Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 21

Thread: Mothers computer infected with snapdo, internet is slow

  1. #11
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    still need help?
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  2. #12
    Junior Member
    Join Date
    Feb 2014
    Posts
    10

    Default yes

    i still need help, i just couldn't use the computer for a bit. i'm working on it now.

    During the down time however:

    malwarebytes woke up with an alert about a snapdo remnant in the registry (it quarantined it). I'll have a copy of the log for you when I can grab it.

    It might have been blocked from updating, as wehn I came back it had like 10 notifications that malware was out of date and to update it.




    I ran TFC, it cleared, no reboot.

    couldn't open google chrome to get to the link for ESET.
    I could click on the icon on the start bar and in the start menu explorer, but no dice.





    I then noticed that the windows action center had a notice that avira desktop was turned off. I was trying to turn it on, but nothing would happen. I opened the action center to try seeing what was on, but it wouldn't let me close the window.

    I had to reboot.

    Rebooting is taking a looong time. Going to hard reboot it.

    the reboot is successful, chrome opens, and i'm running ESET now.

  3. #13
    Junior Member
    Join Date
    Feb 2014
    Posts
    10

    Default logs from above post

    here is the ESET scan

    ESETSCAN.txt


    and here is the Malwarebytes scan I woke up to: this was before the scans.




    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 3/30/2014
    Scan Time: 11:11:26 AM
    Logfile:
    Administrator: Yes

    Version: 2.00.0.1000
    Malware Database: v2014.03.28.02
    Rootkit Database: v2014.03.27.01
    License: Premium
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Chameleon: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: Becker

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 250240
    Time Elapsed: 55 hr, 55 min, 32 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Shuriken: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 1
    PUP.Optional.SnapDo.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, http://feed.snapdo.com/?p=mKO_AwFzXIpYRaHk7fb-MO5XCXXVn6DMoLXA5bpSRiP8qgt8qU7OgttvXIHGsPLCbSq6DZIk8YcBZ4oFqibJHA57xcLNtmZ3waCu1wdEn92ITbJEZz_-CXeRhBiqQl7trvimvbGDwH43j_ilY78vTWIQtmGRhRoA0ssN42Ev0fg_6I122zXVnBkO2aY5VtgodTFDlZIabQ,,&q={searchTerms}, Good: (www.google.com), Bad: (http://feed.snapdo.com/?p=mKO_AwFzXIpYRaHk7fb-MO5XCXXVn6DMoLXA5bpSRiP8qgt8qU7OgttvXIHGsPLCbSq6DZIk8YcBZ4oFqibJHA57xcLNtmZ3waCu1wdEn92ITbJEZz_-CXeRhBiqQl7trvimvbGDwH43j_ilY78vTWIQtmGRhRoA0ssN42Ev0fg_6I122zXVnBkO2aY5VtgodTFDlZIabQ,,&q={searchTerms}),,[c7db0800116ace6867c559a6887b41bf]

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)

  4. #14
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Malwarebytes Anti-Malware quarantined that item right?

    Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
    Paste this into the open notepad. save it to the Desktop as fixlist.txt
    NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
    It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

    start
    C:\Program Files (x86)\Avira\AntiVir Desktop\offercast_avirav7_.exe
    C:\Windows\Installer\MSI43DA.tmp
    Reboot:
    end
    After running this script it should reboot your machine, don't be alarmed.

    Run FRST/FRST64 and press the Fix button just once and wait.
    If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


    Update me please, what malware issues remain?
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  5. #15
    Junior Member
    Join Date
    Feb 2014
    Posts
    10

    Default FRST Log

    should I have certain things disabled or enabled when I run these scripts? should avira be off right now?

    MALWARE BYTES FOUND AN ITEM AGAIN
    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 4/1/2014
    Scan Time: 5:56:49 PM
    Logfile:
    Administrator: Yes

    Version: 2.00.0.1000
    Malware Database: v2014.04.01.09
    Rootkit Database: v2014.03.27.01
    License: Premium
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Chameleon: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: Becker

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 250917
    Time Elapsed: 8 min, 23 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Shuriken: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 1
    PUP.Optional.SnapDo.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, http://feed.snapdo.com/?p=mKO_AwFzXIpYRaHk7fb-MO5XCXXVn6DMoLXA5bpSRiP8qgt8qU7OgttvXIHGsPLCbSq6DZIk8YcBZ4oFqibJHA57xcLNtmZ3waCu1wdEn92ITbJEZz_-CXeRhBiqQl7trvimvbGDwH43j_ilY78vTWIQtmGRhRoA0ssN42Ev0fg_6I122zXVnBkO2aY5VtgodTFDlZIabQ,,&q={searchTerms}, Good: (www.google.com), Bad: (http://feed.snapdo.com/?p=mKO_AwFzXIpYRaHk7fb-MO5XCXXVn6DMoLXA5bpSRiP8qgt8qU7OgttvXIHGsPLCbSq6DZIk8YcBZ4oFqibJHA57xcLNtmZ3waCu1wdEn92ITbJEZz_-CXeRhBiqQl7trvimvbGDwH43j_ilY78vTWIQtmGRhRoA0ssN42Ev0fg_6I122zXVnBkO2aY5VtgodTFDlZIabQ,,&q={searchTerms}),,[fd30968f7a0174c27dd915f10bf97d83]

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)








    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
    Ran by Becker at 2014-04-01 17:42:40 Run:2
    Running from C:\Users\Becker\Desktop
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    start
    C:\Program Files (x86)\Avira\AntiVir Desktop\offercast_avirav7_.exe
    C:\Windows\Installer\MSI43DA.tmp
    Reboot:
    end
    *****************

    Could not move "C:\Program Files (x86)\Avira\AntiVir Desktop\offercast_avirav7_.exe" => Scheduled to move on reboot.
    C:\Windows\Installer\MSI43DA.tmp => Moved successfully.

    => Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-04-01 17:45:25)<=

    "C:\Program Files (x86)\Avira\AntiVir Desktop\offercast_avirav7_.exe" => File could not move.

    ==== End of Fixlog ====

  6. #16
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    yes, you can disable avira.

    Hate to sound like a broken record but, did MBAM delete that file in question?

    How is the computer today?
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  7. #17
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    C:\Program Files (x86)\Avira\AntiVir Desktop\offercast_avirav7_.exe
    don't worry about this, when it installed it also installed ASK toolbar....so no biggie.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  8. #18
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Set as follows Internet Explorer back:

    Open Internet Explorer and go to Tools -> Internet Options.
    Click the Advanced tab, under "Internet Explorer Settings Reset" to reset ...
    Click in the "Reset Internet Explorer settings" to confirm reset.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  9. #19
    Junior Member
    Join Date
    Feb 2014
    Posts
    10

    Default seems better

    Malwarebytes reported a clean sweep.

    (previously it was just quarantining, it was deleting anything, so i told malware to delete it manually)

    is there anything else I should run to make sure its clean?

    if it is good, then what can I do to add protection?


    leave malware on?
    spybot? with or without teatimer?
    avira? with or without desktop?
    window's firewall and stuff.

    what will interfere with what?

    can I install a host's file that blocks all the bad sites? I did that for them on the last computer and it worked much better. where do I get one for windows 7?

    what about some useful chrome or IE addon's? do you recomend a popup blocker that is safe?

    is there anyway I can educate my parents on safe internet use?

  10. #20
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    what about some useful chrome or IE addon's? do you recomend a popup blocker that is safe?

    is there anyway I can educate my parents on safe internet use?
    I'll post information about this in my preventive tips.

    Blocking Unwanted Connections with a Hosts File http://winhelp2002.mvps.org/hosts.htm
    scroll down to your version of windows

    if it is good, then what can I do to add protection?

    leave malware on?
    spybot? with or without teatimer?
    avira? with or without desktop?
    window's firewall and stuff.

    what will interfere with what?
    Leave Malwarebytes Anti-Malware on update regularly.
    Keep SpyBot and teatimer, check for updates often
    Avira is good (Will provide choices in preventive tips)
    I use Windows Firewall and have had no issues but there are people who want other Firewalls, have these in my preventive tips as well.

    Let's clean up the tools we used and remove quarantine folders.

    Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
    Paste this into the open notepad. save it to the Desktop as fixlist.txt
    NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

    Run FRST/FRST64 and press the Fix button just once and wait.
    no needed to post the log this time.


    start
    DeleteQuarantine:
    end

    ~~~~~~~~~~~~~~

    1. Download Delfix from here
    2. Ensure Remove disinfection tools is ticked
      Also tick:
      • Create registry backup
      • Purge system restore


    3. Click Run

    Any other tools and files found can simply be deleted or uninstall via Add/Remove Programs in the Control Panel etc.

    ***************

    Your good to go, good job!

    Please take the time to read over a few of my preventive tips.

    Computer Security
    http://malwareremoval.com/forum/view...557960#p557960
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Be prepared for CryptoLocker:

    Cryptolocker Ransomware: What You Need To Know

    CryptoLocker Ransomware Information Guide and FAQ

    to help protect your computer in the future I recommend that you get the following free programmes:

    CryptoPrevent install this programme to lock down and prevent crypto ransome ware



    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Please navigate to Microsoft Windows Updates and download all the "Critical Updates" for Windows.


    Firefox 3
    The award-winning Web browser is now faster, more secure, and fully customizable to your online life. With Firefox 3, added powerful new features that make your online experience even better. It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.
    *NoScript - Addon for Firefox that stops all scripts from running on websites. Stops malicious software from invading via flash, java, javascript, and many other entry points.

    AdblockPlus
    • AdblockPlus, Surf the web without annoying ads!
    • Blocks banners, pop-ups and video ads - even on Facebook and YouTube
    • Protects your online privacy
    • Two-click installation, It's free!
    • click the icon that corresponds to your browser and download.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    WOT Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE.
    • Green should be good to go
    • Yellow for caution
    • Red to stop
    • ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    How to prevent Malware: Created by Miekiemoes


    WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
    See this article (http://www.forbes.com/sites/eliseack...-disable-java/
    and this article (http://www.nbcnews.com/technology/te...late-1B7938755

    I would recommend that you completely uninstall Java unless you need it to run an important software.
    In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser (http://www.geekstogo.com/2600/how-to...r-web-browser/) and How to unplug Java from the browser (http://krebsonsecurity.com/how-to-un...m-the-browser/))


    Avoid P2P

    P2P may be a great way to get lots of stuffs, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well.

    Please read these short reports on the dangers of peer-2-peer programs and file sharing.

    *********************************************
    Please read the following safe computing articles..

    Secure My Computer: A Layered Approach


    Free Antivirus-AntiSpyware-Firewall Software

    Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •