Avast WEBforum
Other => Viruses and worms => Topic started by: REDACTED on September 11, 2017, 09:58:01 AM
-
Hi,
I was downloading what I thought was a game (a program) yesterday but the download behaved strangely, and it never asked me where to save it, and just auto started on its own after I clicked "Download" button on a website.
When I realized what was going on, it already downloaded about 25 mb onto my computer. I stopped the download but a part of it seems to have gone somewhere on my computer.......... :-\
I have no idea what this download is or where it went, since it never asked me. I am afraid this is malware....
What do I do?
Today, my computer crashed/froze all of a sudden and would not start up/boot up to even the BIOS. But after waiting a few hours, it worked again.
-
Attach your basic diagnostic logs. (MBAM and FRST)
Instructions: https://forum.avast.com/index.php?topic=194892
-
Check your download folder or pending downloads in your browser, this you should be able to clear if there is one
-
Attach your basic diagnostic logs. (MBAM and FRST)
Instructions: https://forum.avast.com/index.php?topic=194892
I don't understand....what is MBAM and FRST.
I have no record of the aborted download, not in my browser or anywhere. I did use CCleaner with most of the default options checkmarked, to delete junk/cache files, and maybe it was included in the deletion?
I am on Windows 7 and was using Firefox latest version.
BTW, the image captcha is super hard and very annoying every time posting or even editing a post.
-
1. I don't understand....what is MBAM and FRST.
2. BTW, the image captcha is super hard and very annoying every time posting or even editing a post.
1. Follow the link. ;)
2. Only needed for your first 3 posts. (Spam protection)
-
I don't understand....what is MBAM and FRST.
Did you click link and read instructions? .... i guess not
BTW, the image captcha is super hard and very annoying every time posting or even editing a post.
Forum spam protection, only first 3 posts
-
Ok, I did download and scan my desktop computer with MBAM.
But the instructions page says to "When the scan is complete, if threats are detected, make sure that everything is selected, click Remove Selected. Restart your computer when prompted to do so."
But I see nowhere that says "Remove Selected". Only Save Results or Quarantine Selected.
And the scan gave 902 potential threats
-
Sjees, read the instructions and attach the log files as they clearly say.
-
Then you select "Quarantine Selected" the wording may have been changed in latest MBAM version
-
Hey guys, sorry for being slow...
I'm not technically proficient like you are :P
Anyway, here are the files generated by the two programs.
-
Malware experts are notified. It may be several hours before anyone is online
-
What is KMS doing on your system ?
-
What is KMS?
-
What is KMS?
Windows OS / Office crack .... are you using pirated software?
-
Well, I bought this machine cheap from the computer shop with Windows installed.
And I'm a freelancer.
So that's all. As to all the interogations, are they included? ::)
Cos if they are, I'd rather just reformat the whole machine then. :(
To be honest, I'm quite shocked to see the amount of data that the files you ask people to upload actually reveal. And I wonder if that constitutes privacy breaches....
-
The best way to get infected is using pirated software, they don't recive security updates and they may also include some extra unwanted software you don't want
Let's see what the malware expert say when he arrive
-
I suggest to install Windows from scratch and register it legally.
-
Did you personally configured proxy server settings in Firefox?
-
I'm not sure what you mean by configuring proxy settings in Firefox....
I have not touched that part in Firefox.
-
- Open Notepad (click Start button -> type notepad.exe -> press Enter)
- Copy text from code block below and paste it into Notepad
FF NetworkProxy: Mozilla\Firefox\Profiles\0yd7j2jx.default -> backup.ftp", "107.172.100.23"
FF NetworkProxy: Mozilla\Firefox\Profiles\0yd7j2jx.default -> backup.ftp_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\0yd7j2jx.default -> backup.socks", "107.172.100.23"
FF NetworkProxy: Mozilla\Firefox\Profiles\0yd7j2jx.default -> backup.socks_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\0yd7j2jx.default -> backup.ssl", "107.172.100.23"
FF NetworkProxy: Mozilla\Firefox\Profiles\0yd7j2jx.default -> backup.ssl_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\0yd7j2jx.default -> ftp", "107.172.100.23"
FF NetworkProxy: Mozilla\Firefox\Profiles\0yd7j2jx.default -> ftp_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\0yd7j2jx.default -> share_proxy_settings", true
FF NetworkProxy: Mozilla\Firefox\Profiles\0yd7j2jx.default -> socks", "107.172.100.23"
FF NetworkProxy: Mozilla\Firefox\Profiles\0yd7j2jx.default -> socks_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\0yd7j2jx.default -> ssl", "107.172.100.23"
FF NetworkProxy: Mozilla\Firefox\Profiles\0yd7j2jx.default -> ssl_port", 3128- Go to File -> Save As
- Make sure that UTF-8 is selected as Encoding (left side of Save button)
- Save it as fixlist.txt on Desktop
- Open again FRST and click on button Fix
- Wait until FRST finishes
- fixlog.txt should be genereted and opened. Attach it your post and wait further instructions.
-
If you mean those, they are part of my freelance work. And has nothing to do with any malware.
My original question was about that aborted download for the game. That is all. My guess is that it was harmless and did not show up in the reading of those files.....But instead you guys are trying to fish me for additional info? >:(
If you guys, are still trying to interrogate me - I'm calling this off.
Geez, all I'm getting is an interrogation and no "expert" has actually helped me on this issue.
It's as easy as a reformat.
If that is what it takes.
What a joke this help section of Avast is. And *Avast* seems to constantly badger users to get the paid version because it apparently knows all our stored passwords in the browser, eh? I wonder what else it knows (or wants to know), and I'm not surprised by the help section either!
My mistake for coming here and asking for help.
-
I'm not sure what you mean by configuring proxy settings in Firefox....
I have not touched that part in Firefox.
If you mean those, they are part of my freelance work. And has nothing to do with any malware.
Was it so hard to say that you configured it instead of telling you never touched that part in Firefox. >:(
Your PC was malware free according to logs in a first place so:
• The following will implement some post-cleanup procedures:
=> Please download DelFix (https://toolslib.net/downloads/finish/2-delfix/) by Xplode to your Desktop.]
Run the tool and check the following boxes below;
(http://www.mcshield.net/personal/magna86/Images/checkmark.png) Remove disinfection tools
(http://www.mcshield.net/personal/magna86/Images/checkmark.png) Create registry backup
(http://www.mcshield.net/personal/magna86/Images/checkmark.png) Purge System Restore
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:\DelFix.txt)
The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.