Tech Support Guy banner
Cancel
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice

Have I been hacked?

723 Views 61 Replies 2 Participants Last post by  DR.M
A
Hi, and thank you for any help you can give. A lot of craziness has been going on with my computer. Strange popups; sites I use often not recognizing my user name or/and passwords. Often used sites keep asking me to register my device, like for my bank or when paying my utilities, then send me an email that there was a login attempt; email account flooded with junk mail which I keep blocking and putting in junk mail folder. Hard drive running at 100%. Microsoft security says that there have been multiple attempts to access my account from Russia, China, etc.

I included a screenshot of the popup that keeps showing up on certain sites. It even showed up on bleeping computer's site when I went to download farbar. I had to reload the page and it didn't show up the next time.

Product Rectangle Azure Font Screenshot


This has me a little freaked out right now so any help that anyone can give will be greatly appreciated. Thanks.
See less See more
Reply
Save
Like
1 - 20 of 62 Posts
DR.M
Hello, anamandy.

Download Farbar Recovery Scan Tool and save it to your desktop. --> IMPORTANT

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your antivirus software detects the tool as malicious, it’s safe to allow FRST to run. It is a false-positive detection.

If English is not your primary language, right click on FRST.exe/FRST64.exe and rename to FRSTEnglish.exe/FRST64English.exe
  • Double-click the FRST icon to run the tool. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
  • Please attach the content of these two logs in your next reply.

P.S. Letting you know that I will be extremely busy these days, until next weekend. So my replies may be a bit slow, something I try to avoid, but that is life. :)
See less See more
Reply
Save
Like
A
Hi, sorry for the delay. Just got home from work.

Attachments

Reply
Save
Like
A
I tried copying and pasting the contents of both and this site won't let me do it.
Reply
Save
Like
DR.M
Hi, anamandy.

Please, adhere to the guidelines below, and then carefully follow, with the same order, all the instructions after:

1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. Cracked or pirated programs are not only illegal, but also can make your computer a malware target. Having such programs installed, is the easiest way to get infected. Thus, no need to clean the computer, since, soon or later, it will get infected again. If you have such programs, please uninstall them now, before we start the cleaning procedure.

4. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

5. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.

6. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.


==============================

1. Move FRST

Please move the tool from your Downloads folder on to your Desktop.


2. Change passwords

Just in case, change passwords (emails, bank accounts) from a good/clean device.


3. FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Download the attached fixlist and save it on the Desktop, without changing the name.
  • Open FRST tool.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Post the log in your next reply.

Attachments

See less See more
Reply
Save
Like
DR.M
EDIT: I posted here by mistake. So I deleted my post. Apologies, anamandy.
Reply
Save
Like
A
DR.M said:
EDIT: I posted here by mistake. So I deleted my post. Apologies, anamandy.
Click to expand...
Hi, that's okay. I did adhere to the guidelines and did put FRST on my desktop before running it. Both the reports are on my desktop too.
Reply
Save
Like
DR.M
Ok, now you can go to step 3.
Reply
Save
Like
A
Thanks. A product update was just done so I have to run a new scan which I am doing now. I will attach all 3 when it is done.
Reply
Save
Like
DR.M
No, i don’t want you to scan now. Just follow step 3 above, to apply the fix.
Reply
Save
Like
A
DR.M said:
No, i don’t want you to scan now. Just follow step 3 above, to apply the fix.
Click to expand...
When I press fix I got the message that there was no fixlist.txt found. The fixlist.txt should be in same folder/directory the tool is located.
What am I doing wrong?

The scan result and the addition are both on my desktop.
Reply
Save
Like
A
Okay, I figured it out. I had to click on the fixlist attachment above. Sorry.
Reply
Save
Like
A
Oh geez, windows would have to do an update in the middle of this all. Anyway, here is what you asked for -

Attachments

Reply
Save
Like
A
Just want to add that looking at the results of that scan, I do not have Avira or McAfee yet I see them listed.
Reply
Save
Like
A
Right after I did what you asked for my computer shut down and I thought it was doing a windows update. But checking my updates and I see that no updates were done today. Did FRST reboot my computer?
Reply
Save
Like
DR.M
Hi. Yes, FRST restarted the computer.

You attached the fixlist instead of the fixlog which has been created on the Desktop after you ran the fix.
Reply
Save
Like
A
Hi, sorry, just got back home.

Attachments

Reply
Save
Like
DR.M
Hi, anamandy.

You still have FRST tool in the Downloads folder. Can you please move it on to the Desktop?

After that:


1. Run AdwCleaner (scan only)

Download AdwCleaner and save it to your desktop.
  • Double click AdwCleaner.exe to run it.
  • Click Scan Now.
    • When the scan has finished, a Scan Results window will open.
    • Click Cancel (at this point do not attempt to Quarantine anything that is found)
  • Now click the Log Filestab.
    • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
    • A Notepad file will open containing the results of the scan.
    • Please post the contents of the file in your next reply.

2. Run Malwarebytes (scan only)
  • Download Malwarebytes and save it to your Desktop.
  • Once downloaded, close all programs and Windows on your computer.
  • Double-click on the icon on your desktop named MBSetup.exe. This will start the installation of MBAM onto your computer.
  • Follow the instructions to install the program.
  • When finished, double click the program's icon created on your Desktop.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Code: 
    Under the title Scan Options, all the options are checked.
Under the title Windows Security Center (Premium only) the option is NOT checked.
Under the title Potentially unwanted items all options are set to Always.
  • Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
  • When finished, you will see the Threat Scan Summary window open.
If threats are not found, click View Report and proceed to the two last steps below.

If threats are found, make sure that all threats are not selected, close the program and proceed to the next steps below.
  • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
  • Find the report with the most recent date and double click on it.
  • Click on Export and then Copy to Clipboard.
  • Paste its content here, in your next reply.


In your next reply, please post:
  1. The AdwCleaner[S0*].txt
  2. The Malwarebytes report
See less See more
Reply
Save
Like
A
Sorry, I sent FRST to the Desktop instead of moving it.

Here is the AdwCleaner results
# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build: 08-30-2022
# Database: 2022-10-10.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 05-22-2023
# Duration: 00:00:35
# OS: Windows 10 (Build 19044.2965)
# Scanned: 32098
# Detected: 35


* [ Services ] *

No malicious services found.

* [ Folders ] *

PUP.Optional.Legacy C:\Users\lovet\Documents\TotalAV
PUP.Optional.PCProtect C:\ProgramData\SecuritySuite

* [ Files ] *

PUP.Optional.TotalAV C:\Users\lovet\Downloads\TOTALAV_SETUP.EXE

* [ DLL ] *

No malicious DLLs found.

* [ WMI ] *

No malicious WMI found.

* [ Shortcuts ] *

No malicious shortcuts found.

* [ Tasks ] *

No malicious tasks found.

* [ Registry ] *

PUP.Optional.PCProtect HKCU\Software\SSProtect
PUP.Optional.PCProtect HKLM\System\CurrentControlSet\Services\EventLog\Application\SecurityService
PUP.Optional.TotalAV HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.totalav.passwordvaultassistant
PUP.Optional.TotalAV HKLM\SOFTWARE\Microsoft\Edge\NativeMessagingHosts\com.totalav.passwordvaultassistant
PUP.Optional.TotalAV HKLM\SOFTWARE\Mozilla\NativeMessagingHosts\com.totalav.passwordvaultassistant
PUP.Optional.TotalAV HKLM\Software\Classes\totalav

* [ Chromium (and derivatives) ] *

No malicious Chromium entries found.

* [ Chromium URLs ] *

No malicious Chromium URLs found.

* [ Firefox (and derivatives) ] *

No malicious Firefox entries found.

* [ Firefox URLs ] *

No malicious Firefox URLs found.

* [ Hosts File Entries ] *

No malicious hosts file entries found.

* [ Preinstalled Software ] *

Preinstalled.CyberLinkService Folder C:\Program Files (x86)\CYBERLINK\SHARED FILES\PLUGIN\NEWBLUE
Preinstalled.CyberLinkShellExtension Registry HKLM\Software\Classes\CLSID\{3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2}
Preinstalled.DellHelp&Support Folder C:\Program Files\DELL\DELL HELP & SUPPORT
Preinstalled.DellHelp&Support Folder C:\ProgramData\DELL\DELL HELP & SUPPORT
Preinstalled.DellSupportAssistAgent Folder C:\Program Files (x86)\DELL\SUPPORTASSISTAGENT
Preinstalled.DellSupportAssistAgent Folder C:\Program Files\DELL\SAREMEDIATION\AGENT
Preinstalled.DellSupportAssistAgent Folder C:\Program Files\DELL\SAREMEDIATION\AUDIT
Preinstalled.DellSupportAssistAgent Folder C:\Program Files\DELL\SAREMEDIATION\PLUGIN
Preinstalled.DellSupportAssistAgent Folder C:\Program Files\DELL\SUPPORTASSISTAGENT
Preinstalled.DellSupportAssistAgent Folder C:\ProgramData\DELL\SAREMEDIATION\AGENT
Preinstalled.DellSupportAssistAgent Folder C:\ProgramData\DELL\SAREMEDIATION\PLUGIN
Preinstalled.DellSupportAssistAgent Folder C:\ProgramData\DELL\SUPPORTASSIST
Preinstalled.DellSupportAssistAgent Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DELL\SUPPORTASSIST
Preinstalled.DellSupportAssistAgent Folder C:\ProgramData\SUPPORTASSIST\CLIENT\TECHNICIANTOOLKIT
Preinstalled.DellSupportAssistAgent Folder C:\Users\lovet\Documents\DELL\SUPPORTASSIST
Preinstalled.DellSupportAssistAgent Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{74FAF088-72C0-489A-9ECB-7D96FEC255E7}
Preinstalled.DellSupportAssistAgent Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{74FAF088-72C0-489A-9ECB-7D96FEC255E7}
Preinstalled.DellSupportAssistAgent Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dell SupportAssistAgent AutoUpdate
Preinstalled.DellSupportAssistAgent Task C:\Windows\System32\Tasks\DELL SUPPORTASSISTAGENT AUTOUPDATE
Preinstalled.DellUpdateforWindows10 Folder C:\Program Files (x86)\DELL\UPDATESERVICE
Preinstalled.DellUpdateforWindows10 Folder C:\Program Files\DELL\UPDATE
Preinstalled.DellUpdateforWindows10 Folder C:\ProgramData\DELL\UPDATESERVICE
Preinstalled.SmartByte Folder C:\Program Files\RIVET NETWORKS
Preinstalled.SmartByte Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5DF29CEF-81A1-4AE8-BF2C-39C9555BAD3E}
Preinstalled.SmartByte Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartByte Telemetry
Preinstalled.SmartByte Task C:\Windows\System32\Tasks\SMARTBYTE TELEMETRY



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
See less See more
Reply
Save
Like
A
Malaware scan -
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 5/22/23
Scan Time: 12:59 PM
Log File: 0de82cba-f8c2-11ed-89a4-f8da0c596286.json

-Software Information-
Version: 4.5.29.268
Components Version: 1.0.2022
Update Package Version: 1.0.69834
License: Trial

-System Information-
OS: Windows 10 (Build 19044.2965)
CPU: x64
File System: NTFS
User: DESKTOP-9OU62RP\lovet

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 297962
Threats Detected: 1
Threats Quarantined: 0
Time Elapsed: 25 min, 59 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 1
PUP.Optional.Chromnius, C:\USERS\LOVET\DOWNLOADS\SETUP.EXE, No Action By User, 16659, 1127395, 1.0.69834, , ame, , 8626D60B3010832E06F0B55A97835A48, 29AA8A3EA05A3E2A4161E47CE65F3AFF0343C66F9ADD8CA167353D989176C3BF

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)
See less See more
Reply
Save
Like
1 - 20 of 62 Posts
Tech Support Guy
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Hardware Virus & Other Malware Removal Off Topic Lounge Thread Games & Discussion Networking
Top