Is someone sharing Windows 7 with me?

[nottaclue9]

So, this all came about when I found the FBI ransom Trojan horse greeting me a couple of mornings ago. With the help of a techie friend, we got the thing removed (I hope). It took two days.

To find out which site I'd visited that may have given me the virus, I checked my history once everything was up and running again. I found a list of sites I have never, ever visited on any computer at any time in my life. International singles? HAHAHA! Myanmar newspapers? Downloaded videos? Nope. Not my stuff. What does this mean? Is it dire?

 

[VistaKing]

nottaclue9

Let's see something . Run this tool called DDS


Download



Double click the dds icon to run the tool.
Place a check next to attact.txt and click Start . When done, DDS will open two logs
DDS.txt
Attach.txt
Save two logs onto your desktop and upload them with your reply

 

[nottaclue9]

I did as you advised, but I cannot paste the first document, and I don't know how to zip. My apologies. I call myself nottacule for obvious reasons! Are there other ways to let you know what the documents say?

 

[VistaKing]

Try this tutorial

:ar: http://www.sevenforums.com/tutorials/9733-screenshots-files-upload-post-seven-forums.html

 

[cottonball]

nottaclue9,

You do have a clue...that the ransomware was up to no good!!

Have you deleted your browsing history?
How to delete your browsing history in Internet Explorer 9

Also, to make sure the ransomware files were removed, please do the following (this is a short report):

Download RogueKiller:
Tlcharger RogueKiller (Site Officiel)

When you get to the website, go to where it says:
(Download link) Lien de téléchargement:

Select the version without the x64.
Click the dark-blue button to download.
Save to the Desktop.

Close all windows and browsers.

Right-click and select: Run as Administrator

At the program console, wait for the prescan to finish. (Under Status, it says: Prescan finished.)
Press: SCAN

When done, a report opens on the Desktop: RKreport.txt

Please provide the RKreport.txt (Mode: Scan) in your reply.

 

[carwiz]

You don't necessarily have to visit the actual site. The malware can come in on third-party ads from a site that you did visit. Or you may have clicked on an innocent looking "Info Box" on a site. Many sites sell ad space and don't monitor the ads or the links. Even the server that handles the ads could have been hacked for a short time.

 

[nottaclue9]

My computer became hopelessly locked up, so I sent it away with the computer guy who found all sorts of infections. He explained these to me, but I cannot explain them to you as my eyes glazed over and my brain shut down. Apparently, there is something called a black hole back door virus? There were three primary infections, and yes. Someone else was using my computer. He "changed my identity" at sign-in, so as far as the person in Thailand is concerned, my computer no longer exists.

He ran a free spyware detection program before he had to leave, and I am now faced with deciding whether or not this is serious. Of course, I am asked to pay money to get rid of a "snap do" threat. What do y'all think?

 

[cottonball]

...so I sent it away with the computer guy who found all sorts of infections...

He ran a free spyware detection program before he had to leave, and I am now faced with deciding whether or not this is serious. Of course, I am asked to pay money...

Sent it away, he had to leave...you lost me. In any event, you do not need to spend any money to resolve the issue.

You can use some very basic detailed instructions to run a program that will remove the problem from your computer.

If you wish to go this route, do you have a clean computer available, and a USB pen drive?

Also, at this point, can you run RogueKiller as posted above? It will provide a stsrting point.

If you cannot run RogueKiller, also let us know.

 

[Jacee]

My computer became hopelessly locked up, so I sent it away with the computer guy who found all sorts of infections. He explained these to me, but I cannot explain them to you as my eyes glazed over and my brain shut down. Apparently, there is something called a black hole back door virus? There were three primary infections, and yes. Someone else was using my computer. He "changed my identity" at sign-in, so as far as the person in Thailand is concerned, my computer no longer exists.

He ran a free spyware detection program before he had to leave, and I am now faced with deciding whether or not this is serious. Of course, I am asked to pay money to get rid of a "snap do" threat. What do y'all think?

This "FBI ransom Trojan" is an "Identity Thief"! Do NOT pay any money .... If your computer was used for online banking or has credit card information on it, all passwords should be changed immediately to include those used for email, eBay and forums.
You should consider them to be compromised.

Passwords should be changed by using a different computer and not the infected one, if not an attacker may get the new passwords and transaction information.
Banking and credit card institutions should be notified of the possible security breech.

 

[nottaclue9]

Great information you guys. Thanks very much. Will proceed as directed.

RogueKiller has been run on this computer. It did not catch "snap do," or "snap do" has been quarantined by the free spyware scan to con me into paying for its removal. Can I ignore this, or is it something serious?

 

[cottonball]

Snap.do hijacks browser settings for Chrome, Firefox, and Internet Explorer. It needs removed!
Q 1. Which one of the browsers above do you use?
Need to know to help you remove Snap.do

Please go to Start > Control Panel > Programs
On the list of progrms installed on your computer, is Snap.do on it?
If so, click: Uninstall

Q 2. Can you please post the report from RogueKiller?
Need to see it also.

Q 3. Also, do you have a USB pendrive you can use to load a program?

Please provide the answers to the 3 questions above.

Thanks!

 

[nottaclue9]

I can give you two answers:
1) Snap do isn't listed in my programs. Seems suspicious, huh?
2) The computer guy who ran RogueKiller was a paid person from a company. I have no way of getting the report.
3) No. Don't even know what that is. Sorry.

 

[VistaKing]

Nottaclude9

Number 3's question . Is do you have one of these ( image below )

 

[cottonball]

On Q 2.

To make sure the ransomware files were removed, please do the following (this is a short report):


If it is not already on the Desktop, download RogueKiller:
Tlcharger RogueKiller (Site Officiel)

When you get to the website, go to where it says:
(Download link) Lien de téléchargement:

Select the version without the x64.
Click the dark-blue button to download.
Save to the Desktop.


Close all windows and browsers.

Right-click the downloaded file and select: Run as Administrator


At the program console, wait for the prescan to finish. (Under Status, it says: Prescan finished.)
Press: SCAN


When done, a report opens on the Desktop: RKreport.txt

If not,press the Report button to get it.


Please provide the RKreport.txt (Mode: Scan) in your reply.


If there are any RKreport files on your Desktop, please post them.

 

[nottaclue9]

tigzy-RK: [Rootkit] ZeroAccess (Max++)

There were also 4 items captured, but I can't figure out how to post them. Two were "RUN" and two were "HJDESK."

 

[VistaKing]

nottaclue9

Click on Go Advanced next to Post Quick Reply. Then click on Manage Attachments . Click Choose file locate the RogueKiller log then click on Upload .

 

[cottonball]

nottaclue9,


Need to see the entire RogueKiller log!


Please follow the instructions by VistaKing to attach the report.

Or, open the RKreport on the Desktop, then, do the following:

• Press the key Ctrl and A to highlite all the text of the report
• With the mouse, right-click the highlited text and select: Copy
• Come back here, press: Post Reply
• Right-click the upper left corner of the blank area, an select: Paste

That should get the report on here.


Press: Submit Reply

 

[nottaclue9]

 

[cottonball]

See if you can do the following:

Please download the Farbar Recovery Scan Tool
Select the 64-bit version.




Save it to your Desktop.

• Double-click the downloaded file to run it.
• When the tool opens click Yes to disclaimer.
• At the program console check: List BCD
• Press the Scan button.
• FRST64 makes a log (FRST.txt) in the same directory from which the tool is run (Desktop).
• Please copy and paste the FRST.txt in your reply. <<---
• The first time the tool is run, it also makes another log: Addition.txt
• Please post the Addition.txt in your reply also. <<---

Please post both reports instead of uploading an image.
The image is difficult for this old dog to read!!

 

[nottaclue9]

Downloading Farbar Recovery Scan Tool
I cannot copy the "addition.txt." I clicked on it to see if I would get another page, but none appeared. I cannot get the "Fix" button to work, either.
I am sorry to be such a problem!