PDA

View Full Version : Windows 7 Doing Strange Things



danib
2015-09-02, 14:55
Hi,

Over the past couple of days my computer has started doing really strange things. I build websites for a living so I am ‘really’ careful what sites I go on and what I download.

Here are some of the issues:

- File explorer is making the error noise when I open it and doing strange things

- Files are opening with one click

- When I click to maximize a minimized aero peek window from the taskbar the windows open then disappear

- The mouse is not highlighting and copying things correctly

- Explorer is doing lots of weird things - the error noise is sounding when I use some tools, when I open a new tab it closes explorer down, two tabs open at once and more

- When I open control panel it changes the page in explorer

I have recently been listening to music on Deezer.com while I work and I noticed that the music and ads wouldn’t work correctly the other day. This is the only place I could have possibly got a virus from.

Please find the logs attached. The logs were too big according to the forum rules so I had to split some of them over two files

Thanks.

ken545
2015-09-04, 21:21
:snwelcome:

Lets run a few scans and see what they turn up, if malware is not the reason causing this I can refer you to a windows forum that can help.

If you can I would prefer if possible to copy and paste the logs we ask for into this thread in lieu of attaching them




-AdwCleaner-by Xplode


Click on this link to download : ADWCleaner (http://www.bleepingcomputer.com/download/adwcleaner/) TO YOUR DESKTOP
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.
Use my link only, do not do a search for AdwCleaner as there is a bogus copy going around by scammers




Do not click on any links in the top Advertisment.


http://i24.photobucket.com/albums/c30/ken545/AdwCleaner4.201_zpsxrbk2llq.jpg (http://s24.photobucket.com/user/ken545/media/AdwCleaner4.201_zpsxrbk2llq.jpg.html)




Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Scan.
After the scan is complete click on "Clean"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.






===============================================================================






http://imageshack.us/a/img841/7292/thisisujrt.gif Please download Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/) TO YOUR DESKTOP


Download the one from Bleeping Computer
Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.








===============================================================================


Download Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam-download.php) TO YOUR DESKTOP




Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"




http://i24.photobucket.com/albums/c30/ken545/0841859c-1a35-4dbd-b41a-e720629e3e22_zpst0yckuua.png (http://s24.photobucket.com/user/ken545/media/0841859c-1a35-4dbd-b41a-e720629e3e22_zpst0yckuua.png.html)




On the Dashboard click on Update Now
Go to the Setting Tab
Under Setting go to Detection and Protection
Under PUP and PUM make sure both are set to show Treat Detections as Malware
Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
Then on the Dashboard click on Scan
Make sure to select THREAT SCAN
Then click on Scan
When the scan is finished and the log pops up...select Copy to Clipboard
Please paste the log back into this thread for review
Exit Malwarebytes

danib
2015-09-05, 14:09
Hi Ken545,

I haven't used the forum on my own behalf for quite a few years, I have used the service recently to
help my parents with their PC's though. We are all very grateful for your time. Thank you, for your help.

Please find the logs attached.

The computer continued missbehaving after running the JRT scan. Firefox opened up some new tabs to Photobucket on it's own. When I clicked to delete the Firefox history it opened up some more tabs to Photobucket; then, I noticed the strangest thing, when I hovered over the Photobucket tab I noticed that 'your username' was in the link. How weird is that? Not a coincidence I think!

So, I took a screenshot which was difficult as MS Paint kept shutting down and would not select and copy; but, I got there in the end - please see attached screenshot. The taskbar is also maximizing the wrong programs when I click an icon. Files are still opening on a single click too and control panel windows are maximising when I just click the white background.

I pressume there is something more serious than junkware on here. I'm devastated because I absolutely
love this PC. I use it for everything including my job; the performance is great and I have never had any
trouble with it. I am always ultra careful what sites I go on, and if I am ever unsure about a download
I don't use this computer, I will use another.

I was hoping that Malwarebytes would find something amiss. A Malwarebytes log did not open up after completion but I noticed the 'save results' link so I copied the information from there.

Thanks again


###################


Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 05/09/2015
Scan Time: 10:58 AM
Logfile:
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.09.05.03
Rootkit Database: v2015.08.16.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: User

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 563991
Time Elapsed: 57 min, 42 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

ken545
2015-09-05, 15:13
Good Morning,

I host all my images at PhotoBucket in the instructions that I post for the tools we use to clean up computers so that would explain why my username is tied to it.

The scans are really not coming up with much, run this quick fix to clean out all your temp files using FRST

~Open notepad , Go to Start --> All Programs --> Accessories --> Notepad.
Please copy the entire contents Inside of the code box below beginning with START and ending with END
(To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
Name the file Fixlist, Save it to your desktop where you have FRST/FRST64 or the fix wont work, . Then open up FRST/FRST64 and click on FIX (Not Scan) It won't take long, after your computer reboots you will find a FIXLOG.TXT on your desktop, post it please




Start
CloseProcesses:
CreateRestorePoint:
Hosts:
CMD: ipconfig /flushdns
EmptyTemp:
End



NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system



Then lets run the Rootkit scanner with Malwarebytes to make sure a Rootkit type of infection is not present

Please download Malwarebytes Anti-Rootkit from Here (http://downloads.malwarebytes.org/file/mbar)


Unzip the contents to a folder in a convenient location.
Open the folder where the contents were unzipped and run mbar.exe
Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
Click on the Cleanup button to remove any threats and reboot if prompted to do so.
Wait while the system shuts down and the cleanup process is performed.
Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

danib
2015-09-05, 16:58
Hi Ken545,

There was only one log file - system-log.txt. Please find it attached. I didn't run a second scan as nothing was found.

This is starting to worry me as nothing is being found but the PC is no better.

The PC was purchased with Vista on, I then bought a Windows 7 upgrade disk from Dell, and now I have a copy of Windows 10 waiting. So, I don't have an original factory installation disk for it if I need to reinstall Windows from scratch.

I know I have a failed Array on one of the hard drives. The PC works fine though, except the virus. I wanted to try to get rid of the virus before I tried rebuilding the Array. Apparently, I might not a new hard drive because all the hard drive tests I have run with Seagates own integrity software shows the drive health as fine.

Thank you, for your help.

danib
2015-09-05, 17:11
Sorry, I forgot fixlog.txt

ken545
2015-09-05, 17:31
What I would like to recommend at this point are two things.. Have you tried a System Restore back prior to this issue your having ?
http://windows.microsoft.com/en-us/windows7/restore-system-files-and-settings


Let me know on that and if a System Restore wont help we can run a free online Virus scanner from ESET. If ESET comes back clean than we can say that malware or a virus is not to blame and I can send you to a good windows forum that can help you sort this out as we just do malware removal on this one



ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan


*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.





Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.


Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button.
Accept any security warnings from your browser.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button.
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png

Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Scanner.

danib
2015-09-05, 17:41
Hi Ken545,

No, I have not tried a restore. Through experience I know not to try anything without taking advice from you guys first.

I don't know a lot about PC virus, but I think I had a virus years ago and did a restore and the virus stayed on, or are you thinking it's not a virus and a restore might cure some other PC problem?

What it's doing just appears to be classic virus behavior from my limited experience? Would you be happy if I ran an ESET scan before I tried to restore?

Thanks you.

ken545
2015-09-05, 17:54
Yes, lets do that, run ESET first and if nothing shows up to suggest your infected than do a restore

danib
2015-09-06, 13:06
Hi Ken545,

After hearing back I ran the ESET scan which took a long time; nothing was found. No logs were produced so I took a screenshot from the completed scan screen - attached.

I then thought more about the fact you thought no viruses were on the PC. I remembered that the other week I changed my mouse mat because the mouse pointer didn’t seem 100%.

Surely, all these strange happenings couldn’t be down to a dodgy mouse? The more I thought about it the more I thought that it could be. All the strange sounds and windows opening up happen when I do something with the mouse.

So, I tried a spare mouse and, the problems appeared to go away.

I hope you don’t think I have wasted your time. Although, the problems aren’t virus related, I would still be struggling on thinking they were without your opinion.

Unfortunately, I just didn’t think to try exchanging the mouse; in my mind the weird behaviour just pointed to a virus according to what I have seen in the past.

Regarding Deezer.com - I’m old enough to know not to express an opinion about what problems are and where they might have come from without knowing 100%.

I have tried updating my original post, to point out that this was nothing to do with Dezzer.com, but I can’t see anywhere to edit it.

Thank you, one last time. I appreciate all your help.

All the best

danib
2015-09-06, 13:08
Hi Ken545,

I forgot to mention: Could you direct me to a desktop cleanup tool please to remove the AV apps we have run.

Thank you, once more.

ken545
2015-09-06, 13:52
Good Morning


I hope you don’t think I have wasted your time
Not at all, glad you figured out what it was. Sometimes it can be a little thing , in this case your mouse that caused all the problems. You did the right thing by posting, now you know you have a 100% virus/malware free system.


From what i have been reading, Deezer appears to be very safe to use so if you enjoy it keep using it


Double click on AdwCleaner.exe to run the tool again.


Click on the Uninstall button.
Click Yes when asked are you sure you want to uninstall.
Both AdwCleaner.exe, its folder and all logs will be removed.






==========================================================




Please download DelFix (http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/9-delfix) and save the file to your Desktop.


http://i24.photobucket.com/albums/c30/ken545/DelFix_zps139e2ea1.jpg (http://s24.photobucket.com/user/ken545/media/DelFix_zps139e2ea1.jpg.html)




Windows XP Double Click DelFix.exe to run the program.
Windows Vista > Win 7 > Win 8 Right Click on DelFix.exe and select RUN AS ADMINISTRATOR
Checkmark " Remove Disinfection Tools"
Click the Run button




This will remove the specialised tools we used to clean your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually






==========================================================








How did I get infected in the first place ?




WhattheTech (http://forums.whatthetech.com/index.php?showtopic=97186")
Grinler BleepingComputer (http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)






Safe Surfn
Ken

danib
2015-09-06, 20:05
Hi Ken545,

Yes, I'm really pleased about Deezer.com being safe. I listen to BBC Radio 4 99% of the time; but, I really enjoy listening to some loud music occasionally while I work.

I was at a loss when Grooveshark was taken offline; then really happy when I found Deezer.com.

The world needs people like you. The bad guys are still out there; so, we'll more than likely meet again in the future.

Thank you, and all the very best.

Dan.

ken545
2015-09-06, 20:38
Thank you Dan. Yep lots of bad things going around if your not careful. Don't know all the particulars but I believe Grooveshark was sued by Sony and a few others and shut them down.

Lets hope we meet again but not on a Malware Removal forum :slap:

Take care my friend

Ken :)