Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.
1 - 20 of 26 Posts

·
Registered
Joined
·
178 Posts
Discussion Starter · #1 ·
A month ago I installed Windows 10 on a HP desktop. Today I opened a reliable news site I have used often, but then I opened a celebrity slideshow. Immediately Microsoft shut down my computer. I called the number given and was ran through a bunch of questions. I was told that my IP address was used to access porn sites. I DO NOT LOOK AT PORN. Am I in danger of being regarded as a user of porn sites? Then I was told that other bad file could not be removed without my sighing up for $300 for 2 0r 5 years service. When I objected the price came down. This made me suspicious. Perhaps this person was the one who hacked me. He told me that the hackers even had my IP address. I got a copy of super antispyware and did a scan. All was good except the presence of 158 cookies. I deleted these. I can easily clear out this computer and reinstall Windows 10. Can I change my IP address? Do I have to? My server is through Xfinityprepaid. Thanks for your help. Patrick
 

·
Trusted Advisor & Malware Specialist
Joined
·
4,056 Posts
Hi, Patrick.

The safer thing to do, if you have clear evidence that you have been hacked, is to reinstall Windows, with deleting all partitions and do a fresh beginning.

However, if you don't want to reinstall your operating system, you can attach your logs here, so we can have a look at them. It's up to you.

Let us know about your decision.

Here are the log posting instructions: Everyone MUST Read This BEFORE Posting for Help in This Forum | Tech Support Guy (techguy.org)
 

·
Trusted Advisor & Malware Specialist
Joined
·
4,056 Posts
Hi, Patrick.

Thanks for the logs.

These are some basic rules I would like you to follow, during the cleaning procedure:

1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

4. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.

5. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.

================================

Let's begin.

There are some signs of system's corruption as well as disk's damage. So we will start from this.

1. Run Deployment Image Servicing and Management (DISM)
  • Click on the Start button and in the search box, type Command Prompt
  • When you see Command Prompt on the list, right-click on it and select Run as administrator
  • Enter the command below and press on Enter;
Code:
DISM /Online /Cleanup-Image /RestoreHealth
  • Let the scan run until the end (100%). Depending on your system, it can take some time.
  • Please post here the result you got (a screenshot would be fine).

2. When DISM finishes, you can then run SFC from the same command prompt window, but full instructions as if starting fresh:
  • Click on the Start button and in the search box, type Command Prompt
  • When you see Command Prompt on the list, right-click on it and select Run as administrator
  • Enter the command below and press on Enter
Code:
sfc /scannow
  • Let the scan finish.
  • You will normally get one of the following results:
    Code:
    Windows Resource Protection did not find any integrity violations
    Windows Resource Protection found corrupt files and successfully repaired them
    Windows Resource Protection found corrupt files but was unable to fix some of them
    Windows Resource Protection could not perform the requested operation
  • Please post the result you got (a screenshot would be fine).

3. Check disk
  • Click on the Start button and in the search box, type Command Prompt.
  • When you see Command Prompt on the list, right-click on it and select Run as administrator.
  • Enter the command below and press on Enter and wait for it to finish (~15 minutes).
    Code:
     chkdsk C: /r
  • You will receive a message that the operation cannot be performed while the system is in use and ask if you want to check when you restart your computer. Choose Yes, and then restart the computer, allowing disk check to run at startup.
  • The process will take some time, depending on the disk condition.
  • Download ListChkdskResult by SleepyDude and save it on your Desktop.
  • Double click on the created icon.
  • A notepad file will open. Copy its content and paste it in your next reply.

In your next reply please post:
  1. The two screenshots after DISM and SFC
  2. The chkdsk result
 

·
Registered
Joined
·
178 Posts
Discussion Starter · #7 ·
Hi, Patrick.

Thanks for the logs.

These are some basic rules I would like you to follow, during the cleaning procedure:

1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

4. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.

5. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.

================================

Let's begin.

There are some signs of system's corruption as well as disk's damage. So we will start from this.

1. Run Deployment Image Servicing and Management (DISM)
  • Click on the Start button and in the search box, type Command Prompt
  • When you see Command Prompt on the list, right-click on it and select Run as administrator
  • Enter the command below and press on Enter;
Code:
DISM /Online /Cleanup-Image /RestoreHealth
  • Let the scan run until the end (100%). Depending on your system, it can take some time.
  • Please post here the result you got (a screenshot would be fine).

2. When DISM finishes, you can then run SFC from the same command prompt window, but full instructions as if starting fresh:
  • Click on the Start button and in the search box, type Command Prompt
  • When you see Command Prompt on the list, right-click on it and select Run as administrator
  • Enter the command below and press on Enter
Code:
sfc /scannow
  • Let the scan finish.
  • You will normally get one of the following results:
    Code:
    Windows Resource Protection did not find any integrity violations
    Windows Resource Protection found corrupt files and successfully repaired them
    Windows Resource Protection found corrupt files but was unable to fix some of them
    Windows Resource Protection could not perform the requested operation
  • Please post the result you got (a screenshot would be fine).

3. Check disk
  • Click on the Start button and in the search box, type Command Prompt.
  • When you see Command Prompt on the list, right-click on it and select Run as administrator.
  • Enter the command below and press on Enter and wait for it to finish (~15 minutes).
    Code:
     chkdsk C: /r
  • You will receive a message that the operation cannot be performed while the system is in use and ask if you want to check when you restart your computer. Choose Yes, and then restart the computer, allowing disk check to run at startup.
  • The process will take some time, depending on the disk condition.
  • Download ListChkdskResult by SleepyDude and save it on your Desktop.
  • Double click on the created icon.
  • A notepad file will open. Copy its content and paste it in your next reply.

In your next reply please post:
  1. The two screenshots after DISM and SFC
  2. The chkdsk result
Here are files requested. Is there some way I can determine what sites I logged onto on Monday July 12 in early afternoon? I looked at news sites I always looked at. I am sure they are safe. But on one ( I don' know which) I opened a sidebar site that presented a slideshow that was maybe on celebrities. That's when Microsoft shut down everything. It might be helpful to locate this problem place. Thanks again for help.
 

Attachments

·
Trusted Advisor & Malware Specialist
Joined
·
4,056 Posts
Hello, Patrick.

Thanks for the logs. The corruptions found are fixed now, so we can move on. No need to search and show me the sites you got to. Also, the warning you got was not from Microsoft. It was a phishing message, to give your personal data to them. As for the backup you want to do, of course. You can do that.

Let's move on.

1. Uninstall programs
  • Press the Windows Key + R.
  • Type appwiz.cpl in the Run box and click OK.
  • The Add/Remove Programs list will open. Locate the following programs in the list:
Code:
 Adobe Flash Player 10 ActiveX
Shockwave 7.0.3 Player
  • Select the above programs, one by one, and click Uninstall.
  • Restart.
Check the following programs and if you don't need them, repeat the above procedure for them. The HP programs are preinstalled programs, meaning that they were installed in the computer when you bought it. Personally, I don't keep programs I don't need/use. It's your decision if you keep them or uninstall them. Let me know about your decision.

VIP Access SDK
HP Setup
HP SimplePass PE 2011
HP Support Assistant
HP Support Solutions Framework
HP Vision Hardware Diagnostics

2. Uninstall applications

Click on the Start button, locate the following apps, right click on each of them and select uninstall.

McAfee WebAdvisor
Total PC Cleaner - Free Disk Space Clean Up, Optimize Memory & Windows System
Norton Safe Web
Norton Security Protection

3. Uninstall Norton Internet Security

The product is disabled, out of date and not shown in your programs list. Use the Removal tool, following the instructions here, to correctly uninstall it: Download and run the Norton Remove and Reinstall tool

4. FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Code:
Start::
CreateRestorePoint:
CloseProcesses:
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=CMDTDF
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMDTDF
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=CMDTDF
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMDTDF
SearchScopes: HKU\S-1-5-21-4194323796-1499932326-3689530080-1000 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=CMDTDF
SearchScopes: HKU\S-1-5-21-4194323796-1499932326-3689530080-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMDTDF
SearchScopes: HKU\S-1-5-21-4194323796-1499932326-3689530080-1001 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=CMDTDF
SearchScopes: HKU\S-1-5-21-4194323796-1499932326-3689530080-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMDTDF
Toolbar: HKU\S-1-5-21-4194323796-1499932326-3689530080-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FirewallRules: [{52C17D8A-4825-490D-8AD6-0E69A752C190}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File
FirewallRules: [{13248ADE-1873-4CF2-80F0-47C0FC101808}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
Task: {4B4BA80F-DB49-4084-85E7-E4DB3EC7F8FC} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\SymErr.exe
Task: {894AE2FB-FE94-4953-B2EC-5DDAF01532D0} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\SymErr.exe
Task: {A86E0EFB-28EB-41AE-A73A-DB019290C162} - System32\Tasks\{610D2340-47BE-4957-B151-3612AA17A24C} => C:\UbiSoft\The Settlers IV\S4.exe
Task: {C187DD99-F9B8-4ADA-A609-7E04FDF3A318} - System32\Tasks\{6B3F9A93-8509-4DAB-A6F2-A9E7A498A33B} => C:\UbiSoft\The Settlers IV\S4.exe
Task: {D0E165D5-8DBE-4A02-9217-7368C87E2F70} - System32\Tasks\{89F2FEF1-4D46-485E-A010-9016159F3B16} => C:\UbiSoft\The Settlers IV\S4.exe
Task: {EA6CBEC4-39E9-45B1-B6DD-3F8C783EEBC3} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\WSCStub.exe
U3 idsvc; no ImagePath
C:\Program Files (x86)\Norton Internet Security
cmd: ipconfig /flushdns
EmptyTemp:
End::
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.

In your next reply please post:
  1. What programs you uninstalled in step 1
  2. If everything went fine with steps 2 & 3
  3. The fixlog.txt
 

·
Registered
Joined
·
178 Posts
Discussion Starter · #9 ·
Hello, Patrick.

Thanks for the logs. The corruptions found are fixed now, so we can move on. No need to search and show me the sites you got to. Also, the warning you got was not from Microsoft. It was a phishing message, to give your personal data to them. As for the backup you want to do, of course. You can do that.

Let's move on.

1. Uninstall programs
  • Press the Windows Key + R.
  • Type appwiz.cpl in the Run box and click OK.
  • The Add/Remove Programs list will open. Locate the following programs in the list:
Code:
 Adobe Flash Player 10 ActiveX
Shockwave 7.0.3 Player
  • Select the above programs, one by one, and click Uninstall.
  • Restart.
Check the following programs and if you don't need them, repeat the above procedure for them. The HP programs are preinstalled programs, meaning that they were installed in the computer when you bought it. Personally, I don't keep programs I don't need/use. It's your decision if you keep them or uninstall them. Let me know about your decision.

VIP Access SDK
HP Setup
HP SimplePass PE 2011
HP Support Assistant
HP Support Solutions Framework
HP Vision Hardware Diagnostics

2. Uninstall applications

Click on the Start button, locate the following apps, right click on each of them and select uninstall.

McAfee WebAdvisor
Total PC Cleaner - Free Disk Space Clean Up, Optimize Memory & Windows System
Norton Safe Web
Norton Security Protection

3. Uninstall Norton Internet Security

The product is disabled, out of date and not shown in your programs list. Use the Removal tool, following the instructions here, to correctly uninstall it: Download and run the Norton Remove and Reinstall tool

4. FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Code:
Start::
CreateRestorePoint:
CloseProcesses:
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=CMDTDF
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMDTDF
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=CMDTDF
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMDTDF
SearchScopes: HKU\S-1-5-21-4194323796-1499932326-3689530080-1000 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=CMDTDF
SearchScopes: HKU\S-1-5-21-4194323796-1499932326-3689530080-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMDTDF
SearchScopes: HKU\S-1-5-21-4194323796-1499932326-3689530080-1001 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=CMDTDF
SearchScopes: HKU\S-1-5-21-4194323796-1499932326-3689530080-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMDTDF
Toolbar: HKU\S-1-5-21-4194323796-1499932326-3689530080-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FirewallRules: [{52C17D8A-4825-490D-8AD6-0E69A752C190}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File
FirewallRules: [{13248ADE-1873-4CF2-80F0-47C0FC101808}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
Task: {4B4BA80F-DB49-4084-85E7-E4DB3EC7F8FC} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\SymErr.exe
Task: {894AE2FB-FE94-4953-B2EC-5DDAF01532D0} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\SymErr.exe
Task: {A86E0EFB-28EB-41AE-A73A-DB019290C162} - System32\Tasks\{610D2340-47BE-4957-B151-3612AA17A24C} => C:\UbiSoft\The Settlers IV\S4.exe
Task: {C187DD99-F9B8-4ADA-A609-7E04FDF3A318} - System32\Tasks\{6B3F9A93-8509-4DAB-A6F2-A9E7A498A33B} => C:\UbiSoft\The Settlers IV\S4.exe
Task: {D0E165D5-8DBE-4A02-9217-7368C87E2F70} - System32\Tasks\{89F2FEF1-4D46-485E-A010-9016159F3B16} => C:\UbiSoft\The Settlers IV\S4.exe
Task: {EA6CBEC4-39E9-45B1-B6DD-3F8C783EEBC3} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\WSCStub.exe
U3 idsvc; no ImagePath
C:\Program Files (x86)\Norton Internet Security
cmd: ipconfig /flushdns
EmptyTemp:
End::
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.

In your next reply please post:
  1. What programs you uninstalled in step 1
  2. If everything went fine with steps 2 & 3
  3. The fixlog.txt
I spoke with the people from the phishing who got access to the computer and did things. They certainly made changes. Is Microsoft aware of this type of thing. I do not understand why I am uninstalling programs if I intend to do a re-install of Windows 10. If I reformat the hard drive am I not removing everything? Also if I copy a few video files, like Pinterest stuff and short music files to a thumb drive to move them am I carrying with them corrupted files. Please bear with me as all is new to me. You have been most helpful. I have no need to backup anything as everything is replaceable including the files I want to move.

Do the following get removed by a reformat? I will remove them as you suggest. But I do not know if I will ever need them. Is it necessary to remove them.
VIP Access SDK
HP Setup
HP SimplePass PE 2011
HP Support Assistant
HP Support Solutions Framework
HP Vision Hardware Diagnostics

I am not sure how to do a reformat with Windows 10. Can you explain?

Attached is the fixlog.txt. Again thanks for great help and you continued patience.
 

Attachments

·
Trusted Advisor & Malware Specialist
Joined
·
4,056 Posts
I spoke with the people from the phishing who got access to the computer and did things. They certainly made changes. Is Microsoft aware of this type of thing.
WHY did you do that? Spoke with the people who tried to attack you? Please DO NOT do again such a thing! Microsoft has nothing to do with this!

I do not understand why I am uninstalling programs if I intend to do a re-install of Windows 10. If I reformat the hard drive am I not removing everything?
You never told me that your plan is to re-install Windows. In your initial post you just said: I can easily clear out this computer and reinstall Windows 10.

Yes, doing a clean re-install, most of the times will remove everything.

Also if I copy a few video files, like Pinterest stuff and short music files to a thumb drive to move them am I carrying with them corrupted files.
The corrupted files have to do with Windows, not the simple files you have in your computer. There are some infections that can transfer themselves in the removable drives but I can't see something here that justifies that.

Do the following get removed by a reformat? I will remove them as you suggest. But I do not know if I will ever need them. Is it necessary to remove them.
Yes, a clean install will remove them. A factory reset won't as they consist pre-installed software.

I won't give any other instructions, until you tell me what you want to do: clean the computer or re-install the operating system.
 

·
Registered
Joined
·
178 Posts
Discussion Starter · #11 ·
To set things in proper order: On July 12 I was looking at news sites and clicked over to some site on their page about celebrities. A slide show ensued. Suddenly a screen appeared telling me that Microsoft had shut down my computer because of malware attack. I was given a phone number to call. I assumed this was from Microsoft, i.e., a Microsoft phone number. I called the number and someone there made what I thought was corrections. Perhaps I was wrong to assume this was Microsoft. But it seemed the right thing to do at time. Again should Microsoft be advised of this?

Do these phishing people have access to my IP address? Does the IP address reside on computer or router. I am with XfinityPrepaid.

I want to do what is best. If re-installing the Windows 10 is best I will do it. If all is good right now, I will follow advice.

What does a factory reset mean? After I remove these following files am I to get HP to reinstall them via Internet download? Do I need them?

VIP Access SDK
HP Setup
HP SimplePass PE 2011
HP Support Assistant
HP Support Solutions Framework
HP Vision Hardware Diagnostics

Sorry if I am a bit dense about these things. Again, I assumed from beginning that I was working with Microsoft and not some fake. Doesn't Microsoft Defender in Windows 10 not protect me from these attacks. After re-installing Windows 10 am I still subject to such attacks?

Again thanks for all kind patience and superb help.
 

·
Trusted Advisor & Malware Specialist
Joined
·
4,056 Posts
Hi, Patrick.

Yes, let's put things in an order.

You had an illegal attack by strangers claimed to be from Microsoft. These phishing attempts are well known and depending on what you let the hacker do in your computer, you may consider to contact the Authorities.

"Someone made changes" you say. How? You gave him remote access? He told you what to do and you just did what he said? I don't know. In addition, there is no way to know if he got your IP. Firewalls suppose to prevent this.

Your logs don't show signs of an infection or a remote access activity. There are only signs of browser hijackers.

Here, we can clean the computer.

BUT: If you don't feel well with that or you want to do a clean install to be 1000% sure that everything is clean, is up to you.
 

·
Registered
Joined
·
178 Posts
Discussion Starter · #13 ·
Again thanks for all kind help. Do authorities mean Microsoft? Surely they should want to know. I did some things I was told and they did others making changes. Do you think all that was done is cleaned out now? I guess it would be best to do a clean re-install of Windows 10. Please explain best way to do that so that hard drive is completely clean before I re-install. What does it mean if they have my IP address. Does this not remain the same even with a re-install? Can they still do me harm even if I re-stall? I seek your best advice on this matter as to re-nstall or anything else you think best for me to do. Again, sorry to be a bother. With much thanks.
 

·
Trusted Advisor & Malware Specialist
Joined
·
4,056 Posts
Authorities means the Police.

Microsoft is aware of these attempts and every computer user has to be aware of them too.

I believe that you should not worry about your IP. However, I recommend you to change your passwords (wifi, rooter, email/bank accounts etc., using a healthy device).

Re-installing the operating system would clean everything.

Instructions about clean install

(FIRST BACKUP YOUR FILES)


How to do a Clean Install of Windows 10 the Easy Way (howtogeek.com)

See the first method, install Windows from scratch. When you reach the partition step, select all the partition and delete them (not just format them).
 

·
Registered
Joined
·
178 Posts
Discussion Starter · #17 ·
Again thanks for all help. What can I tell the police if I cannot locate these crooks? I have no banking accounts through internet although ebay and paypal have access to a small debit account I keep just for their purchases. I will change passwords from my Internet account at the library in next few days.

I believe that the hackers got my personal info from Yahoo mail. There was activity showing in my history just after this matter began on PM of July 12. I intend to go to library and make up new yahoo mail account. Can these people access my machine through the IP of the Xfinity router?

I think I found page of news where this came from and I notified upbeatnews.com for their sidebar The Most Hilarious Photobombs. I don't know if they will contact me or not.

I feel I cannot bother you further. But thanks. I am reading the info about re-installing Windows 10. It is a bit dense. I have a disk for Windows 10, but he seems to think that people are downloading new 10. Anyway, if I could just clear out machine with a delete of partitions or re-format and know that the machine is clean before re-installing Windows 10 I would feel better. This machine had Windows 7 when I did an install of Windows 10 and I think some things were left on it.

Anyway thank you. If thee is some way I could thank you let me know. Patrick
 

·
Trusted Advisor & Malware Specialist
Joined
·
4,056 Posts
Hi, Patrick.

You don't bother me of course. But I don't have anything else to tell you. :)

Briefly:

1. Change your passwords (email accounts, sites and what else you have)
2. Do a clean install of the operating system.

Note: No reason to clean the computer first and then do a clean install. That will remove everything. You have to follow the steps I provided you to proceed to a clean install. That means you need to prepare a USB with the latest Windows 10 in it. Do not use the disk you said you have.
 

·
Trusted Advisor & Malware Specialist
Joined
·
4,056 Posts
1 - 20 of 26 Posts
Status
Not open for further replies.
Top