A download started on my computer but I stopped it, how to locate and delete it?

Viruses and worms
1

Hi,

I was downloading what I thought was a game (a program) yesterday but the download behaved strangely, and it never asked me where to save it, and just auto started on its own after I clicked “Download” button on a website.

When I realized what was going on, it already downloaded about 25 mb onto my computer. I stopped the download but a part of it seems to have gone somewhere on my computer… :-\

I have no idea what this download is or where it went, since it never asked me. I am afraid this is malware…

What do I do?

Today, my computer crashed/froze all of a sudden and would not start up/boot up to even the BIOS. But after waiting a few hours, it worked again.

2

Attach your basic diagnostic logs. (MBAM and FRST)
Instructions: https://forum.avast.com/index.php?topic=194892

3

Check your download folder or pending downloads in your browser, this you should be able to clear if there is one

4

I don’t understand…what is MBAM and FRST.

I have no record of the aborted download, not in my browser or anywhere. I did use CCleaner with most of the default options checkmarked, to delete junk/cache files, and maybe it was included in the deletion?

I am on Windows 7 and was using Firefox latest version.

BTW, the image captcha is super hard and very annoying every time posting or even editing a post.

5
  1. Follow the link. :wink:
  2. Only needed for your first 3 posts. (Spam protection)
6
I don't understand....what is MBAM and FRST.
Did you click link and read instructions? .... i guess not
BTW, the image captcha is super hard and very annoying every time posting or even editing a post.
Forum spam protection, only first 3 posts
7

Ok, I did download and scan my desktop computer with MBAM.

But the instructions page says to “When the scan is complete, if threats are detected, make sure that everything is selected, click Remove Selected. Restart your computer when prompted to do so.”

But I see nowhere that says “Remove Selected”. Only Save Results or Quarantine Selected.

And the scan gave 902 potential threats

8

Sjees, read the instructions and attach the log files as they clearly say.

9

Then you select “Quarantine Selected” the wording may have been changed in latest MBAM version

10

Hey guys, sorry for being slow…

I’m not technically proficient like you are :stuck_out_tongue:

Anyway, here are the files generated by the two programs.

11

Malware experts are notified. It may be several hours before anyone is online

12

What is KMS doing on your system ?

13

What is KMS?

14

Windows OS / Office crack … are you using pirated software?

15

Well, I bought this machine cheap from the computer shop with Windows installed.

And I’m a freelancer.

So that’s all. As to all the interogations, are they included? ::slight_smile:

Cos if they are, I’d rather just reformat the whole machine then. :frowning:

To be honest, I’m quite shocked to see the amount of data that the files you ask people to upload actually reveal. And I wonder if that constitutes privacy breaches…

16

The best way to get infected is using pirated software, they don’t recive security updates and they may also include some extra unwanted software you don’t want

Let’s see what the malware expert say when he arrive

17

I suggest to install Windows from scratch and register it legally.

18

Did you personally configured proxy server settings in Firefox?

19

I’m not sure what you mean by configuring proxy settings in Firefox…
I have not touched that part in Firefox.

20
  • Open Notepad (click Start button → type notepad.exe → press Enter)
  • Copy text from code block below and paste it into Notepad
FF NetworkProxy: Mozilla\Firefox\Profiles\0yd7j2jx.default -> backup.ftp", "107.172.100.23"
FF NetworkProxy: Mozilla\Firefox\Profiles\0yd7j2jx.default -> backup.ftp_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\0yd7j2jx.default -> backup.socks", "107.172.100.23"
FF NetworkProxy: Mozilla\Firefox\Profiles\0yd7j2jx.default -> backup.socks_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\0yd7j2jx.default -> backup.ssl", "107.172.100.23"
FF NetworkProxy: Mozilla\Firefox\Profiles\0yd7j2jx.default -> backup.ssl_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\0yd7j2jx.default -> ftp", "107.172.100.23"
FF NetworkProxy: Mozilla\Firefox\Profiles\0yd7j2jx.default -> ftp_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\0yd7j2jx.default -> share_proxy_settings", true
FF NetworkProxy: Mozilla\Firefox\Profiles\0yd7j2jx.default -> socks", "107.172.100.23"
FF NetworkProxy: Mozilla\Firefox\Profiles\0yd7j2jx.default -> socks_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\0yd7j2jx.default -> ssl", "107.172.100.23"
FF NetworkProxy: Mozilla\Firefox\Profiles\0yd7j2jx.default -> ssl_port", 3128
  • Go to FileSave As
  • Make sure that UTF-8 is selected as Encoding (left side of Save button)
  • Save it as fixlist.txt on Desktop
  • Open again FRST and click on button Fix
  • Wait until FRST finishes
  • fixlog.txt should be genereted and opened. Attach it your post and wait further instructions.