Author Topic: Do I have a virus? (Read 18586 times)

essexboy · « **Reply #15 on:** October 05, 2015, 10:43:35 PM »

How is chrome behaving now ?

bgranat · « **Reply #16 on:** October 05, 2015, 10:54:19 PM »

I had two tabs open. When I clicked one of them, I saw the dinosaur and the blue Reload button for a second, and then the page loaded properly, so that made me think whatever you had me do -- was it remove traces of Babylon? -- didn't work.

So I can't tell for sure how Chrome is behaving. Only over time will I be able to tell.

I intentionally downloaded Babylon, or I should say I didn't object when it downloaded itself, because I thought it was a trustworthy site. Is it a site that's just a front for hackers? It is a translation site that's selling translation software or cloud services (I'm not sure which). But it had a free version that gave you five free translations and then stopped. They didn't bother telling you that at the outset, though.

Thank you for your help, by the way.

I will come back to give a final report on the issue after enough time has gone by. The problem seems to be worse at night.

Do you know why Avast and Malwarebytes didn't catch the culprit?

Bonnie

bgranat · « **Reply #17 on:** October 06, 2015, 01:13:14 AM »

I clicked on an open tab just now, and the dinosaur and the blue button appeared for a second and then disappeared.

Have I killed the devil or not?

Thanks.

bgranat · « **Reply #18 on:** October 06, 2015, 03:37:01 AM »

Quote from: essexboy on October 05, 2015, 10:43:35 PM

How is chrome behaving now ?

I got the no Internet service page again and rebooted the computer. Then service was restored.

Is that page with the dinosaur a virus? I have to think it is because of the "GAME OVER" animation I saw the other day. Google Chrome would never do that, right? Have you ever seen the dinosaur page before or is this the first time?

Several weeks ago, the people at Total Support at Avast, where I have an active paid account, fixed my DNS thing, because I was getting malicious Web page notifications and I couldn't understand the fixes offered here on the forum. Could that have done something by accident?

This computer is six years old and I am sort of halfway in the market for a new one.

If what we have done so far hasn't worked, is it likely that whatever ails my computer is beyond our ability to fix? I guess I mean, "Have you any idea what virus it is that I have?"

I should add that when my weather app says "no Internet," it also means that I have no mail service as well as no Internet.

Thank you so much for your help.

essexboy · « **Reply #19 on:** October 06, 2015, 04:01:17 PM »

I think the dinosaur is part of Chrome... But, as I do not use that I am just guessing

How is Chrome behaving otherwise ?

OK lets reset the DNS

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

Quote

CreateRestorePoint:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

bgranat · « **Reply #20 on:** October 06, 2015, 06:00:48 PM »

The following URL shows the change that the Avast technician made to my computer:

https://forums.malwarebytes.org/index.php?/topic/172652-read-me-seeing-9224214021-blocks-read-me-please/

Are you confident that the course of action you propose above in your message is the right thing to do?

I have just come onto the computer, so I can't tell how it is, but last night it did misbehave once and then came back after rebooting.

essexboy · « **Reply #21 on:** October 06, 2015, 06:17:41 PM »

That refers to a different problem entirely

All the commands used are normal windows ones

bgranat · « **Reply #22 on:** October 06, 2015, 06:22:56 PM »

OK. I'll do it now. Thank you.

bgranat · « **Reply #23 on:** October 06, 2015, 06:30:57 PM »

Quote from: essexboy on October 06, 2015, 04:01:17 PM

I think the dinosaur is part of Chrome... But, as I do not use that I am just guessing

How is Chrome behaving otherwise ?

OK lets reset the DNS

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

Quote
CreateRestorePoint:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

The file is attached. Thank you.

essexboy · « **Reply #24 on:** October 06, 2015, 07:26:16 PM »

How is chrome behaving now ?

bgranat · « **Reply #25 on:** October 06, 2015, 07:36:01 PM »

I've got to see how it performs over time. I should be able to tell by the end of my day, here, which I think is behind yours. I'm in the USA and I think you're in the UK (Essex?) perhaps or in Europe, so you're fast asleep when my day ends at about midnight my time.

This issue is sporadic, as I've said, so I can only observe it and then get back to you.

I have no idea what we did, and don't want to tax you by asking, but if you feel like it (smile), then I'm all ears.

I'll post back here immediately if I see the dinosaur page again. And if I don't see it within 24 hours, I'll post to that effect.

Thank you very much for your efforts, essexboy.

essexboy · « **Reply #26 on:** October 06, 2015, 08:45:56 PM »

Basically you had some adware courtesy of Babylon, all gone now

bgranat · « **Reply #27 on:** October 06, 2015, 09:02:50 PM »

Do you think it's gone? It did show up last night again. Or do you think that what you did this morning was the coup de grace? Meanwhile, I looked at your profile and saw you were not a young whippersnapper <grin>, so I added my age to my profile, too. I appreciate your long experience, but are you quite sure we killed it? Was there something in that last file I posted that told you we succeeded?

I have got to be more careful, though. It didn't seem to me that I was downloading anything at the time, but I might have just zoned out. I vow to be more careful.

How come Malwarebytes and Avast didn't catch it? And was it meant to harm me? It didn't look like ads....

essexboy · « **Reply #28 on:** October 06, 2015, 09:21:40 PM »

OK the chrome thing is legitimate https://www.wiknix.com/how-to-fix-dns-probe-finished-no-internet-in-chrome/

You can set Avast to detect PUP's

Go to Settings > General
Place a tick in "Scan for Potentially Unwanted Programmes (PUP's) "

bgranat · « **Reply #29 on:** October 06, 2015, 09:41:44 PM »

Quote from: essexboy on October 06, 2015, 08:45:56 PM

Basically you had some adware courtesy of Babylon, all gone now

The dinosaur's back. Lost connectivity. Rebooted and got it back. Now I'll go read your next message.

Author Topic: Do I have a virus? (Read 18586 times)

essexboy

Re: Do I have a virus?

bgranat

Re: Do I have a virus?

bgranat

Re: Do I have a virus?

bgranat

Re: Do I have a virus?

essexboy

Re: Do I have a virus?

bgranat

Re: Do I have a virus?

essexboy

Re: Do I have a virus?

bgranat

Re: Do I have a virus?

bgranat

Re: Do I have a virus?

essexboy

Re: Do I have a virus?

bgranat

Re: Do I have a virus?

essexboy

Re: Do I have a virus?

bgranat

Re: Do I have a virus?

essexboy

Re: Do I have a virus?

bgranat

Re: Do I have a virus?