I think my pc is virused

Status
Not open for further replies.

Zecha

Level 1
Mar 2, 2020
50
Hello again.
I have problems with my computer, laptop, phones, tvs and so on.
I want to find the cause so I want to post here files from FRST but first I want to know if its safe to do this.
You will have informations about applications, accounts etc? Or its only for virus purpose.
What should I do first? I scanned with the FRST and I checked first 6 boxes and Addition.txt.
I have to post only FRST.txt and Addition.txt?
 

Attachments

  • Addition.txt
    28 KB · Views: 18
  • FRST.txt
    68 KB · Views: 25

nasdaq

Moderator
Verified
Staff member
Nov 5, 2019
535
Hello, Welcome to MalwareTips.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Your logs are clean or malware.

Please download Malwarebytes Anti-Malware from Malwarebytes or
from BleepingComputer


  • Right-click on the MBAM icon and select Run as administrator to run the tool.[/*]
  • Click Yes to accept any security warnings that may appear.[/*]
  • Once the MBAM dashboard opens, on the right detail pane click on the word "Current" under the Scan Status to update the tool database.[/*]
  • On the left menu pane click the Settings tab, and then select the Protection tab on the top.[/*]
  • Under the Scan Options, turn on the button Scan for rootkits and Scan within archives.[/*]
  • Click the Scan tab on the right detail pane, select Threat Scan and click the Start Scan button[/*]
  • Note: The scan may take some time to finish, so please be patient.[/*]
  • If potential threats are detected, ensure to check mark all the listed items, and click the Quarantine Selected button.[/*]
  • While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.[/*]
  • The log can also be viewed by clicking the log to select it, then clicking the View Report button.[/*]
Please post the log for my review.

Note: If asked to restart the computer, please do so immediately.
===

Please download AdwCleaner by Malwarebytes your Desktop.
  • Close all open programs and internet browsers.[/*]
  • Double click on AdwCleaner.exe to run the tool.[/*]
  • Click the Scan button and wait for the process to complete.[/*]
  • Click the LogFile button and the report will open in Notepad.[/*]
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.[/*]
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.[/*]
  • Double click on AdwCleaner.exe to run the tool.[/*]
  • Click the Scan button and wait for the process to complete.[/*]
  • Check off the element(s) you wish to keep.[/*]
  • Click on the Clean button follow the prompts.[/*]
  • A log file will automatically open after the scan has finished.[/*]
  • Please post the content of that log file with your next answer.[/*]
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).[/*]
===

Let me know exactly is wrong with this computer.
 
  • Like
Reactions: Nevi

Zecha

Level 1
Mar 2, 2020
50
Hello, Welcome to MalwareTips.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Your logs are clean or malware.

Please download Malwarebytes Anti-Malware from Malwarebytes or
from BleepingComputer


  • Right-click on the MBAM icon and select Run as administrator to run the tool.[/*]
  • Click Yes to accept any security warnings that may appear.[/*]
  • Once the MBAM dashboard opens, on the right detail pane click on the word "Current" under the Scan Status to update the tool database.[/*]
  • On the left menu pane click the Settings tab, and then select the Protection tab on the top.[/*]
  • Under the Scan Options, turn on the button Scan for rootkits and Scan within archives.[/*]
  • Click the Scan tab on the right detail pane, select Threat Scan and click the Start Scan button[/*]
  • Note: The scan may take some time to finish, so please be patient.[/*]
  • If potential threats are detected, ensure to check mark all the listed items, and click the Quarantine Selected button.[/*]
  • While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.[/*]
  • The log can also be viewed by clicking the log to select it, then clicking the View Report button.[/*]
Please post the log for my review.

Note: If asked to restart the computer, please do so immediately.
===

Please download AdwCleaner by Malwarebytes your Desktop.
  • Close all open programs and internet browsers.[/*]
  • Double click on AdwCleaner.exe to run the tool.[/*]
  • Click the Scan button and wait for the process to complete.[/*]
  • Click the LogFile button and the report will open in Notepad.[/*]
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.[/*]
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.[/*]
  • Double click on AdwCleaner.exe to run the tool.[/*]
  • Click the Scan button and wait for the process to complete.[/*]
  • Check off the element(s) you wish to keep.[/*]
  • Click on the Clean button follow the prompts.[/*]
  • A log file will automatically open after the scan has finished.[/*]
  • Please post the content of that log file with your next answer.[/*]
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).[/*]
===

Let me know exactly is wrong with this computer.
My MBAM is a bit different but I'll try to make it work.
I cant find Threat Scan but I think im fine with Scan button.
My menu looks like this :

Edit : I did malwarebytes scan by simply clicking on the Scan button after I check scan for rootkits box and I got 0 threats detected.
I dont know if the scan was doing right or not. Its a bit strange how I got threats several months ago, I tried to delete threats and after I got them back again and in 1 day I stopped receiving them. Long story.
Btw, the scan was finished in 2 minutes 20 seconds. I have trial version which is different than your.
 

Attachments

  • AdwCleaner[S00].txt
    1.4 KB · Views: 9
  • logfile MBAM.txt
    1.2 KB · Views: 9
Last edited:

nasdaq

Moderator
Verified
Staff member
Nov 5, 2019
535
Hi,

The trial version are good but do not protect you in real life.
When you feel you have issues you have to run the Scan Manually for find out if you have an infection or not.

===

Sophos Virus Removal Tool

Please download Sophos Virus Removal Tool and save it to your computer's Desktop.
  • Right-click the icon and select Run as administrator.[/*]
  • Click Yes to accept any security warnings that may appear.[/*]
  • Click the Next button.[/*]
  • Select 'I accept the terms in the license agreement', then click Next twice.[/*]
  • Click the Install button and wait until the installation is complete.[/*]
  • Click the Finish button. The tool created a shortcut icon on the Desktop of your computer.[/*]
  • Now, double-click the Sophos Virus Removal Tool shortcut icon to run the tool.[/*]
  • Click Yes to accept any security warnings that may appear.[/*]
  • After it updates and a "Start Scanning" button appears in the lower right:
    • Disconnect from the Internet or physically unplug your Internet cable connection.[/*]
    • Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.[/*]
    • Temporarily disable your anti-virus and real-time anti-spyware protection.[/*]
    [/*]
  • Click the "Start Scanning" button in the lower right to start the scan.[/*]
  • After starting the scan, do not use the computer until the scan has completed.[/*]
  • When finished, if it detected anything there will be a "Start Clean-up" button, click it and allow it to finish.[/*]
  • When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.[/*]
  • If any threats are found click Details, then View Log file (bottom left-hand corner).[/*]
  • Copy and paste its contents in your next reply and note any errors encountered.[/*]
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup.[/*]
  • Click Exit to close the program.[/*]
  • If no threats were found, please confirm that result.[/*]
Note: Whenever necessary, the log will be in the following location:

Windows Vista and above:
C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs\SophosVirusRemovalTool.log

Please post the contents of the log in your next reply and note any errors encountered.
===

It will help if you were to give me some information of what type pf problems you are dealing with.
When you go to the Doctor's office you tell him what is wrong.
 
  • Like
Reactions: Nevi

Zecha

Level 1
Mar 2, 2020
50
Hi,
Sorry about my English. I will try to explain.

I accessed a website in 2019 and since then im afraid of not be virused. I went through the same website on pc and phone. A pop-up appeared on my phone that said Im virused and I have to pay $$$ to get out of ransomware or something, but I still had my data after that.
And I know, it is not that type of pop-up similar to ads. It was on the full page after I tried to access that website wasnt only at the top of the screen.
I could say was just an add but the problems came after I started receiving emails after few weeks after I went on that website and I had connections into my accounts from different locations where I wasnt before.
I had strange connections on my facebook, instagram accounts from different countries, I received emails from official websites where I had different accounts, for example ubisoft, origin and others and it says that I made a request for receiving recovery code or I wanted to change my password.
I had emails from yahoo where it says that I had a connection on my email address from Iran or other countries.
I want to make sure I dont have any infection on my devices with your help.

===
I tried to scan with Sophos but I got an error : Scan Failed. I did all steps above (I think).
scan failed.jpg
 
  • Like
Reactions: Nevi

Zecha

Level 1
Mar 2, 2020
50
Kaspersky was disabled at that time.
Maybe I can try to uninstall it later today when I will reinstall Sophos. I will post here the log.
 
  • Like
Reactions: Nevi

Zecha

Level 1
Mar 2, 2020
50
I dont know how to make it work.
I tried first to uninstall kaspersky, after reinstall Sophos, updated the application and after restart I tried to scan but I got the same error.
After I reinstalled kaspersky and I went to quarantine but there is no files there maybe because I uninstalled before?

Now I tried to scan with internet, all applications opened and kaspersky activated and it worked.
Maybe because I clicked to close the notification with X on the home page?

L.e.: Okay, so the problem was that I unplug the internet cable and I couldnt start the scan because of that.
With all applications closed, antivirus turned off and access to internet , Sophos didnt found any threat.
I am trying to find that log.

I found C:\ProgramData\Sophos but I dont have Sophos Virus Removal Tool\Logs\SophosVirusRemovalTool.log

L.e.2 : Is this the right log? But the scan was at 2:10 PM - 2:30 PM not 11:25:06.
 

Attachments

  • SophosHomeClean_20210427_1425.log
    1.4 KB · Views: 5
Last edited:

nasdaq

Moderator
Verified
Staff member
Nov 5, 2019
535
Are we good or do you still have issues with this computer?
f so what?
 

Zecha

Level 1
Mar 2, 2020
50
Im not sure if I have some type of virus in my computer at this moment but I still have bugs and issues.
I stopped receiving emails from different accounts for few months but I dont know if im safe 100%.

On FRST log I have *Attention.
Is that normal to have? I see that it is from chrome.
 

nasdaq

Moderator
Verified
Staff member
Nov 5, 2019
535
Hi,

If you are referring to these entries.

FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\kl_prefs_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.js [2021-03-31] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\kl_config_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.cfg [2021-03-31] <==== ATTENTION

They are OK. They have been set by the Kaspersky Protection service.

The attention is listed because .cfg file can be added by some malware.
It's not the case in your situation.

Email that you received that you are not expecting and are from an unknown should not be opened.
Just delete them.

Most email program gives you a chance to send these unwanted email directly to a Junk folder.
If you need help with this let me know which email program you used.
 
  • Like
Reactions: Gandalf_The_Grey

Zecha

Level 1
Mar 2, 2020
50
Yes but the problem is not just on emails.

Recently I got another bug on TVs. If I watch a video and I got an ad, after I close the ad, the video starts from the first second again every time I close the ad.
This is 1 of many bugs I get. And every 5-10 days I have another bug which I did not have before.

If I buy a device is very slow from the first day.
Im not sure about the problem but I guess it may be an infection because after I accessed that website I had problems.
I scanned right after that and my Malwarebytes found some Pups, and after few weeks he stopped finding any infection.
I scanned for few weeks from time to time and every time he found same infections even if I deleted them but in one day I stopped finding them.
Today I cant find any infection as I can see.

This is very strange and I dont know what I could do.

One more thing to be mentioned : Emails are from known sources (websites where I have accounts) and they warned me that I requested password change or I connected to the account from different country / Ip.
 

nasdaq

Moderator
Verified
Staff member
Nov 5, 2019
535
Hi,

Emails are from known sources (websites where I have accounts) and they warned me that I requested password change or I connected to the account from different country / Ip

Your cridentials and passwords to these accounts may may been compromised.

Change them and make sure you used strong passwords.

Read this information and follow their recommendations.

As for the Ads.

If the problem persists and Chrome is Synced with other Devices reset it.



Execute the suggested fix.

Restart the computer normally.
===========

Are these ads persisting?
If so can you give me some details as to what is being advertised.

p.s.
Where is your TV feed (streaming) comming from?
 

Zecha

Level 1
Mar 2, 2020
50
TV feed (Streaming)? Sorry but I cant understand.
You mean which provider do I have? I have transmission from Digi.
Just normal ads on youtube. About health, music and everything.
I have problems everywhere about bugs and other issues.

I tried to change passwords for my accounts but not for all together. I changed for 2-3 acounts in one day after another 2-3 accounts.

My google chrome warns me about compromised passwords but I dont know how to get rid of that warning.
It says that I have 20-30 compromised passwords but I tried to change them and I still get the warning.
Only if I connect to some websites I get the warning on the middle of the screen.
 

nasdaq

Moderator
Verified
Staff member
Nov 5, 2019
535
Hi,

Navigate to this page.

Control the ads you see

Does this help?
 

Zecha

Level 1
Mar 2, 2020
50
Are you still with me?
Yes sorry.
I want to ask you something because you may know : there are viruses for TVs too that they can spread from pc, phones and routers to TVs that may affect not only software but image quality too?
I have some problems with software on them (many bugs) and problems with image quality too. Im not sure but software can be caused by something malicious or is it just me who think that?
I cant remember if I had these bugs in the past. I have Tvs before I got infected but I dont remember if I had back then these problems.

Maybe I got infection only on my email address as you said and I panic too much.
So invalid certificates on kaspersky are normal to happen from time to time?
Bugs on pc are normal too?

And another thing. My google chrome says when I use my email address on some websites (trust ones) that my accounts and passwords are on a Data Breach and they are compromised.
Do I have to do something about that? I have like 29-32 accounts and passwords on Data Breach. I need to change my email address and never using this one again to get rid of that notification with compromised passwords?
If my email got infected, the hacker could connect to my facebook, instagram and other accounts? Because I had in the past devices connected from another country into my fb and instagram accounts.

Thank you!

Hi,

Navigate to this page.

Control the ads you see

Does this help?
The problem with ads has gone for the moment. Now if I close it the video wont start again and will continue from that minute.
Maybe I have a problem with the hardware and because it is too slow it cant process the operation I dont know exactly.
 

nasdaq

Moderator
Verified
Staff member
Nov 5, 2019
535
Hi,

I want to ask you something because you may know : there are viruses for TVs too that they can spread from pc, phones and routers to TVs that may affect not only software but image quality too?

Some virus identified as worm can corrupt all Devices connected to the computer and or Router.

If you use chrome as you default browser and it's synced with other devices the infection can be relayed to the other devices.

To clean that this is what we suggests.

If the problem persists and Chrome is Synced with other Devices reset it.



Execute the suggested fix.

Restart the computer normally.

===

So invalid certificates on kaspersky are normal to happen from time to time?
Yes but the certificate must be updated by Kaspersky. Make sure your subscription is up to date.
<<<>>>

And another thing. My google chrome says when I use my email address on some websites (trust ones) that my accounts and passwords are on a Data Breach and they are compromised.

See my post no 13.
Chat chrome is saying that your passwords were compromised.
You should then change the password on the site or account you are viewing.

p.s.
Never use the same password on 2 or more site, account etc...
====

Read and get familiar with the information on this page.

A password manage is good.
I maintain my passwords in a notepad text file. It has 3 main column.
Site -- the username ! use on the site - the password for that site.

I date the file and I do not destroy the old copies.
This is a safe guard in case I make a mistake on the edited current list.

====

The problem with ads has gone for the moment. Now if I close it the video wont start again and will continue from that minute.
I'm not sure but that could come from the other devices that are synced.
 
  • Like
Reactions: Gandalf_The_Grey

Zecha

Level 1
Mar 2, 2020
50
Hi,

Navigate to this page.

Control the ads you see

Does this help?

Hi,



Some virus identified as worm can corrupt all Devices connected to the computer and or Router.

If you use chrome as you default browser and it's synced with other devices the infection can be relayed to the other devices.

To clean that this is what we suggests.

If the problem persists and Chrome is Synced with other Devices reset it.



Execute the suggested fix.

Restart the computer normally.

===


Yes but the certificate must be updated by Kaspersky. Make sure your subscription is up to date.
<<<>>>



See my post no 13.
Chat chrome is saying that your passwords were compromised.
You should then change the password on the site or account you are viewing.

p.s.
Never use the same password on 2 or more site, account etc...
====

Read and get familiar with the information on this page.

A password manage is good.
I maintain my passwords in a notepad text file. It has 3 main column.
Site -- the username ! use on the site - the password for that site.

I date the file and I do not destroy the old copies.
This is a safe guard in case I make a mistake on the edited current list.

====

The problem with ads has gone for the moment. Now if I close it the video wont start again and will continue from that minute.
I'm not sure but that could come from the other devices that are synced.
I'll try. Thanks ! :)
 
Status
Not open for further replies.
Top