1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

In Progress Help with "Russian websites" malware

Discussion in 'Virus & Other Malware Removal' started by SquanchyGuy, Aug 7, 2017.

Thread Status:
Not open for further replies.
Advertisement
  1. SquanchyGuy

    SquanchyGuy Thread Starter

    Joined:
    May 22, 2017
    Messages:
    21
    Hi everyone! I was helped in the forum before and you were very helpful and I'm so thankful! Just thanks! Now... I'm having an issue. I downloaded STALKER Call of Pripyat from a PROPHET torrent. Everything was all right except I got a lauching error after installing the game. So, I looked up on the Net and I found I was missing the crack (crack was not in the .iso, in fact I couldn't open it). So I finally found a site that my antivirus (ESET NOD 32) didn't blocked. I downloaded a self extracting file with the crack, and copied and pasted it to the "bin" folder in the game directory. The game worked just fine, but it minimized a lot of times for no reason. The surprise was when I realized that everytime it minimized a new tab was opened in Chrome! Almost every time a russian site. Inmediatelly uninstalled the whole game and deleted the crack (similar stuff happened to me before). I ran adwcleaner and found 11 threats, deleted everyone. But the sites keep showing up and my internet connection is geting really slow every day. So, could you help me with this?

    Now my PC SysInfo:
    OS Version: Microsoft Windows 8.1 Pro, 64 bit
    Processor: Intel(R) Core(TM) i5-3317U CPU @ 1.70GHz, Intel64 Family 6 Model 58 Stepping 9
    Processor Count: 4
    RAM: 8082 Mb
    Graphics Card: Intel(R) HD Graphics 4000, -1984 Mb
    Hard Drives: C: 465 GB (11 GB Free);
    Motherboard: ADVANTEC SA, B14
    Antivirus: ESET NOD32 Antivirus 9.0.386.1, Enabled and Updated

    English is not my native language, please be patient with me!

    PS: A guy called "Eddie5659" helped me a lot. But I don't know how to send him a PM. If you're there, I couldn't reply you because my previous thread was closed. Sorry!
     
  2. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    33,594
    Hiya

    Sorry for the lateness in a reply, these forums can be very busy. Are you still having this problem? If so, can you do the following and we'll go from there. Also, I can't advise or help on the Torrent issue, as its against the rules, but I will help clean your system from malware. I would advise however that you buy the game so that its legit ;)

    Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

    • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will produce a log called FRST.txt in the same directory the tool is run from.
    • Please copy and paste log back here.
    • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

    Thanks

    eddie
     
  3. SquanchyGuy

    SquanchyGuy Thread Starter

    Joined:
    May 22, 2017
    Messages:
    21
    Thanks Eddie, you helped me before, so I trust you pal! I've never had problems with a cracked game before, but nowadays it's different. I'm buying games now so I don't have those problems, but I've tried one more time. Bad idea a guess hehe. Ok, I'm uploading the logs for you pal! Sorry again, my native language is spanish, but the log is mainly in english.
     

    Attached Files:

  4. SquanchyGuy

    SquanchyGuy Thread Starter

    Joined:
    May 22, 2017
    Messages:
    21
    I've already used the FRST and the ADWCleaner. The second one found 11 malicious elements, wich I deleted. But the problem continued. This was the first day I had this problem. Now I'm stuck because it seems that no software can find the malware, even the antivirus, and I found in another web that this particular malwre was kind of "invisible".
     
  5. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    33,594
    Hi

    FRST doesn't remove anything unless you create a custom fix for it. But I do see a lot of things in there that may be causing this. However, I would like to run some automated tools, see what they bring up, as they update daily, whilst FRST takes a snapshot etc.

    Can you possibly post the logfile that ADWCleaner produced, after you cleaned the files? Curious what it removed.

    Then, can you run the following and post the logs :)

    ----

    Download Malwarebytes version 3 from the following link:

    https://www.malwarebytes.com/mwb-download/thankyou/

    Double click on the installer and follow the prompts. If necessary select the Blue Help tab for video instructions....

    When the install completes and is updated do the following:

    Open Malwarebytes, select > "settings" > "protection tab"

    Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

    Go back to "DashBoard" select the Blue "Scan Now" tab......

    When the scan completes deal with any found entries... Then select "Export Summary" then "Text File (*.txt)". Name that log and save, copy and paste the log into your reply


    -----

    Thanks

    eddie
     
  6. SquanchyGuy

    SquanchyGuy Thread Starter

    Joined:
    May 22, 2017
    Messages:
    21
    Dude, sorry, but it seems that I deleted the ADWCleaner log... I mean, I have one, but is totally clean, is a later one. I'm uploading it anyway, so you can see. This problem has been really annoying lately. It invaded youtube videos, and I can't even browse with google because it automatically send me to russian browsers I would never trust!
     

    Attached Files:

  7. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    33,594
    Thats okay about adwcleaner, but for MBAM (MalwareBytes), I see using good old google translator ;) that there was no user action on any that it found.

    If you rescan again, and select all that are found, so that it can quarantine them. It should still create a report (I think) and you can hopefully post that. It may require a reboot.

    After that, can you re-run FRSt (it may only create the one log which is fine) and we'll create a fix based on that :)

    eddie
     
  8. SquanchyGuy

    SquanchyGuy Thread Starter

    Joined:
    May 22, 2017
    Messages:
    21
    Here you go Eddie! "NewMBAMlog" is that, the new scan log. The .txt called "report" is the quarentine log. Curious is, the first time it found 21 menaces, and send them all to quarentine. But this time only found two. You should know this.
     

    Attached Files:

  9. SquanchyGuy

    SquanchyGuy Thread Starter

    Joined:
    May 22, 2017
    Messages:
    21
    Almost forgot about the new FRST scan... there it is!
     

    Attached Files:

  10. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    33,594
    Thanks for the logs :)

    It looks like MBAM actually removed quite a bit. So, lets run this fix, and go from there :)



    Download attached fixlist.txt file and save it to the Desktop.

    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  11. SquanchyGuy

    SquanchyGuy Thread Starter

    Joined:
    May 22, 2017
    Messages:
    21
    Eddie, there are the logs. But I keep having lots of ads everywhere, even here! Between our posts! And in youtube, google, everywhere... but, it doesn't open random russian sites at least, and I can browse with google again.
     

    Attached Files:

  12. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    33,594
    Thats good to see the russian sites are not appearing all the time. As for the ads, are they popups appearing or just on the actual webpage?

    The reason I ask, is that I use two programs. Adblock Plus and SpywareBlaster, as these stop a lot of ads appearing for me.

    But, lets have a look at a fresh FRST log, if thats okay, and I'll see if anything is standing out, before we run another tool :)
     
  13. SquanchyGuy

    SquanchyGuy Thread Starter

    Joined:
    May 22, 2017
    Messages:
    21
    No, there are no pop-ups. They're all in the webpages. It even rises a blank side bar over every video I watch and it really annoying, even if I close it it appears again and again. I use AdBlock, and AdBlock for YouTube.
     
  14. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    33,594
    Okay, lets see if this tool spots anything. Also, I use SpywareBlaster, very good at block alot of unwanted stuff. I'll give the link etc after looking at the next log, see if it helps :)

    Download RogueKiller to your desktop

    SCAN
    Start a new Scan by clicking on the “Start Scan” button from the dashboard.
    [​IMG]
    (Premium users only) You can then choose to disable scan modules:
    [​IMG]
    Then click on “Start Scan” to launch a new scan instance:
    [​IMG]
    Wait for it to end (it usually takes from 10 to 30 mns), and verify the driver has been correctly loaded (Green):
    [​IMG]



    RESULTS
    After the scan has terminated, RogueKiller will display a results screen with possible found items.
    The elements are classified by type of dangerousness, and given a different color:
    • Red highlight – Malicious[/*]
    • Orange highlight – Possibly malicious or potentially unwanted (PUP)[/*]
    • Grey highlight – Potentially unwanted modification (PUM)[/*]
    [​IMG]
    Click on Open Report, and please post its contents in your next Reply. Do not remove anything yet
     
  15. SquanchyGuy

    SquanchyGuy Thread Starter

    Joined:
    May 22, 2017
    Messages:
    21
    Here you go man! There's the Rogue Killer log. It found quite a lot... I didn't remove anything. Just make me know if you have problems with spanish again, and tell me what you see.
     

    Attached Files:

  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1194343

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice