Malware #SL9DW61 message

[Juliet]

I am still getting a ranom window opening invitation to open Search Incognito for Firefox

Sounds like this is an addon in Firefox
http://www.thewindowsclub.com/disabl...chrome-firefox
scroll down to Disable Private Browsing

~~

Please download the Malwarebytes Anti-Malware setup file to your Desktop.

OR from this location Malwarebytes' Anti-Malware

• Open mbam-setup.x.x.xxxx.exe (x represents the version #) and follow the prompts to install the programme.
  
• On the Dashboard click on Update Now
  
• Go to the Setting Tab
  
• Under Setting go to Detection and Protection
  
• Under PUP and PUM make sure both are set to show Treat Detections as Malware
  
• Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
  
• Then on the Dashboard click on Scan
  
• Make sure to select THREAT SCAN
  
• Then click on Scan
  
• Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards.
• If threats are detected, click Remove Selected. If you are prompted to reboot, click Yes.
• Upon completion of the scan (or after the reboot), click the History tab.
• Click Application Logs, followed by the first Scan Log.
• Click Export,followed by Copy to Clipboard. Paste the log in your next reply.

~~~

Please download Emsisoft Emergency Kit and save it to your desktop.
Double click on the EmsisoftEmergencyKit file you downloaded to extract its contents and create a shortcut on the desktop.

• Leave all settings as they are and click the Extract button at the bottom.
• A folder named EEK will be created in the root of the drive (usually c:\).

• After extraction please double-click on the new Start Emsisoft Emergency Kit icon on your desktop.
• The first time you launch it, Emsisoft Emergency Kit will recommend that you allow it to download updates.
• Please click Yes so that it downloads the latest database updates.
• When the update process is complete, a new button will appear in the lower-left corner that says Back. Click on this button to return to the Overview screen.
• Click on Scan to be taken to the scan options.
• If you are asked if you want the scanner to scan for Potentially Unwanted Programs, then click Yes.
• Click on the Malware Scan button to start the scan.
• When the scan is completed click the View report button in the lower-right corner, and the scan log will be opened in Notepad.
• Please save the log in Notepad on your desktop, and copy it to your next reply.
• When you close Emsisoft Emergency Kit, it will give you an option to sign up for a newsletter. This is optional, and is not necessary for the malware removal process.

Please post these 2 logs when finished.

[Astonmad]

Malwarebytes Anti-Malware
www.malwarebytes.org


Protection, 23/11/2016 13:01, SYSTEM, MARTIN-HP, Protection, Malware Protection, Starting,
Protection, 23/11/2016 13:01, SYSTEM, MARTIN-HP, Protection, Malware Protection, Started,
Protection, 23/11/2016 13:01, SYSTEM, MARTIN-HP, Protection, Malicious Website Protection, Starting,
Protection, 23/11/2016 13:01, SYSTEM, MARTIN-HP, Protection, Malicious Website Protection, Started,
Update, 23/11/2016 13:04, SYSTEM, MARTIN-HP, Manual, Remediation Database, 2016.2.12.1, 2016.9.21.1,
Update, 23/11/2016 13:04, SYSTEM, MARTIN-HP, Manual, IP Database, 2016.2.8.1, 2016.11.22.1,
Update, 23/11/2016 13:04, SYSTEM, MARTIN-HP, Manual, Domain Database, 2016.2.16.8, 2016.11.23.1,
Update, 23/11/2016 13:04, SYSTEM, MARTIN-HP, Manual, Rootkit Database, 2016.2.8.1, 2016.11.20.1,
Error, 23/11/2016 13:04, SYSTEM, MARTIN-HP, Manual, 0,
Update, 23/11/2016 13:04, SYSTEM, MARTIN-HP, Manual, Malware Database, Failed, Unable to access update server, 2016.2.16.6, 2016.11.23.8,
Protection, 23/11/2016 13:04, SYSTEM, MARTIN-HP, Protection, Refresh, Starting,
Protection, 23/11/2016 13:04, SYSTEM, MARTIN-HP, Protection, Malicious Website Protection, Stopping,
Protection, 23/11/2016 13:04, SYSTEM, MARTIN-HP, Protection, Malicious Website Protection, Stopped,
Protection, 23/11/2016 13:05, SYSTEM, MARTIN-HP, Protection, Refresh, Success,
Protection, 23/11/2016 13:05, SYSTEM, MARTIN-HP, Protection, Malicious Website Protection, Starting,
Protection, 23/11/2016 13:05, SYSTEM, MARTIN-HP, Protection, Malicious Website Protection, Started,
Update, 23/11/2016 13:42, SYSTEM, MARTIN-HP, Scheduler, Malware Database, 2016.2.16.6, 2016.11.23.8,
Protection, 23/11/2016 13:42, SYSTEM, MARTIN-HP, Protection, Refresh, Starting,
Protection, 23/11/2016 13:42, SYSTEM, MARTIN-HP, Protection, Malicious Website Protection, Stopping,
Protection, 23/11/2016 13:42, SYSTEM, MARTIN-HP, Protection, Malicious Website Protection, Stopped,
Protection, 23/11/2016 13:42, SYSTEM, MARTIN-HP, Protection, Refresh, Success,
Protection, 23/11/2016 13:42, SYSTEM, MARTIN-HP, Protection, Malicious Website Protection, Starting,
Protection, 23/11/2016 13:42, SYSTEM, MARTIN-HP, Protection, Malicious Website Protection, Started,
Scan, 23/11/2016 13:52, SYSTEM, MARTIN-HP, Manual, Start:23/11/2016 13:04, Duration:23 min 26 sec, Threat Scan, Completed, 0 Malware Detections, 139 Non-Malware Detections,
Protection, 23/11/2016 13:57, SYSTEM, MARTIN-HP, Protection, Malware Protection, Starting,
Protection, 23/11/2016 13:57, SYSTEM, MARTIN-HP, Protection, Malware Protection, Started,
Protection, 23/11/2016 13:57, SYSTEM, MARTIN-HP, Protection, Malicious Website Protection, Starting,
Protection, 23/11/2016 13:57, SYSTEM, MARTIN-HP, Protection, Malicious Website Protection, Started,

(end)

[Astonmad]

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 23/11/2016
Scan Time: 13:42
Logfile:
Administrator: Yes

Version: 0.0.0.0000
Malware Database: v2016.11.23.08
Rootkit Database: v2016.11.20.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Martin

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 507047
Time Elapsed: 23 min, 26 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

[Astonmad]

Emsisoft Emergency Kit - Version 11.9
Last update: 23/11/2016 14:43:49
User account: MARTIN-HP\Martin
Computer name: MARTIN-HP
OS version: Windows 10x64

Scan settings:

Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files

Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start: 23/11/2016 14:45:08
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN detected: Setting.NoRun (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN detected: Setting.NoRun (A)
Key: HKEY_USERS\S-1-5-21-533333334-2176733419-3778265130-1003\SOFTWARE\APN detected: Application.InstallAd (A)
C:\Program Files (x86)\Serif_PhotoPlus\Serif_PhotoPlusToolbarHelper.exe detected: Application.Win32.WebTool (A)
M:\Users\Martin\Downloads\free_load_Tuning_Manual_G_Thomas_downloader.exe detected: Gen:Variant.Razy.105954 (B)

Scanned 112587
Found 9

Scan end: 23/11/2016 15:33:22
Scan time: 0:48:14

M:\Users\Martin\Downloads\free_load_Tuning_Manual_G_Thomas_downloader.exe Gen:Variant.Razy.105954 (B)
C:\Program Files (x86)\Serif_PhotoPlus\Serif_PhotoPlusToolbarHelper.exe Application.Win32.WebTool (A)
Key: HKEY_USERS\S-1-5-21-533333334-2176733419-3778265130-1003\SOFTWARE\APN Application.InstallAd (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN Setting.NoRun (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS Setting.DisableRegistryTools (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR Setting.DisableTaskMgr (A)

Quarantined 6

[Juliet]

How's the computer now?

[Astonmad]

Hello

I am not sure yet. Malwarebytes seems to have found some nasty malware. (I can see these in above logs) This morning Malwarebytes flagged another problem with Visicom toolbar so I have quarantined that. I think that we are almost there. Will test extensively today.

[Astonmad]

The SL9DW61 MESSAGE seems to have gone but I have random windows opening when I click on a link. Example is flagging newpopvirus virus. I will run Malwarebytes again.

[Juliet]

Do this as well

Instructions on how to backup your Favourites/Bookmarks and other data can be found below.

• Backup Internet Explorer Favourites
• Backup Firefox Bookmarks
• Backup Chrome Bookmarks

Proceed with the reset once done.

• Internet Explorer: How to reset Internet Explorer settings
• Firefox:Reset Firefox
• Chrome: Chrome - Reset browser settings
  

~~~~~~~~

[Astonmad]

Have reset Firefox but I am trying to reset Microsoft Edge. Only it opens and then shuts itself down immediately.

[Astonmad]

Firefox is working fine now
Does this mean I should install Malwarebytes as well as SpyBot and McAfee?