What are /r/computerviruses' favorite Products & Services?

From 3.5 billion Reddit comments

Your dad's USB (and possibly his machine) is infected with an autorun/VBS worm (known as Houdini or Dinihu), meaning it will spread to all removable drives, which in turn infect other machines etc.

Download on your desktop and run the tool Rem-VBSworm. Start the tool and insert your infected drive(s). Now use option A and wait. When it's finished, use option B and enter the letter (only the letter) and wait. Then, use option Q to quit the tool.

You will now be able to see and access your files again on your drive and the malware will be removed. Please post back the log which will open automatically.

Yes, it is possible and is common among malware, to avoid this:

• use a guest network, you can create one in your router settings
• Use a VPN, I personally use ProtonVPN, free unlimited bandwith.
• set up your firewall to block incoming connections from your virtual machines ip address, you can see what it is by opening command prompt as admin and typing ipconfig and looking at the IPv4 address in your virtual machine.
• Disable shared folders and clipboard.
• Keep your VM launcher up to date.

Seems like you have an infected dnsapi.dll. To solve this , please download RepairDNS, execute it and click GO. Reboot your machine. Now try using AdwCleaner to remove any other traces of adware.

It seems like you have contracted the latest version of TeslaCrypt. Do all your files suddenly have a .ccc or .vvv extension? If yes, then there's not much to do besides restoring from a back-up.

Please read this guide in order to possibly restore (some of) your files. Good luck!

This is either:

a) A pop-up from a website you visited or b) You have adware on your machine.

Run a scan with AdwCleaner and see if it solves your issue.

It is just a installer filled with crapware. Always choose advanced setup then it have to ask you if you want it. Can recommend https://sourceforge.net/projects/bulk-crap-uninstaller/ for removing the crapware. Else it seems the stuff just has to be removed 1 at a time nothing bad here.

From their site "Gimpshop.com is distributing the original unmodified software, obtained directly from GIMP's repository website, and does not modify it in any way. These installers comply with the original software manufacturer's policies and terms & conditions. DownloadAdmin™ is an install manager, which manages the installation of your chosen software. In addition to managing your download and installation, DownloadAdmin™will offer free popular software that you may be interested in. You are not required to install any additional software to complete your installation of your selected software. You can always completely remove the programs at any time in Windows' Add/Remove Programs."

https://www.gimpshop.com/uninstall look about the installation paragraf on the page.

Problem solved = Not a virus just the general crapware

Okay so the files keep coming back. I got an idea while searching around. Seems you can specify a folder and see what process changed something in it. This could be a way to know what creates those files. The utility is called process monitor: https://technet.microsoft.com/en-us/sysinternals/bb896645 I am not at my computer right now so I can not test run it so I can tell how to use it. I come online later and then I will try it.

Kristian818

Bleepingcomputers.com is a legitimate website and very helpful. If she is running windows Vista/7 I'd recommend trying a "Last known good configuration" then running malwarebytes. If it's XP then you can run a program called combofix. Be aware though that this program at times can delete things it shouldn't so you should be cautious. (They aren't permanently deleted, just moved into a quarantine). Then follow up with Malwarebytes.

Scan Report

Saucelabs Test on website

So i think it's not a virus.

Uhh i opened the rar.. Is that okay ? I didn't extract it though. http://www.filedropper.com/sample0620162231_1

I still couldn't login to facebook through Chrome. I used to have this weird extension that i couldn't remove but it was already gone.

You can see that in the log under the heading:

==== Creating Sample_062016_2231.zip======================

This contains a copy of the malware we cleaned. Please upload this file to FileDropper for example and send me the link (you can do this via PM if you wish). This way, I can investigate the files further.

How's the machine going at the moment, still experiencing issues?

browser_broker.exe is probably a malware . You should try ADWCleaner . It's very effective for adwares http://www.bleepingcomputer.com/download/adwcleaner/dl/125/

And edge keeps opening up because it's apparentely the default browser on your PC . that's why the shitty page opens with edge .

Hi! Please run a scan with FRST and upload the log on Pastebin for example.

You can download the tool from another machine and transfer it via a USB for example, as you don't need internet on the infected machine.

You're very likely to now have an infostealer or Bitcoin miner installed on your system.

Best way is to simply reinstall your machine, but if you're not up to that, run a scan with FRST and upload the log on Pastebin for example.

Run a scan with FRST and send me the results (upload to Pastebin for example).

In case you want to do some more work, check out the Official Malware Removal Guide.

Sometimes, the best and easiest case is to reinstall/format your machine, but with either of the steps above we should be able to fix it.

First of all, reboot your Wifi (router) by unplugging the power cable, wait a few seconds and re-plug.

Then, please run a scan with FRST on your machine and upload the log on Pastebin for example.

That's actually just explorer not loading.

To solve that, press CTRL + SHIT + ESC. This will open Task Manager. Click New Task or File > Run New Task and type 'explorer' without quotes.

Does that bring your desktop back?

Please run a scan with FRST and upload the log on Pastebin for example.

• Run AdwCleaner to get rid of any adware installed on your machine
• Install uBlock Origin for Chrome rather than Adblock or Adblock Plus (remove this first)

Let me know if this helps.

Good day,

Which virus was removed exactly and by which virusscanner? Do you know the name by any chance?

If not, please run a scan with FRST and post back the result.

Use AdwCleaner to remove it. You've been infected with adware which also loads a browser hijacker.

Are you logged in to Chrome and if so, are you logged in on other machines?

There's no sure way to tell without seeing the logs. You can run an extra scan with JRT, which is similar to AdwCleaner. Post that log.

Also, after that, reset your browser(s) to its default settings. Read how to do that here. That should get rid of it :)

Good day,

Run the tool Rem-VBSworm. Start the tool and insert your USB drive. Now use option A and wait. When it's finished, use option B and enter the letter (only the letter) and wait. Then, use option Q to quit the tool.

You will now be able to see and access your files again on your USB drive.

Good day,

Unfortunately there aren't many possibilities at restoring files encrypted by CTB-locker without the decryption key.

Take a look at this guide for possibly restoring your files: How to restore files encrypted by CTB Locker

No. But I do wonder why this is important.

I think you should get rid of it not matter what. Adware such as this one can have negative side effects like slowing down your system, and loading additional adware onto the system.

Run AdwCleaner by Malwarebytes Reset your browsers after that. Restart the computer and check if the problem persists

Create an Autoruns Log:

• Download Sysinternals Autoruns and save it to your desktop.
• Double-click Autoruns.exe to run it. Wait a few minutes.
• When it's finished, please click on the File button at the top of the program and select Save and choose to save it as an .arn file.
• Upload this file to FileDropper (if you wish, you can also send it to me via private message)

Also as a note: torrenting is illegal in most countries and there are, as you now know, a lot of fake torrents. If you wish to torrent, always double-check the files you downloaded.

• Download USBFix and run the program.
• Hold the Shift key on your keyboard and insert the USB drive into your PC.
• Click Run an Analysis.
• Click Scan USB Disks.
• After the scan is finished, if infected elements are found, press Clean All

I also came here searching for the answer to this one. I am running ESET Nod 32 Antivirus along with Malware Bytes. ESET cant clean it or delete it. Its annoying. I hope we find a solution to this issue 0 *Edit: Hey! I found a solution to our problem :) http://www.bleepingcomputer.com/forums/t/447651/fake-adobe-flash-player-installer-and-redirect-virus/

The program you have installed is classified as potentially unwanted software. These programs are not malicious, but can appear be on your computer without your consent. Some of them are known to deliver ads, bundle additional software, or have questionable privacy policies or simply browser hijacking as in your case.Here is what you can try on your own to get rid of it:

* Download and run https://www.malwarebytes.com/adwcleaner let it remove any adware and PUP

* Download and run https://download.eset.com/com/eset/tools/online\_scanner/latest/esetonlinescanner\_enu.exe

* Select a Full Scan

* Select Enable ESET to detect and quarantine potentially unwanted applications

* Restart the computer and check if the problem persists

I also found a security report on it and the link to the extension (.crx) file.

yes and yes

It's been like this for months but it hasn't really been causing any problems except in the past 2 weeks the internet has been way slower, everything struggles to load despite my laptop being connected to the internet via ethernet cable. I have tried re downloading chrome (from https://www.google.com/chrome/ ) I'm about to do it again but it hasn't gotten rid of the virus in the past.

If resting would make the internet work I'd do it but I'd have to move tons of pictures.

Try Revo Uninstaller to get rid of all its registry keys and files.

In the future, do not rush trough installing software, always make sure to check what youre accepting first, you can also try Unchecky https://unchecky.com/

Run Junkware Removal Tool, it detects and removes most ad-ware and gives you a log of what it removed. The tool takes about 5 minutes to complete:

http://www.bleepingcomputer.com/download/junkware-removal-tool/

Also, it's not a virus. It's a PUP or PUA. Potentially Unwanted Program/Application.

As an additional troubleshooting step you can also run a web based virus scan from within Safe Mode with networking on sites like this:

Live One Care

Trend Micro Housecall

This can be caused by malware or PUP (potentially unwanted programs) or it could be an entirely different issue. It is worth a try to scan your system for malware, e.g., using the free online scanner by ESET.

assuming this is a PC, step 1 is to clear any existing passwords: http://pogostick.net/~pnh/ntpasswd/

After you can login, you'll need to get to the root of the infection. This is a deep and wide hole, i can't even begin to tell you where to start without symptoms, but try malware bytes, or tools listed here: http://lifehacker.com/5227896/five-best-malware-removal-tools

Download the free version of RogueKiller

• Close any running programs.
• Double-click RogueKillerx64.exe to run the program.
• Follow the prompts. If a browser window opens, close the window.
• In the HOME tab, click Start Scan.
• Upon completion, a browser window may open. Close this window.
• Please do not have RogueKiller remove any detected items.
• Click the HISTORY tab, followed by Scan Reports.
• Double-click the scan log, and click Open TXT.
• Copy the log and post here

https://www.hybrid-analysis.com/sample/5f0a4d221bb1dd964f5cd04fe7251301106e789c393c0d389a8edc3224a94ff3

​

Looks like it's done. Should I reinstall Windows again after quarantine?

I researched this file and apparently, according to this report, it is some sort of malicious file. I kept digging, and apparently, Form1 is the default filename for a VB file, so it is basically some coding amateur trying to make a virus. I would say run a virus scanner, I recommend Malwarebytes, and remove it. If it still doesn't find it, run your computer in safe mode, and trying again. It should work.

This is the most info I have been able to find on this, but I dont get much out of this. But since ESET has started to detect and block the address, Chrome has become almost unuseable as it keeps trying to access the site at

IP 64.58.121.60

https://www.hybrid-Tanalysis.com/sample/35e60eabbf3abbdd9ea95d3adf1fb7f68075ec3e364165beca51675430838fde?environmentId=100

• Download and run AdwCleaner, let it remove any adware and PUP
• Download and run ESET online scanner
  • Select a Full Scan
  • Select Enable ESET to detect and quarantine potentially unwanted applications
• Reset your browsers, including Edge (even if you don't use it)
• Restart the computer and check if the problem persists

• Download and run AdwCleaner, let it remove any adware and PUP
• Download and run ESET online scanner
  • Select a Full Scan
  • Select Enable ESET to detect and quarantine potentially unwanted applications
• Restart the computer and check if the problem persists

Here is what you can try on your own to get rid of it:

• Download and run AdwCleaner, let it remove any adware and PUP
• Download and run ESET online scanner
  • Select a Full Scan
  • Select Enable ESET to detect and quarantine potentially unwanted applications
• Restart the computer and check if the problem persists

​If this didn't help, the slowdown might be caused by something else than adware or malware. It would require further steps to find the cause. But try the above first.

Got to Add or remove programs and see if you find Quick Driver Updater in the list and uninstall it.

Afterwards run Malwarebytes and AdwCleaner.

PUA = Potentially Unwanted Application.

Those are no serious malware, but mostly annoying, causing advertisments or installation of software you didn't agree to.

I suggest running something specialized in adware like AdwCleaner.

There is a number of programs that I could find via reverse Image search of the right-side icon:

• Spirograph
• MPEG 4 modifier
• Hyperfractal
• Multireplace
• Tibco Message admin
• Tcp Tool
• JMG Photo Printer
• Ultimate Scraper Pro
• FLV Extract
• MWSnap
• Account Number Check
• Greenshot
• WSUS Helper
• fuv
• AForge.NET

Some of these show up as cracked versions. Does any of those sound familiar to you? Or do you have an idea what other program caused this? If so, you should deinstall the program.

Furthermore, I suggest you run AdwCleaner and let it remove everything it finds.

Alright, download and run Adwcleaner https://www.malwarebytes.com/adwcleaner/.

If that doesnt work, copy and paste this onto the search bar and press enter

chrome://settings/syncSetup

Click on Deactivate to deactivate syncing, after that, uninstall chrome, then go to another browser such as edge and install it again (note: you will lose any saved sites, passwords etc)

It isnt enabled by default, you have to install it yourself, and I suggest ProtonVPN free for VPN, you can have it on for an unlimited amount of time and have pretty good privacy policies for a free VPN

Thanks for the suggestion. But I'm connected through an ethernet connection on my PC. I am also a ProtonVPN user for a long time. But I want to execute some phising sites and other viruses while being connected to the Internet and want to see if it is safe to install on my host system and other devices.
Can I use a guest network through the fact I'm using an ethernet connection? And would there be problems in my VM if I disable incoming connections through a firewall?

So basically, I got the VPN TunnelBear and shortly after, I deleted it. On all of my browsers, this site opened requiring me to go in the search bar and type a url. If I typed words, it would send me back to that site. I had to use to search words. Later, I realized that one of the pop ups you get when you download a file from the internet for the first time was “masked” by this “Your computer is low on memory” which only showed the close button. This is overall really annoying and if someone had a solution it would be much appreciated.

I use an iMac. If you need details about the computer, reply.

Edit: I just realized it was a file of the video that was made, not the video. I will update that in a sec.