38 replies to this topic

[Satchfan]

I also logged into a laptop yesterday with my google chrome account. is there a real concern that istartsurf might have infected that laptop via chrome?
 
Could i send some data from that laptop so you might check it out?

Sorry I didn’t answer that before. We can have a look at that when we’ve finished here.

Run Farbar Recovery Scan Tool

Open notepad. Please copy the contents of the code box below and paste it into Notepad.

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=nl&pid=NIS&pvid=21.6.0.32
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=nl&pid=NIS&pvid=21.6.0.32
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=nl&pid=NIS&pvid=21.6.0.32
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.7.0.11\coIEPlg.dll Geen bestand
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\coIEPlg.dll Geen bestand
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\IPS\IPSBHO.DLL Geen bestand
Toolbar\GoogleToolbar_64.dll [2015-07-16] (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\coIEPlg.dll Geen bestand
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.7.0.11\coIEPlg.dll Geen bestand
Toolbar: HKU\S-1-5-21-1416419973-2740545705-331746206-1000 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.7.0.11\coIEPlg.dll Geen bestand
FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll No File
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll No File
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\coFFPlgn
FF Extension: Geen Naam - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\coFFPlgn [2015-07-08]
CHR Extension: (Norton Identity Safe) - C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-07-16]
CHR Extension: (Norton Security Toolbar) - C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2015-07-16]
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\Exts\Chrome.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\Exts\Chrome.crx [Not Found]
2015-07-16 08:31 - 2015-07-16 08:31 - 00000000 ____D C:\NBRT
2015-07-15 21:04 - 2015-07-15 21:04 - 00000000 ____D C:\ProgramData\NortonRnR
2015-07-15 20:49 - 2015-07-16 16:29 - 00000000 ____D C:\Program Files (x86)\Norton Bootable Recovery Tool Wizard
2015-07-15 20:46 - 2015-07-15 20:49 - 00000000 ____D C:\Users\Leon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2015-07-15 20:21 - 2015-07-15 20:21 - 00000000 ____D C:\NPE
2015-07-15 20:19 - 2015-07-15 21:00 - 00000000 ____D C:\Users\Leon\AppData\Local\NPE
2015-07-15 19:53 - 2015-07-15 19:57 - 00000000 ____D C:\Program Files (x86)\Norton 360
C:\ProgramData\Norton
C:\NBRT
C:\ProgramData\NortonRnR
C:\Program Files (x86)\Norton Bootable Recovery Tool Wizard
C:\NPE
C:\Users\Leon\AppData\Local\NPE
C:\Program Files (x86)\Norton 360
EmptyTemp:

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

• save the files as fixlist.txt in the same folder as FRST – NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work
• run FRST64 then click Fix just once and wait
• it will create a log (Fixlog.txt); please post it to your reply.

Please run Malwarebytes again and send that new log also.

Thanks

Satchfan

[Satchfan]

It has again been several days since I sent my last instructions.

 

Please let me know the current situation.

 

Satchfan

[LeonvV]

Hello Satchfan sorry i could not upload them earlier Here are the files

 

Leon

Attached Files

•  malwarebytes.txt   1.22KB   323 downloads
•  Fixlog.txt   8.55KB   346 downloads

[Satchfan]

Please copy/paste results, not attach them.

 

 

Let’s run an online scan to be sure nothing is left and if that’s clear I’ll send instructions to tidy up.


Run ESET Online Scan

Note: This may take a long time so please be patient.

IMPORTANT Please make sure you uncheck the box next to Remove found threats. Eset will detect anything that looks even slightly suspicious, which could include legitimate program files. If you do not uncheck the box, Eset will automatically remove all suspicious files which could leave some of your software inoperable.

Note: You can use Internet Explorer, FireFox or  Chrome for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Hold down Control and click on the following link to open ESET OnlineScan in a new window.

ESET OnlineScan

• click the Eset online Scanner button
• for alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  

  
  o    click on esetinstaller.exe to download the ESET Smart Installer. Save it to your desktop.
  o    double click on the Eset installer icon on your desktop.
   

• check Yes, I accept the Terms of Use
• click the Start button
• accept any security warnings from your browser
• check Enable detection of potentially unwanted applications
• click Advanced settings and select the following:
  

  
  o    scan archives
  o    scan for potentially unsafe applications
  o    enable Anti-Stealth technology

  
  Note: Do not check Remove found threats
   

• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• when the scan completes, push List of found threats
• push Export to Text file and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  

  
  Note - if ESET doesn't find any threats, no report will be created.
   

• push the back button.
• push Finish

When the scan is complete:

If no threats were found:

 

o    put a checkmark in "Uninstall application on close"
o    close program
o    report to me that nothing was found
 

If threats were found:

o    click on "list of threats found"
o    click on "export to text file" and save it as ESET results and save to the desktop
o    Click on back
o    put a checkmark in "Uninstall application on close"
o    click on finish
o    close program
o    copy and paste the report here.
 

Thanks

Satchfan

 

[Satchfan]

Another 4 days since I heard from you. Can you please post the result of the Eset scan.

[Satchfan]

We are very busy here so I'd appreciate it if you would let me know if all is well and I can mark this as solved.

 

Thanks

 

Satchfa

[LeonvV]

Hello Satchfan i am sorry for the delay. My schedule has not been forgiving recently. I have not encountered any problems anymore and i believe all is indeed well now.

 

I really appreciate your help over the past few weeks. Thank you very much!

[Satchfan]

Hi Leon, thank you for getting back in touch. Hopefully you won't have future problems but if you need to ask for help again, just let us know that you are busy every two or three days and we'll keep the topic open, (we all have busy days so we understand).


Now that you’re free from malware, as long as your computer seems to be running well, please follow these simple steps to tidy up you computer and decrease the likelihood of getting infected again:

Uninstall AdwCleaner

• double click on adwcleaner.exe to run the tool
• click on Uninstall
• confirm with Yes.

===================================================

Download & run Delfix

• download Delfix from here to remove many of the tools we've used during the cleaning process.
• ensure “Remove disinfection tools” is checked.

Also place a checkmark next to:

o    Create registry backup
o    Purge system restore

• click the Run button.

You can delete all other logs and programs we’ve used that are on your desktop. Just click on them and press Delete.

===================================================

Windows updates

I notice that Windows updates are waiting to be installed. Click here for information on how to get the latest Windows updates:

===================================================

Update installed programs

Your version of Java is out-of-date and need to be removed and updated.

Having the latest updates and removing old versions ensures there are no security vulnerabilities in your system.

To remove it:

• click Start, Control Panel, Programs and Features.
• click on Java 8 Update 31

NEXT

Install the latest version of Java:

Java

NOTE – when you install Java, before clicking on Install, be sure to Uncheck “Install the Ask Toolbar and make Ask my default search provider”



Even though I just had you get the latest version of Java, there is a vulnerability with regards to Java and web browsers. Therefore, we recommend to disable java in web browsers.

More information can be found here.

===================================================

Recommended programs

SpywareBlaster. SpywareBlaster protects against bad ActiveX, it immunizes your PC against them. It blocks over 11,000 bad sites and uses no resources of your computer.

======================

Update and run Malwarebytes. This really is an excellent program that you should also update and run on a regular basis, probably weekly.

======================

It’s important to keep programs up to date so that malware doesn't exploit any old security flaws.

FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated.

======================

Download WOT

Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

green if it's safe
yellow for caution
red for unsafe
 

You can download the WOT add-on for Firefox, Chrome, Internet Explorer, Opera, and Safari browsers. It does not slow down your browsing experience, it is easy to use and free. Just click “Download” and you are ready to go!

======================

MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

A couple of links with information here and here which can answer any questions you might have about installing/using it.

======================

Unchecky

Be careful when downloading free software. Many free programs come bundled with adware, many of which cause redirects/popups and verge on being malware. There is a program that automatically “unckecks” the boxes you may not notice when downloading programs.

Download and install Unchecky .

======================

Download and install CryptoPrevent

Crypto Ransomware Warning

There are particularly nasty “Ransomware” infections out there at the moment that encrypt your files and the only way possible to get them “de-crypted” is to pay a ransome. You can read more about this here.

• download CryptoPrevent
• save the file to your Desktop and then open the program by clicking Run when prompted from your browser or by going to the desktop where the file was saved and double-clicking.
• accept all the defaults during the install. The last screen of the install has a checkmark in "Launch CryptoPrevent". This will launch the program once you click Finish
• you will get a prompt asking if you purchased a Product Key for Automatic Updates. Click No
• you will then be prompted to learn more about automatic updates or if you want to purchase a key. This is up to you but you don't have to
• click OK to continue and select your protection level. Go ahead and click OK.
• click the Apply button to set Default protection
• you may get a message stating that Windows Sidebar and Desktop Gadgets are a major security vulnerability and asking you if you want to disable them. If you don't use these features, answer Yes.

You are now protected.

Note: The free version doesn't provide automatic updates but should be updated often, (at least weekly), as this infection has serious consequences. To update it manually, open the program, select the “Updates” menu then select Check for Updates to see if there are any available.

======================

Your computer needs to be defragmented. See this

(Do NOT defrag if it is Solid State Drive!)

Download and run Auslogics Disc Defragmenter

Make sure when installing that you look out for, and say NO to, the ASK toolbar, (although, if you have taken my advice and installed UnChecky, that won’t be necessary).

===================================================

I also recommend that you read the following:

Best Practices for Safe Computing - Prevention of Malware Infection by quietman7

Simple and easy ways to keep your computer safe and secure on the Internet by Lawrence Abrams

I will keep this open for 24 hours in case you have any problems, after which I’ll close the topic.

Safe computing

Satchfan

 

 

[Satchfan]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please follow the instructions here http://forums.whatth...ed_t106388.html
and start a New Topic.