: Application Error) (User: )
Description: Faulting application firefox.exe, version 52.2.0.6367, faulting module mozglue.dll, version 52.2.0.6367, fault address 0x0000f3c5.
Processing media-specific event for [firefox.exe!ws!]

Error: (06/17/2017 07:36:42 AM) (Source: Application Error) (User: )
Description: Faulting application mbamtray.exe, version 3.0.0.1068, faulting module mbamtray.exe, version 3.0.0.1068, fault address 0x0008a378.
Processing media-specific event for [mbamtray.exe!ws!]

Error: (06/17/2017 07:22:58 AM) (Source: Application Error) (User: )
Description: Faulting application plugin-container.exe, version 52.2.0.6367, faulting module mozglue.dll, version 52.2.0.6367, fault address 0x0000f3c5.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (06/17/2017 06:51:44 AM) (Source: Application Error) (User: )
Description: Faulting application plugin-container.exe, version 52.2.0.6367, faulting module mozglue.dll, version 52.2.0.6367, fault address 0x0000f3c5.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (06/17/2017 06:15:30 AM) (Source: Application Error) (User: )
Description: Faulting application mbam.exe, version 3.0.0.1068, faulting module qt5core.dll, version 5.6.2.0, fault address 0x001a9fd6.
Processing media-specific event for [mbam.exe!ws!]

Error: (06/16/2017 03:55:21 PM) (Source: Application Error) (User: )
Description: Faulting application adwcleaner.exe, version 6.0.4.7, faulting module adwcleaner.exe, version 6.0.4.7, fault address 0x000211de.
Processing media-specific event for [adwcleaner.exe!ws!]

Error: (06/16/2017 03:52:32 PM) (Source: Application Error) (User: )
Description: Faulting application adwcleaner.exe, version 6.0.4.7, faulting module adwcleaner.exe, version 6.0.4.7, fault address 0x000211de.
Processing media-specific event for [adwcleaner.exe!ws!]

Error: (06/16/2017 03:46:08 PM) (Source: Application Error) (User: )
Description: Faulting application adwcleaner.exe, version 6.0.4.7, faulting module adwcleaner.exe, version 6.0.4.7, fault address 0x000211de.
Processing media-specific event for [adwcleaner.exe!ws!]

Error: (06/16/2017 02:00:50 PM) (Source: Application Error) (User: )
Description: Faulting application mbamtray.exe, version 3.0.0.1068, faulting module mbamtray.exe, version 3.0.0.1068, fault address 0x0008a378.
Processing media-specific event for [mbamtray.exe!ws!]

Error: (06/16/2017 12:37:52 AM) (Source: Application Error) (User: )
Description: Faulting application mbamtray.exe, version 3.0.0.1068, faulting module mbamtray.exe, version 3.0.0.1068, fault address 0x0008a378.
Processing media-specific event for [mbamtray.exe!ws!]


System errors:
=============
Error: (06/19/2017 05:56:56 PM) (Source: Service Control Manager) (User: )
Description: The StarOpen service failed to start due to the following error:
%%2 = The system cannot find the file specified.


Error: (06/19/2017 05:33:49 PM) (Source: Service Control Manager) (User: )
Description: The StarOpen service failed to start due to the following error:
%%2 = The system cannot find the file specified.


Error: (06/19/2017 03:32:24 AM) (Source: Service Control Manager) (User: )
Description: The StarOpen service failed to start due to the following error:
%%2 = The system cannot find the file specified.


Error: (06/18/2017 04:19:14 PM) (Source: Service Control Manager) (User: )
Description: The avgbIDSAgent service terminated with service-specific error 3758213661 (0xE001CA1D).

Error: (06/18/2017 04:11:41 PM) (Source: SideBySide) (User: )
Description: Generate Activation Context failed for C:\Program Files\AVG\Antivirus\setup\iplugins\IStats.dll.
Reference error message: The operation completed successfully.
.

Error: (06/18/2017 04:11:41 PM) (Source: SideBySide) (User: )
Description: Resolve Partial Assembly failed for Avast.VC110.CRT.
Reference error message: The referenced assembly is not installed on your system.
.

Error: (06/18/2017 04:11:41 PM) (Source: SideBySide) (User: )
Description: Dependent Assembly Avast.VC110.CRT could not be found and Last Error was The referenced assembly is not installed on your system.

Error: (06/18/2017 04:11:19 PM) (Source: SideBySide) (User: )
Description: Generate Activation Context failed for C:\Program Files\AVG\Antivirus\setup\iplugins\IStats.dll.
Reference error message: The operation completed successfully.
.

Error: (06/18/2017 04:11:19 PM) (Source: SideBySide) (User: )
Description: Resolve Partial Assembly failed for Avast.VC110.CRT.
Reference error message: The referenced assembly is not installed on your system.
.

Error: (06/18/2017 04:11:19 PM) (Source: SideBySide) (User: )
Description: Dependent Assembly Avast.VC110.CRT could not be found and Last Error was The referenced assembly is not installed on your system.


Microsoft Office Sessions:
=========================
Error: (06/19/2017 04:32:33 PM) (Source: Application Error)(User: )
Description: firefox.exe52.2.0.6367mozglue.dll52.2.0.63670000f3c5

Error: (06/17/2017 07:36:42 AM) (Source: Application Error)(User: )
Description: mbamtray.exe3.0.0.1068mbamtray.exe3.0.0.10680008a378

Error: (06/17/2017 07:22:58 AM) (Source: Application Error)(User: )
Description: plugin-container.exe52.2.0.6367mozglue.dll52.2.0.63670000f3c5

Error: (06/17/2017 06:51:44 AM) (Source: Application Error)(User: )
Description: plugin-container.exe52.2.0.6367mozglue.dll52.2.0.63670000f3c5

Error: (06/17/2017 06:15:30 AM) (Source: Application Error)(User: )
Description: mbam.exe3.0.0.1068qt5core.dll5.6.2.0001a9fd6

Error: (06/16/2017 03:55:21 PM) (Source: Application Error)(User: )
Description: adwcleaner.exe6.0.4.7adwcleaner.exe6.0.4.7000211de

Error: (06/16/2017 03:52:32 PM) (Source: Application Error)(User: )
Description: adwcleaner.exe6.0.4.7adwcleaner.exe6.0.4.7000211de

Error: (06/16/2017 03:46:08 PM) (Source: Application Error)(User: )
Description: adwcleaner.exe6.0.4.7adwcleaner.exe6.0.4.7000211de

Error: (06/16/2017 02:00:50 PM) (Source: Application Error)(User: )
Description: mbamtray.exe3.0.0.1068mbamtray.exe3.0.0.10680008a378

Error: (06/16/2017 12:37:52 AM) (Source: Application Error)(User: )
Description: mbamtray.exe3.0.0.1068mbamtray.exe3.0.0.10680008a378


========================= Memory info: ===================================

Percentage of memory in use: 69%
Total physical RAM: 2558.98 MB
Available physical RAM: 768.62 MB
Total Virtual: 3173.42 MB
Available Virtual: 1363.9 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:74.46 GB) (Free:26 GB) NTFS
5 Drive h: (MAR) (CDROM) (Total:0.63 GB) (Free:0 GB) CDFS
7 Drive l: (My Book) (Fixed) (Total:930.86 GB) (Free:456.66 GB) NTFS

========================= Users: ========================================

User accounts for \\PROSPERITY

Administrator            ASPNET                   Guest                   
HelpAssistant            SUPPORT_388945a0         SUPPORT_3f151ab9        
Teressa                 


**** End of log ****

descriptionSolvedRe: Possible Malware

more_horiz
I provided the requested log in the above post.  I removed and reinstalled Firefox, this did not help.  I reset Firefox, this did not help.  I tried some different troubleshooting techniques within Firefox, to check extensions, etc..  What I noted is that the only extension I find is Microsoft.net frame assistant could not be verified for us in Firefox and has been disabled.  It shows it has not been updated since 2011, so I am not sure exactly when it was disabled.  Not sure if that presents a problem or not.  What I have found so far in the troubleshooting tests is that when I turn off hardware acceleration, I can load images in ebay, and I can log into Geek Police.  I attempted to see if there was an upgrade for my graphics driver, but apparently since this is to be done through Windows, I have to use IE, which is unusable at this time.

descriptionSolvedRe: Possible Malware

more_horiz
I am also running XP and I have found that IE is also very unstable. That is why I use FF and Chrome. Could you please try Chrome to see how that works for you? In the meantime, I will consult a colleague concerning this matter.

descriptionSolvedRe: Possible Malware

more_horiz
I tried Chrome, and I was able to open up Ebay and load images, and I was able to log into Geek Police and read my posts.  I did find two problems with Chrome, one at times Chrome lagged for a little while.  But, the biggest concern I had, was that I was redirected to a different site, and I wondered if there might still be Malware hiding somewhere.  In trouble shooting Firefox problems, I learned that I might need to upgrade my graphics driver.  In Firefox troubleshooting steps there was a link to click on to show me what to do to upgrade the driver.  I decided to view the page I was on in Chrome, so I could still view the instructions in case I needed to restart Firefox.  In Firefox, I copied the URL for the page I was on, and pasted it into Chrome.  The page loaded correctly and looked just like the page in Firefox.  I decided to click on the link in Chrome for the driver update.  I was taken to what appeared to be the Yahoo Search engine with a list of links to click on to download the driver update.  I clicked on one and it loaded, but then I decided not to open it for it to download.  I instead removed it from the download list.  I went back to Firefox and clicked on the same link, and it took me to a page of directions on how to go to the start menu within my computer, and update the driver within my computer which would update through IE since it was a Windows item.  So it seemed Chrome was redirecting me to potentially harmful downloads.  I did a Malwarebytes scan after, and nothing was found.

descriptionSolvedRe: Possible Malware

more_horiz
You should only download drivers from the site of the maker of your computer.

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan

•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)


  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.

•Check
•Click the button.
•Accept any security warnings from your browser.


  • Leave the check mark next to Remove found threats.

•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

descriptionSolvedRe: Possible Malware

more_horiz
Hello there, this has been escalated to me... Once the steps above have been complete, please follow these directions...

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

descriptionSolvedRe: Possible Malware

more_horiz
The ESET program has other options, than described above.  Should I not select any other options than Remove Found Threats, and Scan Archives.  An image is attached for you to see what I am referring to.

descriptionSolvedRe: Possible Malware

more_horiz
Permissions in this forum:
You cannot reply to topics in this forum