In Progress Help with "Russian websites" malware

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

SquanchyGuy

Thread Starter
Joined
May 22, 2017
Messages
21
Hi everyone! I was helped in the forum before and you were very helpful and I'm so thankful! Just thanks! Now... I'm having an issue. I downloaded STALKER Call of Pripyat from a PROPHET torrent. Everything was all right except I got a lauching error after installing the game. So, I looked up on the Net and I found I was missing the crack (crack was not in the .iso, in fact I couldn't open it). So I finally found a site that my antivirus (ESET NOD 32) didn't blocked. I downloaded a self extracting file with the crack, and copied and pasted it to the "bin" folder in the game directory. The game worked just fine, but it minimized a lot of times for no reason. The surprise was when I realized that everytime it minimized a new tab was opened in Chrome! Almost every time a russian site. Inmediatelly uninstalled the whole game and deleted the crack (similar stuff happened to me before). I ran adwcleaner and found 11 threats, deleted everyone. But the sites keep showing up and my internet connection is geting really slow every day. So, could you help me with this?

Now my PC SysInfo:
OS Version: Microsoft Windows 8.1 Pro, 64 bit
Processor: Intel(R) Core(TM) i5-3317U CPU @ 1.70GHz, Intel64 Family 6 Model 58 Stepping 9
Processor Count: 4
RAM: 8082 Mb
Graphics Card: Intel(R) HD Graphics 4000, -1984 Mb
Hard Drives: C: 465 GB (11 GB Free);
Motherboard: ADVANTEC SA, B14
Antivirus: ESET NOD32 Antivirus 9.0.386.1, Enabled and Updated

English is not my native language, please be patient with me!

PS: A guy called "Eddie5659" helped me a lot. But I don't know how to send him a PM. If you're there, I couldn't reply you because my previous thread was closed. Sorry!
 

eddie5659

Moderator
Malware Specialist
Joined
Mar 19, 2001
Messages
37,301
Hiya

Sorry for the lateness in a reply, these forums can be very busy. Are you still having this problem? If so, can you do the following and we'll go from there. Also, I can't advise or help on the Torrent issue, as its against the rules, but I will help clean your system from malware. I would advise however that you buy the game so that its legit ;)

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Thanks

eddie
 

SquanchyGuy

Thread Starter
Joined
May 22, 2017
Messages
21
Thanks Eddie, you helped me before, so I trust you pal! I've never had problems with a cracked game before, but nowadays it's different. I'm buying games now so I don't have those problems, but I've tried one more time. Bad idea a guess hehe. Ok, I'm uploading the logs for you pal! Sorry again, my native language is spanish, but the log is mainly in english.
 

Attachments

SquanchyGuy

Thread Starter
Joined
May 22, 2017
Messages
21
I've already used the FRST and the ADWCleaner. The second one found 11 malicious elements, wich I deleted. But the problem continued. This was the first day I had this problem. Now I'm stuck because it seems that no software can find the malware, even the antivirus, and I found in another web that this particular malwre was kind of "invisible".
 

eddie5659

Moderator
Malware Specialist
Joined
Mar 19, 2001
Messages
37,301
Hi

FRST doesn't remove anything unless you create a custom fix for it. But I do see a lot of things in there that may be causing this. However, I would like to run some automated tools, see what they bring up, as they update daily, whilst FRST takes a snapshot etc.

Can you possibly post the logfile that ADWCleaner produced, after you cleaned the files? Curious what it removed.

Then, can you run the following and post the logs :)

----

Download Malwarebytes version 3 from the following link:

https://www.malwarebytes.com/mwb-download/thankyou/

Double click on the installer and follow the prompts. If necessary select the Blue Help tab for video instructions....

When the install completes and is updated do the following:

Open Malwarebytes, select > "settings" > "protection tab"

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Go back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes deal with any found entries... Then select "Export Summary" then "Text File (*.txt)". Name that log and save, copy and paste the log into your reply


-----

Thanks

eddie
 

SquanchyGuy

Thread Starter
Joined
May 22, 2017
Messages
21
Dude, sorry, but it seems that I deleted the ADWCleaner log... I mean, I have one, but is totally clean, is a later one. I'm uploading it anyway, so you can see. This problem has been really annoying lately. It invaded youtube videos, and I can't even browse with google because it automatically send me to russian browsers I would never trust!
 

Attachments

eddie5659

Moderator
Malware Specialist
Joined
Mar 19, 2001
Messages
37,301
Thats okay about adwcleaner, but for MBAM (MalwareBytes), I see using good old google translator ;) that there was no user action on any that it found.

If you rescan again, and select all that are found, so that it can quarantine them. It should still create a report (I think) and you can hopefully post that. It may require a reboot.

After that, can you re-run FRSt (it may only create the one log which is fine) and we'll create a fix based on that :)

eddie
 

SquanchyGuy

Thread Starter
Joined
May 22, 2017
Messages
21
Here you go Eddie! "NewMBAMlog" is that, the new scan log. The .txt called "report" is the quarentine log. Curious is, the first time it found 21 menaces, and send them all to quarentine. But this time only found two. You should know this.
 

Attachments

eddie5659

Moderator
Malware Specialist
Joined
Mar 19, 2001
Messages
37,301
Thanks for the logs :)

It looks like MBAM actually removed quite a bit. So, lets run this fix, and go from there :)



Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

SquanchyGuy

Thread Starter
Joined
May 22, 2017
Messages
21
Eddie, there are the logs. But I keep having lots of ads everywhere, even here! Between our posts! And in youtube, google, everywhere... but, it doesn't open random russian sites at least, and I can browse with google again.
 

Attachments

eddie5659

Moderator
Malware Specialist
Joined
Mar 19, 2001
Messages
37,301
Thats good to see the russian sites are not appearing all the time. As for the ads, are they popups appearing or just on the actual webpage?

The reason I ask, is that I use two programs. Adblock Plus and SpywareBlaster, as these stop a lot of ads appearing for me.

But, lets have a look at a fresh FRST log, if thats okay, and I'll see if anything is standing out, before we run another tool :)
 

SquanchyGuy

Thread Starter
Joined
May 22, 2017
Messages
21
No, there are no pop-ups. They're all in the webpages. It even rises a blank side bar over every video I watch and it really annoying, even if I close it it appears again and again. I use AdBlock, and AdBlock for YouTube.
 

eddie5659

Moderator
Malware Specialist
Joined
Mar 19, 2001
Messages
37,301
Okay, lets see if this tool spots anything. Also, I use SpywareBlaster, very good at block alot of unwanted stuff. I'll give the link etc after looking at the next log, see if it helps :)

Download RogueKiller to your desktop

SCAN
Start a new Scan by clicking on the “Start Scan” button from the dashboard.

(Premium users only) You can then choose to disable scan modules:

Then click on “Start Scan” to launch a new scan instance:

Wait for it to end (it usually takes from 10 to 30 mns), and verify the driver has been correctly loaded (Green):




RESULTS
After the scan has terminated, RogueKiller will display a results screen with possible found items.
The elements are classified by type of dangerousness, and given a different color:
  • Red highlight – Malicious[/*]
  • Orange highlight – Possibly malicious or potentially unwanted (PUP)[/*]
  • Grey highlight – Potentially unwanted modification (PUM)[/*]

Click on Open Report, and please post its contents in your next Reply. Do not remove anything yet
 

SquanchyGuy

Thread Starter
Joined
May 22, 2017
Messages
21
Here you go man! There's the Rogue Killer log. It found quite a lot... I didn't remove anything. Just make me know if you have problems with spanish again, and tell me what you see.
 

Attachments

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top