-
Welcome Guest, to the Spybot Forums! It's 2025, and we just upgraded our forum software.
Today is Safer Internet Day, and with our new forum, you can finally use passkeys to login. That was about time!
Of course, you could ask if a forum is still useful, with so many social media networks out there where you might already have an account, and met a lot of users. You can now use your login from some of those networks to log in here. And by posting here, your question and data is stored on our servers and not automatically shared with a whole social media network.
We'll also start using the forum for small bits of information, announcements and more again.
Possible Virus: Help Appreciated
- Thread starter danib
- Start date
- Status
Juliet
Security Expert-emeritus
Running from C:\Users\Alan\Downloads
It's best we move Farbar's to desktop.
Please go to your downloads folder, locate Farbar Recovery Scan Tool, right click and select CUT
Go to an open spot on your desktop, right click and select PASTE
You should now have Farbar Recovery Scan Tool on your desktop.
Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)
Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
~~~~~~~~~~~~~~~~~~~~
AdwCleaner
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Please download Junkware Removal Tool to your desktop.
please post
Fixlog.txt
C:\AdwCleaner.txt
JRT.txt
It's best we move Farbar's to desktop.
Please go to your downloads folder, locate Farbar Recovery Scan Tool, right click and select CUT
Go to an open spot on your desktop, right click and select PASTE
You should now have Farbar Recovery Scan Tool on your desktop.
Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)
Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
~~~~~~~~~~~~~~~~~~~~
- Please download AdwCleaner and save the file to your Desktop.
- Right-Click AdwCleaner.exe and select Run as administrator to run the programme.
- Follow the prompts.
- Click Scan.
- Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate.
- Ensure anything you know to be legitimate does not have a checkmark, and click Clean.
- Follow the prompts and allow your computer to reboot.
- After rebooting, a log (AdwCleaner[S0].txt) will open. Copy the contents of the log and paste in your next reply.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Please download Junkware Removal Tool to your desktop.
- Shut down your protection software now to avoid potential conflicts.
- Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
- The tool will open and start scanning your system.
- Please be patient as this can take a while to complete depending on your system's specifications.
- On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
- Post the contents of JRT.txt into your next message.
please post
Fixlog.txt
C:\AdwCleaner.txt
JRT.txt
Hello Juliet,
Thank you, for your help.
I had difficulty running Farbar at first; it just kept 'not responding'. I had noted that the computer was having difficulty running Windows file explorer; it takes a long time to find the files in a location, the green progress bar just sits at the top.
Farbar was moved to the desktop and the logs are attached.
Thanks again.
Daniel.
Thank you, for your help.
I had difficulty running Farbar at first; it just kept 'not responding'. I had noted that the computer was having difficulty running Windows file explorer; it takes a long time to find the files in a location, the green progress bar just sits at the top.
Farbar was moved to the desktop and the logs are attached.
Thanks again.
Daniel.
Juliet
Security Expert-emeritus
Since running those tools are you seeing any improvements?
At times, Norton Internet Security can bog down a machine but, not sure in this case. How long have you had it on the machine and has it had problems running in the past?
If I read the virus definition log correct, it might also need updating.
~~~~~~~~~~~~~`
Please download Malwarebytes Anti-Malware and save it to your desktop.
When the scan is finished and the log pops up...select Copy to Clipboard
Please paste the log back into this thread for review
Exit Malwarebytes
Please post this log (copy and paste) in your next reply instead of attaching.
At times, Norton Internet Security can bog down a machine but, not sure in this case. How long have you had it on the machine and has it had problems running in the past?
If I read the virus definition log correct, it might also need updating.
~~~~~~~~~~~~~`
Please download Malwarebytes Anti-Malware and save it to your desktop.
- Double-click on the setup file (mbam-setup.exe), then click on Run to install.
- Malwarebytes will automatically open to it's Dashboard. If you have never run this version, you should see a red note at the top indicating "A scan has never been run on your system"
- Click on Update Now to download the current database definitions, then click the Scan Now >> button.
- If you have run this version before, you should see a green note at the top indicating "Your system is fully protected".
- You will be prompted to update Malwarebytes...click on the Update Now button.
- The THREAT SCAN will automatically begin.
- When the scan has completed, the results will be displayed. Click on Quarantine All, then click on Apply Actions.
- To complete any actions taken you will be prompted to restart your computer...click on Yes. Failure to reboot normally will prevent Malwarebytes from removing all the malware.
- After rebooting the computer, copy and paste the mbam.log in your next reply.
- Open Malwarebytes Anti-Malware.
- Click the History Tab at the top and select Application Logs.
- Select (check) the box next to Scan Log. Choose the most current scan.
- Click the View button.
- Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
- Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
- Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
When the scan is finished and the log pops up...select Copy to Clipboard
Please paste the log back into this thread for review
Exit Malwarebytes
Please post this log (copy and paste) in your next reply instead of attaching.
Hi Juliet,
Thank you, for your support. I have to walk to my parents house to access the PC; that is why sometimes it takes a while before I get back to you.
Re your question: Since running those tools are you seeing any improvements?
Yes, I think so. Firefox was doing funny things, opening extra tabs and such like, but I tracked that down to some weird browser extension that's been added called 'extra tab' or something. 'Windows file explorer' is slow too; I can't figure out if that is the PC's spec though.
I noted that Malwarebytes found 8 threats on the system; the log is below.
I have updated Adobe Flash and Adobe Reader; but, Firefox still has Adobe Reader detailed as out of date for some reason.
Thanks for your help once again. I will await your instruction.
All the best,
Daniel.
_____________________________
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 14/07/2015
Scan Time: 16:29:24
Logfile:
Administrator: Yes
Version: 2.1.8.1057
Malware Database: v2015.07.14.04
Rootkit Database: v2015.07.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: Alan
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 302439
Time Elapsed: 28 min, 3 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 3
PUP.Optional.SuperOptimizer.C, HKU\S-1-5-18\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}, Quarantined, [139926bbc6c462d4cf92236fd3311ae6],
PUP.Optional.SuperOptimizer.C, HKU\S-1-5-19\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}, Quarantined, [affd6180fd8d033362fff39f33d1c937],
PUP.Optional.SuperOptimizer.C, HKU\S-1-5-20\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}, Quarantined, [2c80954cee9c5dd928397b17d33129d7],
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 1
PUP.Optional.AdPeak.A, C:\temp, Quarantined, [3676519002885cdac4ad1c19010239c7],
Files: 4
PUP.Optional.CouponDownloader.A, C:\temp\t_ie.exe, Quarantined, [d3d938a9cac0b77fb1d888af4cb4fa06],
PUP.Optional.InstallCore, C:\Users\Alan\Downloads\AcrobatReaderSetup(1).exe, Quarantined, [733919c8d0baad898f1b08f35ca8748c],
PUP.Optional.SuperCool, C:\Users\Alan\Downloads\AcrobatReaderSetup.exe, Quarantined, [37757e63b5d5c076be3bcf5ae41d649c],
PUP.Optional.AdPeak.A, C:\temp\lsp2.log, Quarantined, [3676519002885cdac4ad1c19010239c7],
Physical Sectors: 0
(No malicious items detected)
(end)
________________________________
Thank you, for your support. I have to walk to my parents house to access the PC; that is why sometimes it takes a while before I get back to you.
Re your question: Since running those tools are you seeing any improvements?
Yes, I think so. Firefox was doing funny things, opening extra tabs and such like, but I tracked that down to some weird browser extension that's been added called 'extra tab' or something. 'Windows file explorer' is slow too; I can't figure out if that is the PC's spec though.
I noted that Malwarebytes found 8 threats on the system; the log is below.
I have updated Adobe Flash and Adobe Reader; but, Firefox still has Adobe Reader detailed as out of date for some reason.
Thanks for your help once again. I will await your instruction.
All the best,
Daniel.
_____________________________
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 14/07/2015
Scan Time: 16:29:24
Logfile:
Administrator: Yes
Version: 2.1.8.1057
Malware Database: v2015.07.14.04
Rootkit Database: v2015.07.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: Alan
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 302439
Time Elapsed: 28 min, 3 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 3
PUP.Optional.SuperOptimizer.C, HKU\S-1-5-18\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}, Quarantined, [139926bbc6c462d4cf92236fd3311ae6],
PUP.Optional.SuperOptimizer.C, HKU\S-1-5-19\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}, Quarantined, [affd6180fd8d033362fff39f33d1c937],
PUP.Optional.SuperOptimizer.C, HKU\S-1-5-20\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}, Quarantined, [2c80954cee9c5dd928397b17d33129d7],
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 1
PUP.Optional.AdPeak.A, C:\temp, Quarantined, [3676519002885cdac4ad1c19010239c7],
Files: 4
PUP.Optional.CouponDownloader.A, C:\temp\t_ie.exe, Quarantined, [d3d938a9cac0b77fb1d888af4cb4fa06],
PUP.Optional.InstallCore, C:\Users\Alan\Downloads\AcrobatReaderSetup(1).exe, Quarantined, [733919c8d0baad898f1b08f35ca8748c],
PUP.Optional.SuperCool, C:\Users\Alan\Downloads\AcrobatReaderSetup.exe, Quarantined, [37757e63b5d5c076be3bcf5ae41d649c],
PUP.Optional.AdPeak.A, C:\temp\lsp2.log, Quarantined, [3676519002885cdac4ad1c19010239c7],
Physical Sectors: 0
(No malicious items detected)
(end)
________________________________
Juliet
Security Expert-emeritus
Let's see if Firefox update plugin tool will cure that issue.
https://www.mozilla.org/en-US/plugincheck/
This site will check which version of Flash is on the machine with directions how to update. Note - uncheck McAfee security scan.
http://www.adobe.com/software/flash/about/
~~~~~~~~~~~~~~~~~~~~~~~~
What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.
Most reliable and thorough.
The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
This scanner can take quite a bit of time to run, depending of course how full your computer is.
ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.
https://www.mozilla.org/en-US/plugincheck/
This site will check which version of Flash is on the machine with directions how to update. Note - uncheck McAfee security scan.
http://www.adobe.com/software/flash/about/
~~~~~~~~~~~~~~~~~~~~~~~~
What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.
Most reliable and thorough.
The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
This scanner can take quite a bit of time to run, depending of course how full your computer is.
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.
- Please download ESET Online Scan and save the file to your Desktop.
- Temporarily disable your anti-virus software. For instructions, please refer to the following link.
- Double-click esetsmartinstaller_enu.exe to run the programme.
- Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
- Agree to the Terms of Use once more and click Start. Allow components to download.
- Place a checkmark next to Enable detection of potentially unwanted applications.
- Click Advanced settings. Place a checkmark next to:
- Scan archives
- Scan for potentially unsafe applications
- Enable Anti-Stealth technology
- Ensure Remove found threats is unchecked.
- Click Start.
- Wait for the scan to finish. Please be patient as this can take some time.
- Upon completion, click . If no threats were found, skip the next two bullet points.
- Click and save the file to your Desktop, naming it something such as "MyEsetScan".
- Push the Back button.
- Place a checkmark next to and click
.
- Re-enable your anti-virus software.
- Copy the contents of the log and paste in your next reply.
Hi Juliet,
Please find log contents below:
C:\AdwCleaner\Quarantine\C\Program Files\004\rqpbhevlkc32.exe.vir a variant of Win32/AdWare.Adpeak.F application
C:\FRST\Quarantine\C\Users\Alan\AppData\Local\Temp\IrsoDLL.dll.xBAD a variant of Win32/InstallCore.YX potentially unwanted application
C:\FRST\Quarantine\C\Users\Alan\AppData\Local\Temp\optprosetup.exe.xBAD multiple threats
Regarding Firefox and Adobe: I ran the plugin update tools again and got the same result on Adobe Reader. Research indicates that the Adobe Reader being listed as not updated when it is issue could be because Vista is not supported anymore. There are newer versions out there, but Firefox doesn't know that they don't apply. If that makes sense?
Awaiting instructons.
Thanks again,
Daniel.
Please find log contents below:
C:\AdwCleaner\Quarantine\C\Program Files\004\rqpbhevlkc32.exe.vir a variant of Win32/AdWare.Adpeak.F application
C:\FRST\Quarantine\C\Users\Alan\AppData\Local\Temp\IrsoDLL.dll.xBAD a variant of Win32/InstallCore.YX potentially unwanted application
C:\FRST\Quarantine\C\Users\Alan\AppData\Local\Temp\optprosetup.exe.xBAD multiple threats
Regarding Firefox and Adobe: I ran the plugin update tools again and got the same result on Adobe Reader. Research indicates that the Adobe Reader being listed as not updated when it is issue could be because Vista is not supported anymore. There are newer versions out there, but Firefox doesn't know that they don't apply. If that makes sense?
Awaiting instructons.
Thanks again,
Daniel.
Juliet
Security Expert-emeritus
Heres a good article concerning Adobe and windows Vista
https://helpx.adobe.com/acrobat/kb/run-acrobat-windows-vista.html
Scan came back in good shape, all items already in quarantine folders, no more malware found.
What other issues remain?
https://helpx.adobe.com/acrobat/kb/run-acrobat-windows-vista.html
Scan came back in good shape, all items already in quarantine folders, no more malware found.
What other issues remain?
Hi Juliet,
Good, I can answer this one from my house!
I have increased the Windows Vista virtual memory limit and activated Ready Boost using a USB to give him some extra memory. Hopefully, that will speed up his PC too. In addition, I have tried to update everything for him.
If you are happy, I am happy. Everything seems much better at this end - thank you. I'll tell my dad to watch what he's clicking more closely (again); he's an author and political activist, so he goes on dodgy sites that I just wouldn't contemplate visiting.
One last thing please, could you direct me to the clean up tool that removes all these programs we have put on his PC?
Thanks again, for your kind help.
Good, I can answer this one from my house!
I have increased the Windows Vista virtual memory limit and activated Ready Boost using a USB to give him some extra memory. Hopefully, that will speed up his PC too. In addition, I have tried to update everything for him.
If you are happy, I am happy. Everything seems much better at this end - thank you. I'll tell my dad to watch what he's clicking more closely (again); he's an author and political activist, so he goes on dodgy sites that I just wouldn't contemplate visiting.
One last thing please, could you direct me to the clean up tool that removes all these programs we have put on his PC?
Thanks again, for your kind help.
Juliet
Security Expert-emeritus
This week Microsoft Updates released updates to vulnerabilities I think found in a couple of items (software) he has on his machine.
Be sure to run updates to get that covered.
What I'm expecting with the Eset scan is to find items already held in quarantine. Also, Eset is good to show us other items that might not have been found using the tools we already used.
Sometimes these are malicious and sometimes not. Thats why I ask to uncheck it to remove all threats so that I might be able to look at whats been found and then if it needs to be removed we can do that.
Yes, I have a tool that will remove things with their quarantine folders when we're done.
Hi Juliet,
I was conscious about taking up too much of your time.
The whole situation:
Where malware is concerned, there doesn't seem to be any strange behaviour anymore and the PC is definitely faster at completing tasks - thank you.
I ran a Microsoft 'fixit' patch (I wouldn't run a similar tool from any other company) to repair Windows update. The tool repaired a long list of update related issues, except two.
I can't remember what the two issues were and I am not close to that PC to check. Windows Update does seem to work when I click 'check for updates'; I'm not sure if it works on a schedule though. I appreciate Vista is old now and I don't think that he has the installation discs, so he may have to live with those two issues.
He has also had a monitor issue for the past two years or so; but after checking the drivers and swapping monitors, I finally tracked the issue down to an old unplugged PC that he had close by. I moved the old PC and removed a kink in the monitor cable and the monitor is fine now.
Re: vulnerabilities - tomorrow morning I will run Windows Update again until there are no more updates available.
Apart from the malware issues, which I am awaiting your advice on, that's everything; I think.
Thank you,
Daniel.
I was conscious about taking up too much of your time.
The whole situation:
Where malware is concerned, there doesn't seem to be any strange behaviour anymore and the PC is definitely faster at completing tasks - thank you.
I ran a Microsoft 'fixit' patch (I wouldn't run a similar tool from any other company) to repair Windows update. The tool repaired a long list of update related issues, except two.
I can't remember what the two issues were and I am not close to that PC to check. Windows Update does seem to work when I click 'check for updates'; I'm not sure if it works on a schedule though. I appreciate Vista is old now and I don't think that he has the installation discs, so he may have to live with those two issues.
He has also had a monitor issue for the past two years or so; but after checking the drivers and swapping monitors, I finally tracked the issue down to an old unplugged PC that he had close by. I moved the old PC and removed a kink in the monitor cable and the monitor is fine now.
Re: vulnerabilities - tomorrow morning I will run Windows Update again until there are no more updates available.
Apart from the malware issues, which I am awaiting your advice on, that's everything; I think.
Thank you,
Daniel.
Juliet
Security Expert-emeritus
I'm here to help so don't worry about my time, I'm here for you and others who don't know what to do.
What will be shown for Vista updates might not be much sorry, but with having the understanding theres not much out there any more is a help to me.
Let's remove tools and quarantine folders and let you be on your way.
DelFix
- Please download DelFix or from Here and save the file to your Desktop.
- Double-click DelFix.exe to run the programme.
- Place a checkmark next to the following items:
- Activate UAC
- Remove disinfection tools
- Click the Run button.
- -- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).
~~~~~~~~~~~~~~~
- Answers to common security questions - Best Practices by quietman7, MVP
- How Malware Spreads - How did I get infected? by quietman7, MVP
- Simple and easy ways to keep your computer safe and secure on the Internet by Lawrence Abrams, MVP
- How to Prevent Malware by miekiemoes, MVP
- How to backup and restore your data using Cobian Backup by YourHighness
- Slow Computer/browser? It May Not Be Malware by quietman7, MVP
- AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.
- CryptoPrevent places policy restrictions on loading points for ransomware (eg.CryptoPrevent), preventing your files from being encrypted.
- Malwarebytes Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
- Malwarebytes Anti-Malware Premium (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
- NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
Sandboxie isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.- Secuina PSI will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you.
- SpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
- Web of Trust (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.
Hi Juliet,
I ran DelFix; it cleaned up most of what we put on and I deleted the rest.
I'm just running the System Update Readiness Tool for Windows Vista, hopefully that will sort the update issue because some updates still won't install. Everythng else seems a lot better now.
Hey Juliet, you're the best. Thanks for all your help.
Daniel.
I ran DelFix; it cleaned up most of what we put on and I deleted the rest.
I'm just running the System Update Readiness Tool for Windows Vista, hopefully that will sort the update issue because some updates still won't install. Everythng else seems a lot better now.
Hey Juliet, you're the best. Thanks for all your help.
Daniel.
- Status