Tech Support Forum banner
Status
Not open for further replies.

picked up malware from amazon

SOLVED 
2K views 13 replies 2 participants last post by  Gary R 
#1 ·
Although hate ordering from amazon for multiple reasons, had to yesterday. I was checking out and it asked me to add-on to my browser (Firefox) an add-on about delivery (since they never deliver as instructed and rarely get my packages I downloaded the add-on but went to Firefox to get it). I scanned with Malwarebyts shortly after and it found a PUP and quarantined it.

I immediately tried to post but every time I attached the FRST additon.txt I would get error message:


Sorry, you have been blocked
You are unable to access techsupportforum.com
Why have I been blocked?

This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
What can I do to resolve this?

You can email the site owner to let them know you were blocked. Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

Cloudflare Ray ID: 57f9755bbd99fdb1 Your IP: 174.21.149.170 Performance & security by Cloudflare

A different number later:

Cloudflare Ray ID: 57fe01a01a10fda5 Your IP: 174.21.149.170 Performance & security by Cloudflare

Then I tried to post without Addition.txt and pasted the FRST.txt and got similar error message without number.

So, I can't seem to post any of the FRST results, without being barred from posting.

I do think I have a thumb drive with windows 10 on it.
 

Attachments

See less See more
1
#2 ·
Try zipping your FRST and Addition logs before attaching them to your next reply to this topic.

If you're still being blocked when you try to do this, please let me know.

On the matter or PUPs .... PUP stands for Potentially Unwanted Programs .... please note the word Potentially.

Not all PUPs are unwanted, some may be actually be useful to some people, it's up to the individual concerned to determine whether they are or not.

So just because Malwarebytes has detected one, does not necessarily mean that it needs removing.

You can set Malwarebytes just to warn you when it detects a PUP, that way you get to decide whether they get removed or not.

To do that ...

  • With Malwarebytes open, click on the Gearwheel to open Settings
  • Now click on Security
  • Scroll down to Potentially Unwanted Items
  • Change Detect Potentially Unwanted Programs (PUPs) from Always to Warn
 
#5 ·
No signs of any Malware in your logs. There's a couple of files I'd like to run a scan on at VirusTotal just to make sure, but it is just a precaution, and I don't really expect either of them to test positive. There's also an ADS file running from a temp location that can be deleted. Files of this type are normally deleted by the program that created them, but in this case that doesn't appear to have happened, so we'll remove it with FRST.

So .....

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
  • Press Ctrl+y (Ctrl and y keys at the same time)
  • A blank randomly named .txt Notepad file will open.
  • Copy and paste the following into it ....
Code:
VirusTotal: C:\WINDOWS\System32\drivers\BthA2dp.sys;C:\WINDOWS\system32\rdpnano.dll

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [143]
  • Press Ctrl+s to save fixlist.txt
NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Now press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
  • Please post me the log
 
#7 ·
Fix result of Farbar Recovery Scan Tool (x64) Version: 05-04-2020
Ran by 93 (07-04-2020 12:33:27) Run:1
Running from C:\Users\93\Desktop
Loaded Profiles: 93 (Available Profiles: 93 & 4 & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
VirusTotal: C:\WINDOWS\System32\drivers\BthA2dp.sys;C:\WINDOWS\system32\rdpnano.dll

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [143]
*****************

VirusTotal: C:\WINDOWS\System32\drivers\BthA2dp.sys => https://www.virustotal.com/file/8b0...18ff165f2c14439bd8fb569a/analysis/1586284653/
VirusTotal: C:\WINDOWS\system32\rdpnano.dll => https://www.virustotal.com/file/b28...73ebf279df9b35eccbb06825/analysis/1585955228/
C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully

==== End of Fixlog 12:33:28 ====
 
#8 ·
Well, as I expected, the two files were clean, so unless you're experiencing any abnormal behaviour from your computer, I think it's reasonable to assume that you do not have an active infection on your machine.

We could run an online scan to double check if you wish, but I would be surprised if it found anything amiss. Please let me know if you want to do that.

If not ....

To uninstall FRST and remove all its files, please do the following ...

  • Rename FRST64.exe to Uninstall.exe
  • Double click on Uninstall.exe to launch it.
    • Your computer will reboot, and on reboot will remove FRST and all its files.
 
#9 ·
Thank you -- Gary R.

Since malwarebytes quarantined the PUP the computer is a bit buggy. Should I un-quarantine it? Then uninstall it from ad-onns?

Yes, I think I'd like to run an online (maybe after unquarantining the PUP and uninstalling just to be sure) -- I usually do ESET online monthly -- so would you recommend another or just ESET?
 
#10 ·
Yes, I'd unquarantine it first, and see if that improves your computer's stability. Once you've established that it does, then you can uninstall it from add-ons.

If your computer still acts buggy when you've unquarantined it, don't do anything else, just let me know.

ESET is the online scanner I would have recommended, so if you want to run a scan, and you're comfortable doing it without instruction from me, then by all means go ahead, and when finished post me the scan results.
 
#11 ·
Thank you -- Gary R.

I unquarantined the file; however, it disappeared, never showed back up as an add-on. I can't remember the correct Amazon add-on name, but only have a translation and security add-ons now, as usual.

I ran ESET online, and as you said the computer is clean.

I'll let you know if it still acts buggy; hoping it's OK.

Thank you very much.
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top