Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: Possible infection  (Read 5456 times)

0 Members and 1 Guest are viewing this topic.

finnman

    Topic Starter


    Greenhorn

    • Experience: Familiar
    • OS: Other
    Possible infection
    « on: April 16, 2016, 09:53:47 AM »
    today i noticed a weird problem of not being able to get the right click menu on windows explorer to stay because it would just "refresh" the file explorer. Also i noticed malwarebytes mentioning that firefox was being redirected to an unknown website (go.padsel.com) that coukld possibly be malicious.

    Here are logs:

    # AdwCleaner v5.111 - Logfile created 16/04/2016 at 18:31:34
    # Updated 14/04/2016 by Xplode
    # Database : 2016-04-15.1 [Server]
    # Operating system : Windows 10 Home  (X64)
    # Username : Joonas P - JOONAS
    # Running from : C:\Users\Joonas P\Downloads\adwcleaner_5.111.exe
    # Option : Clean
    # Support : http://toolslib.net/forum

    ***** [ Services ] *****


    ***** [ Folders ] *****


    ***** [ Files ] *****


    ***** [ DLLs ] *****


    ***** [ Shortcuts ] *****


    ***** [ Scheduled tasks ] *****


    ***** [ Registry ] *****

    [-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\chatango.com
    [-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\st.chatango.com
    [-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\chatango.com
    [-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\st.chatango.com

    ***** [ Web browsers ] *****


    *************************

    :: "Tracing" keys deleted
    :: Winsock settings cleared

    *************************

    C:\AdwCleaner\AdwCleaner[C1].txt - [1553 bytes] - [16/04/2016 18:31:34]
    C:\AdwCleaner\AdwCleaner[S1].txt - [1592 bytes] - [16/04/2016 18:21:33]

    ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1699 bytes] ##########

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Tarkistuksen päivämäärä: 16.4.2016
    Tarkistuksen kellonaika: 18:41
    Lokitiedosto: malwarebyteslog.txt
    Järjestelmänvalvoja: Kyllä

    Versio: 2.2.1.1043
    Haittaohjelmien tietokanta: v2016.04.16.03
    Rootkittien tietokanta: v2016.04.09.01
    Lisenssi: Kokeiluversio
    Haittaohjelmasuoja: Käytössä
    Haitallisten verkkosivujen esto: Käytössä
    Itsepuolustus: Pois käytöstä

    Käyttöjärjestelmä: Windows 10
    Prosessori: x64
    Tiedostojärjestelmä: NTFS
    Käyttäjä: Joonas P

    Tarkistuksen tyyppi: Nopea tarkistus
    Tulos: Valmis
    Kohteita tarkistettu: 348889
    Aikaa kulunut: 7 minuutti(a), 50 sekuntti(a)

    Muisti: Käytössä
    Käynnistys: Käytössä
    Tiedostojärjestelmä: Pois käytöstä
    Pakkaukset: Käytössä
    Rootkitit: Pois käytöstä
    Heuristiikka: Käytössä
    Mahdollisesti haitalliset ohjelmat: Käytössä
    Mahdollisesti haitalliset muutokset: Käytössä

    Prosessit: 0
    (Haitallisia kohteita ei löydetty)

    Moduulit: 0
    (Haitallisia kohteita ei löydetty)

    Rekisteriavain: 0
    (Haitallisia kohteita ei löydetty)

    Rekisteriarvot: 0
    (Haitallisia kohteita ei löydetty)

    Reksiteritiedot: 0
    (Haitallisia kohteita ei löydetty)

    Kansiot: 0
    (Haitallisia kohteita ei löydetty)

    Tiedostot: 0
    (Haitallisia kohteita ei löydetty)

    Fyysiset sektorit: 0
    (Haitallisia kohteita ei löydetty)


    (end)

     Results of screen317's Security Check version 1.014 --- 12/23/15 
       x64 (UAC is enabled) 
     Internet Explorer 11 
    ``````````````Antivirus/Firewall Check:``````````````[/u]
     Windows Firewall Enabled! 
    Windows Defender   
     WMI entry may not exist for antivirus; attempting automatic update.
    `````````Anti-malware/Other Utilities Check:`````````[/u]
     McAfee SiteAdvisor   
     Java version 32-bit out of Date!
     Adobe Flash Player    21.0.0.213 
     Mozilla Firefox (45.0.2)
     Google Chrome (49.0.2623.110)
     Google Chrome (49.0.2623.112)
    ````````Process Check: objlist.exe by Laurent````````[/u] 
     Windows Defender MSMpEng.exe
     Malwarebytes Anti-Malware mbamservice.exe 
     Malwarebytes Anti-Malware mbam.exe 
     Malwarebytes Anti-Malware mbamscheduler.exe   
     Windows Defender MpCmdRun.exe   
    `````````````````System Health check`````````````````[/u]
     Total Fragmentation on Drive C:  %
    ````````````````````End of Log``````````````````````[/u]
    « Last Edit: April 16, 2016, 10:04:01 AM by finnman »

    finnman

      Topic Starter


      Greenhorn

      • Experience: Familiar
      • OS: Other
      Re: Possible infection
      « Reply #1 on: April 16, 2016, 11:25:18 AM »
      english malwarebytes log

      Malwarebytes Anti-Malware
      www.malwarebytes.org

      Scan Date: 16.4.2016
      Scan Time: 18:41
      Logfile:
      Administrator: Yes

      Version: 2.2.1.1043
      Malware Database: v2016.04.16.03
      Rootkit Database: v2016.04.09.01
      License: Trial
      Malware Protection: Enabled
      Malicious Website Protection: Enabled
      Self-protection: Disabled

      OS: Windows 10
      CPU: x64
      File System: NTFS
      User: Joonas P

      Scan Type: Hyper Scan
      Result: Completed
      Objects Scanned: 348889
      Time Elapsed: 7 min, 50 sec

      Memory: Enabled
      Startup: Enabled
      Filesystem: Disabled
      Archives: Enabled
      Rootkits: Disabled
      Heuristics: Enabled
      PUP: Enabled
      PUM: Enabled

      Processes: 0
      (No malicious items detected)

      Modules: 0
      (No malicious items detected)

      Registry Keys: 0
      (No malicious items detected)

      Registry Values: 0
      (No malicious items detected)

      Registry Data: 0
      (No malicious items detected)

      Folders: 0
      (No malicious items detected)

      Files: 0
      (No malicious items detected)

      Physical Sectors: 0
      (No malicious items detected)


      (end)

      SuperDave

      • Malware Removal Specialist


      • Genius
      • Thanked: 991
      • Certifications: List
      • Experience: Expert
      • OS: Windows 8
      Re: Possible infection
      « Reply #2 on: April 16, 2016, 11:29:32 AM »
      Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

      1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
      2. The fixes are specific to your problem and should only be used for this issue on this machine.
      3. If you don't know or understand something, please don't hesitate to ask.
      4. Please DO NOT run any other tools or scans while I am helping you.
      5. It is important that you reply to this thread. Do not start a new topic.
      6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
      7. Absence of symptoms does not mean that everything is clear.

      If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
      *************************************************************************
      Please download Junkware Removal Tool to your desktop.

      Warning! Once the scan is complete JRT will shut down your browser with NO warning.

      Shut down your protection software now to avoid potential conflicts.

      •Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

      •Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator

      •The tool will open and start scanning your system.

      •Please be patient as this can take a while to complete depending on your system's specifications.

      •On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

      •Copy and Paste the JRT.txt log into your next message.
      *************************************************
      I'd like to scan your machine with ESET OnlineScan

      •Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESET OnlineScan

      •Click the button.
      •For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      • Click on to download the ESET Smart Installer. Save it to your desktop.
      • Double click on the icon on your desktop.
      •Check
      •Click the button.
      •Accept any security warnings from your browser.
      • Leave the check mark next to Remove found threats.
      •Check
      •Push the Start button.
      •ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
      •When the scan completes, push
      •Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
      •Push the button.
      •Push
      A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
      Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

      finnman

        Topic Starter


        Greenhorn

        • Experience: Familiar
        • OS: Other
        Re: Possible infection
        « Reply #3 on: April 17, 2016, 02:41:32 AM »
        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        Junkware Removal Tool (JRT) by Malwarebytes
        Version: 8.0.4 (03.14.2016)
        Operating System: Windows 10 Home x64
        Ran by Joonas P (Administrator) on la 16.04.2016 at 21:15:56,75
        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




        File System: 2

        Successfully deleted: C:\Users\Joonas P\AppData\Local\crashrpt (Folder)
        Successfully deleted: C:\Program Files (x86)\your product (Folder)



        Registry: 2

        Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_832F54E157F03AC74306CA68A8783B57 (Registry Value)
        Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)




        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        Scan was completed on la 16.04.2016 at 21:18:08,78
        End of JRT log
        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


         Still waiting on ESET to finish.

        finnman

          Topic Starter


          Greenhorn

          • Experience: Familiar
          • OS: Other
          Re: Possible infection
          « Reply #4 on: April 17, 2016, 10:07:39 AM »
          ESET finished scanning finally but there is no list of all threats  ???

          SuperDave

          • Malware Removal Specialist


          • Genius
          • Thanked: 991
          • Certifications: List
          • Experience: Expert
          • OS: Windows 8
          Re: Possible infection
          « Reply #5 on: April 17, 2016, 11:00:44 AM »
          How are things with your computer now?
          Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

          finnman

            Topic Starter


            Greenhorn

            • Experience: Familiar
            • OS: Other
            Re: Possible infection
            « Reply #6 on: April 17, 2016, 12:04:18 PM »
            I still see the malwarebytes message about blocking the redirection to the website every now and then. still cant get the right clicking in windows explorer to work properly.

            SuperDave

            • Malware Removal Specialist


            • Genius
            • Thanked: 991
            • Certifications: List
            • Experience: Expert
            • OS: Windows 8
            Re: Possible infection
            « Reply #7 on: April 18, 2016, 12:33:26 PM »
            Quote
            I still see the malwarebytes message about blocking the redirection to the website every now and then. still cant get the right clicking in windows explorer to work properly.
            This is free trial period by MBAM. Not to worry. The right-clicking in windows explorer I don't understand. Do you mean Internet Explorer? Can you give me a screen print about what you're trying to do?

            How to post screenshots or images
            Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

            finnman

              Topic Starter


              Greenhorn

              • Experience: Familiar
              • OS: Other
              Re: Possible infection
              « Reply #8 on: April 18, 2016, 01:12:31 PM »
              I mean the windows file explorer. Whenever I try to right click files in it to run one program in compatibility mode as it doesnt work properly without it kind of jsut refreshes the file explroer and the right click menu that comes up instantly disappears. For the malwarebytes it is not about the trial but rather a warning message about malwarebytes stopping a pop up window that according to malwarebytes leads to the website (go.padsel.com) I would get a screenshot but it only happens sometimes. I will try to get a screenshot of the pop up message next time.

              finnman

                Topic Starter


                Greenhorn

                • Experience: Familiar
                • OS: Other
                Re: Possible infection
                « Reply #9 on: April 18, 2016, 01:17:31 PM »
                I was able to find a log about these things in malwarebytes. I blacked out the ip that it was showing as I wasnt sure if it was my ip or the ip it was connecting to.

                SuperDave

                • Malware Removal Specialist


                • Genius
                • Thanked: 991
                • Certifications: List
                • Experience: Expert
                • OS: Windows 8
                Re: Possible infection
                « Reply #10 on: April 19, 2016, 12:57:27 PM »
                I don't think this is a malware problem. Windows 10 has a number of diagnostic programs that may be able to fix that right-click problem.
                Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

                patio

                • Moderator


                • Genius
                • Maud' Dib
                • Thanked: 1708
                  • Yes
                • Experience: Beginner
                • OS: Windows 7
                Re: Possible infection
                « Reply #11 on: April 20, 2016, 06:09:18 AM »
                From what i have checked it seems "padsdel" is a hi-jacker that has fixes out there ...but they all wanna sell you a fix.

                Have you ran ADWCleaner ? ?
                   
                 
                " Anyone who goes to a psychiatrist should have his head examined. "

                SuperDave

                • Malware Removal Specialist


                • Genius
                • Thanked: 991
                • Certifications: List
                • Experience: Expert
                • OS: Windows 8
                Re: Possible infection
                « Reply #12 on: April 20, 2016, 12:21:58 PM »
                Yes, he has run all the routine scans. Nothing showed.
                Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

                patio

                • Moderator


                • Genius
                • Maud' Dib
                • Thanked: 1708
                  • Yes
                • Experience: Beginner
                • OS: Windows 7
                Re: Possible infection
                « Reply #13 on: April 21, 2016, 05:08:55 AM »
                K...
                   
                 
                " Anyone who goes to a psychiatrist should have his head examined. "