Author Topic: [In Progress] Slow performance, inadvertently clicked on suspcious link in email  (Read 579 times)

Offline Vickster3659

  • Bronze Member
  • Posts: 139
Hi,
I am still not receiving the emails.  Here is the scan log:

Emsisoft Emergency Kit - Version 2017.10
Last update: 11/9/2017 7:10:03 PM
User account: DESKTOP-FO3J22O\Vicks
Computer name: DESKTOP-FO3J22O
OS version: Windows 10x64

Scan settings:

Scan type: Custom Scan
Objects: Rootkits, Memory, Traces, C:\

Detect PUPs: On
Scan archives: On
Scan mail archives: Off
ADS Scan: On
File extension filter: Off
Direct disk access: Off

Scan start:   11/9/2017 7:25:06 PM
C:\Program Files\CCleaner\trz4561.tmp    detected: Backdoor.CCHack (A) [290413]
C:\Users\Vicks\Downloads\ccsetup533.exe    detected: Backdoor.Agent.ABXS (B) [krnl.xmd]

Scanned   311668
Found   2

Scan end:   11/9/2017 9:05:49 PM
Scan time:   1:40:43

C:\Users\Vicks\Downloads\ccsetup533.exe    Backdoor.Agent.ABXS (B)
C:\Program Files\CCleaner\trz4561.tmp    Backdoor.CCHack (A)

Quarantined   2

Thanks! Vickster3659

Offline seedy21

  • Malware Removal Staff
  • Gold Member
  • Posts: 2420
Thanks for the update Vickster3659. I will ask one of the Admins to have a look into your profile settings.

And finally I'd like us to scan your machine with ESET OnlineScan:
  • It is recommended to turn off your antivirus program. Click on the button to see which antivirus is currently enabled:

  • Turn off your antivirus program. See here how to do this.
  • Check the option beside: Enable detection of potentially unwanted applications.
  • Now click on Advanced Settings and make sure that the option Clean threats automatically is NOT checked, and select the following:
Enable detection of potentially unsafe applications
Enable detection of suspicious applications
Scan archives
Enable Anti-Stealth Technology
  • Click on the Change button and select only Operating memory, Autostart locations and drive C:\ to be scanned.

  • Push the button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

  • When the scan completes a list of found threats will open automatically (if any malicious files are found).

  • Push the button and save the file to your desktop using a unique name, such as ESETScan.txt. Include the contents of this report in your next reply.
  • Push the button.
  • Check the box beside to uninstall the application when closed.
  • Push and the close the application clicking the X in upper right corner.
It's only after we've lost everything that we're free to do anything.
― Chuck Palahniuk, Fight Club

Offline Vickster3659

  • Bronze Member
  • Posts: 139
Good morning,  here is the eset scan:
C:\Users\Vicks\Downloads\ccsetup522.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application   
C:\Users\Vicks\Downloads\ccsetup523.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application   
C:\Users\Vicks\Downloads\ccsetup524.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application   
C:\Users\Vicks\Downloads\ccsetup526.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application   
C:\Users\Vicks\Downloads\ccsetup527.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application   
C:\Users\Vicks\Downloads\ccsetup528.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application   
C:\Users\Vicks\Downloads\ccsetup529.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application   
C:\Users\Vicks\Downloads\ccsetup530.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application   
C:\Users\Vicks\Downloads\ccsetup531.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application   
C:\Users\Vicks\Downloads\ccsetup532.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application   
C:\Users\Vicks\Downloads\ccsetup535.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application   


It seems my issues are coming from ccleaner.....should I not use it anymore?  When I had issues with older systems, ccleaner was one of the tools I was told to use

Thanks,
Vickster3659

Offline seedy21

  • Malware Removal Staff
  • Gold Member
  • Posts: 2420
Hi Vickster3659


Quote
It seems my issues are coming from ccleaner.....should I not use it anymore? 

Using it as a cleaner is fine, but I wouldn't recommend using the Registry Cleaner. CCleaner did get hacked and some malicous code was added to one of its versions (https://www.pcworld.com/article/3225407/security/ccleaner-downloads-infected-malware.html), but they have fixed the issue.

The machine looks clean, do you have any further issues?

Thanks

It's only after we've lost everything that we're free to do anything.
― Chuck Palahniuk, Fight Club

Offline Vickster3659

  • Bronze Member
  • Posts: 139
Hi Seedy21,
So with that last tool you had me use, you instructed: Push the do not clean button. Doesn't this mean I still have the infection? 
Thanks,
Vickster3659

Offline seedy21

  • Malware Removal Staff
  • Gold Member
  • Posts: 2420
Hi Vickster3659

So with that last tool you had me use, you instructed: Push the do not clean button. Doesn't this mean I still have the infection? 

The Infected version of the installer was 5.33. As Emsisoft quarantined this the other versions of the software should be fine to use. The reason it got detected by ESET is CCleaner comes bundle with some other Installers for programs people may not need or want.

Do you have any further issues with your machine?

Thanks
It's only after we've lost everything that we're free to do anything.
― Chuck Palahniuk, Fight Club

Offline Vickster3659

  • Bronze Member
  • Posts: 139
Thank you! It is better.  This was not the best computer to purchase, but it fit the budget at the time.  One thing I am still not thrilled with is the start up time.  I'm sure it's because of some apps I installed upon purchase (printer, for instance).  Would you be able to assist with clearing some unnecessary start up processes?

Offline seedy21

  • Malware Removal Staff
  • Gold Member
  • Posts: 2420
Hi Vickster3659

Excellent. I would first suggest looking at the programs you have installed and remove any of them you don't use. For Example Citrix Receiver and Spotifiy both have start up calls to start the program when your machine boots up.

Let me know how you get on with this.

Thanks
It's only after we've lost everything that we're free to do anything.
― Chuck Palahniuk, Fight Club

Offline Vickster3659

  • Bronze Member
  • Posts: 139
Thank you.  I deleted both those programs.  Those are about the only ones I wasn't really using.

Offline Vickster3659

  • Bronze Member
  • Posts: 139
Hi Seedy21,
After deleting both apps, still a bit slow on startup, and also would be great if you can make suggestions on speeding up Chrome, as it takes a while to load.
Thanks,
Vickster3659

Offline seedy21

  • Malware Removal Staff
  • Gold Member
  • Posts: 2420
Hi Vickster3659

Please run disk defrag on your machine and let me know how this goes.

https://support.microsoft.com/en-us/help/4026701/windows-defragment-your-windows-10-pc

It's only after we've lost everything that we're free to do anything.
― Chuck Palahniuk, Fight Club

Offline Vickster3659

  • Bronze Member
  • Posts: 139
Hi Seedy21,
OMG!  My laptop is so much better now!  I've run defrag before, but it never helped as much as it did this time.  Must have been the bug, and the two apps I deleted that were really dragging it down.
Thank you so much for your assistance!
Vickster3659

Offline seedy21

  • Malware Removal Staff
  • Gold Member
  • Posts: 2420
If you have no further problems you can uninstall the tools we have used and follow this advice :-

Remove Tools Used :

Clean up with Delfix
Download "Delfix by Xplode" and save it to your desktop.
  • Double Click to start the program
If you are using Vista or higher, please right-click and choose run as administrator
Make Sure the following items are checked:
  • Remove disinfection tools
  • Create registry backup
Now click on " Run " and wait patiently until the tool have completed.

The tool will create a log when it has completed. We don't need you to post this.

Make Sure Automatic Updates Are Turn On :

Turn On Automatic Updates

1. Click Start, click Run, type sysdm.cpl, and then press ENTER.
2. Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them


Make your Internet Explorer more secure:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Under Security Level for this Zone make sure that you are set to Medium -High as seen in the image below:-


  • Also verify that Enable Protected Mode is checked
  • Next press the Apply button and then the OK to exit the Internet Properties page.

    Finally I would highly advice you to read this topic Best Practices for Safe Computing - Tips to protect yourself against malware infection

    If you have any problems you know where we are :)
[/list]
It's only after we've lost everything that we're free to do anything.
― Chuck Palahniuk, Fight Club

Offline Vickster3659

  • Bronze Member
  • Posts: 139
Hi Seedy21,
The link here Download "Delfix by Xplode" and save it to your desktop. is giving me the following error message:

This site cant be reached

general-changelog-team.frs server DNS address could not be found.
DNS_PROBE_FINISHED_NXDOMAIN

Thanks,
Vickster3659

Offline seedy21

  • Malware Removal Staff
  • Gold Member
  • Posts: 2420
Hi Vickster3659

Sorry for the confusion. Please go to HERE instead.

Thanks
It's only after we've lost everything that we're free to do anything.
― Chuck Palahniuk, Fight Club