Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 21

Thread: Nothing is detecting this!

  1. #11
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,739

    Default

    I was thinking it was some chrome extenson.
    It's possible,

    Make sure to follow through and reset Google Chrome.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  2. #12
    Junior Member
    Join Date
    Oct 2018
    Posts
    13

    Default

    Code:
    HitmanPro 3.8.0.295
    www.hitmanpro.com
    
       Computer name . . . . : DRAGON
       Windows . . . . . . . : 10.0.0.17134.X64/8
       User name . . . . . . : Dragon\Chuck
       UAC . . . . . . . . . : Enabled
       License . . . . . . . : Free
    
       Scan date . . . . . . : 2018-10-26 18:15:25
       Scan mode . . . . . . : Normal
       Scan duration . . . . : 9m 9s
       Disk access mode  . . : Direct disk access (SRB)
       Cloud . . . . . . . . : Internet
       Reboot  . . . . . . . : No
    
       Threats . . . . . . . : 0
       Traces  . . . . . . . : 12
    
       Objects scanned . . . : 3,136,579
       Files scanned . . . . : 158,057
       Remnants scanned  . . : 845,901 files / 2,132,621 keys
    
    Suspicious files ____________________________________________________________
    
       C:\Users\Chuck\AppData\Local\PunkBuster\BF4\pb\dll\wc002343.dll
          Size . . . . . . . : 974,424 bytes
          Age  . . . . . . . : 1480.7 days (2014-10-07 01:17:52)
          Entropy  . . . . . : 7.6
          SHA-256  . . . . . : E3050D29EB6CF5038F6723A7CD3D8C56D7334FF5B26237654FBAED56B3CF90F9
          RSA Key Size . . . : 2048
          Authenticode . . . : Valid
          Fuzzy  . . . . . . : 22.0
             The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
             Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
             Authors name is missing in version info. This is not common to most programs.
             Version control is missing. This file is probably created by an individual. This is not typical for most programs.
             Program contains PE structure anomalies. This is not typical for most programs.
             Program is code signed with a valid Authenticode certificate.
    
       C:\Users\Chuck\AppData\Local\PunkBuster\BF4\pb\pbcl.dll
          Size . . . . . . . : 974,424 bytes
          Age  . . . . . . . : 1480.7 days (2014-10-07 01:17:52)
          Entropy  . . . . . : 7.6
          SHA-256  . . . . . : E3050D29EB6CF5038F6723A7CD3D8C56D7334FF5B26237654FBAED56B3CF90F9
          RSA Key Size . . . : 2048
          Authenticode . . . : Valid
          Fuzzy  . . . . . . : 22.0
             The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
             Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
             Authors name is missing in version info. This is not common to most programs.
             Version control is missing. This file is probably created by an individual. This is not typical for most programs.
             Program contains PE structure anomalies. This is not typical for most programs.
             Program is code signed with a valid Authenticode certificate.
    
       C:\Users\Chuck\AppData\Local\PunkBuster\BF4\pb\pbclold.dll
          Size . . . . . . . : 963,808 bytes
          Age  . . . . . . . : 1480.7 days (2014-10-07 01:04:28)
          Entropy  . . . . . : 7.6
          SHA-256  . . . . . : 606BF35587821588DF7788E9265CEA593E832F8F048BDAD480E8BFF45E52A60D
          RSA Key Size . . . : 2048
          Authenticode . . . : Valid
          Fuzzy  . . . . . . : 22.0
             The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
             Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
             Authors name is missing in version info. This is not common to most programs.
             Version control is missing. This file is probably created by an individual. This is not typical for most programs.
             Program contains PE structure anomalies. This is not typical for most programs.
             Program is code signed with a valid Authenticode certificate.
    
       C:\Users\Chuck\AppData\Local\PunkBuster\BF4\pb\pbcls.dll
          Size . . . . . . . : 974,424 bytes
          Age  . . . . . . . : 1480.7 days (2014-10-07 01:22:20)
          Entropy  . . . . . : 7.6
          SHA-256  . . . . . : E3050D29EB6CF5038F6723A7CD3D8C56D7334FF5B26237654FBAED56B3CF90F9
          RSA Key Size . . . : 2048
          Authenticode . . . : Valid
          Fuzzy  . . . . . . : 22.0
             The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
             Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
             Authors name is missing in version info. This is not common to most programs.
             Version control is missing. This file is probably created by an individual. This is not typical for most programs.
             Program contains PE structure anomalies. This is not typical for most programs.
             Program is code signed with a valid Authenticode certificate.
    
       C:\Users\Chuck\AppData\Local\PunkBuster\BF4\pb\pbsv.dll
          Size . . . . . . . : 479,454 bytes
          Age  . . . . . . . : 1480.7 days (2014-10-07 01:22:32)
          Entropy  . . . . . : 7.0
          SHA-256  . . . . . : 8A9AFCB32C8005FA7EC39230FFA05D331627FD83A9A58FC17B3D3E639B29DC7E
          Fuzzy  . . . . . . : 25.0
             The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
             Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
             Authors name is missing in version info. This is not common to most programs.
             Version control is missing. This file is probably created by an individual. This is not typical for most programs.
             Program contains PE structure anomalies. This is not typical for most programs.
    
       C:\Users\Chuck\AppData\Local\PunkBuster\BF4\pb\PnkBstrK.sys
          Size . . . . . . . : 139,264 bytes
          Age  . . . . . . . : 1485.8 days (2014-10-01 23:01:17)
          Entropy  . . . . . : 7.7
          SHA-256  . . . . . : 641F3F332133540A507F1A6FDD59DC4D9356920F28C0AAEF152D1F727308D04C
          RSA Key Size . . . : 2048
          Authenticode . . . : Valid
          Fuzzy  . . . . . . : 22.0
             The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
             Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
             Authors name is missing in version info. This is not common to most programs.
             Version control is missing. This file is probably created by an individual. This is not typical for most programs.
             Program contains PE structure anomalies. This is not typical for most programs.
             The file is a device driver. Device drivers run as trusted (highly privileged) code.
             Program is code signed with a valid Authenticode certificate.
    
       C:\Users\Chuck\AppData\Local\PunkBuster\FC3\pb\pbcl.dll
          Size . . . . . . . : 953,886 bytes
          Age  . . . . . . . : 1526.1 days (2014-08-22 15:57:04)
          Entropy  . . . . . : 7.6
          SHA-256  . . . . . : 6D5E2CD4A7A43EB00B600BA783AD3BEE6B817C030A40600D40367173A6ECEB13
          Fuzzy  . . . . . . : 29.0
             The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
             Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
             Authors name is missing in version info. This is not common to most programs.
             Version control is missing. This file is probably created by an individual. This is not typical for most programs.
             Program contains PE structure anomalies. This is not typical for most programs.
    
       C:\Users\Chuck\AppData\Local\PunkBuster\FC3\pb\pbcls.dll
          Size . . . . . . . : 953,886 bytes
          Age  . . . . . . . : 1526.1 days (2014-08-22 15:57:04)
          Entropy  . . . . . : 7.6
          SHA-256  . . . . . : 6D5E2CD4A7A43EB00B600BA783AD3BEE6B817C030A40600D40367173A6ECEB13
          Fuzzy  . . . . . . : 29.0
             The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
             Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
             Authors name is missing in version info. This is not common to most programs.
             Version control is missing. This file is probably created by an individual. This is not typical for most programs.
             Program contains PE structure anomalies. This is not typical for most programs.
    
       C:\Users\Chuck\AppData\Local\PunkBuster\FC3\pb\PnkBstrK.sys
          Size . . . . . . . : 138,032 bytes
          Age  . . . . . . . : 1526.1 days (2014-08-22 15:57:15)
          Entropy  . . . . . : 7.8
          SHA-256  . . . . . : ABAF3FACF01E10E4C685F79C3B9E5D2118B3CF8629C4277EBE035B2A10474148
          RSA Key Size . . . : 2048
          Authenticode . . . : Valid
          Fuzzy  . . . . . . : 22.0
             The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
             Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
             Authors name is missing in version info. This is not common to most programs.
             Version control is missing. This file is probably created by an individual. This is not typical for most programs.
             Program contains PE structure anomalies. This is not typical for most programs.
             The file is a device driver. Device drivers run as trusted (highly privileged) code.
             Program is code signed with a valid Authenticode certificate.
    
       C:\Users\Chuck\Desktop\FRST64.exe
          Size . . . . . . . : 2,414,592 bytes
          Age  . . . . . . . : 1.3 days (2018-10-25 12:12:43)
          Entropy  . . . . . : 7.6
          SHA-256  . . . . . : 5877A3EB21455DB627B824950727390F74BE4984CE928B92003013359C1A92E1
          Needs elevation  . : Yes
          Fuzzy  . . . . . . : 24.0
             Program has no publisher information but prompts the user for permission elevation.
             Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
             Authors name is missing in version info. This is not common to most programs.
             Version control is missing. This file is probably created by an individual. This is not typical for most programs.
             Time indicates that the file appeared recently on this computer.
          Forensic Cluster
             -0.0s C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Profile 1\000026.ldb
              0.0s C:\Users\Chuck\Desktop\FRST64.exe
    
    
    Potential Unwanted Programs _________________________________________________
    
       HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}\ (CouponBar)
       HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}\ (CouponBar)

    Coupon bar is a bit wierd. I don't use edge or IE. I did the reset though before I ran that scan.

  3. #13
    Junior Member
    Join Date
    Oct 2018
    Posts
    13

    Default

    I don't want to Jinx it just yet but I think the rest of the browsers may have worked. I'll give it another day and let ya know. in the meantime much appreciated, I will be saving this entire post for future reference.

  4. #14
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,739

    Default

    AdwCleaner should had taken out coupon bar.

    Did you allow HitMan Pro to remove what it found?
    Are you still having the same issues?

    Upload a file on VirusTotal
    Virus Total (Recommended)
    • Open your favorite web browser, and go on virustotal.com
    • From there, click on the Select a file button and wait for the Windows Explorer to open
    • Browse to the file below, select it and click on Open
      Code:
      C:\Users\Chuck\AppData\Local\PunkBuster\BF4\pb\pbclold.dll
    • Once done, click on the Analyze button
    • If you get a message that the file was already analyzed, click on the Re-analyze button
    • At the end of the analysis, copy and paste the VirusTotal report URL in your next reply


    Also

    If you don't have an ad blocker installed I suggest you use Adblock Plus. Once installed click on its ABP icon at the top of the browser(s)
    and choose Filter Preferences. Then UNcheck the box next to Allow some non-intrusive advertisements.
    Adblock Plus :: Add-ons for Firefox Adblock Plus - Chrome Web Store Adblock Plus for IE Adblock Plus for Edge browser
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  5. #15
    Junior Member
    Join Date
    Oct 2018
    Posts
    13

    Default

    Yeah I wanted to give it a day but whatever it is it's gone. And I have adblock installed. Do you still want me to scan the punkbuster file? I've not played the game inover a year so I should really just install it all.

  6. #16
    Junior Member
    Join Date
    Oct 2018
    Posts
    13

    Default

    Yeah I wanted to give it a day but whatever it is it's gone. And I have adblock installed. Do you still want me to scan the punkbuster file? I've not played the game it's for in over a year so I should really just uninstall it all.

    **Did not see a way to edit the last post???

  7. #17
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,739

    Default

    It's up to you if you want to uninstall it.....
    What I wouldn't want, and I did not check, if it has an auto-updater or not.

    If the ad is gone, and you reset Google Chrome, I think that is our answer. My thought is, it was attached to an extension.
    Or it could had come in by exploiting a very out dated version of Java...
    Why, when, where, who's guess

    Let me know if your ready to remove tools and quarantine folders.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  8. #18
    Junior Member
    Join Date
    Oct 2018
    Posts
    13

    Default Yup

    Ready. Sorry had some family issues come up. PC has been off since, but the good news is still no more pop up.

  9. #19
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,739

    Default

    Not a problem.

    DelFix

    • Please download DelFix or from Here and save the file to your Desktop.
    • Double-click DelFix.exe to run the programme.
    • Place a checkmark next to the following items:
    • Activate UAC
    • Remove disinfection tools
    • Click the Run button.
    • -- This will remove the specialized tools we used to disinfect your system.
      Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete
      ).

    ************************************



    Keeping your programs up-to-date

    Like keeping Windows updated, keeping your installed programs up-to-date is another important step in having a safe and secure system. Outdated programs can be exploited by hackers and malware to infect a system and take it over. This is especially true today with the rise of Exploit Kits (and also 0-days) which is one of the biggest attack vectors to distribute malware. Therefore, you should always keep vulnerable programs like Adobe Flash Player, Adobe Shockwave Player, Java, Silverlight, Google Chrome, Mozilla Firefox, VLC Media Player, etc. updated to their most recent version (even better, you don't have to install them if you don't use them). Programs like UCheck, ]SUMo and Heimdal Free will scan your system for outdated programs, and help you identify them, as well as update them.



    • AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.
    • CryptoPrevent places policy restrictions on loading points for ransomware (eg. CryptoWall), helping prevent the execution of malware.
    • Malwarebytes Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
    • Malwarebytes Anti-Malware Premium (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
    • NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
    • Sandboxie isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
    • Secunia PSI will scan your computer for vulnerable softwarethat is outdated, and automatically find the latest update for you.
    • SpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
    • Unchecky automatically removes checkmarks for bunlded software in programme installers; helping you avoid adware and PUPs.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  10. #20
    Junior Member
    Join Date
    Oct 2018
    Posts
    13

    Default

    Thanks again man. Everything is back to the way it should be. I was at my wits end on this. I will save this thread for a long time.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •