edwardBe
Members-
Posts
17 -
Joined
-
Last visited
Reputation
0 Neutral-
PUP.Optional.Spigot in Mozilla AppData folder.
edwardBe replied to edwardBe's topic in Resolved Malware Removal Logs
Nothing this morning, thanks, again. Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 9/27/18 Scan Time: 2:25 AM Log File: 3e5f1550-c237-11e8-b7b5-54ab3ac4e8f8.json -Software Information- Version: 3.6.1.2711 Components Version: 1.0.463 Update Package Version: 1.0.7039 License: Premium -System Information- OS: Windows 10 (Build 17134.285) CPU: x64 File System: NTFS User: System -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Scheduler Result: Completed Objects Scanned: 327147 Threats Detected: 0 Threats Quarantined: 0 Time Elapsed: 3 min, 49 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) -
PUP.Optional.Spigot in Mozilla AppData folder.
edwardBe replied to edwardBe's topic in Resolved Malware Removal Logs
Okay, thanks again. -
PUP.Optional.Spigot in Mozilla AppData folder.
edwardBe replied to edwardBe's topic in Resolved Malware Removal Logs
It took some time to do it all. Norton had some issues that required a restart which hung, so I had to power off the computer manually, but everything seems fine, now. I can access the Mozilla folder under the Roaming folder. The MB scan was negative, but I guess I will have to wait for the results of the overnight scan tomorrow morning to see if the Spigot stuff is truly gone. Thanks again. Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 9/26/18 Scan Time: 12:11 PM Log File: f1efb50c-c1bf-11e8-b595-54ab3ac4e8f8.json -Software Information- Version: 3.6.1.2711 Components Version: 1.0.463 Update Package Version: 1.0.7027 License: Premium -System Information- OS: Windows 10 (Build 17134.285) CPU: x64 File System: NTFS User: HOMER-VI\Edward -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 327708 Threats Detected: 0 Threats Quarantined: 0 Time Elapsed: 3 min, 17 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) -
PUP.Optional.Spigot in Mozilla AppData folder.
edwardBe replied to edwardBe's topic in Resolved Malware Removal Logs
Okay the mozilla folder is gone. I forgot to mention because I forgot about it, but I have been running an older version of FireFox because the bookmarks toolbar I have been using is not compatible with the latest version, or it wasn't the last time I checked. -
PUP.Optional.Spigot in Mozilla AppData folder.
edwardBe replied to edwardBe's topic in Resolved Malware Removal Logs
C:\Users\Edward\AppData\Roaming\Mozilla\Firefox\Profiles\m4j6rmyy.default This last folder I can't open or delete due to the permissions. I was able to open it yesterday when I started this post. -
PUP.Optional.Spigot in Mozilla AppData folder.
edwardBe replied to edwardBe's topic in Resolved Malware Removal Logs
Thanks again, Kevin. I'm getting a message that I need permission from the computer's administrator to delete the files/folders in Roaming\Mozilla even though I am the administrator. -
With the help of this forum, I managed to get Chrome cleaned up, but now I'm having problems with FireFox. Each night Malwarebyes scans my computer and each morning reports this: File: 1 PUP.Optional.Spigot, C:\USERS\EDWARD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M4J6RMYY.DEFAULT\PREFS.JS I quarantine and then delete the file and yesterday I deleted the file prefs.js itself, but it was recreated although I didn't restart FireFox. I went into the Profiles folder and opened profiles.ini which shows this: [General] StartWithLastProfile=1 [Profile0] Name=default IsRelative=1 Path=Profiles/m4j6rmyy.default Default=1 I have no idea where this profile came from, but I suspect it is created by Spigot and keeps recreating prefs.js which recreates the Spigot file all over again. This isn't a major problem, but it is annoying to get this message every morning and have to spend a few minutes quarantining and removing the file, although I guess I could ignore it... The previous cleaning used FRST64 and AdwareCleaner, but they didn't find this for some reason. Should I rerun them? Thanks again for all the help.
-
System infected: Bitcoinminer Activity 7 and 9
edwardBe replied to edwardBe's topic in Resolved Malware Removal Logs
Thanks. -
System infected: Bitcoinminer Activity 7 and 9
edwardBe replied to edwardBe's topic in Resolved Malware Removal Logs
Donation sent, thanks again. -
System infected: Bitcoinminer Activity 7 and 9
edwardBe replied to edwardBe's topic in Resolved Malware Removal Logs
Not for at least an hour. Thanks again. -
System infected: Bitcoinminer Activity 7 and 9
edwardBe replied to edwardBe's topic in Resolved Malware Removal Logs
Unable to post files or their content. Addition.txt FRST.txt FRST.zip Addition.zip Addition.txt FRST.txt -
System infected: Bitcoinminer Activity 7 and 9
edwardBe replied to edwardBe's topic in Resolved Malware Removal Logs
Thanks again. Here is the log from ADWCleaner: # ------------------------------- # Malwarebytes AdwCleaner 7.2.3.1 # ------------------------------- # Build: 09-03-2018 # Database: (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 09-20-2018 # Duration: 00:00:04 # OS: Windows 10 Home # Cleaned: 7 # Failed: 3 ***** [ Services ] ***** No malicious services cleaned. ***** [ Folders ] ***** Deleted C:\Users\Edward\Downloads\Video downloader Deleted C:\Users\Edward\AppData\Local\DriverToolkit ***** [ Files ] ***** No malicious files cleaned. ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks cleaned. ***** [ Registry ] ***** Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{2B51C83A-465D-4EA9-9CDC-1ED95ED09AC6} Deleted HKCU\Software\APN PIP Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A38C15B2D5649AE4C9CDE19DE50DA96C Deleted HKLM\Software\Classes\Installer\Products\A38C15B2D5649AE4C9CDE19DE50DA96C Deleted HKLM\Software\Classes\Installer\Features\A38C15B2D5649AE4C9CDE19DE50DA96C ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries cleaned. ***** [ Chromium URLs ] ***** Not Deleted Ask Not Deleted AOL ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries cleaned. ***** [ Firefox URLs ] ***** Not Deleted nortonsafe.search.ask.com ************************* [+] Delete IFEO [+] Delete Prefetch [+] Delete Tracing Keys [+] Reset BITS [+] Reset Windows Firewall [+] Reset Hosts File [+] Reset IPSec [+] Reset Chromium Policies [+] Reset IE Policies [+] Reset Proxy Settings [+] Reset TCP/IP [+] Reset Winsock ************************* AdwCleaner[S00].txt - [1937 octets] - [20/09/2018 14:42:19] AdwCleaner_Debug.log - [3686 octets] - [20/09/2018 14:43:33] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ########## -
System infected: Bitcoinminer Activity 7 and 9
edwardBe replied to edwardBe's topic in Resolved Malware Removal Logs
Thanks. Here is the copy and paste of the report from MB: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 9/20/18 Scan Time: 2:23 PM Log File: 779e03ba-bd1b-11e8-a429-54ab3ac4e8f8.json -Software Information- Version: 3.6.1.2711 Components Version: 1.0.463 Update Package Version: 1.0.6937 License: Trial -System Information- OS: Windows 10 (Build 17134.285) CPU: x64 File System: NTFS User: HOMER-VI\Edward -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 335929 Threats Detected: 14 Threats Quarantined: 14 Time Elapsed: 2 min, 45 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 5 Trojan.BitCoinMiner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Microsoft\Windows\Google\GOOGLEUPDATETASKMACHINEGU, Quarantined, [543], [558322],1.0.6937 Trojan.BitCoinMiner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{AA36516D-DE69-45A1-9DC4-18934375739D}, Quarantined, [543], [558322],1.0.6937 Trojan.BitCoinMiner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{AA36516D-DE69-45A1-9DC4-18934375739D}, Quarantined, [543], [558322],1.0.6937 PUP.Optional.DriverToolkit, HKU\S-1-5-21-481108157-1381744732-3800661945-1001\SOFTWARE\DriverToolkit, Quarantined, [915], [512874],1.0.6937 PUP.Optional.Spigot, HKU\S-1-5-21-481108157-1381744732-3800661945-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{59E31E7C-2F2C-492B-BF86-6EE571951867}, Quarantined, [170], [243431],1.0.6937 Registry Value: 2 PUP.Optional.Spigot, HKU\S-1-5-21-481108157-1381744732-3800661945-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{59E31E7C-2F2C-492B-BF86-6EE571951867}|URL, Quarantined, [170], [243431],1.0.6937 Trojan.BitCoinMiner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{AA36516D-DE69-45A1-9DC4-18934375739D}|PATH, Quarantined, [543], [558320],1.0.6937 Registry Data: 1 PUP.Optional.Spigot, HKU\S-1-5-21-481108157-1381744732-3800661945-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Replaced, [170], [293199],1.0.6937 Data Stream: 0 (No malicious items detected) Folder: 3 PUP.Optional.DriverToolkit, C:\Program Files (x86)\DriverToolkit\Download, Quarantined, [915], [512876],1.0.6937 PUP.Optional.DriverToolkit, C:\Program Files (x86)\DriverToolkit\Backup, Quarantined, [915], [512876],1.0.6937 PUP.Optional.DriverToolkit, C:\PROGRAM FILES (X86)\DRIVERTOOLKIT, Quarantined, [915], [512876],1.0.6937 File: 3 Trojan.BitCoinMiner, C:\WINDOWS\SYSTEM32\TASKS\MICROSOFT\WINDOWS\GOOGLE\GOOGLEUPDATETASKMACHINEGU, Quarantined, [543], [558322],1.0.6937 PUP.Optional.Spigot, C:\USERS\EDWARD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M4J6RMYY.DEFAULT\PREFS.JS, Replaced, [170], [301667],1.0.6937 Generic.Malware/Suspicious, C:\USERS\EDWARD\APPDATA\ROAMING\NHM2\BIN\EXCAVATOR_SERVER\EXCAVATOR.EXE, Quarantined, [0], [392686],1.0.6937 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) -
I'm having the same problem as other users have had. I get notifications that "Norton Blocked an attack by System infected: Bitcoinminer Activity 7 (sometimes 9)" I have tried a complete scan by NIS and Norton Power Eraser. I've read the other threads, but didn't want to try the suggested tools without direction. Thanks.
-
Malwarebytes Anti-Malware popups
edwardBe replied to edwardBe's topic in Resolved Malware Removal Logs
Here's the log file: just a list of websites successfully blocked. protection_log_2010_04_02.txt