Page 2 of 6 FirstFirst 1234 ... LastLast
Results 11 to 20 of 54

Thread: Security on new Win 7 64 Pro computer

  1. #11
    Join Date
    Aug 2006
    Location
    The Middle
    Age
    74
    Posts
    4,079
    You need to update MBA-M and run a Full Scan with it. Do nothing else while it's running, close each and every browser. If it finds something, remove it.
    Come back here with the log.
    The longer you wait, the worse it will get. Do you use Incredimail? With smileys and such? I don't see it installed but your mail sure does contain those, take a look at my print screen...plus your mail is LOADED with ads for Inbox mail.

    Where did you get the HiJackThis???? It was after you said you installed it that the ads began coming in the mails and the smilies began showing up.
    Click image for larger version. 

Name:	Ad from Inbox.jpg 
Views:	9 
Size:	19.4 KB 
ID:	2114Click image for larger version. 

Name:	smilie mails.jpg 
Views:	9 
Size:	33.8 KB 
ID:	2115

  2. #12
    Join Date
    Jun 2012
    Location
    Butte, MT
    Posts
    28
    I don't use Incrredimail.
    I'll change my password for inbox.
    Hijack This came from (http://majorgeeks.com/download3155.html)
    Malware is latest version.


    16 files detected:


    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.06.05.07

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Edward Shaw :: M8700 [administrator]

    6/5/2012 3:15:09 PM
    mbam-log-2012-06-05 (15-15-09).txt

    Scan type: Full scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 335707
    Time elapsed: 6 minute(s), 28 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 15
    HKCR\CrossriderApp0003491.BHO (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.
    HKCR\CrossriderApp0003491.BHO.1 (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.
    HKCR\CrossriderApp0003491.FBApi (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.
    HKCR\CrossriderApp0003491.FBApi.1 (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.
    HKCR\CrossriderApp0003491.Sandbox (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.
    HKCR\CrossriderApp0003491.Sandbox.1 (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.
    HKCU\Software\Cr_Installer\3491 (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
    HKCR\CLSID\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{44444444-4444-4444-4444-440044344491} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
    HKCR\Interface\{55555555-5555-5555-5555-550055345591} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext \Settings\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext \Stats\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext \PreApproved\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Program Files (x86)\Vid-Saver\Vid-Saver.dll (PUP.GamePlayLab) -> Quarantined and deleted successfully.

    (end)

  3. #13
    Join Date
    Jun 2012
    Location
    Butte, MT
    Posts
    28
    I see the Pace licensing software. I don't see any reason to keep it.
    Avast said successfully uninstalled back when you asked me to uninstalli it prior to DDS Scan
    Am I without firewall now?
    softwar
    Wait, it looks like PACE came in with a five hour Avid download. It is licensing software, I think. That would make sense since there are a lot of licensing concerns with Avid.

    Changed Inbox password. Also, could delete access to inbox from this machine if that might help.
    Last edited by ed_shaw; 06-06-2012 at 04:29 PM.

  4. #14
    Join Date
    Aug 2006
    Location
    The Middle
    Age
    74
    Posts
    4,079
    Hmmm...You play games I see, I know where all of this came from then. Possibly a web site called IncrediBar.com a known BAD web site and also know for installing all this junk like the toolbar, smilies, the ads in your email are from Inbox and Crawler.
    You need to do an online scan:

    http://www.eset.com/us/online-scanner/

    You can use Internet Explorer to complete this scan and you will need to allow an Active X to be installed or you may use Firefox
    * You will need to temporarily Disable your current Anti-virus program.
    * Be sure the option to Remove found threats is checked and the option to Scan unwanted applications is Checked.

    * When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt.
    Post back with the log.

  5. #15
    Join Date
    Jun 2012
    Location
    Butte, MT
    Posts
    28
    Yes, I found that interesting, too. Only thing is, I've never been to a gaming site in my life.
    I was looking to see if there were any dates on those infections. This machine was purchased from a high end gaming machine supplier, as you know, not for the purpose of gaming but to run the demanding Avid Suite for HD Video. Once the machine has been set up,it is unlikely that it will go on line for anything other than updates and occasional media fetches. It was assembled in Taiwan. In Los Angeles, the programs are added, and the various things are done to enhance performance. This one rates at about 7.7 over 7.9.
    You don't suppose a game or two might have been played in LA as part of the set up procedure, do you?
    When the machine arrived, it had a couple of quirks. The letter "T" was buggy, and it had a strange habit of resetting the speaker from stereo, where it worked, to surround sound, where it would not play right. I did a Windows reinstall at the suggestion of the techs, and that apparently cured that.

    The EST scan showed nothing unusual.

    I keep getting a regular audio duo tone, like you hear when software finishes loading. Is it trying to tell me to activate Defender or some such, do you know?



    ESETSmartInstaller@High as downloader log:
    all ok
    # version=7
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6583
    # api_version=3.0.2
    # EOSSerial=34b6d81aa9a0c0438b76eaf66c70843d
    # end=finished
    # remove_checked=true
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2012-06-05 11:17:17
    # local_time=2012-06-05 05:17:17 (-0700, Mountain Daylight Time)
    # country="United States"
    # lang=1033
    # osver=6.1.7601 NT Service Pack 1
    # compatibility_mode=5893 16776574 100 94 0 90481163 0 0
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # scanned=119062
    # found=0
    # cleaned=0
    # scan_time=523

  6. #16
    Join Date
    Aug 2006
    Location
    The Middle
    Age
    74
    Posts
    4,079
    This one rates at about 7.7 over 7.9.
    By who???
    I am telling you, I don't like the sound of ANY of this at all. Of course I have heard of some brand new computers with "maybe" one of these problems, after all machines of ANY kind, even computers can have problems when they are brand new, but certainly not this many and most definitely not having to reinstall the operating system within the first two weeks of ownership, and certainly not for the problem you had with the sound or the speakers. That type of problem would have likely been corrected with either new or re-adjusted speakers or the change or reinstall of the audio drivers. Audio problems usually have nothing to do with the operating system but with a faulty audio card, faulty audio driver or faulty speakers. Honestly I have never heard of the cause being the operating system.
    A "buggy" letter or key, certainly not unheard of and I don't find that especially suspect, could be something as simple as a piece of dust or packing material.
    You don't suppose a game or two might have been played in LA as part of the set up procedure, do you?
    If this is how they do their testing on a gaming machine then there is no way in a million years I would even consider purchasing a computer from this company. They wouldn't have to go to a questionable web site to test the gaming capabilities of the computer, they would have the games readily available right there for testing or use their own internal gaming test site. And if they HAD done any testing in this manner then they should have known immediately there was a problem with the audio and frankly possibly discovered the "buggy" key.

    The malware found, Adware.GamePlayLab and CrossFire.Gen collect browsing data from an affected user that is then utilized in order to serve targeted advertising to the user. The bulk of these were found in the registry, but one of them was found within a program called Vid-Saver.
    Did you install this program?

  7. #17
    Join Date
    Jun 2012
    Location
    Butte, MT
    Posts
    28
    Nido, Vid-Saver I wondered about myself. I use a video capture program on my Mac called Ambrosia. If it is available for Windows, that's what I would look at. With the exception of Avast and Avid, I don't remember downloading any software, just the Opera and Mozila. I could be wrong, but not about not downloading Vid-Saver. Also, I am seeing a download date of 5/16. I think the unit
    was in Los Angeles at that time. Here again, not sure what I am looking at in those logs.
    I uninstalled Vid-Saver.
    I started with this computer in the neighborhood of 5/25. Things are not adding up. I can't depend on my memory for particulars, because the whole thing has been a little stressful, but I thought I was out of the woods.
    Last edited by ed_shaw; 06-06-2012 at 07:15 PM.

  8. #18
    Join Date
    Aug 2006
    Location
    The Middle
    Age
    74
    Posts
    4,079
    What was the actual date that the computer was put into your hands?

  9. #19
    Join Date
    Aug 2006
    Location
    The Middle
    Age
    74
    Posts
    4,079
    Where are you seeing an install date for that program...in the Add/Remove on the computer because I don't see an install date in the logs.

  10. #20
    Join Date
    Jun 2012
    Location
    Butte, MT
    Posts
    28
    Shoot, I just uninstalled Vid-Save. Before I did I looked at > properties > general > date created and made a note
    on an index card 5/16
    Then I uninstalled it.
    To know for sure when I took delivery I would have to go to UPS. I can do that. Everything I have on record and can recall points to the 3rd week in May. I keep trying to find the earliest evidence and can't find anything much before that. Maybe the weekend of the 19th to be stretching it. Again, I would have to call UPS to prove anything.
    I am looking at an Avast license dated 5/26 and I remember I thought I had put off the license a little too long.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •