Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: malware

05 Aug 2013   #11
VistaKing

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
 
 

Download HitManPro

64-Bit Version OS HitmanPro_x64

32-Bit Version OS HitmanPro

Save to the Desktop

Right click on HitmanPro.exe and choose

When HitmanPro opens up click on Settings uncheck Scan for tracking cookies . Click on OK . Then click on the Next button

Click on No, I only want to perform a one-time scan to check this computer on the Setup page . Click Next once done .

Let it scan the PC once its done Click Next

Click Activate free license to start the free 30 days trial and remove all the malicious files from your computer then click Next

Copy and paste the contents of the log . Located in C:\ ProgramData\Hitman Pro\Logs


My System SpecsSystem Spec
.
05 Aug 2013   #12
pcspike

Windows 7 Ultimate
 
 

Hi Vista King,

See attachment to Hitmanpro log. Just checked the browser and it now seem clear of popups. Are you able to tell what was the cause of the problem?


Attached Files
File Type: log HitmanPro_20130805_1952.log (20.2 KB, 9 views)
My System SpecsSystem Spec
05 Aug 2013   #13
VistaKing

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
 
 

Delete the old FRST.txt file and rerun FRST64.exe please . Upload the new FRST.txt
My System SpecsSystem Spec
.

05 Aug 2013   #14
pcspike

Windows 7 Ultimate
 
 

See attachment


Attached Files
File Type: txt FRST.txt (38.8 KB, 4 views)
My System SpecsSystem Spec
05 Aug 2013   #15
VistaKing

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
 
 

Open Notepad. Inside notepad paste the highlighted text below

start
HKLM-x32\...\Run: [] - [x]
CHR HKLM-x32\...\Chrome\Extension: [ddjobbmbkpnhmiloopddfpnedcmhcdpg] - C:\Program Files (x86)\Search Results Toolbar\Datamngr\chromeExtension.crx
2013-08-05 16:02 - 2013-08-05 16:11 - 00000000 ____D C:\Program Files (x86)\Web Cake
2013-08-05 16:02 - 2013-08-05 16:09 - 00000000 ____D C:\Users\Dave\AppData\Roaming\Web Cake
2013-08-05 20:05 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-05 16:11 - 2013-08-05 16:04 - 00000000 ____D C:\Program Files (x86)\WinZipper
2013-08-05 16:11 - 2013-08-05 16:02 - 00000000 ____D C:\Program Files (x86)\Web Cake
2013-08-05 16:09 - 2013-08-05 16:03 - 00000000 ____D C:\Users\Dave\AppData\Roaming\player
2013-08-05 16:09 - 2013-08-05 16:02 - 00000000 ____D C:\Users\Dave\AppData\Roaming\Web Cake
2013-08-05 16:04 - 2013-08-05 16:04 - 00000000 ____D C:\Users\Dave\AppData\Roaming\WinZipper
end


Click on File select SAve as

Location: Desktop
File Name: Fixlist.txt
Save as type : All files

click on the Save button

Open FRST64.exe click on the [Fix] button once its done it will create a new log file on your desktop called Fixlog.txt. Upload that log

Once you're done run ESET online scanner

On
Hold down Control and click on ESET Online Scanner to open ESET OnlineScan in a new window
Click the button
Check YES, I accept the Terms of Use.
Click the Start button.
Accept any security warnings from your browser.
Under scan settings, check "Scan Archives" and "Remove found threats"
Click Advanced settings and select the following:
Scan potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth technology
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, click List Threats
Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Click the Back button.
Click the Finish button.


On or
Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
Right click on choose on your desktop
Check YES, I accept the Terms of Use.
Click the Start button.
Accept any security warnings from your browser.
Under scan settings, check "Scan Archives" and "Remove found threats"
Click Advanced settings and select the following:
Scan potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth technology
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, click List Threats
Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Click the Back button.
Click the Finish button.
My System SpecsSystem Spec
05 Aug 2013   #16
VistaKing

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
 
 

You also would want to take a look at the link below to remove some items from your Chrome search section

Remove Delta Search (Uninstall Guide)
My System SpecsSystem Spec
05 Aug 2013   #17
NoN

Windows 7 Professional SP1 - x64 [Non-UEFI Boot]
 
 

Quote   Quote: Originally Posted by pcspike View Post
Hi Vista King,

See attachment to Hitmanpro log. Just checked the browser and it now seem clear of popups. Are you able to tell what was the cause of the problem?

Looks D2M-Precheck[1].exe was the trojan...

Some reporting aswell strange folders come along with:


Quote:
Question owner



I ran AdwCleaner first. It found many registry keys. It also found these folders:
  • C:\Program Files (x86)\OApps
  • C:\Program Files (x86)\SaveValet
In the OApps directory was the file: dler.exe
Then I ran Malwarebytes Anti-Malware which found: D2M-Precheck[1].exe (Trojan.MSIL)
All of the above were missed by Microsoft's Security Essentials.
The malware that was was putting the banner in the webpages I viewed was SelectionLinks. It is a FireFox plugin that was sneakily installed.
I am certain the above infections happened because of free software I had downloaded. I do not know which of them it was. I suspect one or more of them was downloaded from other than the official site for them.
I thank you for your help. I had some serious infections, especially dler.exe.
You might want in a near future set those settings to internet:
Internet Explorer Delete Browsing History

Empty Temporary Internet Files folder when closed
My System SpecsSystem Spec
05 Aug 2013   #18
pcspike

Windows 7 Ultimate
 
 

Quote   Quote: Originally Posted by VistaKing View Post
Open Notepad. Inside notepad paste the highlighted text below

start
HKLM-x32\...\Run: [] - [x]
CHR HKLM-x32\...\Chrome\Extension: [ddjobbmbkpnhmiloopddfpnedcmhcdpg] - C:\Program Files (x86)\Search Results Toolbar\Datamngr\chromeExtension.crx
2013-08-05 16:02 - 2013-08-05 16:11 - 00000000 ____D C:\Program Files (x86)\Web Cake
2013-08-05 16:02 - 2013-08-05 16:09 - 00000000 ____D C:\Users\Dave\AppData\Roaming\Web Cake
2013-08-05 20:05 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-05 16:11 - 2013-08-05 16:04 - 00000000 ____D C:\Program Files (x86)\WinZipper
2013-08-05 16:11 - 2013-08-05 16:02 - 00000000 ____D C:\Program Files (x86)\Web Cake
2013-08-05 16:09 - 2013-08-05 16:03 - 00000000 ____D C:\Users\Dave\AppData\Roaming\player
2013-08-05 16:09 - 2013-08-05 16:02 - 00000000 ____D C:\Users\Dave\AppData\Roaming\Web Cake
2013-08-05 16:04 - 2013-08-05 16:04 - 00000000 ____D C:\Users\Dave\AppData\Roaming\WinZipper
end


Click on File select SAve as

Location: Desktop
File Name: Fixlist.txt
Save as type : All files

click on the Save button

Open FRST64.exe click on the [Fix] button once its done it will create a new log file on your desktop called Fixlog.txt. Upload that log

Once you're done run ESET online scanner

On
Hold down Control and click on ESET Online Scanner to open ESET OnlineScan in a new window
Click the button
Check YES, I accept the Terms of Use.
Click the Start button.
Accept any security warnings from your browser.
Under scan settings, check "Scan Archives" and "Remove found threats"
Click Advanced settings and select the following:
Scan potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth technology
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, click List Threats
Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Click the Back button.
Click the Finish button.


On or
Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
Right click on choose on your desktop
Check YES, I accept the Terms of Use.
Click the Start button.
Accept any security warnings from your browser.
Under scan settings, check "Scan Archives" and "Remove found threats"
Click Advanced settings and select the following:
Scan potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth technology
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, click List Threats
Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Click the Back button.
Click the Finish button.
Okay, its 9pm here, so the first scan could be running to the early hours. I have an appointment tomorrow morning which means the second scan will only start in the afternoon.

Thanks for your help so far, its appreciated.
My System SpecsSystem Spec
05 Aug 2013   #19
Diosoth

Windows 7 Home Premium x64
 
 

ESET is slow. On an XP PC with only about 50 GB of space used it took almost an hour. On my Gateway a few months back it took around 4 hours. The more HDD space taken up, the longer the scan takes.
My System SpecsSystem Spec
05 Aug 2013   #20
VistaKing

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
 
 

Once ESET is complete uninstall pc suite and

Remove Search-Results toolbar (Uninstall Guide) take a look at the Google Chrome sections
My System SpecsSystem Spec
Reply

 malware




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Changing File Decription for link to Malware Bytes Anti-Malware
Have been using Win 7 Ultimate x64 for quite a while but tonight ran into a small problem. I like to keep the titles for links very short and want to rename "Malwarebytes Anti-Malware" (I am a registered, paid user) to simply "Malwarebytes". I am listed as an Administrator and I used LockHunter to...
System Security
need help getting rid of malware
hello everyone i recently started getting some errors in various places and antivirus notifications about some files that were quarantined immediately. than i found out my firewall (windows) is turned off and cant be turned on again, when trying to do so i get 'error code 0x8007042c' i tried...
System Security
Malware Removal Guide 2011: How to Get Rid of All The Latest Malware
Read more at: Maximum PC | Malware Removal Guide 2011: How to Get Rid of All The Latest Malware
Security Basics
Malware help...
Im running Win7 professional edition and I believe I have some sort of malware though Avast, Malewarebytes, spybot search and distroy, and microsoft security essentials pic up nothing... the reason i know i have something is that regedit is running as a process and regedit 32 on occasion... any...
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 00:09.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App