Adlice forum
Software feedback => RogueKiller => Topic started by: Heantrad on July 14, 2015, 04:19:19 PM
-
First of all, sorry for my bad english.
A while ago, Adwcleaner detected a registry error related to a Proxy server, I delete it, I cleaned the registry with CCleaner, did a full scan with MalwareBytes, SuperAntiSpyware and Microsoft Security Essentials and they detected some viruses, but nothing related to the Proxy.
I tried everything I could to fix it, but it was impossible, it reapeared everytimes I turned on the PC, however, some guys who knew about informatic told me that it was probably a false positive, so I forgot about it.
A pair of days ago, I entered AZLyrics (dumb choice from my part) and beause those types of sites have bad reputation, I asked on Reddit if that place was dangerous, luckily it seems that only the adds contained malware, and AdBlock Plus blocked it.
However, I runned all those scans I mentioned before (except the full Microsoft Security Essentials scan, because 6 hours of scan is too much) and I used RKill this time too, but, none of them detected nothing (except AdwCleaner and the Proxy thing).
So, I decided to try RogueKiller, because TroneScript uses it in it's scans, and it detected the proxy problem from AdwCleaner but much bigger.
Obviously, I runned every scan again (complete Microsoft Security Essentials scan included), and none of them detected anything again (except AdwCleaner), so I clean the registry with RogueKiller, and it seems to work, however it doesn't detect the "PorxyOverride <-loopback>" thing, but I decide to ignore it.
Everything seems fixed, but the next day, all of that appears again, with a svchost.exe process included, I clean all of that, cleaned the registry again with AdwCleaner and checked every svchost process with the task administrator (every of them was from System32 folder)
I don't know what else to do, I'm in danger or it's just a false positive?
I have some reports, but I'll leave the one which detected all the problems at once:
RogueKiller V10.9.1.0 [Jul 9 2015] by Adlice Software
correo : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Sitio web : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Sistema Operativo : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Iniciado en : Modo Normal
Usuario : PAQUITO [Administrador]
Started from : C:\Users\PAQUITO\Desktop\Carpetas\Programas\RogueKiller.exe
Modo : Escanear -- Fecha : 07/14/2015 10:32:31
¤¤¤ Procesos : 1 ¤¤¤
[Proc.Svchost] svchost.exe(3452) --
¤¤¤ Registro : 10 ¤¤¤
[PUM.Proxy] HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Encontrado
[PUM.Proxy] HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Encontrado
[PUM.Proxy] HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:64178;https=127.0.0.1:64178 -> Encontrado
[PUM.Proxy] HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:64178;https=127.0.0.1:64178 -> Encontrado
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 62.81.16.164 62.81.16.213 ([SPAIN (ES)][SPAIN (ES)]) -> Encontrado
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 62.81.16.164 62.81.16.213 ([SPAIN (ES)][SPAIN (ES)]) -> Encontrado
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 62.81.16.164 62.81.16.213 ([SPAIN (ES)][SPAIN (ES)]) -> Encontrado
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{18969D2B-6655-459E-970C-054BCF84438E} | DhcpNameServer : 62.81.16.164 62.81.16.213 ([SPAIN (ES)][SPAIN (ES)]) -> Encontrado
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{18969D2B-6655-459E-970C-054BCF84438E} | DhcpNameServer : 62.81.16.164 62.81.16.213 ([SPAIN (ES)][SPAIN (ES)]) -> Encontrado
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{18969D2B-6655-459E-970C-054BCF84438E} | DhcpNameServer : 62.81.16.164 62.81.16.213 ([SPAIN (ES)][SPAIN (ES)]) -> Encontrado
¤¤¤ Tareas : 0 ¤¤¤
¤¤¤ Archivos : 0 ¤¤¤
¤¤¤ Archivo de hosts : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Cargado) ¤¤¤
¤¤¤ Navegadores Web : 0 ¤¤¤
¤¤¤ Chequeo MBR : ¤¤¤
+++++ PhysicalDrive0: ST380011A ATA Device +++++
--- User ---
[MBR] 56e60236016fbee647d48fdc4748b6cb
[BSP] f9290963082e6a88bf87140ae95018f6 : Windows XP MBR Code
Partition table:
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: WDC WD50 00AZRX-00A8L SCSI Disk Device +++++
--- User ---
[MBR] 2c2b02fc763bc7f60c91970e27545702
[BSP] 8618bcf435fd08ab414ac96125d49708 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 476929 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([1] Función incorrecta. )
+++++ PhysicalDrive2: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] El dispositivo no está listo. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Solicitud no compatible. )
+++++ PhysicalDrive3: Generic- SM/xD-Picture USB Device +++++
Error reading User MBR! ([15] El dispositivo no está listo. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Solicitud no compatible. )
+++++ PhysicalDrive4: Generic- SD/MMC USB Device +++++
Error reading User MBR! ([15] El dispositivo no está listo. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Solicitud no compatible. )
+++++ PhysicalDrive5: Generic- MS/MS-Pro USB Device +++++
Error reading User MBR! ([15] El dispositivo no está listo. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Solicitud no compatible. )
If you need some more information or I forgot to explain something, tell me and I'll reply the fastest I can.
Edit: also, I know I'm running an 32 bit version of RogueKiller, but is because I use a 32 bit version of the OS and I don't have the installation disk for Windows 7 (I borrowed it from a guy I know).
Thanks.
-
hey man, im not able to help but I have the exact same records (except that svhost.exe one, might be an issue there) that come up in my scan as well. Double check are these IP address your ISP set ones? go to your rotuer and check, open cmd and run ping -a 62.81.16.164 etc. Mine was all from my ISP, so I think maybe its false positive. I made post in that topic for FP. So i'll let you know if any update :D
-
I don't know anything about that ISP thing, can you explain me all the things I should do?
-
Hi Heantrad,
Welcome to Adlice.com Forum.
We are going to check if it really is a false positive.
Please download Farbar Recovery Scan Tool (x86) (http://download.bleepingcomputer.com/farbar/FRST.exe) and save it to your Desktop.
- Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
- Press Scan button.
- It will produce a log called FRST.txt in the same directory the tool is run from.
- Please copy and paste log back here.
- The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe). Please also paste that along with the FRST.txt into your reply.
Regards.
-
It exceds the maximun allowed length, so I'll use pastebin, hope you don't mind.
http://pastebin.com/kYDnSiaG
I hope nothing important has been pasted there, because I heard people use this type of pages to hack and all those stuffs.
Also, If it's not too much trouble, could you tell me if something important (IP, phone number, passwords, personal information...) has been pasted? It's because if it has been, I can contact the creators of the page and ask them to delete it.
-
Hi Heantrad,
Your computer is clean. This was indeed a false positive.
No personal information is displayed in your FRST log.
Regards.
-
Hi Heantrad,
Your computer is clean. This was indeed a false positive.
No personal information is displayed in your FRST log.
Regards.
Wow men, thanks a lot.
Anyway, what was it then?, I'm curious...
Also, the svchost.exe process hasn't appeared today, stills beign nothing to worry right?
-
Hi Heantrad,
I'm glad I was able to help you. :)
A svchost process crashed and was restarted. This behaviour made RogueKiller detects the newly created process as suspicious.
Regards.
-
Hi Heantrad,
I'm glad I was able to help you. :)
A svchost process crashed and was restarted. This behaviour made RogueKiller detects the newly created process as suspicious.
Regards.
Alright, that's extrage, but luckily it's nothing.
And all those non-harmful PUM, from where are they? (sorry if I'm asking a lot of things, I like to know all the stuff I can always)
-
Hi Heantrad,
Don't worry about that.
[PUM.Proxy] HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Encontrado
[PUM.Proxy] HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:64178;https=127.0.0.1:64178 -> Encontrado
Theses lines means there was an application running as a proxy on your system. They were removed at some point since they aren't appearing on the FRST log.
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 62.81.16.164 62.81.16.213 ([SPAIN (ES)][SPAIN (ES)]) -> Encontrado
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{18969D2B-6655-459E-970C-054BCF84438E} | DhcpNameServer : 62.81.16.164 62.81.16.213 ([SPAIN (ES)][SPAIN (ES)]) -> Encontrado
Theses lines match the adress of your Internet Service Provider Domain Name System (http://en.wikipedia.org/wiki/Domain_Name_System) and DHCP (https://en.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol) servers.
Regards.
-
Hi Heantrad,
Don't worry about that.
[PUM.Proxy] HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Encontrado
[PUM.Proxy] HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:64178;https=127.0.0.1:64178 -> Encontrado
Theses lines means there was an application running as a proxy on your system. They were removed at some point since they aren't appearing on the FRST log.
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 62.81.16.164 62.81.16.213 ([SPAIN (ES)][SPAIN (ES)]) -> Encontrado
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{18969D2B-6655-459E-970C-054BCF84438E} | DhcpNameServer : 62.81.16.164 62.81.16.213 ([SPAIN (ES)][SPAIN (ES)]) -> Encontrado
Theses lines match the adress of your Internet Service Provider Domain Name System (http://en.wikipedia.org/wiki/Domain_Name_System) and DHCP (https://en.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol) servers.
Regards.
They proxy hasn't been removed, as it keeps showing on further RogueKiller scans.
Here you have the log:
RogueKiller V10.9.1.0 [Jul 9 2015] by Adlice Software
correo : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Sitio web : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Sistema Operativo : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Iniciado en : Modo Normal
Usuario : PAQUITO [Administrador]
Started from : C:\Users\PAQUITO\Desktop\Carpetas\Programas\RogueKiller.exe
Modo : Escanear -- Fecha : 07/16/2015 20:23:37
¤¤¤ Procesos : 0 ¤¤¤
¤¤¤ Registro : 10 ¤¤¤
[PUM.Proxy] HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Encontrado
[PUM.Proxy] HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Encontrado
[PUM.Proxy] HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:64178;https=127.0.0.1:64178 -> Encontrado
[PUM.Proxy] HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:64178;https=127.0.0.1:64178 -> Encontrado
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 62.81.16.164 62.81.16.213 ([SPAIN (ES)][SPAIN (ES)]) -> Encontrado
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 62.81.16.164 62.81.16.213 ([SPAIN (ES)][SPAIN (ES)]) -> Encontrado
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 62.81.16.164 62.81.16.213 ([SPAIN (ES)][SPAIN (ES)]) -> Encontrado
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{18969D2B-6655-459E-970C-054BCF84438E} | DhcpNameServer : 62.81.16.164 62.81.16.213 ([SPAIN (ES)][SPAIN (ES)]) -> Encontrado
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{18969D2B-6655-459E-970C-054BCF84438E} | DhcpNameServer : 62.81.16.164 62.81.16.213 ([SPAIN (ES)][SPAIN (ES)]) -> Encontrado
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{18969D2B-6655-459E-970C-054BCF84438E} | DhcpNameServer : 62.81.16.164 62.81.16.213 ([SPAIN (ES)][SPAIN (ES)]) -> Encontrado
¤¤¤ Tareas : 0 ¤¤¤
¤¤¤ Archivos : 0 ¤¤¤
¤¤¤ Archivo de hosts : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Cargado) ¤¤¤
¤¤¤ Navegadores Web : 0 ¤¤¤
¤¤¤ Chequeo MBR : ¤¤¤
+++++ PhysicalDrive0: ST380011A ATA Device +++++
--- User ---
[MBR] 56e60236016fbee647d48fdc4748b6cb
[BSP] f9290963082e6a88bf87140ae95018f6 : Windows XP MBR Code
Partition table:
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: WDC WD50 00AZRX-00A8L SCSI Disk Device +++++
--- User ---
[MBR] 2c2b02fc763bc7f60c91970e27545702
[BSP] 8618bcf435fd08ab414ac96125d49708 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 476929 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([1] Función incorrecta. )
+++++ PhysicalDrive2: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] El dispositivo no está listo. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Solicitud no compatible. )
+++++ PhysicalDrive3: Generic- SM/xD-Picture USB Device +++++
Error reading User MBR! ([15] El dispositivo no está listo. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Solicitud no compatible. )
+++++ PhysicalDrive4: Generic- SD/MMC USB Device +++++
Error reading User MBR! ([15] El dispositivo no está listo. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Solicitud no compatible. )
+++++ PhysicalDrive5: Generic- MS/MS-Pro USB Device +++++
Error reading User MBR! ([15] El dispositivo no está listo. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Solicitud no compatible. )
-
Hi Heantrad,
Please relaunch RogueKiller and check the following entries for deletion :
[PUM.Proxy] HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Encontrado
[PUM.Proxy] HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Encontrado
[PUM.Proxy] HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:64178;https=127.0.0.1:64178 -> Encontrado
[PUM.Proxy] HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:64178;https=127.0.0.1:64178 -> Encontrado
How your computer is running so far ?
Regards.
-
Hi Heantrad,
Please relaunch RogueKiller and check the following entries for deletion :
[PUM.Proxy] HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Encontrado
[PUM.Proxy] HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Encontrado
[PUM.Proxy] HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:64178;https=127.0.0.1:64178 -> Encontrado
[PUM.Proxy] HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:64178;https=127.0.0.1:64178 -> Encontrado
How your computer is running so far ?
Regards.
That's the problem, I delete them but they keep apearing again, with AdwCleaner happens the same (and it's the thing that the guy that knew about informatic told me was just a false positive), here's AdwCleaner's log if that helps:
# AdwCleaner v4.208 - Registro generado 16/07/2015 en 21:31:30
# Actualizado 09/07/2015 por Xplode
# Base de datos : 2015-07-15.1 [Servidor]
# Sistema operativo : Windows 7 Home Premium Service Pack 1 (x86)
# Nombre de usuario : PAQUITO - PAQUITO-PC
# Ejecutado desde : C:\Users\PAQUITO\Desktop\Carpetas\Programas\adwcleaner_4.208.exe
# Opción : Escanear
***** [ Servicios ] *****
***** [ Archivos / Carpetas ] *****
***** [ Tareas programadas... ] *****
***** [ Accesos directos ] *****
***** [ Registro ] *****
Datos Encontrado : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
Datos Encontrado : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
Datos Encontrado : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:64178;hxxps=127.0.0.1:64178
Valor Encontrado : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [DefaultConnectionSettings]
Valor Encontrado : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [SavedLegacySettings]
***** [ Navegadores Web ] *****
-\\ Internet Explorer v11.0.9600.17909
-\\ Mozilla Firefox v29.0 (es-ES)
-\\ Google Chrome v43.0.2357.134
-\\ Chromium v
*************************
AdwCleaner[R0].txt - [1348 bytes] - [02/07/2015 00:14:49]
AdwCleaner[R10].txt - [1999 bytes] - [05/07/2015 23:36:47]
AdwCleaner[R11].txt - [2059 bytes] - [06/07/2015 09:58:04]
AdwCleaner[R12].txt - [2280 bytes] - [06/07/2015 10:15:39]
AdwCleaner[R13].txt - [2343 bytes] - [06/07/2015 16:21:54]
AdwCleaner[R14].txt - [2400 bytes] - [10/07/2015 14:08:52]
AdwCleaner[R15].txt - [2463 bytes] - [11/07/2015 14:49:47]
AdwCleaner[R16].txt - [2523 bytes] - [11/07/2015 14:58:46]
AdwCleaner[R17].txt - [2583 bytes] - [11/07/2015 15:55:44]
AdwCleaner[R18].txt - [2643 bytes] - [11/07/2015 21:55:25]
AdwCleaner[R19].txt - [2201 bytes] - [12/07/2015 16:03:53]
AdwCleaner[R1].txt - [1407 bytes] - [02/07/2015 12:44:04]
AdwCleaner[R20].txt - [2264 bytes] - [12/07/2015 16:57:35]
AdwCleaner[R21].txt - [2823 bytes] - [13/07/2015 16:22:22]
AdwCleaner[R22].txt - [2384 bytes] - [13/07/2015 17:43:39]
AdwCleaner[R23].txt - [2492 bytes] - [13/07/2015 18:03:35]
AdwCleaner[R24].txt - [2552 bytes] - [13/07/2015 18:08:41]
AdwCleaner[R25].txt - [2612 bytes] - [13/07/2015 21:16:14]
AdwCleaner[R26].txt - [3182 bytes] - [14/07/2015 10:24:16]
AdwCleaner[R27].txt - [2743 bytes] - [14/07/2015 10:33:45]
AdwCleaner[R28].txt - [3299 bytes] - [14/07/2015 10:37:35]
AdwCleaner[R29].txt - [2863 bytes] - [14/07/2015 10:54:11]
AdwCleaner[R2].txt - [1463 bytes] - [02/07/2015 12:47:26]
AdwCleaner[R30].txt - [2751 bytes] - [16/07/2015 21:31:30]
AdwCleaner[R3].txt - [1686 bytes] - [02/07/2015 18:33:02]
AdwCleaner[R4].txt - [1745 bytes] - [02/07/2015 18:36:33]
AdwCleaner[R5].txt - [1807 bytes] - [02/07/2015 21:59:59]
AdwCleaner[R6].txt - [1866 bytes] - [03/07/2015 22:49:21]
AdwCleaner[R7].txt - [1925 bytes] - [04/07/2015 15:46:41]
AdwCleaner[R8].txt - [2309 bytes] - [05/07/2015 23:24:31]
AdwCleaner[R9].txt - [1938 bytes] - [05/07/2015 23:34:34]
AdwCleaner[S0].txt - [2120 bytes] - [05/07/2015 23:26:17]
AdwCleaner[S1].txt - [2440 bytes] - [13/07/2015 17:44:44]
########## EOF - C:\AdwCleaner\AdwCleaner[R30].txt - [3342 bytes] ##########
The computer is running OK so far (Chrome is a little slow at starting, but my PC isn't really powerful, so it's normal).
-
Hi Heantrad,
Since they keep appearing and the fact FRST revealed nothing malicious , I can make the guess those entries are linked to some security softwares.
In my opinion, there is no reason to worry about them.
Regards.
-
Hi Heantrad,
Since they keep appearing and the fact FRST revealed nothing malicious , I can make the guess those entries are linked to some security softwares.
In my opinion, there is no reason to worry about them.
Regards.
If you don't mind, I can send another FRST log with the Proxy entrys now that they appeared (sometimes they appear, sometimes they don't, it's a mess).
-
Hi Heantrad,
OK.
Additionally, please download TCPView (http://live.sysinternals.com/Tcpview.exe), then execute it.
Locate the column "Local Port" and copy/paste the line that has the value 64178 (you can sort the column) in your next reply.
Regards.
-
Hi Heantrad,
OK.
Additionally, please download TCPView (http://live.sysinternals.com/Tcpview.exe), then execute it.
Locate the column "Local Port" and copy/paste the line that has the value 64178 (you can sort the column) in your next reply.
Regards.
Alright, sorry for replying a bit late, but I will do all that in a moment.
When AdwCleaner detected the Proxy for the first time, I had installed MalwareBytes, AdwCleaner, CCleaner and Microsoft Security Essentials only.
Also I use Dropbox, don't know if it uses a Proxy.
-
Hi Heantrad,
OK.
Additionally, please download TCPView (http://live.sysinternals.com/Tcpview.exe), then execute it.
Locate the column "Local Port" and copy/paste the line that has the value 64178 (you can sort the column) in your next reply.
Regards.
Alright, here you have the FRST logs
Also, there was no 64178 value, don't know why, if you needed it for the svchost.exe process that RogueKiller detects, it hasn't appeared again so far, if it appears again, I'll run TCPView again.
-
Hi Heantrad,
Since the port 64178 was not listed, theses lines are harmless.
However, we are going to delete them.
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system !
Run FRST and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
Regards.
-
Hi Heantrad,
Since the port 64178 was not listed, theses lines are harmless.
However, we are going to delete them.
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system !
Run FRST and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
Regards.
Done, here you have the fixlog.
By the way, when I did the fix, Google chrome reseted the fixed tabs and the most visited websites that I had, maybe it was related to that?
Also, AdwCleaner still detects the ProxyOverride <-looopback> CORRECTION: I defragmented the disk and appart of creating a restauration point that occupies 4 GB it made the loopback thing dissapear, so, that.
Oh and the svchost process has appeared again (and those four DNS registry keys are the only ones that appear now, two of them have dissapeared):
RogueKiller V10.9.1.0 [Jul 9 2015] by Adlice Software
correo : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Sitio web : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Sistema Operativo : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Iniciado en : Modo Normal
Usuario : PAQUITO [Administrador]
Started from : C:\Users\PAQUITO\Desktop\Carpetas\Programas\RogueKiller.exe
Modo : Escanear -- Fecha : 07/19/2015 20:06:30
¤¤¤ Procesos : 1 ¤¤¤
[Proc.Svchost] svchost.exe(4052) --
¤¤¤ Registro : 4 ¤¤¤
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 62.81.16.164 62.81.16.213 ([SPAIN (ES)][SPAIN (ES)]) -> Encontrado
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 62.81.16.164 62.81.16.213 ([SPAIN (ES)][SPAIN (ES)]) -> Encontrado
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{18969D2B-6655-459E-970C-054BCF84438E} | DhcpNameServer : 62.81.16.164 62.81.16.213 ([SPAIN (ES)][SPAIN (ES)]) -> Encontrado
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{18969D2B-6655-459E-970C-054BCF84438E} | DhcpNameServer : 62.81.16.164 62.81.16.213 ([SPAIN (ES)][SPAIN (ES)]) -> Encontrado
¤¤¤ Tareas : 0 ¤¤¤
¤¤¤ Archivos : 0 ¤¤¤
¤¤¤ Archivo de hosts : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Cargado) ¤¤¤
¤¤¤ Navegadores Web : 0 ¤¤¤
¤¤¤ Chequeo MBR : ¤¤¤
+++++ PhysicalDrive0: ST380011A ATA Device +++++
--- User ---
[MBR] 56e60236016fbee647d48fdc4748b6cb
[BSP] f9290963082e6a88bf87140ae95018f6 : Windows XP MBR Code
Partition table:
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: WDC WD50 00AZRX-00A8L SCSI Disk Device +++++
--- User ---
[MBR] 2c2b02fc763bc7f60c91970e27545702
[BSP] 8618bcf435fd08ab414ac96125d49708 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 476929 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([1] Función incorrecta. )
+++++ PhysicalDrive2: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] El dispositivo no está listo. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Solicitud no compatible. )
+++++ PhysicalDrive3: Generic- SM/xD-Picture USB Device +++++
Error reading User MBR! ([15] El dispositivo no está listo. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Solicitud no compatible. )
+++++ PhysicalDrive4: Generic- SD/MMC USB Device +++++
Error reading User MBR! ([15] El dispositivo no está listo. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Solicitud no compatible. )
+++++ PhysicalDrive5: Generic- MS/MS-Pro USB Device +++++
Error reading User MBR! ([15] El dispositivo no está listo. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Solicitud no compatible. )
And finally, today when I turned on the PC after executing the fix yesterday, the Windows 10 free install thing appeared (it hadn't appeared for me before, don't know why)
-
Hi Heantrad,
Could you please download RogueKiller latest version, do a scan and post the JSON report ?
Regards.
-
Hi Heantrad,
Could you please download RogueKiller latest version, do a scan and post the JSON report ?
Regards.
I got one log without the svchost and another with the svchost, I'll attach both.
-
Hi Heantrad,
Your system is clean.
Regards.
-
Hi Heantrad,
Your system is clean.
Regards.
Thanks a lot.
So, the svchost process is just a normal process that crashes for an unknow reasons and restarts again?
However, if something more happens I will reply, thanks again for helping me with all this stuff.
-
Hi Heantrad,
You are welcome.
The fact RogueKiller detects the newly created svchost process is a bug we need to troubleshoot.
Regards.
-
Hi Heantrad,
You are welcome.
The fact RogueKiller detects the newly created svchost process is a bug we need to troubleshoot.
Regards.
Alright.
Also, something I forgot to ask and I shoulded do from the beginning.
Does AZLyrics have a virus?
-
Hi Heantrad,
According to VirusTotal, AZLyrics were distributing malwares in 2014.
There were no detection since then, so it should be alright. However, I strongly advice you to run an adblocker program when browsing it.
Regards.
-
Hi Heantrad,
According to VirusTotal, AZLyrics were distributing malwares in 2014.
There were no detection since then, so it should be alright. However, I strongly advice you to run an adblocker program when browsing it.
Regards.
Alright, no more lyrics websites, once is enough to learn.
Thanks again.
-
Hi Heantrad,
You are very welcome. :)
Regards.
-
Hi Heantrad,
You are very welcome. :)
Regards.
Also, should I make a reply on the false positives post about the DNS thing or it doesn't matter?
-
Hi Heantrad,
It doesn't matter.
Regards.
-
This is appart, but anyways, I've been loged out of some accounts today when I started the PC, need to say that Google Chrome has updated today too.
Why can this be? (I checked the "stay loged in" option).
-
Hi Heantrad,
With FRST execution, all temporary files including cookies were removed from your computer.
This is the reason why you need to manually login to the accounts whose credentials were stored in thoses.
Regards.
-
Hi Heantrad,
With FRST execution, all temporary files including cookies were removed from your computer.
This is the reason why you need to manually login to the accounts whose credentials were stored in thoses.
Regards.
The thing is that I alredy loged out on those (Outlook and Reddit) after the fix, but they got unloged again without reason it seems.
-
Hi Heantrad,
FRST don't mess with Outlook settings.
Did you try to signin and check "Remember password" after the fix ?
Regards.
-
Hi Heantrad,
FRST don't mess with Outlook settings.
Did you try to signin and check "Remember password" after the fix ?
Regards.
I remember that I did with Reddit, but I'm not sure with Outlook.
However, it's probably nothing and it's me that I'm a bit paranoic.
-
Hi Heantrad,
How is the system running now ? Is the "remember password" function working with your Reddit account ?
Regards.
-
Hi Heantrad,
How is the system running now ? Is the "remember password" function working with your Reddit account ?
Regards.
The password thing is going well now, but I discovered something is happening with the anti-malware programs.
MalwareBytes doesn't do the full scan (normally it takes 20 minutes, now it takes 15).
SuperAntiSpyware stopped detecting things (it detected two PUP from a softonic variant, thanks to TikiOne Steam Cleaner, which is a legit program, but the download website isn't, and then asked me to restart the PC, when I restarted it didn't even detect cookies).
Microsoft Security Essentials is probably not protecting the PC, because it didn't detect the PUP.
The programs that weren't installed seemed to work fine, Bytes and Spyware started working normal again (but they're probably going to act weird again soon probably) after reinstalling them again, I haven't tried with MSE yet.
I did another scan with MalwareBytes (I restarted the computer before doing it) and it took less time than usual again (17 minutes) I'll do a scan with SuperAnti now to see if it doesn't detect cookies again. EDIT: It happen what I expected, AntiSpyware didn't work again.
Also, forgot to say, none of the programs I mentioned time ago detects anything (RogueKiller detects nothing, RKill doesn't detect any process, CCleaner doesn't detect neither trash files nor trash register data, AdwCleaner detects nothing...)
EDIT 2: Also, I'm not sure, but, could it be for Pastebin? VirusTotal detected this...
https://www.virustotal.com/es/url/574e66b1ddc111be82ebc51b24e1f71b21a273669f0db76f679db6b87af09295/analysis/1437936681/
Also, is it dangerous to use the anti malware programs right now in the state they're?
-
Hi Heantrad,
Softonic is actively repackig freewares with adwares bundles. I highly recommend you to download anything from their website.
For exemple, here is TikiOne Steam Cleaner official download site (https://github.com/jonathanlermitage/tikione-steam-cleaner/releases).
I think you could use your security programs without worrying.
If you still have doubts about Malwarebytes Anti-Malware, I suggest you to open a new thread on their forum : they will be more qualified than me to help you with this particular issue.
Pastebin is perfectly safe to use.
Regards.
-
Hi Heantrad,
Softonic is actively repackig freewares with adwares bundles. I highly recommend you to download anything from their website.
For exemple, here is TikiOne Steam Cleaner official download site (https://github.com/jonathanlermitage/tikione-steam-cleaner/releases).
I think you could use your security programs without worrying.
If you still have doubts about Malwarebytes Anti-Malware, I suggest you to open a new thread on their forum : they will be more qualified than me to help you with this particular issue.
Pastebin is perfectly safe to use.
Regards.
The thing is that I got the PUP from that page (GitHub) that's why it says it's a Softonic Variant.
Also, any thoughts on the SuperAntiSpyware! thing?, now it doesn't matter that I reinstall it (and all the rest of the programs) it keeps failing.
Edit: It worked today and detected a lot of cookies (all of them except three from Windows.old, because I used Windows XP before but I thing it might be another error, as I didn't found the directory SAS! said) but it doesn't work anymore again, and it still doesn't detect cookies from doubleclick or imrworldwide.
Also, when I mean using the security programs, I mean running scans, meanwhile I wait to find a solution, I run scans from all the programs (SAS! and MSE mostly).
However I tried to registry on MalwareByte's forum and the e-mail for completing the registration hasn't come yet, I'l try registring again later.
-
Hi Heantrad
The thing is that I got the PUP from that page (GitHub) that's why it says it's a Softonic Variant.
Are you sure about this ? The archived hosted at GitHub seems clean.
Also, any thoughts on the SuperAntiSpyware! thing?, now it doesn't matter that I reinstall it (and all the rest of the programs) it keeps failing.
Edit: It worked today and detected a lot of cookies (all of them except three from Windows.old, because I used Windows XP before but I thing it might be another error, as I didn't found the directory SAS! said) but it doesn't work anymore again, and it still doesn't detect cookies from doubleclick or imrworldwide.
Also, when I mean using the security programs, I mean running scans, meanwhile I wait to find a solution, I run scans from all the programs (SAS! and MSE mostly).
The logs don't give a clue about this particular issue so, it's hard for me to troubleshoot it.
BTW, tracking cookies are mostly harmless.
However I tried to registry on MalwareByte's forum and the e-mail for completing the registration hasn't come yet, I'l try registring again later.
Were you able to register on MalwareByte's forum ?
Regards.
-
Hi Heantrad
The thing is that I got the PUP from that page (GitHub) that's why it says it's a Softonic Variant.
Are you sure about this ? The archived hosted at GitHub seems clean.
Also, any thoughts on the SuperAntiSpyware! thing?, now it doesn't matter that I reinstall it (and all the rest of the programs) it keeps failing.
Edit: It worked today and detected a lot of cookies (all of them except three from Windows.old, because I used Windows XP before but I thing it might be another error, as I didn't found the directory SAS! said) but it doesn't work anymore again, and it still doesn't detect cookies from doubleclick or imrworldwide.
Also, when I mean using the security programs, I mean running scans, meanwhile I wait to find a solution, I run scans from all the programs (SAS! and MSE mostly).
The logs don't give a clue about this particular issue so, it's hard for me to troubleshoot it.
BTW, tracking cookies are mostly harmless.
However I tried to registry on MalwareByte's forum and the e-mail for completing the registration hasn't come yet, I'l try registring again later.
Were you able to register on MalwareByte's forum ?
Regards.
I haven't tried to register yet because SAS! is doing weird things, it works sometimes and sometimes doesn't. Alright the cookie thing was a bug, they fixed it today.
Would you need anything especial to troubleshoot it?, I mean what scan logs should I send you?
And I downloaded Tikione from SourceForge (it's the download link that the official web tells you to use, appart from GitHub) and I installed that version, maybe it was SourceForge's fault.
-
Hi Heantrad,
Would you need anything especial to troubleshoot it?, I mean what scan logs should I send you?
Maybe the log produced by SuperAntiSpyware could help.
And I downloaded Tikione from SourceForge (it's the download link that the official web tells you to use, appart from GitHub) and I installed that version, maybe it was SourceForge's fault.
It's very possible. I advise you to privilege GitHub over SourceForge.
Regard.
-
Hi Heantrad,
Would you need anything especial to troubleshoot it?, I mean what scan logs should I send you?
Maybe the log produced by SuperAntiSpyware could help.
And I downloaded Tikione from SourceForge (it's the download link that the official web tells you to use, appart from GitHub) and I installed that version, maybe it was SourceForge's fault.
It's very possible. I advise you to privilege GitHub over SourceForge.
Regard.
SAS! works fine now, but anyways I'll paste the latest full scan log I have.
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 08/03/2015 at 05:27 PM
Application Version : 6.0.1204
Database Version : 11994
Scan type : Complete Scan
Total Scan Time : 01:06:15
Operating System Information
Windows 7 Home Premium 32-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator
Memory items scanned : 687
Memory threats detected : 0
Registry items scanned : 33310
Registry threats detected : 0
File items scanned : 94145
File threats detected : 5
Adware.Tracking Cookie
.bluekai.com [ C:\USERS\PAQUITO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.bluekai.com [ C:\USERS\PAQUITO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.bluekai.com [ C:\USERS\PAQUITO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.demdex.net [ C:\USERS\PAQUITO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
engine.adzerk.net [ C:\USERS\PAQUITO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
============
End of Log
============
I'll also atach a full scan log from MBAM, don't know if it will serve for anything, but anyways.
Also, SAS! detected a cookies placed on C:\Users\PAQUITO\AppData\Roaming\Microsoft\Windows\Cookies , it's called UMBMRDQ2 and it's from openx.net. Edit: "cookies" from skimresources and mathtag have appear from nowhere today too, in the same folder.
The weird thing is that this has happened to me before and it detects it as a cookie, but it quarantines it instead of automatically deleting it.
Also, I don't use Internet Explorer, so, I don't know why it's stored in that folder (if I'm not wrong, only cookies from IE should be placed there), maybe it's related that CCleaner detects temporal files and other stuff from IE too, but as before, I don't use IE
-
Hi Heantrad,
The MBAM log is clean and SAS only detected tracking cookies.
Also, I don't use Internet Explorer, so, I don't know why it's stored in that folder (if I'm not wrong, only cookies from IE should be placed there), maybe it's related that CCleaner detects temporal files and other stuff from IE too, but as before, I don't use IE
Some applications use IE engine to retrive ads. So, tracking cookies, could be present in that folder even if you don't use Internet Explorer.
How is the computer running ?
Regards.
-
Hi Heantrad,
The MBAM log is clean and SAS only detected tracking cookies.
Also, I don't use Internet Explorer, so, I don't know why it's stored in that folder (if I'm not wrong, only cookies from IE should be placed there), maybe it's related that CCleaner detects temporal files and other stuff from IE too, but as before, I don't use IE
Some applications use IE engine to retrive ads. So, tracking cookies, could be present in that folder even if you don't use Internet Explorer.
How is the computer running ?
Regards.
It's running good for now, I deleted the Windows.old folder too and I gained like 20 GB.
Now I only need to find a way to delete the old Program Files.
Also, I compared the number of items MBAB scaned with a 20 minuted scan log I had and it scaned the same amount, so it's probably okay?
-
Hi Heantrad,
Yes, it's okay.
You can use the Disk Cleanup utility to delete previous OS directories.
Regards.
-
Hi Heantrad,
Yes, it's okay.
You can use the Disk Cleanup utility to delete previous OS directories.
Regards.
Alright, I'll try that in a moment, thanks.
-
Hi Heantrad,
You are very welcome.
Regards.
-
Hi Heantrad,
You are very welcome.
Regards.
I have a doubt, is there any way to know if Microsoft Security Essentials is working properly?, with working properly I mean detecting potentials treads and blocking them.
-
Hi Heantrad,
If Microsoft Security Essentials is not running properly, Windows Security Center will report it.
Regards.
-
Hi Heantrad,
If Microsoft Security Essentials is not running properly, Windows Security Center will report it.
Regards.
A problem I've seen today is that the Nvidia control panel doesn't show all the options it should (I remember that it showed a lot more options).
Could it be related with a problem I had with an adware (that I removed time ago with MBAB or SAS!, I don't remember exactly) that said it was a Nvidia sound driver, or it's normal that this happens?
Also, is there any solutions?
I'll attach an image that shows the options that appears.
-
Hi Heantrad,
I really doubt your problem to be malware related.
Hovewer, you are running Nvidia drivers version 341.74 while latest version is 353.62. Updating them may solve the issue.
Regards.
-
Hi Heantrad,
I really doubt your problem to be malware related.
Hovewer, you are running Nvidia drivers version 341.74 while latest version is 353.62. Updating them may solve the issue.
Regards.
This is the oficial page from Nvidia to download the latest drivers right?
http://www.nvidia.es/Download/index.aspx?lang=es
-
Hi Heantrad,
Yes, it is.
Regards.
-
Hi Heantrad,
Yes, it is.
Regards.
The last update of AdwCleaner let's you reset your Proxy server and the winshock.
Can you tell me what is the winshock and what does it do?
I have a windows restauration point from yesterday if I messed something up and that can solve it (because I didn't unchecked those two options, who are checked by default).
-
Hi Heantrad,
Winsock is an software interface which allow how Windows to access network services based on TCP/IP.
You should not "reset" it unless you experiment network connection problem.
I have a windows restauration point from yesterday if I messed something up and that can solve it (because I didn't unchecked those two options, who are checked by default).
If you are able to access Internet, there is no need to perform a restauration.
Regards.
-
Hi Heantrad,
Winsock is an software interface which allow how Windows to access network services based on TCP/IP.
You should not "reset" it unless you experiment network connection problem.
I have a windows restauration point from yesterday if I messed something up and that can solve it (because I didn't unchecked those two options, who are checked by default).
If you are able to access Internet, there is no need to perform a restauration.
Regards.
I'm able to acces Internet (as I'm writing this on the computer), however, I think it happen the same as when I used the fix option in the Farbar aplication (it logged me out of some accounts automaticaly).
However, I see another option about the TCP/IP settings, I supose it's different, but I'll atach a screenshot with the options.
-
Hi Heantrad,
I'm able to acces Internet (as I'm writing this on the computer), however, I think it happen the same as when I used the fix option in the Farbar aplication (it logged me out of some accounts automaticaly).
Winsock and websites authentification have nothing to do with each other. ;)
However, I see another option about the TCP/IP settings, I supose it's different, but I'll atach a screenshot with the options.
There is indeed a difference between the Winsock and TCP/IP. The first one is a Sockets API, the second one is a network stack.
If you need more information about AdwCleaner, I suggest you to contact its developer, Xplode, on ToolsLib (https://toolslib.net/).
Regards.
-
Hi Heantrad,
I'm able to acces Internet (as I'm writing this on the computer), however, I think it happen the same as when I used the fix option in the Farbar aplication (it logged me out of some accounts automaticaly).
Winsock and websites authentification have nothing to do with each other. ;)
However, I see another option about the TCP/IP settings, I supose it's different, but I'll atach a screenshot with the options.
There is indeed a difference between the Winsock and TCP/IP. The first one is a Sockets API, the second one is a network stack.
If you need more information about AdwCleaner, I suggest you to contact its developer, Xplode, on ToolsLib (https://toolslib.net/).
Regards.
Oh, okay, I'm just throwing ideas without much sense, as maybe some of them are right, but however.
Also, AdwCleaner detected this after entering (and almost downloading something from it. thanks to safeweb Norton) Solvusoft (didn't know it was malicious until a pair of days ago) it was removed succefully, any idead of what could it be?
-
Hi Heantrad,
Oh, okay, I'm just throwing ideas without much sense, as maybe some of them are right, but however.
You are hungry for knowledge, this is clearly not a bad thing. ;)
Also, AdwCleaner detected this after entering (and almost downloading something from it. thanks to safeweb Norton) Solvusoft (didn't know it was malicious until a pair of days ago) it was removed succefully, any idead of what could it be?
It was a BHO belonging to PUP SupTab.
Regards.
-
Hi Heantrad,
Oh, okay, I'm just throwing ideas without much sense, as maybe some of them are right, but however.
You are hungry for knowledge, this is clearly not a bad thing. ;)
Also, AdwCleaner detected this after entering (and almost downloading something from it. thanks to safeweb Norton) Solvusoft (didn't know it was malicious until a pair of days ago) it was removed succefully, any idead of what could it be?
It was a BHO belonging to PUP SupTab.
Regards.
SupTab... didn't know about it. What does it do and in which folder does is normally (for precaution, to check if something is going wrong).
-
Hi Heantrad,
SupTab is a browser hijacker and is usually located in the following folders :
%ProgramFiles%\SupTab
%ProgramFiles%\XTab
Regarding the logs, it should not be present anymore.
Regards.
-
Hi Heantrad,
SupTab is a browser hijacker and is usually located in the following folders :
%ProgramFiles%\SupTab
%ProgramFiles%\XTab
Regarding the logs, it should not be present anymore.
Regards.
Just checked, there isn't any folder named like that on my program files, thanks.
-
Hi Heantrad,
You are welcome.
Regards.
-
Hi Heantrad,
You are welcome.
Regards.
Forgot to ask, what browsers does it hijack?
-
Internet Explorer.
-
Internet Explorer.
Well, I use Chrome, so I think it would do anything is there was rests of it on my PC.
Anyways, by the name I supect is one of those sidebars that adds into your browser, but my Internet Explorer doesn't have any of those, so it's probably fine.
Also, what is all that about unistalling Flash, is has that many security fails?.
And about the program files, I think I selected delete old OS folders or something like that when I deleted Windows.old, it worked for the Windows folder, but the old program files stills there, I'll atach a screenshot showing both folders, the one with the red circle is the old one, need to say I neither can delete it manually, as it tells me that I don't have the permission to do that (I'm running as an administrator on the PC always).
By the way, is this website safe? https://clyp.it/ . I found it today because I wanted to share a song in Reddit and as the creators say, they want to make a sound imgur. I did scans with VirusTotal and Norton's Safe Web and in both it showed clean (but Softonic also shows clean, so...), but I still distrust little known websites.
-
Hi Heantrad,
Also, what is all that about unistalling Flash, is has that many security fails?.
You could uninstall it, but many sites won't work properly. I rather suggest you to keep it updated.
And about the program files, I think I selected delete old OS folders or something like that when I deleted Windows.old, it worked for the Windows folder, but the old program files stills there, I'll atach a screenshot showing both folders, the one with the red circle is the old one, need to say I neither can delete it manually, as it tells me that I don't have the permission to do that (I'm running as an administrator on the PC always).
Windows.old folder contain all the files you could safely delete. I advise you not to remove any "old" folders since the OS may still use them.
By the way, is this website safe? https://clyp.it/ . I found it today because I wanted to share a song in Reddit and as the creators say, they want to make a sound imgur. I did scans with VirusTotal and Norton's Safe Web and in both it showed clean (but Softonic also shows clean, so...), but I still distrust little known websites.
It seems safe.
Regards.
-
Hi Heantrad,
Also, what is all that about unistalling Flash, is has that many security fails?.
You could uninstall it, but many sites won't work properly. I rather suggest you to keep it updated.
And about the program files, I think I selected delete old OS folders or something like that when I deleted Windows.old, it worked for the Windows folder, but the old program files stills there, I'll atach a screenshot showing both folders, the one with the red circle is the old one, need to say I neither can delete it manually, as it tells me that I don't have the permission to do that (I'm running as an administrator on the PC always).
Windows.old folder contain all the files you could safely delete. I advise you not to remove any "old" folders since the OS may still use them.
By the way, is this website safe? https://clyp.it/ . I found it today because I wanted to share a song in Reddit and as the creators say, they want to make a sound imgur. I did scans with VirusTotal and Norton's Safe Web and in both it showed clean (but Softonic also shows clean, so...), but I still distrust little known websites.
It seems safe.
Regards.
I'm sure they don't use the folder, as it didn't get updated until I tried to delete it, then it deleted some files but some other are impossible to delete for some reason.
Also, I want to delete it because it occupies like 60 GB and I know that I had virus before changing the OS (I used to piracy a lot back then, now I don't because it always ends with me getting infected and now I can buy stuff without problems also).
-
Hi Heantrad,
If you really want to delete the folder, you need to take ownership before to be able to delete it.
Launch the command prompt windows (cmd) with admin rights and copy/paste the following command :
takeown /f C:\Archivos de programa /r /d y && icacls C:\Archivos de programa /t /q /grant PAQUITO:FNow, you should be able to delete the folder.
Regards.
-
Hi Heantrad,
If you really want to delete the folder, you need to take ownership before to be able to delete it.
Launch the command prompt windows (cmd) with admin rights and copy/paste the following command :
takeown /f C:\Archivos de programa /r /d y && icacls C:\Archivos de programa /t /q /grant PAQUITO:FNow, you should be able to delete the folder.
Regards.
The folder was created when I installed Windows 7, my previous OS was XP (I changed for all the end of support thing), I think none of the programs I have updated or used the folder, as it didn't update until I tried to delete it for the first time (and until SAS! detected a pair of viruses...).
Also, what does the code do?, I know, it's for giving me rights to delete the folder, but I mean what does the code do (each part).
-
Hi Heantrad,
The first part of the script takes ownership of the directory, the second part gives full right to your account over the directory.
For a full explanation, please check takeown and icacls documentation pages at TechNet (https://technet.microsoft.com).
Regards.
-
Hi Heantrad,
The first part of the script takes ownership of the directory, the second part gives full right to your account over the directory.
For a full explanation, please check takeown and icacls documentation pages at TechNet (https://technet.microsoft.com).
Regards.
So the first part selects the directory to execute the action of giving full right to my account on that folder, right?
-
Takeown
Enables an administrator to recover access to a file that previously was denied, by making the administrator the owner of the file.
Icacls
Displays or modifies discretionary access control lists (DACLs) on specified files, and applies stored DACLs to files in specified directories.
-
Takeown
Enables an administrator to recover access to a file that previously was denied, by making the administrator the owner of the file.
Icacls
Displays or modifies discretionary access control lists (DACLs) on specified files, and applies stored DACLs to files in specified directories.
Alright, thanks; I'll do a backup (I will need an external hard drive/disk for it right?) and I'll delete it when I can.
Also, I tried to install the drivers through Nvidia GeForce and this happenned (stills not beign the last version of the Drivers, I know), I selected a clean installation and it installed something definetly, as now I have less space on my hard drive.
So, Chrome now only shows six thumbnails instead of eight, I've readed that it's a bug with Chrome 44, is that true?
I did a scan with AdwCleaner, and how did this happen? I haven't went to Softonic's website and I haven't downloaded anything (I updated RKill trough rkill.com and CCleaner through piriform only), I checked his twitter for some reason, can Softonic do this trough Twitter?
-
Hi, Heantrad
Hi Alright, thanks; I'll do a backup (I will need an external hard drive/disk for it right?) and I'll delete it when I can.
Indeed.
Also, I tried to install the drivers through Nvidia GeForce and this happenned (stills not beign the last version of the Drivers, I know), I selected a clean installation and it installed something definetly, as now I have less space on my hard drive.
The NVIDIA drivers and applications seem to be correctly installed, now.
So, Chrome now only shows six thumbnails instead of eight, I've readed that it's a bug with Chrome 44, is that true?
It's true. See Issue 495968 (https://code.google.com/p/chromium/issues/detail?id=495968).
I did a scan with AdwCleaner, and how did this happen? I haven't went to Softonic's website and I haven't downloaded anything (I updated RKill trough rkill.com and CCleaner through piriform only), I checked his twitter for some reason, can Softonic do this trough Twitter?
I guess Chrome 44 include Softonic Search Form, which was removed by AdwCleaner.
Regards.
-
Hi, Heantrad
Hi Alright, thanks; I'll do a backup (I will need an external hard drive/disk for it right?) and I'll delete it when I can.
Indeed.
Also, I tried to install the drivers through Nvidia GeForce and this happenned (stills not beign the last version of the Drivers, I know), I selected a clean installation and it installed something definetly, as now I have less space on my hard drive.
The NVIDIA drivers and applications seem to be correctly installed, now.
So, Chrome now only shows six thumbnails instead of eight, I've readed that it's a bug with Chrome 44, is that true?
It's true. See Issue 495968 (https://code.google.com/p/chromium/issues/detail?id=495968).
I did a scan with AdwCleaner, and how did this happen? I haven't went to Softonic's website and I haven't downloaded anything (I updated RKill trough rkill.com and CCleaner through piriform only), I checked his twitter for some reason, can Softonic do this trough Twitter?
I guess Chrome 44 include Softonic Search Form, which was removed by AdwCleaner.
Regards.
I'll install the newest Drivers from the page at some point, I want to leave it the last.
Now it shows the eight thumbnails again for some reason.
And good job Google, good job adding that as a search provider.
While I was doing a scan with RogueKiller I readed something about licensing changed and could affect machine detections or something like that, what does that mean?.
-
Hi Heantrad,
We indeed change the license scheme. Now, with a personal license, you are able to register up to 5 machines instead of 3.
For more information, please read : RogueKiller Premium (http://www.adlice.com/softwares/roguekiller/roguekiller-premium/).
Regards.
-
Hi Heantrad,
We indeed change the license scheme. Now, with a personal license, you are able to register up to 5 machines instead of 3.
For more information, please read : RogueKiller Premium (http://www.adlice.com/softwares/roguekiller/roguekiller-premium/).
Regards.
But if you use the free version nothing changes right?
Also, while asking for help on the MBAB forums they told me that full scans can put wear and tear on my hardrive, is that true?, because if it is I don't know how it hasn't stop working by now (I'm doing at least two or three full scans with SAS! a day).
-
Hi Heantrad,
But if you use the free version nothing changes right?
Right.
Also, while asking for help on the MBAB forums they told me that full scans can put wear and tear on my hardrive, is that true?, because if it is I don't know how it hasn't stop working by now (I'm doing at least two or three full scans with SAS! a day).
That's true. Conducting extensive scan daily may prematurely wear your HHD.
Regards.
-
Hi Heantrad,
But if you use the free version nothing changes right?
Right.
Also, while asking for help on the MBAB forums they told me that full scans can put wear and tear on my hardrive, is that true?, because if it is I don't know how it hasn't stop working by now (I'm doing at least two or three full scans with SAS! a day).
That's true. Conducting extensive scan daily may prematurely wear your HHD.
Regards.
Well, it's probably really late, I probably alredy wear it, it's been like a month.
Anyways, I'll stop doing that since now.
So, the guy at the MBAM forums told me that there's some errors with Windows search and maybe a PUP, I'll paste the solution he gave me.
Please try doing a full disk check and running this Search Index fix and see if that helps.
Please visit the following site and run the fixit tool from Microsoft
Fix Windows Desktop Search when it crashes or not showing results (this is the link http://support.microsoft.com/mats/windows_search)
Then click on START and type in CMD.EXE and when it shows on the menu right click and choose "Run as administrator" and type the following.
CHKDSK C: /R
Then press the Y key to run after a restart and restart the computer.
I'll attach the logs that I send to him.
The PUM seems to be FXWebPlayer.
So, I did a MBAM full scan (a full scan not threat scan as I did always) and it detected this, I'll leave the log here (I'll also send it to the guy who is helping me at the MBAM forum, but you can't edit posts there, so I'll need to wait until he replies me).
-
So, the guys at the MBAM are still helping me, they're helping me deleting the PUPs that got detected by MBAM, after that there's onlt left the Program Files thing and the drivers.
Also, yesterday, while I downloaded a program that they told me to (Junkware Removal Tool), I saw a strange file in the download folder, it was a .dll file and Microsoft Security Essentials said it was safe, I can't remember the name right now, as I deleted it.
The thing is that it was downloaded at the same time that the program and some days ago, I needed to translate something and by mistake I entered Babylon's translation page (seems that I'm never going to learn the lesson...), I did the typical scans and they didn't detect anything.
Could it be related, or Babylon only gives you his virus if you download anything from his page?
-
Hi Heantrad,
Since you didn't download anything from Babylon website, you are safe.
Regards.
-
Hi Heantrad,
Since you didn't download anything from Babylon website, you are safe.
Regards.
Alright, the guy at the MBAM forum told me to not download, install/unistall programs or do scans unless he tells me to, so, I think that for now I'm done in here.
When I finish in there I will come back here and finish the thing that are left.
Thanks a lot for helping me with all the problems that I've had with the PC.
-
Hi Heantrad,
You are welcome.
Regards.
-
Hi Heantrad,
You are welcome.
Regards.
Hey, something strange happened.
For no reason all webpages that I had in favorites in Chrome have totally dissapeared, the rest stills the same.
Also, for some reason Skype keeps changing itself to ausent, I do not have the change to ausent after X time option marked.
Alright, I restored the bookmarks to an older version (from two days ago), I'll do a backup right now, do you have any idea of why has this happen?
Could it be because the lights went off while I was using the PC?, it's not the first time it happens and for some reason it keeps happening and happening without any advice before it happens, it also made disapear the desktop background, it reappeared after a restart.
-
Hi Heantrad,
That's really strange behaviour.
I suggest you to report thoses things to Ron Lewis, at Malwarebytes forum. He should be more suited than me in troubleshooting them since you are currently following a disinfection process there.
Regards.
-
Hi Heantrad,
That's really strange behaviour.
I suggest you to report thoses things to Ron Lewis, at Malwarebytes forum. He should be more suited than me in troubleshooting them since you are currently following a disinfection process there.
Regards.
Alright, on my next reply I'll tell him the problem, thanks.
-
Hi Heantrad,
You are welcome.
Regards.
-
Hi Heantrad,
You are welcome.
Regards.
So today I did a scan with RogueKiller because Ron is making me install a lot of things and this was detected.
Any idead of what can it be? (I haven't deleted it yet).
Also, the svchost.exe process keeps appearing, it doesn't show in this report because I exported it to json format by mistake and I did another scan in txt format.
And, it's normal that the rootkit section appears totally blank?, in older version it appeared a lot of files in green for information purposes, has it been updated?
So... Microsoft Security Essentials detected this... I'm going to delete it and the things that RogueKiller detected too...
Also, I've seen the scheluded tasks to be sure that the Trojan hasn't created one and I found why the Proxy server keeped reapearing, something created a scheluded task.
So, today I noticed this, it was created the same day I replied with this comment, if you want I can send you the file so you can see what it is, for now I will move it to a .rar file until I know what to do with it.
-
Hi Heantrad,
So today I did a scan with RogueKiller because Ron is making me install a lot of things and this was detected.
Any idead of what can it be? (I haven't deleted it yet).
Could you please post RogueKiller log ? I'm sure Ron won't make you install something unsafe.
Also, the svchost.exe process keeps appearing, it doesn't show in this report because I exported it to json format by mistake and I did another scan in txt format.
This is a bug on our side. Don't worry about that.
And, it's normal that the rootkit section appears totally blank?, in older version it appeared a lot of files in green for information purposes, has it been updated?
Yes. RogueKiller doesn't display legit hooks anymore.
So... Microsoft Security Essentials detected this... I'm going to delete it and the things that RogueKiller detected too...
Also, I've seen the scheluded tasks to be sure that the Trojan hasn't created one and I found why the Proxy server keeped reapearing, something created a scheluded task.
Please see this with Ron. If something must be removed, he will instruct you how to do it with FRST.
So, today I noticed this, it was created the same day I replied with this comment, if you want I can send you the file so you can see what it is, for now I will move it to a .rar file until I know what to do with it.
Yes, the file could be useful for analysis.
Please rar it and attach it with your next reply.
Regards.
-
Hi Heantrad,
So today I did a scan with RogueKiller because Ron is making me install a lot of things and this was detected.
Any idead of what can it be? (I haven't deleted it yet).
Could you please post RogueKiller log ? I'm sure Ron won't make you install something unsafe.
Also, the svchost.exe process keeps appearing, it doesn't show in this report because I exported it to json format by mistake and I did another scan in txt format.
This is a bug on our side. Don't worry about that.
And, it's normal that the rootkit section appears totally blank?, in older version it appeared a lot of files in green for information purposes, has it been updated?
Yes. RogueKiller doesn't display legit hooks anymore.
So... Microsoft Security Essentials detected this... I'm going to delete it and the things that RogueKiller detected too...
Also, I've seen the scheluded tasks to be sure that the Trojan hasn't created one and I found why the Proxy server keeped reapearing, something created a scheluded task.
Please see this with Ron. If something must be removed, he will instruct you how to do it with FRST.
So, today I noticed this, it was created the same day I replied with this comment, if you want I can send you the file so you can see what it is, for now I will move it to a .rar file until I know what to do with it.
Yes, the file could be useful for analysis.
Please rar it and attach it with your next reply.
Regards.
The log has been posted on my previous reply.
And here is the file.
-
Hi Heantrad,
Sorry, I didn't see the log at first sight.
The new lines are liked to ESet Smart Security driver, so they are legit.
I checked the file you attached.
It's not a valid PE file (exe file) and therefore it poses no threat.
Regards.
-
Hi Heantrad,
Sorry, I didn't see the log at first sight.
The new lines are liked to ESet Smart Security driver, so they are legit.
I checked the file you attached.
It's not a valid PE file (exe file) and therefore it poses no threat.
Regards.
I unistalled them because I thought that the trojan might have created them, it's okay anyways right?
So, if I execute the file, what would happen
So, I use an USB pen for computing class and today, when I used the USB, I saw it had a file called autorun, I've searched for info and I saw that some virus use that to install virus trough a USB, what should I do?
-
Hi Heantrad,
I unistalled them because I thought that the trojan might have created them, it's okay anyways right?
Yes.
So, if I execute the file, what would happen
Absolutely nothing since Windows cannot interpret it.
So, I use an USB pen for computing class and today, when I used the USB, I saw it had a file called autorun, I've searched for info and I saw that some virus use that to install virus trough a USB, what should I do?
AutoRun could be subverted by malwares for propagation purposes but, most of the time, the instruction on the autorun.inf file are perfectly legit.
For more information, please read Creating an AutoRun-Enabled Application (https://msdn.microsoft.com/en-us/library/windows/desktop/cc144206%28v=vs.85%29.aspx).
Regards.
-
Hi Heantrad,
I unistalled them because I thought that the trojan might have created them, it's okay anyways right?
Yes.
So, if I execute the file, what would happen
Absolutely nothing since Windows cannot interpret it.
So, I use an USB pen for computing class and today, when I used the USB, I saw it had a file called autorun, I've searched for info and I saw that some virus use that to install virus trough a USB, what should I do?
AutoRun could be subverted by malwares for propagation purposes but, most of the time, the instruction on the autorun.inf file are perfectly legit.
For more information, please read Creating an AutoRun-Enabled Application (https://msdn.microsoft.com/en-us/library/windows/desktop/cc144206%28v=vs.85%29.aspx).
Regards.
Could it be that Panda USB vaccine has created the autorun file? As in the PC I use on that class has it.
Also, for curiosity, is hotmail/outlook that bad?
-
Hi Heantrad,
Could it be that Panda USB vaccine has created the autorun file? As in the PC I use on that class has it.
This is certainly the case.
Also, for curiosity, is hotmail/outlook that bad?
Not at all. I think it's a pretty good solution for end-user.
Regards.
-
Hi Heantrad,
Could it be that Panda USB vaccine has created the autorun file? As in the PC I use on that class has it.
This is certainly the case.
Also, for curiosity, is hotmail/outlook that bad?
Not at all. I think it's a pretty good solution for end-user.
Regards.
Alright, then I'll keep the autorun, thanks.
-
Hi Heantrad,
You are welcome.
Regards.
-
Hi Heantrad,
You are welcome.
Regards.
Alright, so Ron has finished with me, so I'm doing a full scan with every antispyware I have.
AdwCleaner has detected this task, I searched for info and it seems that a virus can do that, is it legit or not?
I'll update if any program I have detects anything more.
-
Hi Heantrad,
It's legit.
Regards.
-
Hi Heantrad,
It's legit.
Regards.
Alright, I'm still doing scans, MBAM says it's clean, now there's only left SAS!, MSE and RogueKiller.
Also, when I did the scan with ESET Online Scaner it detected that the installers of CCleaner had adware, is that true?
And a weird thing that has been happening, for some reason the volumes at the volume mixer keep reseting at the maximun without an aparent reason, what could be causing it?
What are the shortcuts .ink? SAS! has a option to follow them, but I don't know if it's a good decision to make it do it or it will make that SAS! analyzes less files.
-
Hi Heantrad,
Also, when I did the scan with ESET Online Scaner it detected that the installers of CCleaner had adware, is that true?
CCleaner installer don't contains any adware.
And a weird thing that has been happening, for some reason the volumes at the volume mixer keep reseting at the maximun without an aparent reason, what could be causing it?
I'm sorry but I have no clue.
What are the shortcuts .ink? SAS! has a option to follow them, but I don't know if it's a good decision to make it do it or it will make that SAS! analyzes less files.
.lnk files are Shell Links (https://msdn.microsoft.com/en-us/library/windows/desktop/bb776891%28v=vs.85%29.aspx).
If you enable SAS! to follow them, it will then scan the files "linked" to them. It won't make it analyzes less files.
Regards.
-
Hi Heantrad,
Also, when I did the scan with ESET Online Scaner it detected that the installers of CCleaner had adware, is that true?
CCleaner installer don't contains any adware.
And a weird thing that has been happening, for some reason the volumes at the volume mixer keep reseting at the maximun without an aparent reason, what could be causing it?
I'm sorry but I have no clue.
What are the shortcuts .ink? SAS! has a option to follow them, but I don't know if it's a good decision to make it do it or it will make that SAS! analyzes less files.
.lnk files are Shell Links (https://msdn.microsoft.com/en-us/library/windows/desktop/bb776891%28v=vs.85%29.aspx).
If you enable SAS! to follow them, it will then scan the files "linked" to them. It won't make it analyzes less files.
Regards.
SAS! hasn't detected anything.
Also, I found this http://answers.microsoft.com/en-us/windows/forum/windows_7-pictures/volume-mixer-does-not-retain-settings-for/558434e7-fe84-48e0-9385-474594c52e50 , could any of those solutions work if the volume mixer keeps resetting?
RogueKiller did detect something, I'll leave here the log (I haven't deleted anything yet).
The home page of IE seems to be this (Safeweb Norton and VirusTotal say it's safe) https://www.google.es/?gfe_rd=cr&ei=7UUMVrreAs2q8wed_L0g&gws_rd=ssl
Also, it's me or there's now more DNS entries than before?
-
Hi Heantrad,
Also, I found this http://answers.microsoft.com/en-us/windows/forum/windows_7-pictures/volume-mixer-does-not-retain-settings-for/558434e7-fe84-48e0-9385-474594c52e50 , could any of those solutions work if the volume mixer keeps resetting?
You can try those solutions but don't use the "System Restore" one. It will revert your computer to an earlier state, so Ron work will be useless.
RogueKiller did detect something, I'll leave here the log (I haven't deleted anything yet).
The home page of IE seems to be this (Safeweb Norton and VirusTotal say it's safe) https://www.google.es/?gfe_rd=cr&ei=7UUMVrreAs2q8wed_L0g&gws_rd=ssl
PUM stands for Potentially Unwanted Modification. In your case, thoses entries are perfectly legit and necessary to access Internet.
For more information, please read RogueKiller Documentation (http://www.adlice.com/software/roguekiller/documentation/).
Also, it's me or there's now more DNS entries than before?
The "CurrentControlSet" keys are the ones that matter. :)
Regards.
-
Hi Heantrad,
Also, I found this http://answers.microsoft.com/en-us/windows/forum/windows_7-pictures/volume-mixer-does-not-retain-settings-for/558434e7-fe84-48e0-9385-474594c52e50 , could any of those solutions work if the volume mixer keeps resetting?
You can try those solutions but don't use the "System Restore" one. It will revert your computer to an earlier state, so Ron work will be useless.
RogueKiller did detect something, I'll leave here the log (I haven't deleted anything yet).
The home page of IE seems to be this (Safeweb Norton and VirusTotal say it's safe) https://www.google.es/?gfe_rd=cr&ei=7UUMVrreAs2q8wed_L0g&gws_rd=ssl
PUM stands for Potentially Unwanted Modification. In your case, thoses entries are perfectly legit and necessary to access Internet.
For more information, please read RogueKiller Documentation (http://www.adlice.com/software/roguekiller/documentation/).
Also, it's me or there's now more DNS entries than before?
The "CurrentControlSet" keys are the ones that matter. :)
Regards.
Then I should leave the PUMs there right? (they probably appeared because Ron told me to reset all my browsers).
Also, should I delete any of those DNS entries?
And Ron told me to delete all the system restores I had, it's because the infection can pass from a restoration to my PC again or just to avoid using them by mistake?
Does Steam's browser reset along Internet Explorer?, as they use the same engine.
Does Java still install adware? As I needed to unistall it during Ron's cleanup and not I'm doubting about installing it again.
Well, the sound problem happened again, this time the general volume went up to the max.
Is puush.me a bad webpage? VirusTotal says it has two positive results, but Norton Safeweb says it's safe.
Now, after that I think there's only left the Program Files folder and the Nvidia Drivers.
-
Hi Heantrad,
Then I should leave the PUMs there right? (they probably appeared because Ron told me to reset all my browsers).
Yes.
Also, should I delete any of those DNS entries?
No, you need them to access Internet.
And Ron told me to delete all the system restores I had, it's because the infection can pass from a restoration to my PC again or just to avoid using them by mistake?
If you use a restore point were your computer was infected, the infection will indeed pass to your computer again.
Does Steam's browser reset along Internet Explorer?, as they use the same engine.
Not anymore. Steam's browser uses WebKit now.
Does Java still install adware? As I needed to unistall it during Ron's cleanup and not I'm doubting about installing it again.
Java doesn't install adwares. Ron makes you uninstall old and flawed versions of Java.
Well, the sound problem happened again, this time the general volume went up to the max.
Sorry, I still have no clue.
Is puush.me a bad webpage? VirusTotal says it has two positive results, but Norton Safeweb says it's safe.
It's safe.
Regards.
-
Hi Heantrad,
Then I should leave the PUMs there right? (they probably appeared because Ron told me to reset all my browsers).
Yes.
Also, should I delete any of those DNS entries?
No, you need them to access Internet.
And Ron told me to delete all the system restores I had, it's because the infection can pass from a restoration to my PC again or just to avoid using them by mistake?
If you use a restore point were your computer was infected, the infection will indeed pass to your computer again.
Does Steam's browser reset along Internet Explorer?, as they use the same engine.
Not anymore. Steam's browser uses WebKit now.
Does Java still install adware? As I needed to unistall it during Ron's cleanup and not I'm doubting about installing it again.
Java doesn't install adwares. Ron makes you uninstall old and flawed versions of Java.
Well, the sound problem happened again, this time the general volume went up to the max.
Sorry, I still have no clue.
Is puush.me a bad webpage? VirusTotal says it has two positive results, but Norton Safeweb says it's safe.
It's safe.
Regards.
So, how can I reset Steam's browser?
Also, when I reseted all the browsers Steam's one algo got kind of reset I think, as for example the 'Watched' videos got reseted.
-
Hi Heantrad,
Please try to delete the following directories content :
C:\Program Files\Steam\config\Cookies
C:\Program Files\Steam\config\Overlay Cookies
C:\Program Files\Steam\config\HTML Cache
C:\Program Files\Steam\config\Overlay HTML Cache
Regards.
-
Hi Heantrad,
Please try to delete the following directories content :
C:\Program Files\Steam\config\Cookies
C:\Program Files\Steam\config\Overlay Cookies
C:\Program Files\Steam\config\HTML Cache
C:\Program Files\Steam\config\Overlay HTML Cache
Regards.
Before I delete them, will Steam create the folders again (after using the his browser, opening Steam again...) or will I need to create the folders again or reinstall Steam?
-
Hi Heantrad,
Don't delete these folders, only their contents.
Regards.
-
Hi Heantrad,
Don't delete these folders, only their contents.
Regards.
Inside the Overlay HTML Cache folder there's a folder called AppCache, should I delete it too (it's empty)?
Also, the cookies folders are empty and the HTML Cache folder doesn't even exist.
-
Hi Heantrad,
Yes, you should.
For more information, I suggest you to open a new thread on the Steam Forum (http://steamcommunity.com/discussions/forum/1/).
Regards.
-
Hi Heantrad,
Yes, you should.
For more information, I suggest you to open a new thread on the Steam Forum (http://steamcommunity.com/discussions/forum/1/).
Regards.
Alright, I opened a thread on the Steam forums for more information.
Meanwhile, I have a pair of questions.
CCleaner has detected some registry keys that can be deleted, should I delete any of those? (I have all of the search options actived)
Also, it's normal that I can freely acces to Windows' folder?, I mean, I can freely enter System32, I thought those folders were protected.
Alright, I got a responde alredy, in the images below I show them to you, the guy sended me to another thread and the folders he says I must delete are diferent (probably because it's outdated, it's from 2014), but he tells me to directly delete the folders, as I thought I should do the first time, I shouldn't do that right?
Also, now that I remember, Steam let's you reset your cookies directly from the parameters.
-
Hi Heantrad,
CCleaner has detected some registry keys that can be deleted, should I delete any of those? (I have all of the search options actived)
I strongly advice you not to use CCleaner "Registry Cleaner. It could cause harm to your system.
Also, it's normal that I can freely acces to Windows' folder?, I mean, I can freely enter System32, I thought those folders were protected.
It's perfectly normal. The system files and folders are protected again modification/deletion, not browsing.
Alright, I got a responde alredy, in the images below I show them to you, the guy sended me to another thread and the folders he says I must delete are diferent (probably because it's outdated, it's from 2014), but he tells me to directly delete the folders, as I thought I should do the first time, I shouldn't do that right?
Also, now that I remember, Steam let's you reset your cookies directly from the parameters.
I don't really known Steam Browser so I assume the folders will be recreated. You can go ahead.
Regards.
-
Hi Heantrad,
CCleaner has detected some registry keys that can be deleted, should I delete any of those? (I have all of the search options actived)
I strongly advice you not to use CCleaner "Registry Cleaner. It could cause harm to your system.
Also, it's normal that I can freely acces to Windows' folder?, I mean, I can freely enter System32, I thought those folders were protected.
It's perfectly normal. The system files and folders are protected again modification/deletion, not browsing.
Alright, I got a responde alredy, in the images below I show them to you, the guy sended me to another thread and the folders he says I must delete are diferent (probably because it's outdated, it's from 2014), but he tells me to directly delete the folders, as I thought I should do the first time, I shouldn't do that right?
Also, now that I remember, Steam let's you reset your cookies directly from the parameters.
I don't really known Steam Browser so I assume the folders will be recreated. You can go ahead.
Regards.
Then I should delete the folders you told me to right?
I checked the directions that the old thread had and they exist, and some of the folders are full, should I just delete all of them? (or copy them out of Steam, in case Steam doesn't create them again).
Also, as Steam utilizes webkit, resetting Chrome (and unistalling it) should reset Steam's browser too right?
Just thought of it, could it be that the proxy server you helped me to delete was Mozilla's update server?, as now I've seen that the version I have is really old and in the update tab it says that the update server hasn't been found.
-
Hi Heantrad,
Then I should delete the folders you told me to right?
I checked the directions that the old thread had and they exist, and some of the folders are full, should I just delete all of them? (or copy them out of Steam, in case Steam doesn't create them again).
Also, as Steam utilizes webkit, resetting Chrome (and unistalling it) should reset Steam's browser too right?
I don't really know Steam Browser myself, so I advice you to follow the advice posted in Steam forum and to ask relating questions there as well.
Just thought of it, could it be that the proxy server you helped me to delete was Mozilla's update server?, as now I've seen that the version I have is really old and in the update tab it says that the update server hasn't been found.
Firefox don't need a proxy to update, so no.
Regards.
-
Hi Heantrad,
Then I should delete the folders you told me to right?
I checked the directions that the old thread had and they exist, and some of the folders are full, should I just delete all of them? (or copy them out of Steam, in case Steam doesn't create them again).
Also, as Steam utilizes webkit, resetting Chrome (and unistalling it) should reset Steam's browser too right?
I don't really know Steam Browser myself, so I advice you to follow the advice posted in Steam forum and to ask relating questions there as well.
Just thought of it, could it be that the proxy server you helped me to delete was Mozilla's update server?, as now I've seen that the version I have is really old and in the update tab it says that the update server hasn't been found.
Firefox don't need a proxy to update, so no.
Regards.
I'll make a post asking for every folder that I need for resetting Steam's browser.
Meanwhile, I remembered that in CCleaner there's an option to clean Steam, do you think it will clean up the browser too or just temporary files Steam creates?
So, I used Delfix as Ron told me for cleaning all the tools used, and I think it didn't work, this is what happened.
So, I used the Delfix tool (sorry that it took me so long) and it didn't do anything I think.
I runned the program, and it detected some programs, however, I didn't read the intruction of rebooting the sistem and I runned the tool again, then I restarted the PC and nothing got deleted, at least that's what seems, FRST stills there, Javara stills there and I think everything that showed on the log stills there.
I can't send you the log, because I didn't know I messed it up and I didn't do it right, so I didn't save it.
When I run the tool again, the log appears blank (I mean, it doesn't detect any programs installed).
Is possible to delete all the programs I installed during the malware removal manually or I needed the tool?
I've alredy replied to my post on Malwarebytes' forum with the same explanation, but I asked you too in case this error could harm the computer.
-
Hi Heantrad
Meanwhile, I remembered that in CCleaner there's an option to clean Steam, do you think it will clean up the browser too or just temporary files Steam creates?
I have really no idea. You could always try.
So, I used the Delfix tool (sorry that it took me so long) and it didn't do anything I think.
I runned the program, and it detected some programs, however, I didn't read the intruction of rebooting the sistem and I runned the tool again, then I restarted the PC and nothing got deleted, at least that's what seems, FRST stills there, Javara stills there and I think everything that showed on the log stills there.
I can't send you the log, because I didn't know I messed it up and I didn't do it right, so I didn't save it.
When I run the tool again, the log appears blank (I mean, it doesn't detect any programs installed).
Is possible to delete all the programs I installed during the malware removal manually or I needed the tool?
I've alredy replied to my post on Malwarebytes' forum with the same explanation, but I asked you too in case this error could harm the computer.
DelFix won't harm your computer in any case. ;)
Regards.
-
Hi Heantrad
Meanwhile, I remembered that in CCleaner there's an option to clean Steam, do you think it will clean up the browser too or just temporary files Steam creates?
I have really no idea. You could always try.
So, I used the Delfix tool (sorry that it took me so long) and it didn't do anything I think.
I runned the program, and it detected some programs, however, I didn't read the intruction of rebooting the sistem and I runned the tool again, then I restarted the PC and nothing got deleted, at least that's what seems, FRST stills there, Javara stills there and I think everything that showed on the log stills there.
I can't send you the log, because I didn't know I messed it up and I didn't do it right, so I didn't save it.
When I run the tool again, the log appears blank (I mean, it doesn't detect any programs installed).
Is possible to delete all the programs I installed during the malware removal manually or I needed the tool?
I've alredy replied to my post on Malwarebytes' forum with the same explanation, but I asked you too in case this error could harm the computer.
DelFix won't harm your computer in any case. ;)
Regards.
Well, I think this is a definitive answer to the Steam browser thing.
Also, maybe this has an obvious answer, but, can malware spread trough Skype calls?
-
Hi Heantrad,
Also, maybe this has an obvious answer, but, can malware spread trough Skype calls?
If you keep it updated, you are safe.
Regards.
-
Hi Heantrad,
Also, maybe this has an obvious answer, but, can malware spread trough Skype calls?
If you keep it updated, you are safe.
Regards.
So, the reset didn't work?
Here's the explanation I gave on another thread I opened on the Steam Forums.
So, I posted another two thread asking for help at resetting Steam's browsing, and I ended up deleting those folders.
C:\Program Files\Steam\appcache\httpcache
C:\Program Files\Steam\config\overlayhtmlcache
C:\Program Files\Steam\tenfoot\config\httpcache
They also told me to delete C:\Program Files\Steam\config\htmlcache but I couldn't find them.
The thing is that after deleting them, only the first one was created again, the rest not, and the browser didn't got reseted (at least that's what it seems).
Anyone can tell me if those where the correct folders or if I messed it up?
I didn't delete any folders luckily, just moved them, and now I moved them to their correspondent place again, probably.
The thread hasn't got a reply yet, so I'll guess it will be lost in the inmensity of the forums alredy, so I'll leave the browser in peace for now, as it isn't doing anything strange.
Anyways, yesterday I noticed some strange options that appeared on the allow programs section of the firewall, I don't know if it's safe to post images with the programs that are allowed in your firewall, so I'll not post them until you say me if it's safe or not.
They seem legit, but they weren't there before (and one of them is from Java, so I don't know why the firewall rule stills there if I unistalled it), but I prefer to have caution with this stuff.
Also, is there any way to check the router to know what machines are conected to it? As it's acting a bit strange (the light that indicated that the cable conection is working blinks really fast) and I want to know what's happening and if it's necesary, reset it.
-
Hi Heantrad,
So, the reset didn't work?
Here's the explanation I gave on another thread I opened on the Steam Forums.
So, I posted another two thread asking for help at resetting Steam's browsing, and I ended up deleting those folders.
C:\Program Files\Steam\appcache\httpcache
C:\Program Files\Steam\config\overlayhtmlcache
C:\Program Files\Steam\tenfoot\config\httpcache
They also told me to delete C:\Program Files\Steam\config\htmlcache but I couldn't find them.
The thing is that after deleting them, only the first one was created again, the rest not, and the browser didn't got reseted (at least that's what it seems).
Anyone can tell me if those where the correct folders or if I messed it up?
I didn't delete any folders luckily, just moved them, and now I moved them to their correspondent place again, probably.
The thread hasn't got a reply yet, so I'll guess it will be lost in the inmensity of the forums alredy, so I'll leave the browser in peace for now, as it isn't doing anything strange.
Again, I'm no Steam Guru, so it's difficult for me te help you.
You always could "up" your thread at the Steam forum, if it's ignored for too long.
Anyways, yesterday I noticed some strange options that appeared on the allow programs section of the firewall, I don't know if it's safe to post images with the programs that are allowed in your firewall, so I'll not post them until you say me if it's safe or not.
They seem legit, but they weren't there before (and one of them is from Java, so I don't know why the firewall rule stills there if I unistalled it), but I prefer to have caution with this stuff.
If you didn't download anything strange, it's probably safe.
Firewall rules are not auto-removed when you uninstall a program. :)
Also, is there any way to check the router to know what machines are conected to it? As it's acting a bit strange (the light that indicated that the cable conection is working blinks really fast) and I want to know what's happening and if it's necesary, reset it.
There exists numerous routeurs manufacturer and setups. I would advice you to open a new thread on your ISP forum board. They will be more skilled than me helping you with it.
Regards.
-
Hi Heantrad,
So, the reset didn't work?
Here's the explanation I gave on another thread I opened on the Steam Forums.
So, I posted another two thread asking for help at resetting Steam's browsing, and I ended up deleting those folders.
C:\Program Files\Steam\appcache\httpcache
C:\Program Files\Steam\config\overlayhtmlcache
C:\Program Files\Steam\tenfoot\config\httpcache
They also told me to delete C:\Program Files\Steam\config\htmlcache but I couldn't find them.
The thing is that after deleting them, only the first one was created again, the rest not, and the browser didn't got reseted (at least that's what it seems).
Anyone can tell me if those where the correct folders or if I messed it up?
I didn't delete any folders luckily, just moved them, and now I moved them to their correspondent place again, probably.
The thread hasn't got a reply yet, so I'll guess it will be lost in the inmensity of the forums alredy, so I'll leave the browser in peace for now, as it isn't doing anything strange.
Again, I'm no Steam Guru, so it's difficult for me te help you.
You always could "up" your thread at the Steam forum, if it's ignored for too long.
Anyways, yesterday I noticed some strange options that appeared on the allow programs section of the firewall, I don't know if it's safe to post images with the programs that are allowed in your firewall, so I'll not post them until you say me if it's safe or not.
They seem legit, but they weren't there before (and one of them is from Java, so I don't know why the firewall rule stills there if I unistalled it), but I prefer to have caution with this stuff.
If you didn't download anything strange, it's probably safe.
Firewall rules are not auto-removed when you uninstall a program. :)
Also, is there any way to check the router to know what machines are conected to it? As it's acting a bit strange (the light that indicated that the cable conection is working blinks really fast) and I want to know what's happening and if it's necesary, reset it.
There exists numerous routeurs manufacturer and setups. I would advice you to open a new thread on your ISP forum board. They will be more skilled than me helping you with it.
Regards.
I think I didn't download anything strange. Yes, just checked the downloads on my browser and I only downloaded a new version of AdwCleaner and a pair of images.
So, should I manually remove the firewall rules of Java?
-
Hi Heantrad,
Heantrad
Yes, you could.
Regards.
-
Hi Heantrad,
Heantrad
Yes, you could.
Regards.
So, I'm recieving help in the MBAM's forums again for a pair of problems that were left in the air.
Meanwhile, I always had a doubt, when you go to download RKill on BleepingComputer, which of the three disponible downloads is the good
one?
Has the Outlook (hotmail) design changed?
-
Hi Heantrad,
Meanwhile, I always had a doubt, when you go to download RKill on BleepingComputer, which of the three disponible downloads is the good
one?
All of same link to the same RKill application.
Has the Outlook (hotmail) design changed?
I'm not using it, so I'm not the right person to ask. ;)
Regards.
-
Hi Heantrad,
Meanwhile, I always had a doubt, when you go to download RKill on BleepingComputer, which of the three disponible downloads is the good
one?
All of same link to the same RKill application.
Has the Outlook (hotmail) design changed?
I'm not using it, so I'm not the right person to ask. ;)
Regards.
I know you don't use Outlook, but today this appeared on the Outlook page (first image).
I use adblock for security reasons (so I can avoid ads giving me malware, and I don't know if the ads from that page can give malware), but I'm kind of untrustful towards Microsoft, and I know they're capable of making the conexion unsafe just because I use an adblocker, is that possible?
Also, Chrome says this (second image) about the conectivity of the page, what does it mean?, I remember that it was in green short ago (totally encrypted with modern encryptation), also I censored it because I don't know if it's safe to say what type of conectivity a page has, if you tell me it's safe I'll send a version without the MS Paint quality censor.
And when you enter the page, if you don't do nothing, it appears this instead (third image), if you change folders twice (from inbox to unwanted mail to inbox again for example), it changes to the image shown before.
I've tried to analyze the url with Safeweb and TotalVirus but it uses various link on the process of login in, so I don't know which of them is the correct one to analyze.
If any of those things is true, can I transfer my outlook account into a gmail one? I mean, will I need to change my e-mail direction for every account I have to my new gmail one or there's a way to do it automatically?
Also, sorry for the screenshots in Spanish, I'll translaten them if necesary.
-
Hi Heantrad,
I use adblock for security reasons (so I can avoid ads giving me malware, and I don't know if the ads from that page can give malware), but I'm kind of untrustful towards Microsoft, and I know they're capable of making the conexion unsafe just because I use an adblocker, is that possible?
They never ever will do this.
Also, Chrome says this (second image) about the conectivity of the page, what does it mean?, I remember that it was in green short ago (totally encrypted with modern encryptation), also I censored it because I don't know if it's safe to say what type of conectivity a page has, if you tell me it's safe I'll send a version without the MS Paint quality censor.
And when you enter the page, if you don't do nothing, it appears this instead (third image), if you change folders twice (from inbox to unwanted mail to inbox again for example), it changes to the image shown before.
Chrome warns you that the webserver is using SHA-1 hashing (https://en.wikipedia.org/wiki/SHA-1) whitch is vulnerable to some extend to Collision attacks (https://en.wikipedia.org/wiki/Collision_attack).
You don't have to worry about that. Microsoft will update it a day or another.
If any of those things is true, can I transfer my outlook account into a gmail one? I mean, will I need to change my e-mail direction for every account I have to my new gmail one or there's a way to do it automatically?
There is unfortunately no way to do this automatically.
Regards.
-
Hi Heantrad,
I use adblock for security reasons (so I can avoid ads giving me malware, and I don't know if the ads from that page can give malware), but I'm kind of untrustful towards Microsoft, and I know they're capable of making the conexion unsafe just because I use an adblocker, is that possible?
They never ever will do this.
Also, Chrome says this (second image) about the conectivity of the page, what does it mean?, I remember that it was in green short ago (totally encrypted with modern encryptation), also I censored it because I don't know if it's safe to say what type of conectivity a page has, if you tell me it's safe I'll send a version without the MS Paint quality censor.
And when you enter the page, if you don't do nothing, it appears this instead (third image), if you change folders twice (from inbox to unwanted mail to inbox again for example), it changes to the image shown before.
Chrome warns you that the webserver is using SHA-1 hashing (https://en.wikipedia.org/wiki/SHA-1) whitch is vulnerable to some extend to Collision attacks (https://en.wikipedia.org/wiki/Collision_attack).
You don't have to worry about that. Microsoft will update it a day or another.
If any of those things is true, can I transfer my outlook account into a gmail one? I mean, will I need to change my e-mail direction for every account I have to my new gmail one or there's a way to do it automatically?
There is unfortunately no way to do this automatically.
Regards.
Is CCleaner a good way to delete Firewall rules? It's because I'm afraid of doing something wrong with something as important as that.
-
Hi Heantrad,
To my knowledge, CCleaner doesn't include such feature.
You will need to to this using Windows Firewall with Advanced Security (https://technet.microsoft.com/en-us/library/cc754274.aspx) module.
Regards.
-
Hi Heantrad,
To my knowledge, CCleaner doesn't include such feature.
You will need to to this using Windows Firewall with Advanced Security (https://technet.microsoft.com/en-us/library/cc754274.aspx) module.
Regards.
So, the removal process of MBAM has ended.
This is what I meant with that CCleaner can delete firewall rules (first image).
Not, there's left the removal of the second Program Files and the Nvidia's drivers problem.
Also, about Nvidia's Drivers, today I recieved an update, after I installed it and tried to close the installation window Nvidia Gefore Experience crashed, when I openned it again through a direct acces on my desktop and checked what happened, it said that the update was still avalible, I searched for updates to see if that was an error and it looked like if the update wasn't installed at all.
I checked Nvidia's files and they seem to have been updated but in the drivers part of Nvidia Gefore Experience it says I have an old version of the drivers.
So it's just an error with NGE?
And sorry that it took me that long to reply back with more news about all this.
-
Hi Heantrad,
This is what I meant with that CCleaner can delete firewall rules (first image).
I'm sorry, I was not aware that CCleaner incude such a feature.
Also, about Nvidia's Drivers, today I recieved an update, after I installed it and tried to close the installation window Nvidia Gefore Experience crashed, when I openned it again through a direct acces on my desktop and checked what happened, it said that the update was still avalible, I searched for updates to see if that was an error and it looked like if the update wasn't installed at all.
I checked Nvidia's files and they seem to have been updated but in the drivers part of Nvidia Gefore Experience it says I have an old version of the drivers.
So it's just an error with NGE?
Difficult to say.
You could download NVIDIA drivers latest version using NVIDIA Driver Downloads (http://www.nvidia.com/Download/index.aspx?lang=en-us).
Regards.
-
Hi Heantrad,
This is what I meant with that CCleaner can delete firewall rules (first image).
I'm sorry, I was not aware that CCleaner incude such a feature.
Also, about Nvidia's Drivers, today I recieved an update, after I installed it and tried to close the installation window Nvidia Gefore Experience crashed, when I openned it again through a direct acces on my desktop and checked what happened, it said that the update was still avalible, I searched for updates to see if that was an error and it looked like if the update wasn't installed at all.
I checked Nvidia's files and they seem to have been updated but in the drivers part of Nvidia Gefore Experience it says I have an old version of the drivers.
So it's just an error with NGE?
Difficult to say.
You could download NVIDIA drivers latest version using NVIDIA Driver Downloads (http://www.nvidia.com/Download/index.aspx?lang=en-us).
Regards.
First of all, sorry that it took me so long to reply.
So, I did a Roguekiller scan and it detected some new PUMs related to IE, I'll attach a txt log (I also have a json one, if you need it tell me and I'll send it).
After eliminating them (the IE ones only, as the DNS ones are legit, as you told me), the default homepage is MSN and the default search engine Bing, there wasn't (and stills without beign) any search bars
Were those legit or not?
As always, thanks.
-
Hi Heantrad,
Yes, they were legit.
Your report is clean.
Regards.
-
Hi Heantrad,
Yes, they were legit.
Your report is clean.
Regards.
So they were false positives.
Also, I sended you a PM with what seems a new Skype scam, as there isn't any information of it on the internet.
-
Hi Heantrad,
So they were false positives.
Those entries are PUMs, they must be interpreted manually.
Please refer to this post (http://forum.adlice.com/index.php?topic=499.msg3000#msg3000) for more information.
Also, I sended you a PM with what seems a new Skype scam, as there isn't any information of it on the internet.
Your friend is most likely infected. Did you click on the link ?
Regards.
-
Hi Heantrad,
So they were false positives.
Those entries are PUMs, they must be interpreted manually.
Please refer to this post (http://forum.adlice.com/index.php?topic=499.msg3000#msg3000) for more information.
Also, I sended you a PM with what seems a new Skype scam, as there isn't any information of it on the internet.
Your friend is most likely infected. Did you click on the link ?
Regards.
So, it's up to me to decide if that was a PUM or not then.
Well, it seemed a legit google page, so I don't know, about the perserve bar entry, no idea.
No, I didn't click on the link, but as it seems, it's a new scam, as there isn't any information on Google about that page.
-
Hi Heantrad,
So, it's up to me to decide if that was a PUM or not then.
Well, it seemed a legit google page, so I don't know, about the perserve bar entry, no idea.
Yes. If it's google, it's legit. ;)
No, I didn't click on the link, but as it seems, it's a new scam, as there isn't any information on Google about that page.
Since you didn't click on the link, you dont have to worry.
Regards.
-
Hi Heantrad,
So, it's up to me to decide if that was a PUM or not then.
Well, it seemed a legit google page, so I don't know, about the perserve bar entry, no idea.
Yes. If it's google, it's legit. ;)
No, I didn't click on the link, but as it seems, it's a new scam, as there isn't any information on Google about that page.
Since you didn't click on the link, you dont have to worry.
Regards.
So, I checked the firewall rules that CCleaner can remove, they're all from Java, and as I'm going to reinstall Java later or sooner again, I will not remove them.
Also, yesterday a friend sended me a message on the phone with a link to a webpage named quizyourfriends , it sounded as a webpage that wasn't safe, so I didn't opened it, but by mistake I clicked it and opened it. I wanna ask, is that site safe? I ask because I have Chrome synchronized on PC and Smarthphone, so I suposse the data of it would have sync after that, I suppose.
-
Hi Heantrad,
quizyourfriends website is safe.
Regards.
-
Hi Heantrad,
quizyourfriends website is safe.
Regards.
So I was checking the task scheluder and I noticed a task with a strange name.
It activates when you create or modify a task, and the action is to execute a program.
I included an image with the task's action details.
I did install TronScript time ago, but I alredy deleted it, so, what does the task do and what would it happen if it was executed?, as it stills active.
-
Hi Heantrad,
pcalua.exe is the Program Compatibility Assistant. The Program Compatibility Assistant is an automatic feature of Windows that runs when it detects an older program has a compatibility problem.
Since you don't use TronScript any more, you can safely delete the task.
Regards.
-
Hi Heantrad,
pcalua.exe is the Program Compatibility Assistant. The Program Compatibility Assistant is an automatic feature of Windows that runs when it detects an older program has a compatibility problem.
Since you don't use TronScript any more, you can safely delete the task.
Regards.
I did a scan with AdwCleaner and it detected a pair of files, I'll delete them now.
Any idea of what could it have been?
I unistalled AdwCleaner it to empty the quarantine, but it seems the files still are there.
-
Hi Heantrad,
These files are linked to Olark chat widget. They are certainly harmless.
If you want to delete them, delete the following folder :
C:\AdwCleaner
Regards.
-
Hi Heantrad,
These files are linked to Olark chat widget. They are certainly harmless.
If you want to delete them, delete the following folder :
C:\AdwCleaner
Regards.
The thing is that I alredy deleted them, but as showed by the other image I linked too, it seems that they haven't got deleted, althought AdwCleaner doesn't detect anything anymore.
Also, is urlrevealer.com a good url revelar page, or is there any better ones out there?, as I've readed that it might be a fake site.
-
Hi Heantrad,
The thing is that I alredy deleted them, but as showed by the other image I linked too, it seems that they haven't got deleted, althought AdwCleaner doesn't detect anything anymore.
Since they are not detected anaymore, it's alright.
Also, is urlrevealer.com a good url revelar page, or is there any better ones out there?, as I've readed that it might be a fake site.
It's safe. If your are satisfied with it, keeps using it.
Regards.
-
It's the domain a.pomf.cat clean?
I've seen in virustotal, pomf.cat and a.pomf.cat appear clear, but when pomf is hosting a file (In my case I opened the link trough RES, so I didn't left Reddit but I could hear the audio file it was beign hosted) it has a malicious detection and a suspicious one.
-
Hi Heantrad,
A quick examination of the site doesn't reveal anything malicious.
However, please keep in mind that the content hosted may be malicious.
Regards.
-
Hi Heantrad,
A quick examination of the site doesn't reveal anything malicious.
However, please keep in mind that the content hosted may be malicious.
Regards.
It's webm.land safe?
Virustotal and Safeweb say it's clean, but if I've hearded that video uploading webpages normally contain malware.
Also, when I do a RogueKiller scan now, the registry part appears totally clean now, without the DNS entries, have that DNS entries been whitelisted?
-
Hi Heantrad,
It's webm.land safe?
The website itself should be safe but the ads displayed may be not.
I advice you to install the Web of Trust module for Firefox (https://addons.mozilla.org/fr/firefox/addon/wot-safe-browsing-tool/), it will help you to check the safety of websites .
Also, when I do a RogueKiller scan now, the registry part appears totally clean now, without the DNS entries, have that DNS entries been whitelisted?
Sort of. Those entries are now hidden by default.
Regards.
-
Hi Heantrad,
It's webm.land safe?
The website itself should be safe but the ads displayed may be not.
I advice you to install the Web of Trust module for Firefox (https://addons.mozilla.org/fr/firefox/addon/wot-safe-browsing-tool/), it will help you to check the safety of websites .
Also, when I do a RogueKiller scan now, the registry part appears totally clean now, without the DNS entries, have that DNS entries been whitelisted?
Sort of. Those entries are now hidden by default.
Regards.
Sadly, I use Chrome, so I can't install that, but I have Avast Online Security in Chrome.
Is there any way to unhide those entries?
Also, found this page haveibeenpwned.com, it seems trustable, when I checked if it happened to my accounts, they all appeared clean, so we can guess the proxy server didn't send any important information I guess.
Also, is there any way to know what a new version of Chrome includes? I only know this blog googlechromereleases.blogspot.com and it seems it wasn't safe.
-
Hi Heantrad,
Sadly, I use Chrome, so I can't install that, but I have Avast Online Security in Chrome.
You can find a version for Chrome HERE (https://chrome.google.com/webstore/detail/wot-web-of-trust-website/bhmmomiinigofkjcapegjjndpbikblnp?hl=fr).
Is there any way to unhide those entries?
Not right now.
Also, is there any way to know what a new version of Chrome includes? I only know this blog googlechromereleases.blogspot.com and it seems it wasn't safe
This website is maintained by Chrome developers; it's safe.
Regards.
-
Hi Heantrad,
Sadly, I use Chrome, so I can't install that, but I have Avast Online Security in Chrome.
You can find a version for Chrome HERE (https://chrome.google.com/webstore/detail/wot-web-of-trust-website/bhmmomiinigofkjcapegjjndpbikblnp?hl=fr).
Is there any way to unhide those entries?
Not right now.
Also, is there any way to know what a new version of Chrome includes? I only know this blog googlechromereleases.blogspot.com and it seems it wasn't safe
This website is maintained by Chrome developers; it's safe.
Regards.
Strange, Virustotal says that blog it's dangerous and it also has a bad score.
Also, was it a bad idea to use the haveibeenpwned page? As it can get breached or the creator (although the creator seems trustable) can sell the information.
-
Hi Heantrad,
Strange, Virustotal says that blog it's dangerous and it also has a bad score.
Check this (https://www.mywot.com/en/scorecard/googlechromereleases.blogspot.com).
Also, was it a bad idea to use the haveibeenpwned page? As it can get breached or the creator (although the creator seems trustable) can sell the information.
There is no way to be sure.
Regards.
-
Hi Heantrad,
Strange, Virustotal says that blog it's dangerous and it also has a bad score.
Check this (https://www.mywot.com/en/scorecard/googlechromereleases.blogspot.com).
Also, was it a bad idea to use the haveibeenpwned page? As it can get breached or the creator (although the creator seems trustable) can sell the information.
There is no way to be sure.
Regards.
I wanted to ask something that happens when I use RogueKiller, the icon of 'Extract hardware safely' in the notification area dissapears without aparent reason, why does this happen?
Also, is Quttera a bad analizyng site? Everytime there's a detection from a safe page in VirusTotal is normally from Quttera, it even detects blog.malwarebytes.org as malicious.
So, yesterday I was checking some options in Skype and I clicked on help, it took me to my browser and opened sesion in Skype to see the help forum, the thing is that the account name was gibberish it was live:name, so I unlinked that account to my Microsoft account, but an e-mail reached saying that I had registered correctly and I decided to check what had happen, when I checked it the same happen, but this time it was live:name_2. The thing is that I've done that a bunch of times to test how it worked, and now there are a bunch of accounts with my name if you search it on the Skype desktop application.
I want to know, if I unlinked all those accounts from my Microsoft account, do they still have my login information and probably my e-mail too?
Is there any way to delete them?
Also, when I click my account name to enter my profile, it goes to my actual real profile, but not the one with the gibberish name.
And it seems I can register in the Skype Community with that gibberish name, but I need to enter a profile name to start.
I attached a image so you can see what I mean, if I click the profile name I enter on my normal account, if I click in the option below, I'm still registered with the gibberish name but I need to enter an actual profile name to fully register and use the Skype community.
So, it seems that gibberish name is just the normal name that is given to everyone before thet register to the community but alredy have a Skype account, so all those accounts seems to be linked to the same account, the one I use. But then, why there is a Skype result for every account that I have "created" now if they're all the same account in general?
So, basically, it seems that gibberish name was a temporal name for my Skype account in the forums, as I didn't fully ended registering, but my question is, what has happen to the rest of the accounts that are now left behind, they don't seem to have got deleted, as they appear on Skype's search in their application, but they also seem inaccesible, as if I log with my account, I enter the last one I created with the gibberish name.
Also, it seems that if I log either on hotmail, skype or the skype community I log on the rest of accounts, and if I unlog I unlog on everyone, but this time I entered the skype community, clicked my name and they asked me to log on my skype account. This is getting kind of messy to be honest.
It seems there are two _17 accounts now, instead of beign _17 and _18. Also, should I tell inform the Skype staff of this error? As if they take it as account spam or something and delete my Microsoft account, I will be left without e-mail.
I've checked the profiles of various of the accounts I seem to have created through this error, as I still have the registration mails I can see the profiles on the Skype community, they're all different accounts that seem to still active, as every each of them has a different profile picture that is given randomly and all of them have different registration times.
-
Hi Heantrad,
A quick examination of the site doesn't reveal anything malicious.
However, please keep in mind that the content hosted may be malicious.
Regards.
It's webm.land safe?
Virustotal and Safeweb say it's clean, but if I've hearded that video uploading webpages normally contain malware.
Also, when I do a RogueKiller scan now, the registry part appears totally clean now, without the DNS entries, have that DNS entries been whitelisted?
No ad's in our website. ;)
-
Hi Heantrad,
I wanted to ask something that happens when I use RogueKiller, the icon of 'Extract hardware safely' in the notification area dissapears without aparent reason, why does this happen?
You are the first user to report this behaviour. We will investigate it.
Also, is Quttera a bad analizyng site? Everytime there's a detection from a safe page in VirusTotal is normally from Quttera, it even detects blog.malwarebytes.org as malicious.
Quttera performs automatics websites malwares scan, so it can leads to false positives (blog.malwarebytes.org for exemple).
Regarding your questions about Skype, I suggest you to open a new thread on the Skype Community Forum (http://community.skype.com). They will be more qualified than me to help you with this.
Regards.
-
Hi webmland,
Thanks for the clarifications.
It's always nice when a website ownser invests some time to provide answers. :)
Regards.
-
Hi Heantrad,
I wanted to ask something that happens when I use RogueKiller, the icon of 'Extract hardware safely' in the notification area dissapears without aparent reason, why does this happen?
You are the first user to report this behaviour. We will investigate it.
Also, is Quttera a bad analizyng site? Everytime there's a detection from a safe page in VirusTotal is normally from Quttera, it even detects blog.malwarebytes.org as malicious.
Quttera performs automatics websites malwares scan, so it can leads to false positives (blog.malwarebytes.org for exemple).
Regarding your questions about Skype, I suggest you to open a new thread on the Skype Community Forum (http://community.skype.com). They will be more qualified than me to help you with this.
Regards.
Alright, I'll post a thread there soon.
It's just strange as they seem to exist, but they don't appear on the search engine of the community forums.
Is puu.sh a dangerous site?, it has detections and a bad score on Virustotal, and I've searched info and it seems it can download a scr file which can act as a keylogger or something similar.
This e-mails were on the deleted e-mails folder, I don't remember having deleted them, as I'm keeping every e-amil from Skype, any idea of what they could be? (the one from 2015 didn't appear before).
Is akamaihd.net unsafe? It seems it has adware, and if that's the case, why does Facebook use it? It seems it's a CDN, so, does that mean that the adware that seems quite common and is distributed through this website doesn't have anything to do with the Facebook one?
Bing.com is a phising site?
So, is it true that one can get malware by using and viewing (not clicking any links or images) Google Images?
Is win.rar GmbH the legit editor of Winrar or does that mean I installed a bad version of it?
Also, I wanted to apologize for all the "is this page safe" questions I've been doing lately.
-
First of all, sorry for all the wait with the Skype thing, I've been busy lately and I couldn't do it yet.
Today, Adwcleaner updated and detected a registry key.
Any idea of what can it be?
As it was a WIN key, could it be related to the update Microsoft Security Essentials recently had?
-
Hi Heantrad,
This registry key is a leftover of some adware.
You can safely remove it.
Regards.
-
Hi Heantrad,
This registry key is a leftover of some adware.
You can safely remove it.
Regards.
Okay, thanks for answering.
So, a pair of days ago my computer stopped completelly working because some problems with the graphic card or the motherboard, I still don't know, but right now I'm using my computer without the graphic card.
The thing is that I ran a RKill scan today and it detected an error in the Windows Service Integrity, I'll attach the log.
I'm also configuring a computer that through cable is connected to the same net as my computer, today I finished installing all the windows updates (the computer is running Windows 7 too) and I ran a complete scan with Microsoft Security Essentials, the preliminary scan says that it has detected potential malware, apart of the updates and the antivirus we didn't install anything else.
I haven't ran any other scans on my computer yet, so I don't know if there's anything else.
Any ideas of what can it be?
-
Hi Heantrad,
So, a pair of days ago my computer stopped completelly working because some problems with the graphic card or the motherboard, I still don't know, but right now I'm using my computer without the graphic card.
You are lucky your computer is still working. :)
The thing is that I ran a RKill scan today and it detected an error in the Windows Service Integrity, I'll attach the log.
The TPM Base Services (TBS) feature is an optional system service that allows transparent sharing of the Trusted Platform Module (TPM) resources. It simultaneously shares the TPM resources among multiple applications on the same physical machine, even if those applications run on different virtual machines.
In short, in your case, this has no impact.
I'm also configuring a computer that through cable is connected to the same net as my computer, today I finished installing all the windows updates (the computer is running Windows 7 too) and I ran a complete scan with Microsoft Security Essentials, the preliminary scan says that it has detected potential malware, apart of the updates and the antivirus we didn't install anything else.
I haven't ran any other scans on my computer yet, so I don't know if there's anything else.
Any ideas of what can it be?
I believe it's a false positive.
Regards.
-
Hi Heantrad,
So, a pair of days ago my computer stopped completelly working because some problems with the graphic card or the motherboard, I still don't know, but right now I'm using my computer without the graphic card.
You are lucky your computer is still working. :)
The thing is that I ran a RKill scan today and it detected an error in the Windows Service Integrity, I'll attach the log.
The TPM Base Services (TBS) feature is an optional system service that allows transparent sharing of the Trusted Platform Module (TPM) resources. It simultaneously shares the TPM resources among multiple applications on the same physical machine, even if those applications run on different virtual machines.
In short, in your case, this has no impact.
I'm also configuring a computer that through cable is connected to the same net as my computer, today I finished installing all the windows updates (the computer is running Windows 7 too) and I ran a complete scan with Microsoft Security Essentials, the preliminary scan says that it has detected potential malware, apart of the updates and the antivirus we didn't install anything else.
I haven't ran any other scans on my computer yet, so I don't know if there's anything else.
Any ideas of what can it be?
I believe it's a false positive.
Regards.
So, today I was trying to install a program in the other computer from my net, during the installation of it (although it was oficial) I saw it included adware so I told the owner of that computer to wait until I found a better program without adware. The thing is that he ignored me and he decided to enter Softonic and other pages which I don't know it's validity but they seemed to be fake websites with fake solutions.
The thing is, through entering in those webpages and as we're connected by cable to the same router, could it have affected my computer by any sort? He used Firefox with Adblock Plus and NoScript.
I would also like to ask, any malware, spyware, etcetera that gets into his computer, can it infect or affect mine in any way?
I've done VirusTotal scans of RKill and AdwCleaner out of curiosity and the programs seem to have detections by some reason, are they fake positives?
Also, a doubt I have, lately I've seen Multi.Threats.InArchive a lot on VirusTotal, what does it mean?
-
Hi Heantrad,
So, today I was trying to install a program in the other computer from my net, during the installation of it (although it was oficial) I saw it included adware so I told the owner of that computer to wait until I found a better program without adware. The thing is that he ignored me and he decided to enter Softonic and other pages which I don't know it's validity but they seemed to be fake websites with fake solutions.
Softonic is indeed repacking legit softwares with adwares.
It's adviced to not download anything from this site.
The thing is, through entering in those webpages and as we're connected by cable to the same router, could it have affected my computer by any sort? He used Firefox with Adblock Plus and NoScript.
No, your computer is safe.
I would also like to ask, any malware, spyware, etcetera that gets into his computer, can it infect or affect mine in any way?
Some malware may use vulnerabilities to propagate through computers in the same network, but they are not common.
Don't worry too much about it.
I've done VirusTotal scans of RKill and AdwCleaner out of curiosity and the programs seem to have detections by some reason, are they fake positives?
Yes, they are.
Also, a doubt I have, lately I've seen Multi.Threats.InArchive a lot on VirusTotal, what does it mean?
It's usually a software archive containing adwares.
Regards.
-
Hi Heantrad,
So, today I was trying to install a program in the other computer from my net, during the installation of it (although it was oficial) I saw it included adware so I told the owner of that computer to wait until I found a better program without adware. The thing is that he ignored me and he decided to enter Softonic and other pages which I don't know it's validity but they seemed to be fake websites with fake solutions.
Softonic is indeed repacking legit softwares with adwares.
It's adviced to not download anything from this site.
The thing is, through entering in those webpages and as we're connected by cable to the same router, could it have affected my computer by any sort? He used Firefox with Adblock Plus and NoScript.
No, your computer is safe.
I would also like to ask, any malware, spyware, etcetera that gets into his computer, can it infect or affect mine in any way?
Some malware may use vulnerabilities to propagate through computers in the same network, but they are not common.
Don't worry too much about it.
I've done VirusTotal scans of RKill and AdwCleaner out of curiosity and the programs seem to have detections by some reason, are they fake positives?
Yes, they are.
Also, a doubt I have, lately I've seen Multi.Threats.InArchive a lot on VirusTotal, what does it mean?
It's usually a software archive containing adwares.
Regards.
Alright, thanks a lot for helping me with that.
By the way, for some reason the last version of rkill is getting a bunch of detections and bad score in VirusTotal, has something happened with it? https://www.virustotal.com/en/file/6f084bfc9e26773a7d8f6c59b3650f7307a7b725fd2e9fddcba2199c28a349af/analysis/1461447181/
Another doubt, I checked the integrity of rpg-maker.fr because I needed to check something there and NortonSafeWeb detected a virus called Heuristic.AHD. My doubt is, does the virus infect you directly when you enter the page or only if you download the program it seems it's infected? (as it specifies a location for that virus)
-
Hi Heantrad,
By the way, for some reason the last version of rkill is getting a bunch of detections and bad score in VirusTotal, has something happened with it?
Rkill is using techniques whose appear suspicious to some antivirus softwares.
It's perfectly safe to be used.
Another doubt, I checked the integrity of rpg-maker.fr because I needed to check something there and NortonSafeWeb detected a virus called Heuristic.AHD. My doubt is, does the virus infect you directly when you enter the page or only if you download the program it seems it's infected? (as it specifies a location for that virus)
I don't spot anything suspicious.
It must be a false positive.
Regards.
-
Hi Heantrad,
By the way, for some reason the last version of rkill is getting a bunch of detections and bad score in VirusTotal, has something happened with it?
Rkill is using techniques whose appear suspicious to some antivirus softwares.
It's perfectly safe to be used.
Another doubt, I checked the integrity of rpg-maker.fr because I needed to check something there and NortonSafeWeb detected a virus called Heuristic.AHD. My doubt is, does the virus infect you directly when you enter the page or only if you download the program it seems it's infected? (as it specifies a location for that virus)
I don't spot anything suspicious.
It must be a false positive.
Regards.
If needed, the localitation of that supossed virus is this scan here https://safeweb.norton.com/report/show?url=http%3A%2F%2Fwww.rpg-maker.fr%2F
-
Hi Heantrad,
This is definitely a false positive.
Regards.
-
Hi Heantrad,
This is definitely a false positive.
Regards.
For no apparent reason, the computer needs to do a full disk check to verify the integrity of some files on startup, it seems to be the same type of check I did time ago on the MalwareBytes forum after they found some errors with winows search.
When I turned on the PC today for the first time, it didn't appear, but the Windows Updates didn't download so I restarted the computer, when I restarted that message appeared after the OS started but before the desktop appeared, I was too slow to make it don't check the hardrive and it started, but I turned off the PC anyways.
When I started the PC again, it appeared again, but this time I cancelled it correctly, but it keeps appearing.
The computer doesn't seem to have anything wrong at first glance, why could that have happened and should I let the hardrive get checked?
-
Hi Heantrad,
An error may have been detected and Windows scheduled CHKDSK to be run on startup to check your HDD.
I advice you to let it complete the scan.
Regards.
-
Hi Heantrad,
An error may have been detected and Windows scheduled CHKDSK to be run on startup to check your HDD.
I advice you to let it complete the scan.
Regards.
I'm doing a full scan with every program I have and so far AdwCleaner detected something in Chrome, I'll attach the log, the deleted item is down in the file, as now it seems AdwCleaner only uses one file for all deletion logs.
So, news sites like Forbes and Reuters are saying there has been a hack of millions of e-mail accounts (those including Google and Hotmail), I would like to ask if you know, as those news don't specifie, was it an info leaks, an attack to the service's servers, or just manually hacked?
-
Hi Heantrad,
I'm doing a full scan with every program I have and so far AdwCleaner detected something in Chrome, I'll attach the log, the deleted item is down in the file, as now it seems AdwCleaner only uses one file for all deletion logs.
AdwCleaner detected and deleted a PUP Search Provider, nothing to be afraid of.
So, news sites like Forbes and Reuters are saying there has been a hack of millions of e-mail accounts (those including Google and Hotmail), I would like to ask if you know, as those news don't specifie, was it an info leaks, an attack to the service's servers, or just manually hacked?
This was not disclosed.
Regards.
-
Hi Heantrad,
I'm doing a full scan with every program I have and so far AdwCleaner detected something in Chrome, I'll attach the log, the deleted item is down in the file, as now it seems AdwCleaner only uses one file for all deletion logs.
AdwCleaner detected and deleted a PUP Search Provider, nothing to be afraid of.
So, news sites like Forbes and Reuters are saying there has been a hack of millions of e-mail accounts (those including Google and Hotmail), I would like to ask if you know, as those news don't specifie, was it an info leaks, an attack to the service's servers, or just manually hacked?
This was not disclosed.
Regards.
For no reason in particular, Adblock Plus started crashing and needed to get restarted all the time today, after unistalling and installing it again, it keeped crashing, but after restarting the PC it seems to have stopped so far, any idea why could that have happened?
Also, as SuperAntiSpyware! runs in the background unless you exit the program and after that it still has a service running, can it cause conflict with Microsoft Security Essentials? I've searched if those programs are compatible and it seems it can cause some problems.
-
Hi Heantrad,
For no reason in particular, Adblock Plus started crashing and needed to get restarted all the time today, after unistalling and installing it again, it keeped crashing, but after restarting the PC it seems to have stopped so far, any idea why could that have happened?
I have no clue, sorry.
Also, as SuperAntiSpyware! runs in the background unless you exit the program and after that it still has a service running, can it cause conflict with Microsoft Security Essentials? I've searched if those programs are compatible and it seems it can cause some problems.
SuperAntiSpyware and Microsoft Security Essentials are not targetting the same type of threats, so they should be working fine together.
However, please take note I know very little about SuperAntiSpyware , so I could be wrong.
Regards.
-
Hi Heantrad,
For no reason in particular, Adblock Plus started crashing and needed to get restarted all the time today, after unistalling and installing it again, it keeped crashing, but after restarting the PC it seems to have stopped so far, any idea why could that have happened?
I have no clue, sorry.
Also, as SuperAntiSpyware! runs in the background unless you exit the program and after that it still has a service running, can it cause conflict with Microsoft Security Essentials? I've searched if those programs are compatible and it seems it can cause some problems.
SuperAntiSpyware and Microsoft Security Essentials are not targetting the same type of threats, so they should be working fine together.
However, please take note I know very little about SuperAntiSpyware , so I could be wrong.
Regards.
Today when I checked the task manager I saw there was a new task called Validation Task, after searching for a bit it seems it's legit, but it's programmed to happen in 3 months and the description has the name of a Windows 7 update that got installed around two years ago.
It's just a task made by Microsoft (although I haven't installed any updates specific for Windows 7 recently) to check if your copy of Windows is original or it can be something else?
Thanks in advance
-
Hi Heantrad,
The Validation Task is perfectly legit and is indeed used to check for non-genuine Windows activation.
It's linked to update KB971033.
Regards.
-
Hi Heantrad,
The Validation Task is perfectly legit and is indeed used to check for non-genuine Windows activation.
It's linked to update KB971033.
Regards.
It seems a program has unistalled without apparent reason, is there a way to check what programs have been unistalled?
-
Hi Heantrad,
No, not really.
Regards.