Solved Trojan? secureconv-ec.com

[DR.M]

Hi, BigHaus.

It seems that the PUP found by AdwCleaner was not removed. Let's try remove it using a different way.

1. Open Chrome.
2. At the top right choose More (the three vertical dots) > More Tools > Extensions
3. Find Downloader for Instagram, and remove it, clicking on Remove.
4. Confirm the action by clicking Remove once again.

Please report back about the result.

 

[BigHaus]

Removed

 

[iMacg3]

Hi BigHaus

DR M is away and I will be assisting you.

Please run AdwCleaner once more and post the AdwCleaner scan log (AdwCleaner[S0*].txt)

 

[DR.M]

DR M is away and I will be assisting you.
Please run AdwCleaner once more and post the AdwCleaner scan log (AdwCleaner[S0*].txt)

No, I am here, and apologize for the short delay.

I'm taking over from where we left if iMacg3 is fine with this.

BigHaus, please go on with iMacg3's instructions above.

 

[BigHaus]

# -------------------------------
# Malwarebytes AdwCleaner 8.0.8.0
# -------------------------------
# Build: 10-08-2020
# Database: 2020-11-23.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 12-03-2020
# Duration: 00:00:01
# OS: Windows 10 Pro
# Cleaned: 0
# Failed: 1


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

Not Deleted Downloader for Instagram - olkpikmlhoaojbbmmpejnimiglejmboe

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1460 octets] - [01/12/2020 23:48:33]
AdwCleaner[S01].txt - [1521 octets] - [03/12/2020 00:01:32]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########

 

[DR.M]

It seems that you posted the same log as before (December 3rd).
You have to run AdwCleaner once more and post the new log.
Instructions here: https://forums.techguy.org/threads/trojan-secureconv-ec-com.1254057/#post-9761888

 

[BigHaus]

My mistake. I selected the wrong log file. Here is the correct one:

# -------------------------------
# Malwarebytes AdwCleaner 8.0.8.0
# -------------------------------
# Build: 10-08-2020
# Database: 2020-09-29.1 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 12-05-2020
# Duration: 00:00:12
# OS: Windows 10 Pro
# Scanned: 31837
# Detected: 0


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.


AdwCleaner[S00].txt - [1460 octets] - [01/12/2020 23:48:33]
AdwCleaner[S01].txt - [1521 octets] - [03/12/2020 00:01:32]
AdwCleaner[C01].txt - [1691 octets] - [03/12/2020 00:02:30]
AdwCleaner[S02].txt - [1588 octets] - [05/12/2020 09:23:51]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S03].txt ##########

 

[DR.M]

Yes!!!

This is what we wanted to see!

The following tool will remove the tools we used (AdwCleaner and FRST) as well as reset system restore points. You can keep Malwarebytes, and use it from time to time as an on-demand antimalware scanner.

Download KpRm by kernel-panik and save it to your desktop.

• Right-click kprm_(version).exe and select Run as Administrator.
• Read and accept the disclaimer.
• When the tool opens, ensure all boxes under Actions are checked.
• Under Delete Quarantines select Delete Now, then click Run.
• Once complete, click OK.
• A log will open in Notepad titled kprm-(date).txt.
• Please copy and paste its contents in your next reply.

Since no other problem with this computer,

here are some final tips about your computer's security from now on:

Some of the following, are from Klein's (2005) article, So how did I get infected in the first place. Since then, the article has been reproduced or linked to in dozens of locations. As a result, many malware experts have continued updating it, to include current operating systems and software program information. My source is Security Garden, and I marked for you the following:

1. Keep your Windows updated!
It is important always to keep current with the latest security fixes from Microsoft. This can patch many of the security holes through which attackers can infect your computer.

2. Update 3rd Party Software Programs
Third Party software programs have long been targets for malware creators. It has been stated that "Adobe’s Reader and Flash and all versions of Java are together responsible for a total of 66 percent of the vulnerabilities in Windows systems exploited by malware.'' It's important to keep everything updated.

3. Update the browsers you use
Many malware infections install themselves by exploiting security holes in the Internet browser that you use. So... Keep them updated.

4. Be careful about what you download and what you open!

• Many "freeware" programs come with an enormous amount of bundled spyware that will slow down your system, spawn pop-up advertisements, or just plain crash your browser or even Windows itself. Watch for pre-checked options such as toolbars that are not essential to the operation of the installed software.
• Peer-to-peer (P2P) programs like Kazaa, BearShare, Imesh, Warez P2P, and others, allow the creation of a network enabling people to connect with other users and upload or download material in a fast efficient manner. BUT even if the P2P software you are using is "clean", a large percentage of the files served on the P2P network are likely to be infected.
• Cracked or pirated programs are not only illegal, but also can make your computer a malware target. Have this in mind.
• Do not open any files without being certain of what they are!

5. Avoid questionable web sites!
Visit web sites that are trustworthy and reputable. Many disreputable sites will attempt to install malware on your system through "drive-by" exploits just by visiting the site in your browser. Lyrics sites, free software sites (especially ones that target young children), cracked software sites, and pornography sites are some of the worst offenders. Also, never give out personal information of any sort online or click "OK" to a pop-up unless it is signed by a reputable company and you know what it is.

6. PC means personal computer!
Don't give access to your computer to friends or family who appear to be clueless about what they are doing.

7. Back-up your work!
Make back-ups of your personal files frequently. You never know when you'll have to reformat and start from scratch. You can always reformat and reinstall programs, but you cannot replace your data if you haven't made backups.

8. Must-Have Software
An anti-virus and an anti-spyware program is a necessity for the security of your computer. Be sure that you keep them updated, and that real time protection is enabled.


If you have any questions or concerns please don't hesitate to ask!

I'm glad I was able to help you.

 

[BigHaus]

# Run at 12/13/2020 4:10:59 PM
# KpRm (Kernel-panik) version 2.8
# Website https://kernel-panik.me/tool/kprm/
# Run by xyz from C:\Users\xyz\Desktop
# Computer Name: DESKTOP-0H1FL2Q
# OS: Windows 10 X64 (19041)
# Number of passes: 2

- Checked options -

~ Registry Backup
~ Delete Tools
~ Restore System Settings
~ UAC Restore
~ Delete Restore Points
~ Create Restore Point
~ Delete Quarantines

- Create Registry Backup -

~ [OK] Hive C:\WINDOWS\System32\config\SOFTWARE backed up
~ [OK] Hive C:\Users\xyz\NTUSER.dat backed up

[OK] Registry Backup: C:\KPRM\backup\2020-12-13-16-10-59

- Delete Tools -


## AdwCleaner
[OK] C:\AdwCleaner deleted

## FRST
[OK] C:\FRST deleted

- Restore System Settings -

[OK] Reset WinSock
[OK] FLUSHDNS
[OK] Hide Hidden file.
[OK] Show Extensions for known file types
[OK] Hide protected operating system files

- Restore UAC -

[OK] Set EnableLUA with default (1) value
[OK] Set ConsentPromptBehaviorAdmin with default (5) value
[OK] Set ConsentPromptBehaviorUser with default (3) value
[OK] Set EnableInstallerDetection with default (0) value
[OK] Set EnableSecureUIAPaths with default (1) value
[OK] Set EnableUIADesktopToggle with default (0) value
[OK] Set EnableVirtualization with default (1) value
[OK] Set FilterAdministratorToken with default (0) value
[OK] Set PromptOnSecureDesktop with default (1) value
[OK] Set ValidateAdminCodeSignatures with default (0) value

- Clear Restore Points -

~ [OK] RP named KpRm created at 12/14/2020 00:09:42 deleted
[OK] All system restore points have been successfully deleted

- Create Restore Point -

[OK] System Restore Point created

- Display System Restore Point -

~ RP named KpRm created at 12/14/2020 00:11:12

-- KPRM finished in 25.85s --

 

[DR.M]

Excellent.

I will mark the topic as solved.