Tech Support Guy banner
Cancel
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice

Have I been hacked?

923 Views 71 Replies 2 Participants Last post by  anamandy
A
Hi, and thank you for any help you can give. A lot of craziness has been going on with my computer. Strange popups; sites I use often not recognizing my user name or/and passwords. Often used sites keep asking me to register my device, like for my bank or when paying my utilities, then send me an email that there was a login attempt; email account flooded with junk mail which I keep blocking and putting in junk mail folder. Hard drive running at 100%. Microsoft security says that there have been multiple attempts to access my account from Russia, China, etc.

I included a screenshot of the popup that keeps showing up on certain sites. It even showed up on bleeping computer's site when I went to download farbar. I had to reload the page and it didn't show up the next time.

Product Rectangle Azure Font Screenshot


This has me a little freaked out right now so any help that anyone can give will be greatly appreciated. Thanks.
See less See more
Reply
Save
Like
1 - 20 of 72 Posts
DR.M
Hello, anamandy.

Download Farbar Recovery Scan Tool and save it to your desktop. --> IMPORTANT

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your antivirus software detects the tool as malicious, it’s safe to allow FRST to run. It is a false-positive detection.

If English is not your primary language, right click on FRST.exe/FRST64.exe and rename to FRSTEnglish.exe/FRST64English.exe
  • Double-click the FRST icon to run the tool. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
  • Please attach the content of these two logs in your next reply.

P.S. Letting you know that I will be extremely busy these days, until next weekend. So my replies may be a bit slow, something I try to avoid, but that is life. :)
See less See more
Reply
Save
Like
DR.M
Hi, anamandy.

Please, adhere to the guidelines below, and then carefully follow, with the same order, all the instructions after:

1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. Cracked or pirated programs are not only illegal, but also can make your computer a malware target. Having such programs installed, is the easiest way to get infected. Thus, no need to clean the computer, since, soon or later, it will get infected again. If you have such programs, please uninstall them now, before we start the cleaning procedure.

4. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

5. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.

6. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.


==============================

1. Move FRST

Please move the tool from your Downloads folder on to your Desktop.


2. Change passwords

Just in case, change passwords (emails, bank accounts) from a good/clean device.


3. FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Download the attached fixlist and save it on the Desktop, without changing the name.
  • Open FRST tool.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Post the log in your next reply.

Attachments

See less See more
Reply
Save
Like
DR.M
EDIT: I posted here by mistake. So I deleted my post. Apologies, anamandy.
Reply
Save
Like
DR.M
Ok, now you can go to step 3.
Reply
Save
Like
DR.M
No, i don’t want you to scan now. Just follow step 3 above, to apply the fix.
Reply
Save
Like
DR.M
Hi. Yes, FRST restarted the computer.

You attached the fixlist instead of the fixlog which has been created on the Desktop after you ran the fix.
Reply
Save
Like
DR.M
Hi, anamandy.

You still have FRST tool in the Downloads folder. Can you please move it on to the Desktop?

After that:


1. Run AdwCleaner (scan only)

Download AdwCleaner and save it to your desktop.
  • Double click AdwCleaner.exe to run it.
  • Click Scan Now.
    • When the scan has finished, a Scan Results window will open.
    • Click Cancel (at this point do not attempt to Quarantine anything that is found)
  • Now click the Log Filestab.
    • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
    • A Notepad file will open containing the results of the scan.
    • Please post the contents of the file in your next reply.

2. Run Malwarebytes (scan only)
  • Download Malwarebytes and save it to your Desktop.
  • Once downloaded, close all programs and Windows on your computer.
  • Double-click on the icon on your desktop named MBSetup.exe. This will start the installation of MBAM onto your computer.
  • Follow the instructions to install the program.
  • When finished, double click the program's icon created on your Desktop.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Code: 
    Under the title Scan Options, all the options are checked.
Under the title Windows Security Center (Premium only) the option is NOT checked.
Under the title Potentially unwanted items all options are set to Always.
  • Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
  • When finished, you will see the Threat Scan Summary window open.
If threats are not found, click View Report and proceed to the two last steps below.

If threats are found, make sure that all threats are not selected, close the program and proceed to the next steps below.
  • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
  • Find the report with the most recent date and double click on it.
  • Click on Export and then Copy to Clipboard.
  • Paste its content here, in your next reply.


In your next reply, please post:
  1. The AdwCleaner[S0*].txt
  2. The Malwarebytes report
See less See more
Reply
Save
Like
DR.M
Hi, anamandy.

Let's clean the detected items now.

1. AdwCleaner (Clean mode)

The findings in Files, Folders and Registry parts of the log, are adware and PUPs which stands for Potentially Unwanted Programs. In the instructions below, I will list them all to be removed.

The section at the bottom under Preinstalled Software is software that was apparently installed when the device was new, which you may or may not use. Personally, I do not keep anything I don't use/need. But it's your computer, so your decision.

To proceed, please do the following:
  • Double click AdwCleaner.exe on your Desktop, to run it as you did before.
  • Click Scan Now.
  • When the scan has finished a Scan Results window will open.
  • Please check all the boxes and then click Quarantine.
  • Click Next.
    • If any pre-installed software was found on your machine, a prompt window will open. Click OK to close it.
    • Check any pre-installed software items you want to remove.
    • Click Quarantine.
  • A prompt to save your work will appear.
    • Click Continue when you're ready to proceed.
  • A prompt to restart your computer will appear.
    • Click Restart Now.
  • Once your computer has restarted:
    • If it doesn't open automatically, please start AdwCleaner.
    • Click the Log Files tab.
    • Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
    • A Notepad file will open containing the results of the removal.
    • Please post the contents of the file in your next reply.

2. Run Malwarebytes (Clean mode)
  • Double click the program's icon on your Desktop, as you did before.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Code: 
    Under the title Scan Options, all the options are checked.
Under the title Windows Security Center (Premium only) the option is unchecked.
Under the title Potentially unwanted items all options are set to Always.
  • Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
  • When finished, you will see the Thread Scan Summary window open.
  • If threats are not found, click View Report and proceed to the two last steps below.
  • If threats are found, make sure that all threats are selected, and click on Quarantine/Remove selected.
  • You may need to restart the computer.
  • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
  • Find the report with the most recent date and double click on it.
  • Click on Export and then Copy to Clipboard.
  • Paste its content here, in your next reply.

In your next reply, please post:
  1. The AdwCleaner[C0*].txt
  2. The Malwarebytes report
  3. Feedback: how is the computer running now?
See less See more
Reply
Save
Like
DR.M
Hi and thanks for the reports above.

What about feedback? How is the computer running now?
Reply
Save
Like
DR.M
Hi, anamandy. I'm glad to hear that the computer is running fine now.

When a program is not correctly uninstalled, remnants are kept in the system. That's why Avira and McAfee were still there. I recommend Revo Uninstaller Free when you want to uninstall an antivirus program.

As to your sister, we must check her system like we did with yours to clean it. It's not just the same tools' usage. FRST tool makes much more than a diagnosis. I'll be glad to help her too.

Now...

Before we remove the tools we used, I have to tell you that the only remaining issue is that you are running in version 21H2 which expires in less than a month. When this happens, your system won't be getting security updates.

In case you want to upgrade now:
  • Go to this Microsoft page and under the title Create Windows 10 installation media press on Download tool now.
  • Save the tool on your Desktop and double click to run it.
  • On the License terms page, if you accept the license terms, select Accept.
  • On the What do you want to do page, select Upgrade this PC now, and then select Next.
  • Follow the instructions and select Keep personal files and apps, when you are asked to.
  • It might take a couple of hours, depending on your wifi speed connection, to install Windows 10. Your PC will restart a few times. Make sure you don’t turn off your PC.
  • After downloading and installing, the tool will walk you through how to set up Windows 10 on your PC.

In case you don't want to upgrade now, let me know to give you instructions to remove the tools we used and create a new restore point.
See less See more
Reply
Save
Like
DR.M
Hi!

Apologies for the delay. I was very busy the previous days.

I'll try to reply to your questions.

anamandy said:
I was going to wait on the update until Microsoft automatically installs it in their updates. I'm waiting to see if people who have already updated are having any issues. Usually, Microsoft addresses those issues before they roll it out to everyone.

I wonder if Microsoft is going to be doing the upgrade on systems that are running the S version. I have an ACER SPIN that is running that.
Click to expand...
There was a restriction regarding the updates in your computer. That's why you didn't get any notification about them. Since the version you are running now comes to its end of life, I recommend you to upgrade as soon as possible. The same applies to version S.

anamandy said:
Should I create a Windows Installation Media Disc in case I have a future issue where I have to reinstall the program? If so, should I use a CD or DVD?
Click to expand...
Not necessary to do an installation media now, but it's always useful when a severe system issue appears.

anamandy said:
I will go to my sister's house on my next day off and start a new thread for that. I will do all of the above first part of your message to me so that you can at least get an idea of what is going on and what tools you need to fix the issues.
Click to expand...
The best you can do is run an FRST scan, open a new topic here and attach the 2 logs (FRST and Addition). We will continue from there.

I would prefer you to run the upgrade before we move the tools. Sometimes issues occur, and FRST is always useful. However, if you don't want to upgrade now, here are the instructions to remove the tools and create a fresh restore point:

The following tool will remove the tools we used as well as reset system restore points:

Download KpRm by kernel-panik and save it to your desktop.
  • Right-click kprm_(version).exe and select Run as Administrator.
  • Read and accept the disclaimer.
  • When the tool opens, ensure all boxes under Actions are checked.
  • Under Delete Quarantines select Delete Now, then click Run.
  • Once complete, click OK.
  • A log will open in Notepad titled kprm-(date).txt.
  • Please copy and paste its contents in your next reply.
See less See more
Reply
Save
Like
DR.M
Great!

Now your computer is clean, here are some final tips about your computer's security from now on:

Some of the following, are from Klein's (2005) article, So how did I get infected in the first place. Since then, the article has been reproduced or linked to in dozens of locations. As a result, many malware experts have continued updating it, to include current operating systems and software program information. My source is Security Garden, and I marked for you the following:

1. Keep your Windows updated!
It is important always to keep current with the latest security fixes from Microsoft. This can patch many of the security holes through which attackers can infect your computer.

2. Update 3rd Party Software Programs
Third Party software programs have long been targets for malware creators. It has been stated that "Adobe’s Reader and Flash and all versions of Java are together responsible for a total of 66 percent of the vulnerabilities in Windows systems exploited by malware.'' It's important to keep everything updated.

3. Update the browsers you use
Many malware infections install themselves by exploiting security holes in the Internet browser that you use. So... Keep them updated.

4. Be careful about what you download and what you open!
  • Many "freeware" programs come with an enormous amount of bundled spyware that will slow down your system, spawn pop-up advertisements, or just plain crash your browser or even Windows itself. Watch for pre-checked options such as toolbars that are not essential to the operation of the installed software.
  • Peer-to-peer (P2P) programs like Kazaa, BearShare, Imesh, Warez P2P, and others, allow the creation of a network enabling people to connect with other users and upload or download material in a fast efficient manner. BUT even if the P2P software you are using is "clean", a large percentage of the files served on the P2P network are likely to be infected.
  • Cracked or pirated programs are not only illegal, but also can make your computer a malware target. Have this in mind.
  • Do not open any files without being certain of what they are!
5. Avoid questionable web sites!
Visit web sites that are trustworthy and reputable. Many disreputable sites will attempt to install malware on your system through "drive-by" exploits just by visiting the site in your browser. Lyrics sites, free software sites (especially ones that target young children), cracked software sites, and pornography sites are some of the worst offenders. Also, never give out personal information of any sort online or click "OK" to a pop-up unless it is signed by a reputable company and you know what it is.

6. Registry cleaners/driver boosters/system optimizers
I do not recommend registry cleaners, system optimizers, driver boosters and the like. It is your computer and certainly your choice. However, please consider that modifying registry keys incorrectly can cause Windows instability, or make Windows unbootable. With registry cleaner and system optimization software programs, the potential is ever present to cause more problems than they claim to fix. Do note, however, that Microsoft does not support the use of registry cleaners. See Microsoft support policy for the use of registry cleaning utilities.

7. PC means personal computer!
Don't give access to your computer to friends or family who appear to be clueless about what they are doing.

8. Back-up your work!
Make back-ups of your personal files frequently. You never know when you'll have to reformat and start from scratch. You can always reformat and reinstall programs, but you cannot replace your data if you haven't made backups.

9. Must-Have Software
An anti-virus and an anti-spyware program is a necessity for the security of your computer. Be sure that you keep them updated, and that real time protection is enabled. You have now the built-in Windows antivirus, Windows Defender. Together with Malwarebytes, if you run it occasionally, depending on how often you use your computer, can keep you safe.

Happy safe computing.



I'm glad I was able to help you.
See less See more
Reply
Save
Like
DR.M
You are very welcome. :)

I would be glad to assist your sister too.
Reply
Save
Like
DR.M
Hi, anamandy.

So you are still getting the above notice? When I asked you for feedback you didn't mention that and I thought that everything was back to normal. Although in your first post you said that it popups when you are in certain sites, please be some more detailed. When? In which browser?

P.S. Reminding you that it is late for me now, and I'll be back to you tomorrow.
Reply
Save
Like
DR.M
Hi.

You can keep Malwarebytes on your computer. It's the free version of the product, and as I said above, it works well with Defender and both can keep you safe. Since it's the free version, it doesn't offer a real time protection, but you can run it occasionally, depending on ho often you use your computer.

I wonder if the notice you are getting has anything to do with the notifications in Edge. I was unable to reproduce it anyway. Try this:

Go here, and do the steps under the title Remove or block notifications in Edge settings.

Remove any site from the Notifications area, restart Edge and check what happens.
Reply
Save
Like
DR.M
Let's do a new FRST scan. You will need to download the tool again, and run a scan with it. I need the 2 logs created please.
Reply
Save
Like
DR.M
Where do you have scan-virus? What do you mean you blocked it?
Reply
Save
Like
DR.M
That site (scan-virus) has to be removed. Do not allow cookies from it.

There is also secureit.com and we will completely remove it.


1. Delete browsing data in Edge

See here how to delete browsing data in Edge (Delete all cookies). Select everything, except passwords for all time. Restart Edge.


2. FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Code: 
Start::
CloseProcesses:
IE restricted site: HKU\S-1-5-21-316721253-3932963005-2243892916-1001\...\windows-secureit.com -> hxxps://windows-secureit.com
IE restricted site: HKU\S-1-5-21-316721253-3932963005-2243892916-1001\...\windows-secureit.com -> windows-secureit.com
EmptyTemp:
End::
  • Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Post the log in your next reply.
See less See more
Reply
Save
Like
DR.M
And the result?

Are you getting the notifications you were getting before?
Reply
Save
Like
DR.M
Anamandy,

Please go for a reset for Edge.

Go to Edge Settings > Reset settings > Restore settings to their default values > Reset

Let me know the result.
Reply
Save
Like
1 - 20 of 72 Posts
Tech Support Guy
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Hardware Virus & Other Malware Removal Off Topic Lounge Thread Games & Discussion Networking
Top