So day before yesterday my so called "friend" who is doing a hacking course, handed me a usb told to watch some video inside. I plugged it in, open the disk and saw the video file, you know the Icon on the lefthand side of the text which usually shows a pic of ur default video player, that icon was different, i ignored it and opened the file, the icon changed to VLC (my default) and video started playing but at the same time, malware and windows defender both caught a virus "backdoor.Pro.rat" or something like that. I quarantined and removed them. restarted pc. Scanned again found 1 or 2 different stuff. Repeated process then it was fine. Still did process a few more times. Is there any chance he somehow has access to my pc? He denied it outright but its too obvious and i was shocked as well as hurt. Do you think he really did have nothing to do with it? Also now everytime i open pc, malwarebytes finds this always "PUP.Optional.Default.Search". I always quarantine and remove. But its there everytime i start up. Any help?
Solution
i would start by downloading adwcleaner from bleeping computer.run a scan and get rid of anything it comes up with.it will generate a logfile when done.post the logfile in your next post.as well download and run a scan with junkware removal tool and get rid of anything it comes up with.post the log from this as well.these logs are important as they give us an idea of what we are up against.
http
/www.bleepingcomputer.com/download/adwcleaner/
http/www.bleepingcomputer.com/download/junkware-removal-tool/
oh and punch your friend in the head for me.
http
/www.bleepingcomputer.com/download/adwcleaner/http
/www.bleepingcomputer.com/download/junkware-removal-tool/oh and punch your friend in the head for me.
i would start by downloading adwcleaner from bleeping computer.run a scan and get rid of anything it comes up with.it will generate a logfile when done.post the logfile in your next post.as well download and run a scan with junkware removal tool and get rid of anything it comes up with.post the log from this as well.these logs are important as they give us an idea of what we are up against.
http/www.bleepingcomputer.com/download/adwcleaner/
http/www.bleepingcomputer.com/download/junkware-removal-tool/
oh and punch your friend in the head for me.
http
/www.bleepingcomputer.com/download/adwcleaner/http
/www.bleepingcomputer.com/download/junkware-removal-tool/oh and punch your friend in the head for me.
Thanks, My connection keeps going occasionally now. Either its him or im just paranoid. He lives in the same building as me btw. heres the adwcleaner report.
# AdwCleaner v3.310 - Report created 24/09/2014 at 16:43:23
# Updated 12/09/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : AHMED - AHMED-PC
# Running from : C:\Users\AHMED\Downloads\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
Service Deleted : hshld
[#] Service Deleted : hsstrayservice
Service Deleted : hsswd
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\hotspot shield
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\hotspot shield
Folder Deleted : C:\Program Files (x86)\hotspot shield
Folder Deleted : C:\Users\AHMED\AppData\Local\Temp\hotspot shield
Folder Deleted : C:\Users\AHMED\AppData\Roaming\hotspot shield
File Deleted : C:\END
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKCU\Software\anchorfree
Key Deleted : HKLM\SOFTWARE\hotspotshield
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\hotspotshield
***** [ Browsers ] *****
-\\ Internet Explorer v8.0.7601.17514
-\\ Mozilla Firefox v32.0.2 (x86 en-US)
[ File : C:\Users\AHMED\AppData\Roaming\Mozilla\Firefox\Profiles\bwpgqv6k.default\prefs.js ]
-\\ Google Chrome v31.0.1650.59
[ File : C:\Users\AHMED\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted [Search Provider] : hxxp/www.default-search.net/search?sid=503&aid=100&itype=n&ver=12692&tm=378&src=ds&p={searchTerms}
Deleted [Search Provider] : hxxp/en.softonic.com/s/{searchTerms}
Deleted [Search Provider] : hxxp/www.ask.com/web?q={searchTerms}
Deleted [Homepage] : hxxp/www.default-search.net?sid=503&aid=100&itype=n&ver=12692&tm=378&src=hmp
*************************
AdwCleaner[R0].txt - [1653 octets] - [24/09/2014 16:41:41]
AdwCleaner[S0].txt - [1826 octets] - [24/09/2014 16:43:23]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1886 octets] ##########
# AdwCleaner v3.310 - Report created 24/09/2014 at 16:43:23
# Updated 12/09/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : AHMED - AHMED-PC
# Running from : C:\Users\AHMED\Downloads\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
Service Deleted : hshld
[#] Service Deleted : hsstrayservice
Service Deleted : hsswd
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\hotspot shield
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\hotspot shield
Folder Deleted : C:\Program Files (x86)\hotspot shield
Folder Deleted : C:\Users\AHMED\AppData\Local\Temp\hotspot shield
Folder Deleted : C:\Users\AHMED\AppData\Roaming\hotspot shield
File Deleted : C:\END
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKCU\Software\anchorfree
Key Deleted : HKLM\SOFTWARE\hotspotshield
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\hotspotshield
***** [ Browsers ] *****
-\\ Internet Explorer v8.0.7601.17514
-\\ Mozilla Firefox v32.0.2 (x86 en-US)
[ File : C:\Users\AHMED\AppData\Roaming\Mozilla\Firefox\Profiles\bwpgqv6k.default\prefs.js ]
-\\ Google Chrome v31.0.1650.59
[ File : C:\Users\AHMED\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted [Search Provider] : hxxp
/www.default-search.net/search?sid=503&aid=100&itype=n&ver=12692&tm=378&src=ds&p={searchTerms}Deleted [Search Provider] : hxxp
/en.softonic.com/s/{searchTerms}Deleted [Search Provider] : hxxp
/www.ask.com/web?q={searchTerms}Deleted [Homepage] : hxxp
/www.default-search.net?sid=503&aid=100&itype=n&ver=12692&tm=378&src=hmp*************************
AdwCleaner[R0].txt - [1653 octets] - [24/09/2014 16:41:41]
AdwCleaner[S0].txt - [1826 octets] - [24/09/2014 16:43:23]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1886 octets] ##########
Here is the JRT Log.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.2.0 (09.22.2014:1)
OS: Windows 7 Ultimate x64
Ran by AHMED on Wed 09/24/2014 at 16:56:16.27
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\AHMED\AppData\Roaming\mozilla\firefox\profiles\bwpgqv6k.default\minidumps [2 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 09/24/2014 at 16:57:36.79
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.2.0 (09.22.2014:1)
OS: Windows 7 Ultimate x64
Ran by AHMED on Wed 09/24/2014 at 16:56:16.27
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\AHMED\AppData\Roaming\mozilla\firefox\profiles\bwpgqv6k.default\minidumps [2 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 09/24/2014 at 16:57:36.79
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
couple things on adwcleaner and nothing on jrt.do another scan with malwarebytes and post the log.also look thru your programs to make sure nothing has installed.look for some media player or optimization tool that you didnt install.as for your internet connection cutting out,is it wireless?do you have your own router,and what do you have to do to reconnect?
Ok i removed some programs, the internet is wired not wireless. Sometimes reset works sometimes it doesnt, it starts working in a while. Here is the malwarebytes log. Btw thanks for taking the time to help me.
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 9/25/2014
Scan Time: 7:28:15 AM
Logfile: MB log.txt
Administrator: Yes
Version: 2.00.2.1012
Malware Database: v2014.09.24.12
Rootkit Database: v2014.09.19.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: AHMED
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 347357
Time Elapsed: 4 min, 30 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 1
PUP.Optional.DefaultSearch.A, C:\Users\AHMED\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "homepage": "http/www.default-search.net?sid=503&aid=100&itype=n&ver=12692&tm=378&src=hmp",), ,[aece49a8314a69cdb3f198a7dd289d63]
Physical Sectors: 0
(No malicious items detected)
(end)
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 9/25/2014
Scan Time: 7:28:15 AM
Logfile: MB log.txt
Administrator: Yes
Version: 2.00.2.1012
Malware Database: v2014.09.24.12
Rootkit Database: v2014.09.19.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: AHMED
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 347357
Time Elapsed: 4 min, 30 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 1
PUP.Optional.DefaultSearch.A, C:\Users\AHMED\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "homepage": "http
/www.default-search.net?sid=503&aid=100&itype=n&ver=12692&tm=378&src=hmp",), ,[aece49a8314a69cdb3f198a7dd289d63]Physical Sectors: 0
(No malicious items detected)
(end)
Similar threads
- Question
TRENDING THREADS
-
-
Question Lenovo Yoga book 9i vs. Asus Zenbook duo
- Started by szcad
- Replies: 0
-
-
Question Question about if an older model laptop with upgraded parts will work as well for video editing
- Started by Reese Miller
- Replies: 3
-
-
-
Question Transferring iPhone 8 (iOS 14.5) to new 15: Upgrade 8’s iOS & best method of transfer
- Started by autozonejawana
- Replies: 0
Facebook
Twitter