InterviewSolution
Saved Bookmarks
InterviewSolution
| 1. |
Solve : Dealing with Malware (Having Followed the Guide)? |
|
Answer» Quote Obviously the malicious IPs are still trying to gain access. What do you suggest I do? And is MBAM blocking the IPs the reason for my Comodo Firewall not notifying me?Yes, MBAM is blocking them first otherwise, your Firewall would block them. Could you please try to run ComboFix again. If it won't work, try doing it in Safe Mode.This is what I GOT when ComboFix was extracting files. When I clicked on retry the same message came up, and when I clicked on ignore I got another similar message about something else. Ok, let's see if we can get rid of those tracking cookies. SUPERAntiSpyware If you already have SUPERAntiSpyware be sure to check for updates before scanning! Download SuperAntispyware Free Edition (SAS) * Double-click the icon on your desktop to run the installer. * When asked to Update the program definitions, click Yes * If you encounter any problems while downloading the updates, manually download and unzip them from here * Next click the Preferences button. •Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts * Click the Scanning Control tab. * Under Scanner Options make sure only the following are checked: •Close browsers before scanning •Scan for tracking cookies •Terminate memory threats before quarantining •Please leave the others unchecked •Click the Close button to leave the control center screen. * On the main screen click Scan your computer * On the left check the box for the drive you are scanning. * On the right choose Perform Complete Scan * Click Next to start the scan. Please be patient while it scans your computer. * After the scan is complete a summary box will appear. Click OK * Make sure everything in the white box has a check next to it, then click Next * It will quarantine what it found and if it asks if you want to reboot, click Yes •To retrieve the removal information please do the following: •After reboot, double-click the SUPERAntiSpyware icon on your desktop. •Click Preferences. Click the Statistics/Logs tab. •Under Scanner Logs, double-click SUPERAntiSpyware Scan Log. •It will open in your default text editor (preferably Notepad). •Save the notepad file to your desktop by clicking (in notepad) File > Save As... * Save the log somewhere you can easily find it. (normally the desktop) * Click close and close again to exit the program. *Copy and Paste the log in your post. ************************************** Also please try running the below online scan: SuperAntiSpyware on-line scan If you can post the log it created then please do so. SUPERAntiSpyware was different to how you described it in your instructions. 16 tracking cookies were DETECTED. Once the scan was finished, it gave me the option to view the scan log (below) and remove detected threats. Having ensured everything was checked, I removed the threats from my computer. It didn't prompt me to reboot my computer; after the threats were removed, it just went back to the "home" screen. Once on the home screen, I checked the "Manage Quarantine" section, where the following were listed. I assume I should just check all 4 and delete? Here's the log: SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 05/14/2013 at 00:03 AM Application Version : 5.6.1018 Core Rules Database Version : 10394 Trace Rules Database Version: 8206 Scan type : Quick Scan Total Scan Time : 00:07:59 Operating System Information Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601) UAC On - Limited User Memory items scanned : 749 Memory threats detected : 0 Registry items scanned : 63428 Registry threats detected : 0 File items scanned : 21475 File threats detected : 16 ADWARE.Tracking Cookie accounts.youtube.com [ C:\USERS\SHIRLEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7FFKC4L.DEFAULT\COOKIES.SQLITE ] accounts.google.com [ C:\USERS\SHIRLEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7FFKC4L.DEFAULT\COOKIES.SQLITE ] accounts.google.com [ C:\USERS\SHIRLEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7FFKC4L.DEFAULT\COOKIES.SQLITE ] .imrworldwide.com [ C:\USERS\SHIRLEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7FFKC4L.DEFAULT\COOKIES.SQLITE ] .imrworldwide.com [ C:\USERS\SHIRLEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7FFKC4L.DEFAULT\COOKIES.SQLITE ] .trackalyzer.com [ C:\USERS\SHIRLEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7FFKC4L.DEFAULT\COOKIES.SQLITE ] .s.clickability.com [ C:\USERS\SHIRLEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7FFKC4L.DEFAULT\COOKIES.SQLITE ] .s.clickability.com [ C:\USERS\SHIRLEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7FFKC4L.DEFAULT\COOKIES.SQLITE ] C:\Users\Shirley\AppData\Roaming\Microsoft\Windows\Cookies\1ST8EC77.txt [ /c.atdmt.com ] C:\Users\Shirley\AppData\Roaming\Microsoft\Windows\Cookies\GGV9FZ8O.txt [ /serving-sys.com ] C:\USERS\SHIRLEY\Cookies\1ST8EC77.txt [ Cookie:[emailprotected]/ ] C:\USERS\SHIRLEY\Cookies\GGV9FZ8O.txt [ Cookie:[emailprotected]/ ] .invitemedia.com [ C:\USERS\SHIRLEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .invitemedia.com [ C:\USERS\SHIRLEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] accounts.google.com [ C:\USERS\SHIRLEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] accounts.google.com [ C:\USERS\SHIRLEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] I tried running the online scan but it didn't work. I downloaded the scanner, clicked 'yes' to the security warning - but nothing happened afterwards. No alert from my antivirus, so I don't think that was blocking it. Do you know of any reason why this is the case?Quote SUPERAntiSpyware was different to how you described it in your instructions.That's possible. It's been some time since I've used it. Quote Once on the home screen, I checked the "Manage Quarantine" section, where the following were listed. I assume I should just check all 4 and delete?Yes, please do that. Quote Do you know of any reason why this is the case?This is the first time I've tried this scanner. I'll have to test it to see what's happening. Have you noticed any activity from MBAM?Okay, I deleted the 4 files. I've also ran a second scan (this is ~2 hours after the first) and a few more adware tracking cookies were found. I've deleted these as well. Does this mean these files were added to my computer in the 2 hours between doing the two scans? 2 of the newly found files were LABELLED "imrworldwide.com" - is this particularly malicious? I also haven't visited this site, so I'm guessing it's very common on a lot of other websites? Quote from: SuperDave on May 13, 2013, 06:49:48 PM Have you noticed any activity from MBAM?No activity - MBAM scans continue to come back with no threats found, and I haven't received any notifications of malicious IPs trying to gain access. I think this is due to the uninstalling (and then reinstalling) of Google Chrome. Once I did this, I haven't received any further notifications from MBAM. I will continue to monitor this and update you in the next couple of days. In the meantime, are there any further checks I should be carrying out? I run daily anti-virus and MBAM scans. Out of all the various different scans I've done since first starting this thread, which (if any) do you recommend I do at least once a day? I've just ran another scan and 13 new threats have popped up - all similar tracking cookies to the ones I've already deleted. Why do they keep coming back, and how can I stop this happening? Quote Does this mean these files were added to my computer in the 2 hours between doing the two scans? 2 of the newly found files were labelled "imrworldwide.com" - is this particularly malicious? IThat's possible to acquire those cookies. imrworldwide.com Quote In the meantime, are there any further checks I should be carrying out?Not at the moment. Quote I run daily anti-virus and MBAM scans. Out of all the various different scans I've done since first starting this thread, which (if any) do you recommend I do at least once a day?It shouldn't be necessary to do that every day. Quote Why do they keep coming back, and how can I stop this happening?What browser are you using?Quote from: SuperDave on May 14, 2013, 03:29:19 PM What browser are you using?I use Google Chrome and Firefox. I'd use Firefox for everything, but I prefer Chrome's layout + some sites run slowly on Firefox, but fine on Chrome. Is the issue using Google Chrome?Quote from: LiquidTension on May 14, 2013, 03:38:56 PM I use Google Chrome and Firefox. I'd use Firefox for everything, but I prefer Chrome's layout + some sites run slowly on Firefox, but fine on Chrome.Yes, it could be a security issue with Chrome. Check the options to raise the security level.Quote from: SuperDave on May 14, 2013, 04:18:52 PM Yes, it could be a security issue with Chrome. Check the options to raise the security level.I've set it to block any websites from setting data/cookies. Do you think this should the tracking cookies from being added? Where do you suggest I go from here? You mentioned clean up a couple of days ago? Quote I've set it to block any websites from setting data/cookies. Do you think this should the tracking cookies from being added?That should do it. Let's do some cleanup in the meantime. Click Start> Computer> right click the C Drive and choose Properties> enter Click Disk Cleanup from there. Click OK on the Disk Cleanup Screen. Click Yes on the Confirmation screen. This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive) ********************************************* Go to Microsoft Windows Update and get all critical updates. ---------- I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest IMMUNIZATIONS always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.Okay, thanks very much Dave. I've done the clean up as instructed above. I really appreciate all the help you've given me.Quote from: LiquidTension on May 15, 2013, 06:04:29 AM Okay, thanks very much Dave. I've done the clean up as instructed above. I really appreciate all the help you've given me.You're welcome. I will lock this thread. If you need it re-opened, please send me a pm. |
|