1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved .lnk malware check

Discussion in 'Virus & Other Malware Removal' started by Azalea, Mar 15, 2019.

Thread Status:
Not open for further replies.
Advertisement
  1. Azalea

    Azalea Thread Starter

    Joined:
    Jan 19, 2010
    Messages:
    22
    A potential client sent me a .zip file with a password. Inside the zip was a .lnk file which I clicked and entered the password with the prompt closing and seemingly nothing happening afterwords. I haven't noticed any symptoms but I'd like to double check and be sure. I ran Malwarebytes FREE scan and Avast Free Full Virus Scan and neither found anything. The .lnk was trying (or did) extract itself to C:\Users\Name\AppData\Local\Te...\PAYMENT RATE ADJUSTED.lnk I uploaded images of the link I downloaded it from and how it looked when I unzipped it.

    SysInfo:
    Tech Support Guy System Info Utility version 1.0.0.4
    OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
    Processor: AMD Phenom(tm) II X6 1100T Processor, AMD64 Family 16 Model 10 Stepping 0
    Processor Count: 6
    RAM: 8190 Mb
    Graphics Card: AMD Radeon HD 7800 Series, -2048 Mb
    Hard Drives: C: 931 GB (20 GB Free); E: 1863 GB (1489 GB Free);
    Motherboard: ASUSTeK Computer INC., Crosshair IV Formula
    Antivirus: Avast Antivirus, Enabled and Updated
     

    Attached Files:

  2. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    323
    Welcome to the Tech Support Guy malware removal forum.
    I'm iMacg3 and will be helping you.

    Please keep the following information in mind before we begin:
    • Do not run any fixes or tools on your system unless I request that you do so.
    • Please read all instructions carefully, and complete them in the order listed.
    • If your computer seems to start working normally, please don't abandon the topic. Just because your computer doesn't seem to have a problem doesn't mean that it isn't infected.
    • If you have pirated or illegal software on your computer, uninstall it now before proceeding.
    • If you have questions about anything, please ask.


    --------------------


    Download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Right-click FRST/FRST64 and select Run as administrator. (Windows XP users double-click on the file).
    • If you receive a SmartScreen alert, click More Info, then Run Anyway.
    • When the tool opens, click Yes to the disclaimer.
    • Press the Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Attach it to your reply.
    • The tool will also produce another log (Addition.txt ). Please attach this, along with FRST.txt, to your reply.

    Note - FRST.txt and Addition.txt are saved to the same location as FRST/FRST64.
     
  3. Azalea

    Azalea Thread Starter

    Joined:
    Jan 19, 2010
    Messages:
    22
    I attached FRST.txt and Addition.txt
     

    Attached Files:

  4. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    323
    Hi,

    Going over your logs I noticed that you have BitTorrent installed.
    • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
    • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
    • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
    • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
    It is pretty much certain that if you continue to use P2P programs, you will get infected again.
    I would recommend that you uninstall BitTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.
    If you wish to keep it, please do not use it until your computer is cleaned.

    --------------------------

    Did you set this Policy restriction?

    CHR HKLM\SOFTWARE\Policies\Google: Restriction

    Do you use the Firefox extensions ShopToWin3 and Plugin Update?

    ---------------------------

    Press the Windows Key + R. This will open the Run box.
    Type Appwiz.cpl and click OK.

    A list of installed programs will appear. Uninstall the below programs by selecting them and clicking Uninstall:

    QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)

    (QuickTime for Windows is no longer supported by Apple)

    Follow the steps in the uninstaller to remove the program.

    ---------------------------

    We need to run a fix with FRST:

    • Please download the attached fixlist.txt file and save it to the same location as FRST
      Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
      NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
    • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
    • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
    • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
     

    Attached Files:

  5. Azalea

    Azalea Thread Starter

    Joined:
    Jan 19, 2010
    Messages:
    22
    Hi there, first of all, thank you for the response and helping me. I was a little confused in the beginning part of your message. I wasn't sure if you were assuming/implying that I got the problem through BitTorrent from your line: "It is pretty much certain that if you continue to use P2P programs, you will get infected again." or if that was just a generic copy and paste you have prepared (as I understand you may have sentences prepared since you help out so many people, which is really nice of you) but I haven't used BitTorrent in so long that I cannot remember when I last used it. I'll definitely take your advice about avoiding those kinds of places if I ever do use it. However, if it wasn't a copy and paste, I attached another screenshot of the actual website I got the malicious link/zip from along with the message from the person who sent it to me so there would be more clarity. Hope that aids in deciphering if I contracted anything malicious or not.
    I was also wondering if you were able to find out anything about the zip file from the link I showed in the image. I understand if it was not checked to avoid risk on your part though; I just wanted to know what it was and what it's type is called.

    As for the Policy restriction, I don't really know what CHR HKLM\SOFTWARE\Policies\Google: Restriction is or what it means and would appreciate if you would be able to explain that to me. I don't even know if it's supposed to be like that or not

    I also do not know what ShopToWin3 and Plugin Update are and would like to know if I need them for Firefox and if not, I can uninstall them.

    Thanks for letting me know about the QuickTime support from apple. I need to find an alternative before uninstalling as I use it for video/animation work, so it'll stay in the meantime.

    I ran FRST64 fix as requested and it crashed everything at first so I had to run it again but it worked fine the second time and it rebooted my pc. Just letting you know in case that is important. I attached the file that was requested.

    Thanks again for helping me out.
     

    Attached Files:

  6. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    323
    Hi,

    P2P programs can pose a security risk. My general recommendation would be to uninstall them or not use them.

    -------------------

    Thanks for the screenshot and Fixlog.txt.
    We'll remove the Firefox extensions and policy restriction with this FRST fix.

    • Please download the attached fixlist.txt file and save it to the same location as FRST
      Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
      NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
    • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
    • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
    • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply

    -----------------------


    Download ESET Online Scanner and save it to your desktop.
    • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.[/*]
    • Click on Get Started.
    • Another window will appear - select Get Started. Select whether you would like to send anonymous data to ESET.
    • Click on the Full Scan option.
    • Click on the option to Enable ESET to detect and remove potentially unwanted applications, and select Start scan.
    • ESET will now begin scanning your computer. This may take some time.
    • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop with a name like ESETlog.txt. Click on Continue.
    • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
    • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
    • On your desktop, a file will be created called ESETlog.txt. Open it, then copy and paste its contents into your next reply.

    Let me know how the computer is doing.
     

    Attached Files:

  7. Azalea

    Azalea Thread Starter

    Joined:
    Jan 19, 2010
    Messages:
    22
    I attached Fixlog and ESETlog as requested.
    Since the beginning, I haven't had noticeable issues. I just wanted to someone to check and see if the .lnk I clicked did anything to my pc that I should be concerned about. My pc is behaving the same as when we started: without noticeable issue.
    Do you know what that .lnk did to my computer? My pc has seemed fine the entire time.
     

    Attached Files:

  8. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    323
    Hi,

    It seems that you stopped the file before it could do any damage.

    If all is well:

    Uninstall FRST
    • Right-click on FRST/FRST64, and select Rename.
    • Rename it to Uninstall.exe and press Enter on your keyboard.
    • Double-click on Uninstall.exe. Your computer will restart, and allow it to do so. FRST will now uninstall.

    ---------------------

    Here are some tips to keep your computer safe on the Internet:

    Keep your antivirus up to date and enabled. If you use Windows 8.1 or 10, using Windows Defender is sufficient protection. However, if you use Windows 7, running an antivirus is recommended. Some good AVs are Microsoft Security Essentials, BitDefender, or Kaspersky.

    Keep your Windows operating system up to date. Make sure the Automatic Updates feature on your computer is enabled, so Windows can install updates automatically and keep your system up to date. Additionally, make sure to keep your third party software (such as Java, Adobe Flash, and Web browsers) up to date as well.

    Use secure passwords. Make sure your passwords are complex and difficult to guess. There are password managers (for example, Bitwarden) that can help you keep track of your passwords and use secure passwords. Make sure to use a different password at every website that requires a login.

    Don't download attachments without knowing what they are. Do not download any email attachments that end with an extension of .exe, .pif, .com, or .bat. When downloading third party software, make sure to download it from the developer. Also, un-check offers of additional software when installing some software you want.

    I do not recommend you use "Peer-to-Peer" file sharing (P2P) programs. This is an easy way to get your computer infected, almost as easy as intentionally infecting your computer.
    Avoid pirated/"cracked" software. Like using P2P applications, there is a high risk of infecting your computer.

    Here are some guides for you to read about keeping your computer safe -

    Keep your computer safe on the Internet

    Answers to common security questions

    If you ever have any malware infections on your computer (hopefully not) you can always come back here for help.

    Safe surfing (y)
     
  9. Azalea

    Azalea Thread Starter

    Joined:
    Jan 19, 2010
    Messages:
    22
    It's great to hear that I stopped it before anything bad happened. Thank you so much for all the help!
     
  10. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    323
    Glad we could help.

    This issue appears to be resolved, therefore this topic is marked Completed.

    In the event you still need help, please reply back to this thread. Everyone else begin a New Topic.
     
  11. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1224488

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice