Jump to content

edwardBe

Members
  • Posts

    17
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Nothing this morning, thanks, again. Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 9/27/18 Scan Time: 2:25 AM Log File: 3e5f1550-c237-11e8-b7b5-54ab3ac4e8f8.json -Software Information- Version: 3.6.1.2711 Components Version: 1.0.463 Update Package Version: 1.0.7039 License: Premium -System Information- OS: Windows 10 (Build 17134.285) CPU: x64 File System: NTFS User: System -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Scheduler Result: Completed Objects Scanned: 327147 Threats Detected: 0 Threats Quarantined: 0 Time Elapsed: 3 min, 49 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end)
  2. It took some time to do it all. Norton had some issues that required a restart which hung, so I had to power off the computer manually, but everything seems fine, now. I can access the Mozilla folder under the Roaming folder. The MB scan was negative, but I guess I will have to wait for the results of the overnight scan tomorrow morning to see if the Spigot stuff is truly gone. Thanks again. Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 9/26/18 Scan Time: 12:11 PM Log File: f1efb50c-c1bf-11e8-b595-54ab3ac4e8f8.json -Software Information- Version: 3.6.1.2711 Components Version: 1.0.463 Update Package Version: 1.0.7027 License: Premium -System Information- OS: Windows 10 (Build 17134.285) CPU: x64 File System: NTFS User: HOMER-VI\Edward -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 327708 Threats Detected: 0 Threats Quarantined: 0 Time Elapsed: 3 min, 17 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end)
  3. Okay the mozilla folder is gone. I forgot to mention because I forgot about it, but I have been running an older version of FireFox because the bookmarks toolbar I have been using is not compatible with the latest version, or it wasn't the last time I checked.
  4. C:\Users\Edward\AppData\Roaming\Mozilla\Firefox\Profiles\m4j6rmyy.default This last folder I can't open or delete due to the permissions. I was able to open it yesterday when I started this post.
  5. Thanks again, Kevin. I'm getting a message that I need permission from the computer's administrator to delete the files/folders in Roaming\Mozilla even though I am the administrator.
  6. With the help of this forum, I managed to get Chrome cleaned up, but now I'm having problems with FireFox. Each night Malwarebyes scans my computer and each morning reports this: File: 1 PUP.Optional.Spigot, C:\USERS\EDWARD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M4J6RMYY.DEFAULT\PREFS.JS I quarantine and then delete the file and yesterday I deleted the file prefs.js itself, but it was recreated although I didn't restart FireFox. I went into the Profiles folder and opened profiles.ini which shows this: [General] StartWithLastProfile=1 [Profile0] Name=default IsRelative=1 Path=Profiles/m4j6rmyy.default Default=1 I have no idea where this profile came from, but I suspect it is created by Spigot and keeps recreating prefs.js which recreates the Spigot file all over again. This isn't a major problem, but it is annoying to get this message every morning and have to spend a few minutes quarantining and removing the file, although I guess I could ignore it... The previous cleaning used FRST64 and AdwareCleaner, but they didn't find this for some reason. Should I rerun them? Thanks again for all the help.
  7. Unable to post files or their content. Addition.txt FRST.txt FRST.zip Addition.zip Addition.txt FRST.txt
  8. Thanks again. Here is the log from ADWCleaner: # ------------------------------- # Malwarebytes AdwCleaner 7.2.3.1 # ------------------------------- # Build: 09-03-2018 # Database: (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 09-20-2018 # Duration: 00:00:04 # OS: Windows 10 Home # Cleaned: 7 # Failed: 3 ***** [ Services ] ***** No malicious services cleaned. ***** [ Folders ] ***** Deleted C:\Users\Edward\Downloads\Video downloader Deleted C:\Users\Edward\AppData\Local\DriverToolkit ***** [ Files ] ***** No malicious files cleaned. ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks cleaned. ***** [ Registry ] ***** Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{2B51C83A-465D-4EA9-9CDC-1ED95ED09AC6} Deleted HKCU\Software\APN PIP Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A38C15B2D5649AE4C9CDE19DE50DA96C Deleted HKLM\Software\Classes\Installer\Products\A38C15B2D5649AE4C9CDE19DE50DA96C Deleted HKLM\Software\Classes\Installer\Features\A38C15B2D5649AE4C9CDE19DE50DA96C ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries cleaned. ***** [ Chromium URLs ] ***** Not Deleted Ask Not Deleted AOL ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries cleaned. ***** [ Firefox URLs ] ***** Not Deleted nortonsafe.search.ask.com ************************* [+] Delete IFEO [+] Delete Prefetch [+] Delete Tracing Keys [+] Reset BITS [+] Reset Windows Firewall [+] Reset Hosts File [+] Reset IPSec [+] Reset Chromium Policies [+] Reset IE Policies [+] Reset Proxy Settings [+] Reset TCP/IP [+] Reset Winsock ************************* AdwCleaner[S00].txt - [1937 octets] - [20/09/2018 14:42:19] AdwCleaner_Debug.log - [3686 octets] - [20/09/2018 14:43:33] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
  9. Thanks. Here is the copy and paste of the report from MB: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 9/20/18 Scan Time: 2:23 PM Log File: 779e03ba-bd1b-11e8-a429-54ab3ac4e8f8.json -Software Information- Version: 3.6.1.2711 Components Version: 1.0.463 Update Package Version: 1.0.6937 License: Trial -System Information- OS: Windows 10 (Build 17134.285) CPU: x64 File System: NTFS User: HOMER-VI\Edward -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 335929 Threats Detected: 14 Threats Quarantined: 14 Time Elapsed: 2 min, 45 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 5 Trojan.BitCoinMiner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Microsoft\Windows\Google\GOOGLEUPDATETASKMACHINEGU, Quarantined, [543], [558322],1.0.6937 Trojan.BitCoinMiner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{AA36516D-DE69-45A1-9DC4-18934375739D}, Quarantined, [543], [558322],1.0.6937 Trojan.BitCoinMiner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{AA36516D-DE69-45A1-9DC4-18934375739D}, Quarantined, [543], [558322],1.0.6937 PUP.Optional.DriverToolkit, HKU\S-1-5-21-481108157-1381744732-3800661945-1001\SOFTWARE\DriverToolkit, Quarantined, [915], [512874],1.0.6937 PUP.Optional.Spigot, HKU\S-1-5-21-481108157-1381744732-3800661945-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{59E31E7C-2F2C-492B-BF86-6EE571951867}, Quarantined, [170], [243431],1.0.6937 Registry Value: 2 PUP.Optional.Spigot, HKU\S-1-5-21-481108157-1381744732-3800661945-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{59E31E7C-2F2C-492B-BF86-6EE571951867}|URL, Quarantined, [170], [243431],1.0.6937 Trojan.BitCoinMiner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{AA36516D-DE69-45A1-9DC4-18934375739D}|PATH, Quarantined, [543], [558320],1.0.6937 Registry Data: 1 PUP.Optional.Spigot, HKU\S-1-5-21-481108157-1381744732-3800661945-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Replaced, [170], [293199],1.0.6937 Data Stream: 0 (No malicious items detected) Folder: 3 PUP.Optional.DriverToolkit, C:\Program Files (x86)\DriverToolkit\Download, Quarantined, [915], [512876],1.0.6937 PUP.Optional.DriverToolkit, C:\Program Files (x86)\DriverToolkit\Backup, Quarantined, [915], [512876],1.0.6937 PUP.Optional.DriverToolkit, C:\PROGRAM FILES (X86)\DRIVERTOOLKIT, Quarantined, [915], [512876],1.0.6937 File: 3 Trojan.BitCoinMiner, C:\WINDOWS\SYSTEM32\TASKS\MICROSOFT\WINDOWS\GOOGLE\GOOGLEUPDATETASKMACHINEGU, Quarantined, [543], [558322],1.0.6937 PUP.Optional.Spigot, C:\USERS\EDWARD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M4J6RMYY.DEFAULT\PREFS.JS, Replaced, [170], [301667],1.0.6937 Generic.Malware/Suspicious, C:\USERS\EDWARD\APPDATA\ROAMING\NHM2\BIN\EXCAVATOR_SERVER\EXCAVATOR.EXE, Quarantined, [0], [392686],1.0.6937 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end)
  10. I'm having the same problem as other users have had. I get notifications that "Norton Blocked an attack by System infected: Bitcoinminer Activity 7 (sometimes 9)" I have tried a complete scan by NIS and Norton Power Eraser. I've read the other threads, but didn't want to try the suggested tools without direction. Thanks.
  11. Here's the log file: just a list of websites successfully blocked. protection_log_2010_04_02.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.