Help with Malware!

[essexboy]

It appears to have somehow compromised those programmes in addition to chrome, unfortunately I have no knowledge of steam or pando networks as I have never used them.  It may be a small script entered within the update stream of the programmes i.e added as a server address

I will have a think about it and see if I can come up with a way to locate it

[aMat]

Alright essex, thanks by the way for your help so far, it's been making me scratch my head as well.

Not to just give redundant information but here's a couple other screencaps I have of the processes its catching. When I browse through the game library on Steam, or when I start up Smite (another MOBA game like League of Legends). I don't know the extent of which processes are compromised, so the scope could be pretty large :S

http://imgur.com/NCX9sQu&s4Wj5cx&EbPKRe2#0  (I had to give an imgur link because the total size of the screencaps exceeded the attachment limit).

[essexboy]

My initial thoughts are that the wpad.dat file that it is trying to access may have a bad URL within it.  Wpad contains a list of servers that the update(s) are available on, so I reckon if you turn off the auto update functions for those programmes the alerts should cease.  However, that is not really useful to you but it can be done as a test for a short period

[aMat]

Hmmm this is going to be difficult to test.

For majority (if not all) the update functions are integrated into the launcher for the games I'm starting. I'm not sure of a way to bypass this without hacking the launcher itself :S
Would going about this by dealing with the wpad.dat file be better? Should I do a search on it ?

I was looking at a couple other threads dealing with this issue but I'm not sure if they're relevant to my case:
http://forum.avast.com/index.php?topic=144873.0
http://forum.avast.com/index.php?topic=136247.0

EDIT: With regards to Steam, when I manually force an update check, I get no pop up notification

[aMat]

bump

[essexboy]

No need to bump   I keep track of all my topics

Please RIGHT-CLICK HERE and Save As (in IE it's "Save Target As", in FF it's "Save Link As") to download Silent Runners.

• Save it to the desktop.
• Run Silent Runner's by doubleclicking the "Silent Runners" icon on your desktop.
• You will receive a prompt:

Do you want to skip supplementary searches?
click NO[/list]

• If you receive an error just click OK and double-click it to run it again - sometimes it won't run as it's supposed to the first time but will in subsequent runs.
• You will see a text file appear on the desktop - it's not done, let it run (it won't appear to be doing anything!)
  
• Once you receive the prompt All Done!, open the text file on the desktop, copy that entire log, and paste it here.
  

*NOTE* If you receive any warning message about scripts, please choose to allow the script to run.

[aMat]

Hmm I get the "File could not be downloaded" error.

EDIT: Also sorry for the bump, I just worried that this thread started going off the radar.

[essexboy]

No problem, did you right click and select save as ?  You need to do that as it is a VBS file

[aMat]

Yea sorry false alarm, Avast was the root of the problem because it was detecting the file as malicious and blocked it. But I managed to get it to run eventually. Here is the log:

[essexboy]

Hmm nothing untoward there

For 32bit systems, please download SystemLook from one of the links below and save it to your Desktop.
 
Download Mirror #1
Download Mirror #2
 
For 64bit systems, download SystemLook from here.
 
 

• Double-click SystemLook.exe to run it.
  
• Copy the content of the following codebox into the main textfield:
  

Code: [Select]

:file
wpad.dat
wpad.*


• Click the Look button to start the scan.
  
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

 
Note: The log can also be found on your Desktop entitled SystemLook.txt

[aMat]

Nothing too good

[essexboy]

OK just off for a deep think

[essexboy]

Could you temporarily uninstall Pando media booster please.  Then let me know if the alerts cease

[aMat]

You're not gonna believe this, but so far no popups !

I've tried Smite, Steam, League, all of which no matter how many time I start up, gave no popups. Seems like uninstalling PandoMedia Booster was the solution.

Does that mean we're done then ?

[essexboy]

Yep it does

Subject to no further problems   

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems 

Now the best part of the day ----- Your log now appears clean  :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset  System Restore points:

Download and run Delfix




Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware



Malwarebytes.

Update and run weekly to keep your system clean


It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide  Best security practices Keep safe  :wave: