Page 2 of 2 FirstFirst 12
Results 11 to 17 of 17

Thread: Premium Search Trojan

  1. #11
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Internet Explorer trusted/restricted => The scan is showing us that these are the sites that are being blocked and thats a good thing.
    What do you think was going on with my computer? Malaware?
    As far as seeing something related to malware, that hasn't showed up. I did see a slight lack of maintenance in cleaning out temp files but actually wasn't in bad shape.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Let's do an online scan to see if there are any remnants that can be picked up.

    ESET Online Scanner

    Download ESET Online Scanner and save it to your desktop.
    • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
    • When the tool opens, click Get Started.
    • Read and accept the license agreement.
    • At the Welcome to ESET Online Scanner window, click Get Started.
    • Select whether you would like to send anonymous data to ESET.
    • Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
    • Click on the Full Scan option.
    • Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
    • ESET will now begin scanning your computer. This may take some time.
    • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
    • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
    • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
    • Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.

    ---------------------------------------------------

    How is the computer now?
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  2. #12
    Junior Member
    Join Date
    Jul 2020
    Posts
    11

    Default

    The ESET Online Scanner didn't find anything so there is no log to post from that. YAY!!!


    Quote Originally Posted by Juliet View Post
    As far as seeing something related to malware, that hasn't showed up. I did see a slight lack of maintenance in cleaning out temp files but actually wasn't in bad shape.
    I have been running Spybot regularly. I thought that was taking care of temp files?

    Quote Originally Posted by Juliet View Post
    How is the computer now?
    The computer is amazingly fast now. It seems that Dell must have had a bunch of garbage on there. I installed a lot of the Dell utilities because the machine is still under warranty but the scans suggested to quarantine them so I did. I can re-install them if I need them. There are a few more I need to get off of there too. It appears that the machine is running normally now so I want to thank you tremendously for helping me out here but I do have a few more issues to deal with, if you don't mind?

    My original problem was the missing .dll files. First, I will try the Microsoft built in file checkers, etc. under command prompt but assuming that doesn't work:

    1. How do I get the .dll's back? Is there a safe place to download them from? I tried re-installing Skype but it still has a missing .dll. I really don't want to reconfigure 5 email accounts either as my email client is missing a .dll also.

    2.Do you think the Android program for the outdoor movie projector running on my iPhone had anything to do with this?

    3.My grandkids love Roblox. Is Roblox a safe site? Is anything coming from there?

    4. The Malaware Bytes program is affecting my mouse pointer. Can I remove that program? And what about the other programs you had me download, do I need any/all of them?

    5. I'm not a big fan of McAfee but it came with the system. Can I remove it and go with Defender alone? Or, what are the minimum maintenance/security programs a user needs to avoid all of this?

    6. Do I need to run Spybot on all users desktops. I normally run it just from my desktop but when I logon to the admin account it will say Spybot hasn't been run in 43 days or something when I just finished running it on the other user logon.

    I want to thank you again for taking the time to help not only me but all of the others you have helped and will help in the future. The world is a better place because of people like you. I am forever grateful!

  3. #13
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    I'm going to try and answer all the questions. Some I tried to research because I'm not familiar with the app/program.
    The computer is amazingly fast now. It seems that Dell must have had a bunch of garbage on there
    Music to my ears.

    Google the below.
    Is Roblox a safe site
    Reason I say this is your going to find the same info I did. You have mixed reviews, some good, some ugly
    What I gather is this app is gaming and used along the lines as another social media app, are the children old enough to handle such a deal as this?
    Can some of the features be turned off so that others cannot send messages or use voice while they are playing the games?
    I think this falls into parental choice.

    Do you think the Android program for the outdoor movie projector running on my iPhone had anything to do with this?
    I really can't say. Did you start having issues after it was installed? Was it downloaded from a reputable site?(Although safe sites can be hit with malicious scripts)

    I tried re-installing Skype
    Let's try this to see if you can get all remnants off

    Please download and install Revo Uninstaller.
    or from here https://www.bleepingcomputer.com/dow...o-uninstaller/
    • Right click Revo Uninstaller and select Run as administrator
    • From the list of programs double click on the listed program(s), or anything similar, SKYPE to remove it (if it exists)
    • Click Yes to any warning screen that may appear
    • If presented with the program uninstall option click Uninstall
    • If asked to restart now click No
    • Under Scanning Modes select Advanced then select Scan
    • On the Found leftover Registry items window click Select All, Delete, then Yes
    • If prompted click on Next
    • On the Found leftover files and folders window click on Select all, Delete, Yes, OK on any warning screen, then Finish
    • Reboot your computer if requested

    ============================================

    Afterwards try a new download and install to see if the errors are still there.

    The Malaware Bytes program is affecting my mouse pointer. Can I remove that program? And what about the other programs you had me download, do I need any/all of them?

    I'm not a big fan of McAfee but it came with the system. Can I remove it and go with Defender alone? Or, what are the minimum maintenance/security programs a user needs to avoid all of this?

    6. Do I need to run Spybot on all users desktops. I normally run it just from my desktop but when I logon to the admin account it will say Spybot hasn't been run in 43 days or something when I just finished running it on the other user logon.

    I want to thank you again for taking the time to help not only me but all of the others you have helped and will help in the future. The world is a better place because of people like you. I am forever grateful!
    All the tools we downloaded will be removed.

    Uninstalling McAfee can certainly be done and Microsoft recommends Windows Defender which comes with the Operating system.

    Answers for running Spybot on all user accounts, I'll probably have to refer you over to the help forum because I'm not sure.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

    For your email client

    eMClient missing DLL libcef
    https://forum.emclient.com/t/update-...0-errors/61730


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`
    Let's see about running SFC.exe to try and correct missing anythings
    https://support.microsoft.com/en-us/...rrupted-system

    Run the System File Checker tool (SFC.exe)
    To do this, follow these steps:

    Open an elevated command prompt. To do this, do the following as your appropriate:
    Show all
    Windows 8.1 or Windows 8
    Windows 10, Windows 7, or Windows Vista

    If you are running Windows 10, Windows 8.1 or Windows 8, first run the inbox Deployment Image Servicing and Management (DISM) tool prior to running the System File Checker. (If you are running Windows 7 or Windows Vista, skip to Step 3.)

    Type the following command, and then press Enter. It may take several minutes for the command operation to be completed.
    DISM.exe /Online /Cleanup-image /Restorehealth

    Important: When you run this command, DISM uses Windows Update to provide the files that are required to fix corruptions. However, if your Windows Update client is already broken, use a running Windows installation as the repair source, or use a Windows side-by-side folder from a network share or from a removable media, such as the Windows DVD, as the source of the files. To do this, run the following command instead:
    DISM.exe /Online /Cleanup-Image /RestoreHealth /Source:C:\RepairSource\Windows /LimitAccess

    Note: Replace the C:\RepairSource\Windows placeholder with the location of your repair source. For more information about using the DISM tool to repair Windows, reference Repair a Windows Image.

    At the command prompt, type the following command, and then press ENTER:

    sfc /scannow

    Command Prompt with administrator rights - sfc /scannow



    The sfc /scannow command will scan all protected system files, and replace corrupted files with a cached copy that is located in a compressed folder at %WinDir%\System32\dllcache.
    The %WinDir% placeholder represents the Windows operating system folder. For example, C:\Windows.

    Note Do not close this Command Prompt window until the verification is 100% complete. The scan results will be shown after this process is finished.

    After the process is finished, you may receive one of the following messages:
    Windows Resource Protection did not find any integrity violations.


    This means that you do not have any missing or corrupted system files.
    Windows Resource Protection could not perform the requested operation.


    To resolve this problem, perform the System File Checker scan in safe mode, and make sure that the PendingDeletes and PendingRenames folders exist under %WinDir%\WinSxS\Temp.
    Windows Resource Protection found corrupt files and successfully repaired them. Details are included in the CBS.Log %WinDir%\Logs\CBS\CBS.log.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  4. #14
    Junior Member
    Join Date
    Jul 2020
    Posts
    11

    Default

    Juliet, the System File Check did the trick. When Spybot quarantined the infected files is when the trouble started. I noticed in the sfc logs that the files that sfc repaired were mainly the same ones that Spybot moved to quarantine, actually I'm the one that moved them . Now it all makes sense. I'm not sure what I should do if this happens again in Spybot, I'll just have to educate myself on the ins and outs of Spybot and decide what I should do with the infected files. Thanks to you though, I'm pretty sure I can take care of it myself, if there is a next time. So all in all I have the fast computer I thought I was getting and I got rid of a bunch of junk and bloatware in the process. Plus, I learned about some great free programs. So if you don't have anything else for me then I'm going to sign off and again,


    THANK YOU, THANK YOU, THANK YOU!!!

  5. #15
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    THANK YOU, THANK YOU, THANK YOU!
    Your welcome!

    From here we will remove tools and quarantine folders

    Use this tool to remove quarantined items:

    Please download KpRm by Kernel-panik and save to your Desktop.
    • Click on KpRm.exe to run the tool.

      Vista/Windows 7/8/10 users right-click and select Run As Administrator.
    • Put a check mark next to these items:
      -Actions => Delete tools
      Delete quarantines => Delete now
    • Click the "Run" button.
    • When the tool has finished, it will create and open a log report and delete itself.


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`


    • AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.
    • CryptoPrevent places policy restrictions on loading points for ransomware (eg. CryptoWall), helping prevent the execution of malware.
    • Malwarebytes Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
    • Malwarebytes Anti-Malware Premium (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
    • NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
    • Sandboxie isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
    • Secunia PSI will scan your computer for vulnerable softwarethat is outdated, and automatically find the latest update for you.
    • SpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
    • Unchecky automatically removes checkmarks for bunlded software in programme installers; helping you avoid adware and PUPs.


    For those interested in how to make a backup of your computer
    https://forums.malwarebytes.com/topi...ckup-software/
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  6. #16
    Junior Member
    Join Date
    Jul 2020
    Posts
    11

    Default

    Lots of good references. I’m going to bookmark this thread so I will have a handy guide to use. Thanks again Juliet, you have been awesome.

  7. #17
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Thank you

    Glad we could help.
    Since this issue appears resolved ... this Topic is closed.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •