14
Jan
2017
A question about : A virus and trojan?
Avast seems to have found something last night, 2 things actually :
js.agent DHS
win32 RQA(tri)
After googling I think the 2nd one is the worse? Avast did a scan then a bootscan and sent them to the chest? I am running a malwarebyte scan now but it says my free trial has expired , but is doing a threat scan?
Any advice please.
Best answers:
- Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 16/01/2015
Scan Time: 06:18:10
Logfile: malware.txt
Administrator: Yes
Version: 2.00.4.1028
Malware Database: v2015.01.16.03
Rootkit Database: v2015.01.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Aaroncaz
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 415057
Time Elapsed: 59 min, 40 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
Processes: 0
(No malicious items detected)
Module - Can't seem to post a log from this newer version of malware, it did find some items which I have quarantined.
Just done another malware scan says no threats found? - Ok laptop and Sony Xperia z1 phone now seem to have ads in Russian! How can the phone be infected as well? Did scan in phone it's ok am now doing system restore on laptop it's taking a while us windows 8.1. Can someone help please.
- If everything is affected inc a phone your router could be high jacked, sending all connections to dodgy addresses. You could try a simple reset via the push a biro into the reset button process, reconnect via the default settings on the bottom of the router, then reset admin pw and wireless key to new complex passwords.
- Thanks the history log doesn't show anything, any details.
I also did a hard reset on xperia z1 and its still the same, when you open the app store its mostly in Russian. - this is the log
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 16/01/2015
Scan Time: 06:18:10
Logfile: mal44.txt
Administrator: Yes
Version: 2.00.4.1028
Malware Database: v2015.01.16.03
Rootkit Database: v2015.01.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Aaroncaz
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 415057
Time Elapsed: 59 min, 40 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 2
PUP.Optional.Searchya.A, C:\Users\Aaroncaz\AppData\Roaming\Searchya, Quarantined, [6aa9b642781177bfa92288e031d2b14f],
PUP.Optional.Searchya.A, C:\Users\Aaroncaz\AppData\Roaming\Searchya\UpdateP roc, Quarantined, [6aa9b642781177bfa92288e031d2b14f],
it doesn't show anything - Try adwarecleaner and JRT then malwarebytes again
https://toolslib.net/downloads/viewd.../1-adwcleaner/
https://www.bleepingcomputer.com/down...-removal-tool/ - My other laptop is the same, how can this be? Is it a multi virus? If I get rid on this laptop will it go on the other and smartphone?
- # AdwCleaner v4.107 - Report created 16/01/2015 at 22:57:56
# Updated 07/01/2015 by Xplode
# Database : 2015-01-13.2 [Live]
# Operating System : Windows 8.1 (64 bits)
# Username : Aaroncaz - CAROLAARON
# Running from : C:\Users\Aaroncaz\AppData\Local\Microsoft\Windows\ INetCache\IE\ZKVFO2IF\adwcleaner_4.107.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Users\Aaroncaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihc jkigck
***** [ Scheduled Tasks ] *****
Task Deleted : Searchya
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmj mplflapaojjnihcjkigck
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ams1.ib.adnxs.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\fra1.ib.adnxs.com
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17416
-\\ Mozilla Firefox v34.0.5 (x86 en-GB)
-\\ Google Chrome v39.0.2171.99
[C:\Users\Aaroncaz\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
*************************
AdwCleaner[R0].txt - [1738 octets] - [16/01/2015 22:54:07]
AdwCleaner[S0].txt - [1675 octets] - [16/01/2015 22:57:56]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1735 octets] ########## - Its a netgear router
- Looking at the adwarecleaner log it looks like at least you have searchya, at least, on there look here https://malwaretips.com/blogs/searchya-removal/
- Lets do a quick check on your DNS first (or on we could do this on your other computer)
Open up a cmd prompt and type the bits in red and then paste the results
Code: - Microsoft Windows [Version 6.3.9600]
(c) 2013 Microsoft Corporation. All rights reserved.
C:\Users\Aaroncaz>nslookup www.microsoftstore.com
Server: UnKnown
Address: 192.168.1.1
Non-authoritative answer:
Name: e3591.a.akamaiedge.net
Address: 23.74.126.162
Aliases: www.microsoftstore.com
www.microsoftstore.com.edgekey.net
C:\Users\Aaroncaz> - Microsoft Windows [Version 6.3.9600]
(c) 2013 Microsoft Corporation. All rights reserved.
C:\Users\Aaroncaz>nslookup www.microsoftstore/co.uk
Server: UnKnown
Address: 192.168.1.1
Non-authoritative answer:
Name: www.microsoftstore/co.uk
Address: 81.200.64.50
C:\Users\Aaroncaz>
Category:
- 643 reads