acker1
Member
Posts: 220 
Former World Start Member: Yes
|
Post by acker1 on Oct 4, 2017 0:49:50 GMT -5
Been running for 5 1/2 hrs and still running.I'm going to bed and will check it in the AM.
Goodnight.
|
|
|
|
Post by jholland1964 on Oct 4, 2017 7:06:46 GMT -5
Good heavens! Had not expected that! I had figured something over an hour maybe but not this long. If it is still running when you get up let me know if it shows that it has found anything thus far. Unbelievable.
|
|
acker1
Member
Posts: 220
Former World Start Member: Yes
|
Post by acker1 on Oct 4, 2017 11:33:34 GMT -5
Evidently her puter shuts off after no activity for awhile. Started running again when I checked this AM. It has found 3 threats so far.
|
|
|
|
Post by jholland1964 on Oct 4, 2017 11:48:56 GMT -5
Evidently her puter shuts off after no activity for awhile. Started running again when I checked this AM. It has found 3 threats so far. Then of course you want it to keep scanning. When you think about it you might jiggle the mouse or something so it won't shut down. The lid will have to stay open of course, the program will pause if you close the lid on a laptop. |
|
acker1
Member
Posts: 220
Former World Start Member: Yes
|
Post by acker1 on Oct 4, 2017 11:56:30 GMT -5
I had been jiggling the mouse but when I went to bed I closed the lid. OOOOPPPSSS!!
|
|
|
|
Post by jholland1964 on Oct 4, 2017 13:30:49 GMT -5
I had been jiggling the mouse but when I went to bed I closed the lid. OOOOPPPSSS!! Yep, that will do it. Keep that lid opened, especially since we now know there Are more infections to be removed. |
|
acker1
Member
Posts: 220
Former World Start Member: Yes
|
Post by acker1 on Oct 4, 2017 14:17:24 GMT -5
Malwarebytes www.malwarebytes.com-Log Details- Scan Date: 10/3/17 Scan Time: 7:06 PM Log File: d577bd58-a897-11e7-9688-74867a12633e.json Administrator: Yes -Software Information- Version: 3.2.2.2029 Components Version: 1.0.207 Update Package Version: 1.0.2943 License: Trial -System Information- OS: Windows 10 (Build 15063.632) CPU: x64 File System: NTFS User: MOTORHOME\Dave&Toni -Scan Summary- Scan Type: Custom Scan Result: Completed Objects Scanned: 371958 Threats Detected: 3 Threats Quarantined: 3 Time Elapsed: 17 hr, 12 min, 37 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 2 PUP.Optional.Amazon1Button, HKU\S-1-5-21-678669581-2268320024-4191454686-1001\SOFTWARE\APPDATALOW\SOFTWARE\AMAZON\Amazon1ButtonApp, Quarantined, [1488], [441167],1.0.2943 PUP.Optional.Amazon1Button, HKLM\SOFTWARE\WOW6432NODE\APPDATALOW\SOFTWARE\AMAZON\Amazon1ButtonApp, Quarantined, [1488], [441168],1.0.2943 Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 1 PUP.Optional.AdvancedSystemCare, C:\WINDOWS\SYSTEM32\REGISTRYDEFRAGBOOTTIME.EXE, Quarantined, [1210], [396386],1.0.2943 Physical Sector: 0 (No malicious items detected) (end) |
|
|
|
Post by jholland1964 on Oct 4, 2017 14:25:04 GMT -5
Isn't that amazing! See what I meant when I said that AdvancedSystemCare is extremely difficult to remove? This truly is the worst I have ever seen though.
|
|
acker1
Member
Posts: 220
Former World Start Member: Yes
|
Post by acker1 on Oct 4, 2017 14:28:43 GMT -5
Yup! It's a bad one! What next?
|
|
|
|
Post by jholland1964 on Oct 4, 2017 14:36:22 GMT -5
Yup! It's a bad one! What next? Honestly since AdwCleaner is not available I have no other suggestions. You might do one more manual search on the computer for IObit and also Advanced System Care. I would prefer that you be able to use AdwCleaner but they have not released a fixed version yet. |
|
acker1
Member
Posts: 220
Former World Start Member: Yes
|
Post by acker1 on Oct 4, 2017 14:43:46 GMT -5
Manual search?
|
|
|
|
Post by jholland1964 on Oct 4, 2017 14:48:11 GMT -5
Start, Search and then type in the white box there. Do these: IObit Advanced System Care BoostSoftware ASCDownloader Smart Defrag Driver Booster Scheduler If you find them let me know. Those ALL would be malware that AdwCleaner found but since the cleaning isn't working you couldn't get rid of them all. |
|
acker1
Member
Posts: 220
Former World Start Member: Yes
|
Post by acker1 on Oct 4, 2017 15:01:35 GMT -5
I checked each one and results say "see web results".
When this gets clean would it be OK to download Chrome again or teach her FF?
|
|
|
|
Post by jholland1964 on Oct 4, 2017 15:32:50 GMT -5
I checked each one and results say "see web results". When this gets clean would it be OK to download Chrome again or teach her FF? Not sure really what you mean by "teach her FF" A browser is a browser, they all work the same. They look different but basically the work exactly the same, they surf the internet. Firefox Calls Favorites Bookmarks, as does Chrome. She can use any browser she chooses. Much of her infection came from that IObit stuff, especially Advanced System Care but she definitely had some things downloaded on there from her surfing habits and the fact that she didn't have Chrome configured correctly to block 3rd party cookies. That is what ALL of those 12000+ items were in the SUPERAntispyware scan and they all came from Chrome. You do need to configure her FF to correctly block 3rd party cookies. Go to Tools, Options, Privacy & Security and use the settings shown in my attachment See attached* Attachments:
|
|
|
|
Post by budgall on Oct 4, 2017 15:42:06 GMT -5
I have to agree with Judy that until Malwarebytes releases an updated version of adwcleaner there nothing else to try. I would keep an eye out for the new release of adwcleaner and then run it and clean any found items
|
|
acker1
Member
Posts: 220
Former World Start Member: Yes
|
Post by acker1 on Oct 4, 2017 15:54:51 GMT -5
I had already done the 3rd party in FF. She likes Chrome because that is all she ever used. I'm going to set up FF for her. Hopefully she will try it. I will keep an eye out for the AdwCleaner update. We will be back on the road next wed. Hopefully it will be released before then.
Many thanks to both of you for the help.
DICK
|
|
|
|
Post by jholland1964 on Oct 4, 2017 16:56:51 GMT -5
I had already done the 3rd party in FF. She likes Chrome because that is all she ever used. I'm going to set up FF for her. Hopefully she will try it. I will keep an eye out for the AdwCleaner update. We will be back on the road next wed. Hopefully it will be released before then. Many thanks to both of you for the help. DICK They keep talking about a release, next month. So don't know it that is what's going to happen or not. Every thread on the Malwabytes forum and Toolslib forum concerning the problems with AdwCleaner all have PUP.Optional.Legacy listings in the logs. Some, like you, also have PUP.Optional.AdvancedSystemCare and all of the IOBit programs that were on this computer. You have physically removed all of those along with the Advanced System Care program. So I am guessing the only listings remaining are those in the Registry. But if there is no program remaining for them to point to or affect I "think" they could be classed as just dead listings which do nothing but sit there. We'll see what budgall thinks. |
|
|
|
Post by budgall on Oct 4, 2017 17:24:15 GMT -5
I will agree that the registry listing are/should be just dead listings and should not be a problem. There ways to find them and remove them but the risk you take vs the reward you get are not worth it in my opinion.
|
|
|
|
Post by jholland1964 on Oct 4, 2017 17:36:07 GMT -5
Add SpywareBlaster to her computer for added protection. www.brightfort.net/downloads/spywareblastersetup55.exeThis will give you the executable file, download and then double click. It will install and then update it and enable All Protection. Tell her she needs to check for updates every two weeks and if there are any updates to take them and then again hit Enable All Protection. Super program, I would never, ever run a computer without it. Does NOT run in the background and therefore interferes with nothing. But it offers superb protection that you really can't find anywhere else. If she wants Chrome then that is her option. I wouldn't use it but lots of people like it. 3rd party cookies Must be blocked www.google.com/chrome/browser/desktop/index.htmlCCleaner should be run once a week with the settings I gave you earlier. This will remove all the junk files so they won't have to be scanned by the security programs. After that then following scans Must be run, all programs Updated first of course; Make sure her McAfee runs a full scan automatically at least once a week. She should manually run a Malwarebytes 3 Threat Scan at least once a week. She should run a SUPERAntispyware Quick Scan at least once a week. |
|
acker1
Member
Posts: 220
Former World Start Member: Yes
|
Post by acker1 on Oct 4, 2017 21:23:14 GMT -5
Done. I printed your instructions for her also.
Many thanks,
DICK
|
|
|
|
Post by jholland1964 on Oct 4, 2017 21:29:49 GMT -5
Done. I printed your instructions for her also. Many thanks, DICK You're welcome. I will keep my eye out for a new version of AdwCleaner for her, because it should be run for sure. I never asked, does the computer seem to be running ok? |
|
acker1
Member
Posts: 220
Former World Start Member: Yes
|
Post by acker1 on Oct 4, 2017 21:56:11 GMT -5
Seems to be running OK.
When it comes out I'll probably have to talk her thru it from where ever we are at that time.
|
|
|
|
Post by jholland1964 on Oct 4, 2017 22:17:50 GMT -5
Glad it is running ok. Please tell her to leave that junk stuff alone and for heavens sake stay away from that "alleged" computer tech. No good computer tech would have installed that junk on her computer. I wonder if he charged her for it.
Those "programs" are all available in Free versions, BUT, to have them do much of anything you have to purchase the paid versions. Here are the prices of those we removed from her computer, ALL of them flagged as malware by multiple programs;
IObit Malware Fighter - $19.95
Advanced System Care - $19.95
Drive Booster - $22.95
Smart Defrag - Free.
With the exception of the software programs for two printers and her McAfee program, those 3 malware programs were the only 3rd party applications installed
So IF he charged her for them then she paid $62.85 for the software that infected her computer + whatever his general charge to just walk into his shop to have him check out her computer. Don't know what that was but where I live the lowest charge to walk in is $50.00. That charge would be normal and expected, the other three were a total rip off and essentially a scam. OR a way to get her to come back so he could then charge her to clean the malware off her computer. The guy is a crook.
Will let you know when the new AdwCleaner is available.
|
|
acker1
Member
Posts: 220
Former World Start Member: Yes
|
Post by acker1 on Oct 4, 2017 22:36:04 GMT -5
The guy was her granddaughter's boyfriend who was studying puters. He is out of the picture now.
Appreciate you letting me know when it comes out.
Too bad you don't live nearby---I'd buy you dinner!!!!!
DICK
|
|
|
|
Post by jholland1964 on Oct 4, 2017 22:43:02 GMT -5
The guy was her granddaughter's boyfriend who was studying puters. He is out of the picture now. Appreciate you letting me know when it comes out. Too bad you don't live nearby---I'd buy you dinner!!!!! DICK And if I lived nearby I would take you up on that dinner too!  Obviously it's good the boyfriend is out of the picture, her granddaughter certainly deserves better! If a guy would think nothing of ripping off his girlfriend's Grandma then he doesn't rank very high on the "Great Guy for your Granddaughter" list. Wonder what school he is attending, maybe the "Acme Computer School" like in the Roadrunner cartoons. |
|
acker1
Member
Posts: 220
Former World Start Member: Yes
|
Post by acker1 on Oct 4, 2017 23:20:40 GMT -5
LOL
|
|
acker1
Member
Posts: 220
Former World Start Member: Yes
|
Post by acker1 on Oct 9, 2017 14:56:21 GMT -5
Her Malwarebytes says her trial period is about to expire. She wants the free version. Do I need to uninstall MB and reinstall? I'll be going over there this evening. Last time before we hit the road again!!
Thanks
DICK
|
|
|
|
Post by budgall on Oct 9, 2017 14:59:54 GMT -5
I believe that it converts to the free version when the trial version expires.
|
|
acker1
Member
Posts: 220
Former World Start Member: Yes
|
Post by acker1 on Oct 10, 2017 10:43:54 GMT -5
I thought so but wanted to make sure,
Thanks
DICK
|
|
