So I downloaded a bogus file earlier and was suspicious it might be a rat. About an hour later a command prompt popped up asking something like "do you want to allow this program to make changes" and the program was Microsoft Windows. I clicked no and immediately shut the pc down. I think I was quick enough to stop the hacker from succeeding. I booted back up in safe mode and did a system restore from a week ago. Do you think that was enough to fix the problem? I really don't want to start from scratch.
help getting rid of r.a.t.
- Thread starter LoganP2
- Start date
Solution
mickypheonix
Honorable
- Mar 9, 2014
- 4,072
- 1
- 10,960
Hi LoganP2
i would suggest doing a virus scan
and also downloading and running malwarebytes
https://www.malwarebytes.org/lp/lp4/01/?gclid=COvFp8H1oL8CFdOCvQodhLMA6g
EDIT: system restore will not always work , some virus's embed themselves within system restore and with a restore you can still have a virus
i would suggest doing a virus scan
and also downloading and running malwarebytes
https://www.malwarebytes.org/lp/lp4/01/?gclid=COvFp8H1oL8CFdOCvQodhLMA6g
EDIT: system restore will not always work , some virus's embed themselves within system restore and with a restore you can still have a virus
mickypheonix
Honorable
- Mar 9, 2014
- 4,072
- 1
- 10,960
Scan done here is the results:
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 248503
Time Elapsed: 11 min, 22 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 3
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, , [1039a25d106a082e36cd8fe57b878b75],
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, , [1039a25d106a082e36cd8fe57b878b75],
PUP.Optional.Babylon.A, HKU\S-1-5-21-2973394227-3445379842-2605856872-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BABSOLUTION\Updater, , [26236798aad080b66d45b2f9dd268878],
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 9
PUP.Optional.Delta.A, C:\ProgramData\DSearchLink\DSearchLink.exe, , [ca7f09f6ec8e9a9cdfe46da6e321d52b],
PUP.Optional.Conduit.A, C:\Users\Jon\AppData\Local\Temp\SPSetup.exe, , [93b65ea19bdf68ce56ea27397b86946c],
PUP.Optional.SearchProtect.A, C:\Users\Jon\AppData\Local\Temp\nss5272.exe, , [bf8a6897b3c7d75fa9abe883d92801ff],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nshA595.exe, , [95b43cc3a7d3dc5ae470df8c7c85ce32],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsmE16D.exe, , [6edbf00f601ad85e084c0c5f22dfa65a],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsoFFDC.exe, , [5aef12ed0f6b181e4c087fec7e83e719],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsr9DE7.exe, , [6adf48b71e5c191d87cd02691ee314ec],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nssF4BF.exe, , [96b34cb37ffbb97d2f25402b7f82d12f],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nstF86.exe, , [d47553ac2b4fdd593f158cdf659ced13],
Physical Sectors: 0
(No malicious items detected)
Scan done here is the results:
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 248503
Time Elapsed: 11 min, 22 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 3
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, , [1039a25d106a082e36cd8fe57b878b75],
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, , [1039a25d106a082e36cd8fe57b878b75],
PUP.Optional.Babylon.A, HKU\S-1-5-21-2973394227-3445379842-2605856872-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BABSOLUTION\Updater, , [26236798aad080b66d45b2f9dd268878],
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 9
PUP.Optional.Delta.A, C:\ProgramData\DSearchLink\DSearchLink.exe, , [ca7f09f6ec8e9a9cdfe46da6e321d52b],
PUP.Optional.Conduit.A, C:\Users\Jon\AppData\Local\Temp\SPSetup.exe, , [93b65ea19bdf68ce56ea27397b86946c],
PUP.Optional.SearchProtect.A, C:\Users\Jon\AppData\Local\Temp\nss5272.exe, , [bf8a6897b3c7d75fa9abe883d92801ff],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nshA595.exe, , [95b43cc3a7d3dc5ae470df8c7c85ce32],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsmE16D.exe, , [6edbf00f601ad85e084c0c5f22dfa65a],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsoFFDC.exe, , [5aef12ed0f6b181e4c087fec7e83e719],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsr9DE7.exe, , [6adf48b71e5c191d87cd02691ee314ec],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nssF4BF.exe, , [96b34cb37ffbb97d2f25402b7f82d12f],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nstF86.exe, , [d47553ac2b4fdd593f158cdf659ced13],
Physical Sectors: 0
(No malicious items detected)
mickypheonix
Honorable
- Mar 9, 2014
- 4,072
- 1
- 10,960
Scan done here is the results:
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 248503
Time Elapsed: 11 min, 22 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 3
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, , [1039a25d106a082e36cd8fe57b878b75],
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, , [1039a25d106a082e36cd8fe57b878b75],
PUP.Optional.Babylon.A, HKU\S-1-5-21-2973394227-3445379842-2605856872-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BABSOLUTION\Updater, , [26236798aad080b66d45b2f9dd268878],
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 9
PUP.Optional.Delta.A, C:\ProgramData\DSearchLink\DSearchLink.exe, , [ca7f09f6ec8e9a9cdfe46da6e321d52b],
PUP.Optional.Conduit.A, C:\Users\Jon\AppData\Local\Temp\SPSetup.exe, , [93b65ea19bdf68ce56ea27397b86946c],
PUP.Optional.SearchProtect.A, C:\Users\Jon\AppData\Local\Temp\nss5272.exe, , [bf8a6897b3c7d75fa9abe883d92801ff],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nshA595.exe, , [95b43cc3a7d3dc5ae470df8c7c85ce32],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsmE16D.exe, , [6edbf00f601ad85e084c0c5f22dfa65a],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsoFFDC.exe, , [5aef12ed0f6b181e4c087fec7e83e719],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsr9DE7.exe, , [6adf48b71e5c191d87cd02691ee314ec],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nssF4BF.exe, , [96b34cb37ffbb97d2f25402b7f82d12f],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nstF86.exe, , [d47553ac2b4fdd593f158cdf659ced13],
Physical Sectors: 0
(No malicious items detected)
mickypheonix
Honorable
- Mar 9, 2014
- 4,072
- 1
- 10,960
remove all items found
http://www.malwareremovalguides.info/tag/pup-optional-babylon-a/
http://www.malwareremovalguides.info/pup-optional-delta-a-removal-guide/
http://www.malwareremovalguides.info/pup-optional-conduit-removal-intructions/
http://www.malwareremovalguides.info/pup-optional-searchprotect-a-removal-guide/
http://www.malwareremovalguides.info/tag/pup-optional-babylon-a/
http://www.malwareremovalguides.info/pup-optional-delta-a-removal-guide/
http://www.malwareremovalguides.info/pup-optional-conduit-removal-intructions/
http://www.malwareremovalguides.info/pup-optional-searchprotect-a-removal-guide/
mickypheonix
Honorable
- Mar 9, 2014
- 4,072
- 1
- 10,960
mickypheonix
Honorable
- Mar 9, 2014
- 4,072
- 1
- 10,960
mickypheonix
Honorable
- Mar 9, 2014
- 4,072
- 1
- 10,960
avg free is fine , i use it and highly recommend it , it does not always detect malware though so use malwarebytes now and again and you should be fine , another thing i use is zone alarms free firewall , everytime something wants to access the net or come in it throws up a window asking permission , it is one of the best free firewalls i have used
http://www.zonealarm.com/security/en-us/free-firewall-and-pro-antivirus.htm?oem=1520&cid=W200123&lid=en-au&source=G:AUS:B004:Firewall&medium=SEM-Upsell&content=G:AUS:B004:A002:Exact:U01:T033&term=zonealarm%20free%20firewall
http://www.zonealarm.com/security/en-us/free-firewall-and-pro-antivirus.htm?oem=1520&cid=W200123&lid=en-au&source=G:AUS:B004:Firewall&medium=SEM-Upsell&content=G:AUS:B004:A002:Exact:U01:T033&term=zonealarm%20free%20firewall
mickypheonix
Honorable
- Mar 9, 2014
- 4,072
- 1
- 10,960
TRENDING THREADS
-
Question Using cloning software for a dying HDD which shows only 10% health ?- Started by Mashuumatics
- Replies: 1
-
Question Wifi card speed fluctuating on my Lenovo Ideapad pro 5 16APH8- Started by sirdariush
- Replies: 6
-
News Windows 11 will reportedly display a watermark if your PC does not support AI requirements- Started by Admin
- Replies: 24
-
Question Recovering an old version of a Notepad file in Windows 10 ?- Started by MC72
- Replies: 2
-
Facebook
Twitter
Instagram