Results 1 to 6 of 6

Thread: Appear to be Infected

  1. #1
    Junior Member
    Join Date
    Dec 2006
    Posts
    20

    Default Appear to be Infected

    I appear to be infected with some malware causing "youradexchange.com" and "survey.com-annual survey" pop ups. Just noticed this morning. I ran a scan with Malwarebytes and found only low-risk items. Did not remove anything. Also ran Norton anti-virus scan and removed some cookies which were found. Downloaded and ran Adwcleaner and it found several items but I was afraid to delete anything as some were registry keys.

    Am running Windows 8, 64-bit and use Chrome as primary browser. Also have IE 10 installed but rarely use.

    Can you help?

    Thanks in advance!
    -----------------------------------------
    Edit
    For future reference and others reading.
    http://forums.spybot.info/showthread...nce%29-Updated
    Last edited by tashi; 2015-01-29 at 00:56. Reason: Added link to forum FAQ

  2. #2
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default



    Go ahead and run AdwCleaner but press Report and post the report and lets see what it found



    Please download aswMBR to your desktop.

    • Double click the aswMBR icon to run it.
    • Click the Scan button to start scan.
    • If you are asked to update the Avast Virus database please allow it to do so.
    • When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.


    I just want to see the report....Please Do Not Fix Anything

    ============================================================================




    Please download Farbar Recovery Scan Tool and save it to your desktop.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

    How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system
    A simple way to check your system: Start --> Computer (right click) --> Properties




    • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
    • Please make sure All Users is checked
    • Just keep the defaults as in the picture checkmarked
    • Press Scan button.
    • It will produce a log called FRST.txt in the same directory the tool is run from.
    • Please copy and paste log back here.
    • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  3. #3
    Junior Member
    Join Date
    Dec 2006
    Posts
    20

    Default AdwCleaner Log

    Will download and run other software soon. I disabled a Silverlight extension in Chrome and have had no further issues. This may or may not be coincidence.

    AdwCleaner v4.109 - Report created 28/01/2015 at 17:37:20
    # Updated 24/01/2015 by Xplode
    # Database : 2015-01-26.1 [Live]
    # Operating System : Windows 8 (64 bits)
    # Username : Bill - BILLTOSHIBA
    # Running from : C:\Users\wfrcp_000\Downloads\AdwCleaner.exe
    # Option : Scan

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    File Found : C:\Users\wfrcp_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage
    File Found : C:\Users\wfrcp_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage-journal
    File Found : C:\Users\wfrcp_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
    File Found : C:\Users\wfrcp_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
    File Found : C:\Users\wfrcp_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.zabasearch.com_0.localstorage
    File Found : C:\Users\wfrcp_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.zabasearch.com_0.localstorage-journal
    File Found : C:\Users\wfrcp_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal
    Folder Found : C:\Users\wfrcp_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
    Folder Found : C:\Users\wfrcp_000\AppData\LocalLow\HPAppData
    Folder Found : C:\Users\wfrcp_000\Favorites\StumbleUpon
    Folder Found : C:\Users\wfrcp_000\Favorites\StumbleUpon

    ***** [ Scheduled Tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki
    Key Found : HKCU\Software\Pokki
    Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
    Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
    Key Found : [x64] HKCU\Software\Pokki
    Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
    Key Found : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
    Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Pokki]

    ***** [ Browsers ] *****

    -\\ Internet Explorer v10.0.9200.17183

    Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Secondary Start Pages] - hxxp://mystart.toshiba.com/
    Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL] - hxxp://mystart.toshiba.com
    Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL] - hxxp://mystart.toshiba.com
    Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Secondary Start Pages] - hxxp://mystart.toshiba.com
    Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL] - hxxp://mystart.toshiba.com
    Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Secondary Start Pages] - hxxp://mystart.toshiba.com

    -\\ Google Chrome v40.0.2214.93


    *************************

    AdwCleaner[R0].txt - [4035 octets] - [28/01/2015 11:18:40]
    AdwCleaner[R1].txt - [4036 octets] - [28/01/2015 11:19:01]
    AdwCleaner[R2].txt - [3396 octets] - [28/01/2015 17:37:20]

    ########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [3456 octets] ##########

  4. #4
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    You can have AdwCleaner remove it all, it wouldn't have flagged them if they where ok
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  5. #5
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Still with me ?
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  6. #6
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Due to inactivity, this thread will now be closed.

    If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a new FRST log with a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

    It takes time to analyze logs and prepare a response. Volunteers help users at several sites, and take X number of new topics in order to give each member their attention.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •