GeekPolice Tech TutorialsLog in

 

Possible Malware

Share

descriptionSolvedRe: Possible Malware

more_horiz
Heimdal would be good to keep, everything else is fine. That is all then... Any other questions?

descriptionSolvedRe: Possible Malware

more_horiz
Everything else is fine to keep, or get rid of?

descriptionSolvedRe: Possible Malware

more_horiz
Everything else can be removed.

descriptionSolvedRe: Possible Malware

more_horiz
Okay, thank you.  What about my disk player?  Those were disabled I believe, and when I tried to reset the change would not take.

descriptionSolvedRe: Possible Malware

more_horiz
Have you attempted to play a disc yet?

I believe what is disabled is emulation drivers, correct?

descriptionSolvedRe: Possible Malware

more_horiz
I believe I used Defogger to disable emulation drivers.  You told me to go back into Defogger and Enable emulation drivers, but every time I tried I got an error message.

descriptionSolvedRe: Possible Malware

more_horiz
Download please new copy of DeFogger:
  1. Please download DeFogger to your desktop.
  2. Once downloaded, double-click on the DeFogger icon to start the tool.
  3. The application window will now appear. You should now click on the Disable button to disable your CD Emulation drivers
  4. When it prompts you whether or not you want to continue, please click on the Yes button to continue
  5. When the program has completed you will see a Finished! message. Click on the OK button to exit the program.
  6. If CD Emulation programs are present and have been disabled, DeFogger will now ask you to reboot the machine. Please allow it to do so by clicking on the OK button.


If you were not prompted to restart your PC, then you did not have CD emulation programs installed. If it is the case that you did not have to restart, do not proceed to the step below. Instead, just let me know the machine did not restart.

Then, re-enable:

  1. Open DeFogger... You should now click on the Enable button to enable your CD Emulation drivers
  2. When it prompts you whether or not you want to continue, please click on the Yes button to continue
  3. When the program has completed you will see a Finished! message. Click on the OK button to exit the program.
  4. If CD Emulation programs are present and have been enabled, DeFogger will now ask you to reboot the machine. Please allow it to do so by clicking on the OK button.

descriptionSolvedRe: Possible Malware

more_horiz
Had to restart to Disable and Enable.  It worked.

Here is ANOTHER problem.  Firefox started hesitating.  There was an Avast icon at the top right of Firefox. When I would do a search, a checkmark would show next to Avast approved sites, and a question mark next to the questionable sites. 

I would type a few lines in Google email, or on here, a few words would type out, then it would freeze for 15 - 20 seconds.  Then the words would register again.   This seems to have started since installing Avast.  I did a Refresh in Firefox, and when it restarted, I could no longer play Youtube videos.  I get a black screen.  I have found that anything that has to load, like a video or graph will not load.  Chrome is not working either.

I ran an Avast scan, and I got a message stating I am vulnerable to Wannacry Ransomware, and to click on this link https://www.microsoft.com/en-us/download/details.aspx?id=55245, to download a patch.  I clicked on the link and it took me to a sight through Firefox, which seemed odd, because in the past i have been forced to used IE, to get updates.  I did not attempt to install what is on that page, I instead searched from my PC, which took me to IE, to see if there were any updates, and there were not.

descriptionSolvedRe: Possible Malware

more_horiz
I forgot to mention, after refreshing Firefox, the Avast icon was gone from Firefox, and there are no longer Avast check marks, and question marks next to Google links in a Google search.

descriptionSolvedRe: Possible Malware

more_horiz
Anothering thing that has been going on, that has not stopped, is Creative Mixer keeps opening.  I close it, it opens right back up.

descriptionSolvedRe: Possible Malware

more_horiz
GypsyCowgirl wrote:
Had to restart to Disable and Enable.  It worked.

Good!

Here is ANOTHER problem.  Firefox started hesitating.  There was an Avast icon at the top right of Firefox. When I would do a search, a checkmark would show next to Avast approved sites, and a question mark next to the questionable sites. 

I would type a few lines in Google email, or on here, a few words would type out, then it would freeze for 15 - 20 seconds.  Then the words would register again.   This seems to have started since installing Avast.  I did a Refresh in Firefox, and when it restarted, I could no longer play Youtube videos.  I get a black screen.  I have found that anything that has to load, like a video or graph will not load.  Chrome is not working either.

I ran an Avast scan, and I got a message stating I am vulnerable to Wannacry Ransomware, and to click on this link https://www.microsoft.com/en-us/download/details.aspx?id=55245, to download a patch.  I clicked on the link and it took me to a sight through Firefox, which seemed odd, because in the past i have been forced to used IE, to get updates.  I did not attempt to install what is on that page, I instead searched from my PC, which took me to IE, to see if there were any updates, and there were not.

I forgot to mention, after refreshing Firefox, the Avast icon was gone from Firefox, and there are no longer Avast check marks, and question marks next to Google links in a Google search.

Okay, to fix this, see far below...

GypsyCowgirl wrote:
Anothering thing that has been going on, that has not stopped, is Creative Mixer keeps opening.  I close it, it opens right back up.

Go to CCleaner > Tools > Startup
Find CTsvcCDA.EXE (or just "CTsvcCDA"), right click and hit Disable or press the Disable button.

Once you restart your computer again in the future, Creative Mixer should not be open at all.




We also need to reset file permissions and Registry permissions - which will reverse security settings that have been changed:

Go to Start > Run, type in CMD and hit OK.

In the black box, please enter the following command ensuring that the spaces are properly inserted:

Code:

secedit /configure /cfg %windir%\repair\secsetup.inf /db secsetup.sdb /verbose

Once done, type in exit, and then restart your computer.

After that, see how things run on the browsers. This will help me determine if an advanced fix is necessary - in addition, please also run the following tool:

Please download SilentRunners

Unzip it to the desktop and double-click on Silent Runners.vbs.

If you get any kind of warning message about scripts, please choose to allow the script to run.

When the scan is finished, a message will pop up and a log file will have been created on your Desktop.

Please post the entire contents of the log in your next reply.

descriptionSolvedRe: Possible Malware

more_horiz
Did not find a CTsvcCDA, running enabled or not.  I also attempted to rest file permission, but got an error message stating there was not a secedit.  I have not installed SilentRunners because I wasn't sure if the previous step needed to take place first.

descriptionSolvedRe: Possible Malware

more_horiz
What I have running at Startup Is as follows.

HKCU:Run CCleaner Monintoring
HKCU:Run cdloader
HKCU:Run ctfmon
HKCU:Run MCSHield Monitor
HKCU:Run NvMediaCenter
HKCU:Run AvastUI.exe
HKCU:Run ISUSPM Startup
HKCU:Run KernelFaultCheck
HKCU:Run Malwarbytes TrayApp
HKCU:Run NcCplDaemon
HKCU:Run nwiz
Startup User EvernoteClipper.Ink

descriptionSolvedRe: Possible Malware

more_horiz
Allow me to try another security method for analysis:

Download and run this file first: http://www.microsoft.com/en-us/download/details.aspx?id=7558

Then,

Right click on this link: here , and hit Save link as... or Save target as...

Choose the Desktop and hit enter. Once it is downloaded, run the file by double-clicking it.

Once the text file appears, please copy and paste the contents here.

descriptionSolvedRe: Possible Malware

more_horiz
"Allow me to try another security method for analysis:

Download and run this file first: http://www.microsoft.com/en-us/download/details.aspx?id=7558 "

Which download should I select?
MBSASetup-x64-EN.msi1.7 MB
MBSASetup-x64-DE.msi1.7 MB
MBSASetup-x64-FR.msi1.7 MB
MBSASetup-x64-JA.msi1.8 MB
MBSASetup-x86-DE.msi1.6 MB
MBSASetup-x86-EN.msi1.6 MB
MBSASetup-x86-FR.msi1.7 MB
MBSASetup-x86-JA.msi1.7 MB
Permissions in this forum:
You cannot reply to topics in this forum