Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.

New virus/ malware

5K views 45 replies 3 participants last post by  DR.M 
#1 ·
Working on my husband's computer. I need some help.

Avast continually shows that it has blocked an attempt by vinuser5.bizURL:Blacklist

We've safely aborted connection on vinuser5.biz because it was infected with URL:Blacklist

This has occurred at least 10 times over the past 2 days.

https://vinuser5.biz/w_21.js

Tech Support Guy System Info Utility version 1.0.0.9
OS Version: Microsoft Windows 10 Home, 64 bit, Build 18362, Installed 20190818000254.000000-300
Processor: Intel(R) Core(TM)2 CPU 6400 @ 2.13GHz, Intel64 Family 6 Model 15 Stepping 6, CPU Count: 2
Total Physical RAM: 4 GB
Graphics Card: ATI Radeon HD 3450, 256 MB
Hard Drives: C: 930 GB (889 GB Free);
Motherboard: Dell Inc. 0TY565, s/n CN137407A1016S.
System: Dell Inc., ver DELL - 14, s/n 6SP0ZD1
Antivirus: Avast Antivirus, Enabled and Updated

Avast system scan as well as MalWare Bytes have both been run.
Can someone help me determine what I need to do to clean this off this computer.
 
See less See more
#30 ·
Hi, Ladysmith.

Glad to hear that the update went fine! :)

Are you experiencing any other issue regarding this computer?

1. About Windows Live Essentials

As for Windows Live Essentials you have installed in the computer, have in mind that it is no longer supported by Microsoft. The package includes several applications, e.g. Windows Live Mail which is discontinued since November 2014. That's the reason you are having issues with it. Windows 10 have other applications which you can try. Mail, for example, is an email client built in Windows 10. Of course, there are many other free email clients, if you want to have one, instead of send and receive email via browser.

The following is from Microsoft's page:

We're no longer offering the Windows Essentials 2012 suite for download, but if you already have it installed, it will continue to work as it does today. It reached end of support on January 10, 2017, and it isn't available in Windows 10.
Windows Essentials included:
  • Windows Movie Maker
  • Windows Photo Gallery
  • Windows Live Writer
  • Windows Live Mail
  • Windows Live Family Safety
  • OneDrive desktop app for Windows
Considering the above, please uninstall Windows Live Essentials:
  • Press the Windows key together with the R key on the keyboard at the same time, to open the Control Panel.
  • Type appwiz.cpl in the window open and click OK.
  • In the list of programs look for the program listed below, right-click the entry and click Uninstall.
    Code:
    Windows Live Essentials
  • Select all the programs included in the package.
  • Restart the computer.

2. Fresh FRST logs

After the above, please provide fresh FRST logs, so to check if everything is fine.
  • Double-click on the FRST icon to run it, as you did before. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
  • Please copy and paste the content of these two logs in your next reply (or attach).
 
#31 ·
Hi, Ladysmith.

Glad to hear that the update went fine! :)

Are you experiencing any other issue regarding this computer?

1. About Windows Live Essentials

As for Windows Live Essentials you have installed in the computer, have in mind that it is no longer supported by Microsoft. The package includes several applications, e.g. Windows Live Mail which is discontinued since November 2014. That's the reason you are having issues with it. Windows 10 have other applications which you can try. Mail, for example, is an email client built in Windows 10. Of course, there are many other free email clients, if you want to have one, instead of send and receive email via browser.

The following is from Microsoft's page:

Considering the above, please uninstall Windows Live Essentials:
  • Press the Windows key together with the R key on the keyboard at the same time, to open the Control Panel.
  • Type appwiz.cpl in the window open and click OK.
  • In the list of programs look for the program listed below, right-click the entry and click Uninstall.
    Code:
    Windows Live Essentials
  • Select all the programs included in the package.
  • Restart the computer.

2. Fresh FRST logs

After the above, please provide fresh FRST logs, so to check if everything is fine.
  • Double-click on the FRST icon to run it, as you did before. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
  • Please copy and paste the content of these two logs in your next reply (or attach).
The email program will be up to my hubby. I will try to get him to try Mail. Will follow up with the rest soon as.
There are no other issues with the computer at this time.
 
#33 ·
I am still here. Having an issue setting up Windows MAIL with hubby’s email provider. We had tried once before and could not get it to work. That is why he is still using Live Mail.
It may be Monday before I get back to it and do the other reports you requested.
 
#35 ·
Currently installing the newest Windows 10 update.
Mail continues to have a problem.
Our email provider is ATT.net.
Once before, 6 months or so back, I attempted to set mail up for my husband. I could never get it to work, and hubby continued using Live Mail.
Now, I have deleted the account and started over fresh. Mail does not receive email from the ATT.net server. When I open the account settings, the password pre-populated in the password field is not what I entered. It is several characters longer. I have been through this nearly a dozen times.
If I use the Mail system to set up the email account using the instructions for Yahoo, about midway, the system takes me to a blank screen in ATT.com.
When I go to ATT.net for help, it sends me to ATT.com, where I can not find hubby's email address and attempt to sign in, the system does not recognize the password. If I sign in under the main account, I still can not find any help for this issue.
 
#36 ·
Hi, Ladysmith94.

Since the problem has to do with adding the email account to the Mail application and since you tried many times to do that without success, I would suggest to ask for help in this forum at Tech Support Guy.

Explain the problem in details, and hopefully someone will help you sort it out. You can say that you asked for help in the Malware Removal Forum, and after the cleaning procedure we sent you there for this issue.

If the computer has no other issues, please provide fresh FRST logs for a last check, after the last updates.
  • Double-click on the FRST icon to run it, as you did before. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
  • Please copy and paste the content of these two logs in your next reply.
 
#40 ·
Hi, Ladysmith94.

I'm back. Apologizes for this sudden absence and many thanks to iMacg3 for covering me.

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Code:
Start::
CreateRestorePoint:
CloseProcesses:
CHR Notifications: Default -> hxxps://diyprojects.com
EmptyTemp:
End::
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.
 
#41 ·
Fix result of Farbar Recovery Scan Tool (x64) Version: 06-06-2020
Ran by smitt (09-06-2020 10:17:06) Run:2
Running from C:\Users\smitt\Desktop\TechSupport Guy
Loaded Profiles: smitt
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
CHR Notifications: Default -> hxxps://diyprojects.com
EmptyTemp:

*****************

Restore point was successfully created.
Processes closed successfully.
"Chrome Notifications" => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 10772480 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 26559863 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 43920307 B
Edge => 623030 B
Chrome => 142351 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 30720 B
NetworkService => 30720 B
smitt => 40327434 B

RecycleBin => 0 B
EmptyTemp: => 116.7 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 10:18:38 ====
 
#42 ·
Perfect!

Let's finish it. :)

Please download the following tool, to remove the tools we used as well as reset system restore points:

Download KpRm by kernel-panik and save it to your desktop.
  • Right-click kprm_(version).exe and select Run as Administrator.
  • Read and accept the disclaimer.
  • When the tool opens, ensure all boxes under Actions are checked.
  • Under Delete Quarantines select Delete Now, then click Run.
  • Once complete, click OK.
  • A log will open in Notepad titled kprm-(date).txt.
  • Please copy and paste its contents in your next reply.

Now your computer is clean, here are some final tips about your computer's security from now on:

Some of the following, are from Klein's (2005) article, So how did I get infected in the first place. Since then, the article has been reproduced or linked to in dozens of locations. As a result, many malware experts have continued updating it, to include current operating systems and software program information. My source is Security Garden, and I marked for you the following:

1. Keep your Windows updated!
It is important always to keep current with the latest security fixes from Microsoft. This can patch many of the security holes through which attackers can infect your computer.

2. Update 3rd Party Software Programs
Third Party software programs have long been targets for malware creators. It has been stated that "Adobe's Reader and Flash and all versions of Java are together responsible for a total of 66 percent of the vulnerabilities in Windows systems exploited by malware.'' It's important to keep everything updated.

3. Update the browsers you use
Many malware infections install themselves by exploiting security holes in the Internet browser that you use. So... Keep them updated.

4. Be careful about what you download and what you open!
  • Many "freeware" programs come with an enormous amount of bundled spyware that will slow down your system, spawn pop-up advertisements, or just plain crash your browser or even Windows itself. Watch for pre-checked options such as toolbars that are not essential to the operation of the installed software.
  • Peer-to-peer (P2P) programs like Kazaa, BearShare, Imesh, Warez P2P, and others, allow the creation of a network enabling people to connect with other users and upload or download material in a fast efficient manner. BUT even if the P2P software you are using is "clean", a large percentage of the files served on the P2P network are likely to be infected.
  • Cracked or pirated programs are not only illegal, but also can make your computer a malware target.
  • Do not open any files without being certain of what they are!
5. Avoid questionable web sites!
Visit web sites that are trustworthy and reputable. Many disreputable sites will attempt to install malware on your system through "drive-by" exploits just by visiting the site in your browser. Lyrics sites, free software sites (especially ones that target young children), cracked software sites, and pornography sites are some of the worst offenders. Also, never give out personal information of any sort online or click "OK" to a pop-up unless it is signed by a reputable company and you know what it is.

6. PC means personal computer!
Don't give access to your computer to friends or family who appear to be clueless about what they are doing.

7. Back-up your work!
Make back-ups of your personal files frequently. You never know when you'll have to reformat and start from scratch. You can always reformat and reinstall programs, but you cannot replace your data if you haven't made backups.

8. Must-Have Software
An anti-virus and an anti-spyware program is a necessity for the security of your computer. Be sure that you keep them updated, and that real time protection is enabled.

If you have any questions or concerns please don't hesitate to ask!

I'm glad I was able to help you.
:)
 
#43 ·
# Run at 6/9/2020 12:31:29 PM
# KpRm (Kernel-panik) version 2.8
# Website https://kernel-panik.me/tool/kprm/
# Run by smitt from C:\Users\smitt\Downloads
# Computer Name: SMITTYDENNEW
# OS: Windows 10 X64 (18363)
# Number of passes: 1

- Checked options -

~ Registry Backup
~ Delete Tools
~ Restore System Settings
~ UAC Restore
~ Delete Restore Points
~ Create Restore Point
~ Delete Quarantines

- Create Registry Backup -

~ [OK] Hive C:\WINDOWS\System32\config\SOFTWARE backed up
~ [OK] Hive C:\Users\smitt\NTUSER.dat backed up

[OK] Registry Backup: C:\KPRM\backup\2020-06-09-12-31-29

- Delete Tools -

## AdwCleaner
[OK] C:\Users\smitt\Downloads\adwcleaner_8.0.4.exe deleted
[OK] C:\AdwCleaner deleted

## FRST
[OK] C:\Users\smitt\Desktop\TechSupport Guy\Addition.txt deleted
[OK] C:\Users\smitt\Desktop\TechSupport Guy\Fixlog.txt deleted
[OK] C:\Users\smitt\Desktop\TechSupport Guy\FRST 5-22-20.txt deleted
[OK] C:\Users\smitt\Desktop\TechSupport Guy\FRST-OlderVersion deleted
[OK] C:\Users\smitt\Desktop\TechSupport Guy\FRST.txt deleted
[OK] C:\Users\smitt\Desktop\TechSupport Guy\FRST64.exe deleted
[OK] C:\Users\smitt\Desktop\TechSupport Guy\FRST\Addition.txt deleted
[OK] C:\Users\smitt\Desktop\TechSupport Guy\FRST\Frst.txt deleted
[OK] C:\Users\smitt\Downloads\Addition.txt deleted
[OK] C:\Users\smitt\Downloads\FRST.txt deleted
[OK] C:\FRST deleted

- Restore System Settings -

[OK] Reset WinSock
[OK] FLUSHDNS
[OK] Hide Hidden file.
[OK] Show Extensions for known file types
[OK] Hide protected operating system files

- Restore UAC -

[OK] Set EnableLUA with default (1) value
[OK] Set ConsentPromptBehaviorAdmin with default (5) value
[OK] Set ConsentPromptBehaviorUser with default (3) value
[OK] Set EnableInstallerDetection with default (0) value
[OK] Set EnableSecureUIAPaths with default (1) value
[OK] Set EnableUIADesktopToggle with default (0) value
[OK] Set EnableVirtualization with default (1) value
[OK] Set FilterAdministratorToken with default (0) value
[OK] Set PromptOnSecureDesktop with default (1) value
[OK] Set ValidateAdminCodeSignatures with default (0) value

- Clear Restore Points -

~ [OK] RP named Windows Modules Installer created at 05/26/2020 20:16:49 deleted
~ [OK] RP named Scheduled Checkpoint created at 06/04/2020 21:09:49 deleted
[OK] All system restore points have been successfully deleted

- Create Restore Point -

[OK] System Restore Point created

- Display System Restore Point -

~ RP named KpRm created at 06/09/2020 17:32:47

-- KPRM finished in 145.62s --
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top