|
Post by tahoe967 on Jan 31, 2017 11:41:11 GMT -8
Norton has been intercepting and quaranting this item almost daily since early November. Norton seems to be doing the job but this reoccurrence is annoying! Any suggestions?
|
|
dbrisen
Malware Removalists
Posts: 3,688
|
Post by dbrisen on Feb 1, 2017 0:10:56 GMT -8
Run the scans directed below and post the logs. I will then help you remove this malware. Please follow the steps in this thread ( I think I am infected. What do I do? ). Notice that you will need to use wikisend.com to supply me with the Addition.txt log; steps to do this are explained here . Once you have provided the logs required, I will assist you as best we can. Thank you.
|
|
|
Post by tahoe967 on Feb 6, 2017 14:56:32 GMT -8
wikisend.com/download/245460/Addition.txtFYI: I get this from Norton occasionally also: Category: Intrusion Prevention Date & Time,Risk,Activity,Status,Recommended Action,IPS Alert Name,Default Action,Action Taken,Attacking Computer,Attacker URL,Destination Address,Source Address,Traffic Description 2/7/2017 12:33:28 PM,High,An intrusion attempt by support.computer-error-com0608.online was blocked.,Blocked,No Action Required,Web Attack: Fake Scan Webpage 11,No Action Required,No Action Required,"support.computer-error-com0608.online (174.127.120.40, 80)",support.computer-error-com0608.online/ac7/images/jquery-1.js,"BUSTER (192.168.1.126, 62437)",support.computer-error-com0608.online (174.127.120.40),"TCP, www-http" Network traffic from <b>support.computer-error-com0608.online/ac7/images/jquery-1.js</b> matches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME4\WINDOWS\SYSWOW64\EXPLORER.EXE. To stop being notified for this type of traffic, in the <b>Actions</b> panel, click <b>Stop Notifying Me</b>. Attachments:FRST.txt (181.81 KB)
|
|
dbrisen
Malware Removalists
Posts: 3,688
|
Post by dbrisen on Feb 7, 2017 13:06:52 GMT -8
Thanks for the logs. I have to run off to my part time job right now so I will finish this tonight. I see what is causing the problem and need just a little more info to remove it all. Can you please run the following scan / Fixlist in FRST and provide the log?
Open notepad by pressing the Windows Key + R key, typing notepad in the Run box and pressing Enter. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it to your desktop as fixlist.txtNOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating systemStart FRST that is on the desktop by right clicking on file and selecting "Run as Administrator..." and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
|
|
|
Post by tahoe967 on Feb 7, 2017 15:08:10 GMT -8
|
|
dbrisen
Malware Removalists
Posts: 3,688
|
Post by dbrisen on Feb 7, 2017 23:32:04 GMT -8
Thank you for the last log; it provided the info to help make sure we get all of this malware. FIRST >>>>Open notepad by pressing the Windows Key + R key, typing notepad in the Run box and pressing Enter. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it to your desktop as fixlist.txtNOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating systemStart FRST that is on the desktop by right clicking on file and selecting "Run as Administrator..." and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply. SECOND >>>>Please download Malwarebytes Anti-Rootkit from here- Unzip the contents to a folder in a convenient location.
- Open the folder where the contents were unzipped and run mbar.exe
- Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
- Click on the Cleanup button to remove any threats and reboot if prompted to do so.
- Wait while the system shuts down and the cleanup process is performed.
- Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
- When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt .
[/ul] LAST >>>>INFO TO REPLY WITH:How is your system running now? The Fixlog.txt text file (you should be able to attach this file; no need for wikisend.com usually). The logs from MBAR - mbar-log.txt and the system-log.txt files please. Any questions?
|
|
|
Post by tahoe967 on Feb 8, 2017 8:36:16 GMT -8
I'll let you know in a day or so how it is working! But I can tell you that before the 'fix' the fan ran constantly at a high level getting the machine very hot when online! Whenever I put it into airplane mode it would quieten down and cool down! After this 'fix' session it does not run hot and is once again very quiet when online! After MBAR finished scanning it said there were no items found and no cleanup required! Logs are attached! Thanks!
|
|
dbrisen
Malware Removalists
Posts: 3,688
|
Post by dbrisen on Feb 8, 2017 22:53:31 GMT -8
I would say that good things happened during the 'fix'. Let me know how the system is and we can go from there.
|
|
|
Post by tahoe967 on Feb 9, 2017 9:28:27 GMT -8
It seems to be running great. It's quiet and cool. Norton has not detected Kotver for 2 days now!
Would it be a good idea for me to occasionally run the MBAR program on my computer?
Update 2-10-16: Still working very well! No intrusions and machine continues to run quieter and cooler! Donation in progress! Thanks!
|
|
dbrisen
Malware Removalists
Posts: 3,688
|
Post by dbrisen on Feb 11, 2017 0:17:05 GMT -8
You can run MBAR on your system when ever you want but I would download a fresh copy every time. Also, Malwarebytes' Antimalware is a recommended tool to have (see below). We need to remove the tools we've used during the cleaning of your machine. [/a] Ensure the following is ticked: - Remove disinfection tools
- Create registry backup
- Purge system restore
[/ul] Then click Run. The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply. Once you have the log file saved, please reboot your system to complete the clean up process. Your system looks clean and your logs are fine. Unless you want something else done, you are done and free to go.Final words from me: Surf safely, and watch when installing or letting anything add itself to your system. Remember, the best security is not on your system but in the chair in front of it. Take care and thanks for sticking with us in this rushed time. === options ====Unchecky is a small service that runs in the background to help keep those "extra toolbars" and tag along search engines from automatically installing. By automatically directing you to a custom install with all the options unchecked, only what you manually choose and confirm gets installed. CryptoPrevent is a free program that prevents CryptoLocker / ransomware from infecting your PC by locking down the OS so the malware can not get a grip on your system. You can read the details about this program here. Also, consider adding MalwareBytes Antimalware to your arsenal of safe keeping programs. Use the free version (not the paid or trial version) and you won't have a problem with your antivirus scanner program. Keep it updated and run a scan with it once a week. Lastly, if you use Firefox as your main web browser, consider adding the NoScript and uBlock Origin add-ons to the browser to block scripting hijacks and remove unwanted ads from the pages you view. You may also find some information and tips at this thread: How did I get infected in the first place?and COMPUTER SECURITY - a short quide to staying safer online
I'll leave this topic open for a few days so that if you have any questions you can come back here. Surf safe, my friend!!
|
|