![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
So I was just using my computer normally as always and fake anti-virus windows starting popping up out of no where and all applications were being blocked from opening. I didn't have any anti-virus or malware software installed because I hadn't contracted a virus on any of my computers in many years.
This might have happened because Firefox asked me to do an update today and I declined, I figured I would just do it later. There might be some security problems with it that were recently uncovered or something. I also downloaded a couple of videos from a public torrent site, but I never opened them and all scans now of the files come up clean.
Rebooting into safe mode with networking still didn't get my browsers to connect to the internet so I got on my laptop and downloaded rkill and malwarebytes and ccleaner. I put them on a thumb drive and installed them on my desktop. Once everything was removed, my browsers were not able to connect to the internet, I tracked this down to the proxy settings.
The virus must have messed with windows proxy settings. So in Windows 7 proxy settings I just unchecked all boxes in Start>Control Panel>Network and Internet>Internet Options>Connections>LAN settings. Now the browsers are working fine.
I have a few questions.
1.) What are the default proxy settings in Windows 7, should all of those boxes be unchecked like I have them now?
2.) Is there anything else the virus could have screwed with that I should check?
3.) Should I reformat now just to be safe? My computer seems fine now. What do you guys think?
Here is my Malwarebytes log:
This might have happened because Firefox asked me to do an update today and I declined, I figured I would just do it later. There might be some security problems with it that were recently uncovered or something. I also downloaded a couple of videos from a public torrent site, but I never opened them and all scans now of the files come up clean.
Rebooting into safe mode with networking still didn't get my browsers to connect to the internet so I got on my laptop and downloaded rkill and malwarebytes and ccleaner. I put them on a thumb drive and installed them on my desktop. Once everything was removed, my browsers were not able to connect to the internet, I tracked this down to the proxy settings.
The virus must have messed with windows proxy settings. So in Windows 7 proxy settings I just unchecked all boxes in Start>Control Panel>Network and Internet>Internet Options>Connections>LAN settings. Now the browsers are working fine.
I have a few questions.
1.) What are the default proxy settings in Windows 7, should all of those boxes be unchecked like I have them now?
2.) Is there anything else the virus could have screwed with that I should check?
3.) Should I reformat now just to be safe? My computer seems fine now. What do you guys think?
Here is my Malwarebytes log:
Code:
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{84c3c236-f588-4c93-84f4-147b2abbe67b} (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{7b6a2552-e65b-4a9e-add4-c45577ffd8fd} (Adware.EZLife) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Zugo (Adware.Zugo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$NtUninstallMTF1011$ (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\AVSolution (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c87afc96-4335-4937-97a1-850569f91817} (Adware.AdRotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c87afc96-4335-4937-97a1-850569f91817} (Adware.AdRotator) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\edqxyrtm (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ewrgetuj (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mchk (Trojan.Adware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ibinuqiruhaku (Trojan.Agent.U) -> Delete on reboot.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Windows\$NtUninstallMTF1011$ (Adware.Adrotator) -> Quarantined and deleted successfully.
Files Infected:
C:\Users\JTik\AppData\Local\rrjiqybre\prnlndstssd.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\JTik\AppData\Local\Temp\geurge.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Windows\System32\mmggp.exe (Trojan.Adware) -> Quarantined and deleted successfully.
C:\Windows\System32\net.net (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\JTik\AppData\Local\Temp\jqylg.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\Users\JTik\AppData\Local\Temp\rasxmeowcn.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\JTik\AppData\Local\Temp\texn.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\JTik\AppData\Local\Temp\wnxscarome.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Windows\$NtUninstallMTF1011$\apUninstall.exe (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\Windows\$NtUninstallMTF1011$\zrpt.xml (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\Users\JTik\AppData\Local\ufofoxoqo.dll (Trojan.Agent.U) -> Delete on reboot.
C:\Windows\SysWOW64\vmggp.dll (Adware.AdRotator) -> Quarantined and deleted successfully.