Results 1 to 10 of 105

Thread: Persistent Warning

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. 2018-03-06, 14:27 #1
    gin_jammer
    gin_jammer is offline
    Senior Member
    Join Date
    Oct 2005
    Location
    Indialantic, Florida USA
    Posts
    186

    Default

    Can I keep my browser open while running these so I may refer to your step-by-step instructions?
  2. 2018-03-06, 21:35 #2
    Juliet
    Juliet is offline
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Quote Originally Posted by gin_jammer View Post
    Can I keep my browser open while running these so I may refer to your step-by-step instructions?
    you can print out instructions or save them to notepad to follow.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.
  3. 2018-03-08, 20:11 #3
    gin_jammer
    gin_jammer is offline
    Senior Member
    Join Date
    Oct 2005
    Location
    Indialantic, Florida USA
    Posts
    186

    Default

    When I tried to install Zemana AntiMalware, I got a popup, see Attached image: "Zemana popup.jpg"

    I ran HitmanPro, which generated the following file:

    Code:
    HitmanPro 3.8.0.292
www.hitmanpro.com

   Computer name . . . . : ED-PC
   Windows . . . . . . . : 6.1.1.7601.X86/2
   User name . . . . . . : Ed-PC\Ed
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2018-03-08 13:52:11
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 7m 5s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 77

   Objects scanned . . . : 1,527,876
   Files scanned . . . . : 37,086
   Remnants scanned  . . : 268,536 files / 1,222,254 keys

Suspicious files ____________________________________________________________

   C:\Users\Ed\Desktop\Unused Icons\FRST.exe
      Size . . . . . . . : 1,725,440 bytes
      Age  . . . . . . . : 714.8 days (2016-03-23 19:18:28)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : EDB662EF9C4A97718C0389AB1745337E8FAD0E627E2E7F3AFA81E680A12D815B
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 22.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.


Potential Unwanted Programs _________________________________________________

   HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}\ (CouponBar)

Cookies _____________________________________________________________________

   C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:254a.com
   C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:acuityplatform.com
   C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:ad.360yield.com
   C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:adaptv.advertising.com
   C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:adbrn.com
   C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:addthis.com
   C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:adform.net
   C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:adgrx.com
   C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:adhigh.net
   C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:adnxs.com
   C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:ads.nexage.com
   C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:ads.pubmatic.com
   C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:ads.stickyadstv.com
   C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:adsrvr.org
   C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:adsymptotic.com
   C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:adtechus.com
   C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:advertising.com
   C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:agkn.com
   C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:atdmt.com
   C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:att.demdex.net
   C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:bidr.io
   C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:bidswitch.net
   C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:bluekai.com
   C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:bs.serving-sys.com
   C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:casalemedia.com
   C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:connexity.net
   C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:contextweb.com
   C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:creative-serving.com
   C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:crwdcntrl.net
   C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:ctnsnet.com
   C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:demdex.net
   C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:dh.serving-sys.com
   C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:dlx.addthis.com
   C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:dotomi.com
   C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:doubleclick.net
   C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:dpm.demdex.net
   C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:everesttech.net
   C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:eyereturn.com
   C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:eyeviewads.com
   C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:go.sonobi.com
   C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:gwallet.com
   C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:ib.mookie1.com
   C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:ipredictive.com
   C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:korrelate.net
   C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:krxd.net
   C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:lijit.com
   C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:match.rundsp.com
   C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:mathtag.com
   C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:media6degrees.com
   C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:mediaplex.com
   C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:ml314.com
   C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:mookie1.com
   C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:mxptint.net
   C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:openx.net
   C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:owneriq.net
   C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:pixel.rubiconproject.com
   C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:pool.admedo.com
   C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:postrelease.com
   C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:pubmatic.com
   C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:rfihub.com
   C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:rlcdn.com
   C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:rubiconproject.com
   C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:scorecardresearch.com
   C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:secure-assets.rubiconproject.com
   C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:serving-sys.com
   C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:simpli.fi
   C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:sitescout.com
   C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:skimresources.com
   C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:smartadserver.com
   C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:tap-secure.rubiconproject.com
   C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:tapad.com
   C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:tidaltv.com
   C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:tribalfusion.com
   C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:turn.com
   C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:w55c.net
    Attached Images Attached Images
  4. 2018-03-09, 11:00 #4
    Juliet
    Juliet is offline
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    The error from Zemana shows you have used the tool before .

    Hows the computer now?
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.
  5. 2018-03-11, 16:16 #5
    gin_jammer
    gin_jammer is offline
    Senior Member
    Join Date
    Oct 2005
    Location
    Indialantic, Florida USA
    Posts
    186

    Default

    I haven't seen the fake warning popup for a couple of days, but the last time I saw it was while browsing news articles.

    I ran Excel this morning and discovered that keyboard arrow keys would not move the cursor from cell to cell rather would scroll the entire worksheet. I don't have a Scroll Lock key on my keyboard, but was able to turn scrolling OFF using the onscreen keyboard. Things like that make me think someone is messing with me.

    The only way I can judge the state of my laptop is to use my browser normally for a few days. I'll let you know what happens.
  6. 2018-03-12, 12:05 #6
    Juliet
    Juliet is offline
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    I can't help with Excel, I don't use any office products on my computer.
    I tried to find support links you can follow.
    https://support.microsoft.com/en-us/...-stops-working
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.
  7. 2018-03-20, 13:22 #7
    gin_jammer
    gin_jammer is offline
    Senior Member
    Join Date
    Oct 2005
    Location
    Indialantic, Florida USA
    Posts
    186

    Default

    I only mentioned the Excel glitch in case you thought it was related to this malware we're chasing. I restored arrow keys by using the on screen keyboard to turn "Scroll Lock" to OFF (since my keyboard doesn't have a Scroll Lock key).

    The fake popup still appears, seemingly at random intervals. I have noticed that sometimes I can now turn it off (WITHOUT using the Task Manager) and then continue with whatever I was doing. On one occasion, the fake popup reappeared almost immediately, but that was the only time it's done that.

    When the fake popup appears, it's listed on the Task Manager under the Applications tab. Could the App name it's listed by possibly be used to search for and delete it? I'll have to wait for another occurrence to write down the App name.
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules