Ok - first time poster here!!
I seem to be having some email issues. Emails are being received from my email address, some with viruses, some not, that I have not sent.
I am running Avast Internet Security (but I was running free until recently).
I have run scans, malware scans, and nothing shows.
My ISP advised to contact Avast to have my computer checked, as they believe my machine is somehow infected, but I’m not sure exactly how to go about that.
Can anyone advise me please??
Attach your basic diagnostic logs. (MBAM, FRST and aswMBR)
Instructions: https://forum.avast.com/index.php?topic=53253
Thank you
I hope these are right and attached correctly
You’re welcome, now you’ve to wait a bit…
I am currently reviewing you logs. In the meantime, please, change your login credential from a clean PC and refrain from using them from your own PC until I give a green signal.
Running from C:\Users\Kerrie\DownloadsPlease copy FRST64.exe to your Desktop.
[*]Step #1 P2P Warning
**IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.
[*]µTorrent
I shall provide you with a few reference links, please read them up to know the risks of having a P2P program.
[]P2P File-Sharing: Evaluate the Risks
[]ITSC: Risks in Peer-to-peer File Sharing
Note: Even if you are using a “safe” P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P file-sharing as a major conduit to spread their wares.
My recommendation is that you uninstall the programs listed above. If you choose not to remove them, please do not use them until this computer is clean.
[*]Step #2 Fix with FRST
Make sure that you still have FRST.exe on your Desktop. If you do not have it, download the suitable version from here to your Desktop.
[*]Open Notepad.exe. Do not use any other text editor software;
[*]Copy and Paste the contents inside the code-box to your Notepad –
Start
CreateRestorePoint:
CloseProcesses:
EmptyTemp:
Task: {1ED5D7A1-E332-4EC2-8C38-661660793AF5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-01-12] (Hewlett-Packard Company)
Task: {26D7B231-1E2A-401F-AC43-6BE9BB3D954E} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {3B84D48D-FB5A-4864-890C-4366822C0AA8} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {45C490DA-3580-44B9-B878-FD4C4623598C} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {89BB5069-6C41-4E8E-83C1-D830071732DB} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {EB217A4C-10CD-4686-9B84-3CCAD93EE8A0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
HKU\S-1-5-21-2805317252-4008846034-2108517499-1001\...\RunOnce: [Uninstall C:\Users\Kerrie\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Kerrie\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64"
SearchScopes: HKU\S-1-5-21-2805317252-4008846034-2108517499-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2805317252-4008846034-2108517499-1001 -> {DD194E27-A6B6-4FD5-A071-308D51A59EF3} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
End
[*]Click on File > Save as…
[list][*]Inside the File Name box type fixlist.txt
[*]From the Save as type drop down list, choose All Files
[*]Save the file to your Desktop;
[*]Re-run FRST.exe and click Fix;
[*]Note: If FRST advises there is a new updated version to be downloaded, do so/allow this.[]After the completion, a log will be produced;
[]Attach the log in your next reply.[/list]
[*]Step #3 ESET Online Scanner
Disable your security programs which includes but not limited to anti-virus, anti-malware, anti-spyware et cetera. Peruse this for additional information.
[*]Download esetsmartinstaller_enu.exe by clicking here.
[*]Right-click on the program and choose Run as administrator.
[*]Accept their terms and condition and proceed.
[*]Install Add-On/Active X if prompted.
[*]From the Computer Scan Setting –
[list][*]Enable detection of potentially unwanted application
[*]Click on Advanced Setting–
[]Check the following box –
[list][*]Remove Found Threats[/list]
[]Check the following boxes –
[list][*]Scan archives;
[*]Scan for potentially unsafe applications
[*]Enable Anti-Stealth Technology[/list]
[*]Click on Start and wait for the virus signature database to update.
[*]The online scan will begin automatically and can take several hours.
[*]Note: Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.
[*]After the Scan finishes –
[*]If no threats were found:
[list][*]Put a checkmark in Uninstall application on close.
[*]Close the program and report that nothing was found
[*]If threats were found:
[*]Open the file located in C:\Program Files\ESET\ESET Online Scanner\log.txt (32-bit) or C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt (64-bit).
[*]Attach the log file in your next reply.[/list][/list]
Note: Enable your security programs afterwards.
[*]Required Log(s):
[]FRST Fix Log
[]ESET Scan Log
Regards,
Valinorum
Thanks.
The FRST had no fix file and the ESET online scanner found no threats.
There should be a file named fixlog.txt in the same location as FRST64.exe.
nothing. should I run it again??
Did you perform the step correctly and clicked on Fix? Did your PC restart after the fix? If no, please do the step again otherwise attach a fresh FRST scan log.
ok - done again.
Clicked fix - no fixlist.txt file found
I have attached the new FRST log
Please re-read step 2. You are to create the fixlist.txt from the script I made and then perform the fix.
Thanks.
Fix log attached
So I have done that fix this morning.
I have changed my email password, I have changed my wi-fi password, I have changed my modem password.
Today - I have another 2 emails bounce back that I have not sent.
Any assistance would be appreciated.
Thank you
Is your PS connected via Router? If so, please, reset the Router.
If PS is desktop computer - then yes is connected to a wireless router.
By reset - just turn off and back on?? - or reset somewhere in the in settings??
Please excuse my lack of detailed knowledge, and again, thanks so much for your help.
What is the manufacturer’s name of your router? Normally there is a small hole beside the power button which has button that can be pressed with a pin/needle. It usually restores the router to its factory setting. Before commencing the operation, answer the question. I will include the instruction.
manufactured by Netgear
and will the reset to factory settings also restore original passwords as well??
Yes. Detailed instruction is here.