 You don't need to be an 'investor' to invest in Singletrack: 6 days left: 95% of target - Find out more
I think the best thing to do is to take my laptop to someone to get it fixed but i am not sure who to trust and how to find them. The other option seems to be following instructions like those in this blog
http://blog.removevirusnow.org/m51-dnsqa-me-removal/
which is not easy. I have already, cack-handedly given a go to deleting registry keys related to the virus following advice such as that in the link but i kind of lost my nerve a bit as i am out of my depth.
probably a bank holiday weekend isn't a good time to ask about this!
Go to Malwarebytes.org, download and run MBAM, say 'no thanks' to the trial. Post the log here when done.
Thanks, i have already got malwarebytes and have been doing regular scans since infection, should i do a scan or post the history of quarantined objects?
um,which is to say that i have the free trial installed. i keep getting messages from malwarebytes saying 'malicious website blocked'. should i uninstall mwb so i can the go back to the beginning and follow your advice?
Yes, as per Cougar.
Cougar - Moderator
Go to Malwarebytes.org, download and run MBAM, say 'no thanks' to the trial. Post the log here when done.
You can also scan in Safe Mode (press F8 upon rebooting).
i unistalled and re-downloaded but it still says i have a trial. anyway, its doing s scan now
Trial is fine (that's what I was suggesting, sorry if I wasn't clear).
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 25/03/2016
Scan Time: 16:01
Logfile: malware log1.txt
Administrator: Yes
Version: 2.2.1.1043
Malware Database: v2016.03.25.03
Rootkit Database: v2016.03.12.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 10
CPU: x64
File System: NTFS
User: [redacted]
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 361154
Time Elapsed: 6 min, 3 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
Malwarebytes Anti-Malware
www.malwarebytes.org
Protection, 25/03/2016 15:54, SYSTEM, DESKTOP-39C8CFA, Protection, Malicious Website Protection, Stopping,
Protection, 25/03/2016 15:54, SYSTEM, DESKTOP-39C8CFA, Protection, Malicious Website Protection, Stopped,
Protection, 25/03/2016 15:54, SYSTEM, DESKTOP-39C8CFA, Protection, Malware Protection, Stopping,
Protection, 25/03/2016 15:54, SYSTEM, DESKTOP-39C8CFA, Protection, Malware Protection, Stopped,
Protection, 25/03/2016 16:01, SYSTEM, DESKTOP-39C8CFA, Protection, Malware Protection, Starting,
Protection, 25/03/2016 16:01, SYSTEM, DESKTOP-39C8CFA, Protection, Malware Protection, Started,
Protection, 25/03/2016 16:01, SYSTEM, DESKTOP-39C8CFA, Protection, Malicious Website Protection, Starting,
Protection, 25/03/2016 16:01, SYSTEM, DESKTOP-39C8CFA, Protection, Malicious Website Protection, Started,
Update, 25/03/2016 16:01, SYSTEM, DESKTOP-39C8CFA, Manual, Rootkit Database, 2016.2.8.1, 2016.3.12.1,
Update, 25/03/2016 16:01, SYSTEM, DESKTOP-39C8CFA, Manual, Remediation Database, 2016.2.12.1, 2016.3.24.1,
Update, 25/03/2016 16:01, SYSTEM, DESKTOP-39C8CFA, Manual, Domain Database, 2016.2.16.8, 2016.3.25.1,
Update, 25/03/2016 16:01, SYSTEM, DESKTOP-39C8CFA, Manual, IP Database, 2016.2.8.1, 2016.3.21.3,
Update, 25/03/2016 16:01, SYSTEM, DESKTOP-39C8CFA, Manual, Malware Database, 2016.2.16.6, 2016.3.25.3,
Protection, 25/03/2016 16:01, SYSTEM, DESKTOP-39C8CFA, Protection, Refresh, Starting,
Protection, 25/03/2016 16:01, SYSTEM, DESKTOP-39C8CFA, Protection, Malicious Website Protection, Stopping,
Protection, 25/03/2016 16:01, SYSTEM, DESKTOP-39C8CFA, Protection, Malicious Website Protection, Stopped,
Protection, 25/03/2016 16:01, SYSTEM, DESKTOP-39C8CFA, Protection, Refresh, Success,
Protection, 25/03/2016 16:01, SYSTEM, DESKTOP-39C8CFA, Protection, Malicious Website Protection, Starting,
Protection, 25/03/2016 16:01, SYSTEM, DESKTOP-39C8CFA, Protection, Malicious Website Protection, Started,
Update, 25/03/2016 16:01, SYSTEM, DESKTOP-39C8CFA, Manual, Domain Database, 2016.3.25.1, 2016.3.25.2,
Protection, 25/03/2016 16:01, SYSTEM, DESKTOP-39C8CFA, Protection, Refresh, Starting,
Protection, 25/03/2016 16:01, SYSTEM, DESKTOP-39C8CFA, Protection, Malicious Website Protection, Stopping,
Protection, 25/03/2016 16:01, SYSTEM, DESKTOP-39C8CFA, Protection, Malicious Website Protection, Stopped,
Protection, 25/03/2016 16:01, SYSTEM, DESKTOP-39C8CFA, Protection, Refresh, Success,
Protection, 25/03/2016 16:01, SYSTEM, DESKTOP-39C8CFA, Protection, Malicious Website Protection, Starting,
Protection, 25/03/2016 16:02, SYSTEM, DESKTOP-39C8CFA, Protection, Malicious Website Protection, Started,
Detection, 25/03/2016 16:02, SYSTEM, DESKTOP-39C8CFA, Protection, Malicious Website Protection, Domain, 82.163.143.39, m77.dnsqa.me, 54966, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 25/03/2016 16:02, SYSTEM, DESKTOP-39C8CFA, Protection, Malicious Website Protection, Domain, 82.163.143.39, m77.dnsqa.me, 54966, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 25/03/2016 16:02, SYSTEM, DESKTOP-39C8CFA, Protection, Malicious Website Protection, Domain, 82.163.143.39, m77.dnsqa.me, 54971, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 25/03/2016 16:03, SYSTEM, DESKTOP-39C8CFA, Protection, Malicious Website Protection, Domain, 82.163.143.39, m77.dnsqa.me, 55102, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 25/03/2016 16:06, SYSTEM, DESKTOP-39C8CFA, Protection, Malicious Website Protection, Domain, 82.163.143.39, m77.dnsqa.me, 55226, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 25/03/2016 16:06, SYSTEM, DESKTOP-39C8CFA, Protection, Malicious Website Protection, Domain, 82.163.143.39, m77.dnsqa.me, 55227, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Scan, 25/03/2016 16:07, SYSTEM, DESKTOP-39C8CFA, Manual, Start:25/03/2016 16:01, Duration:6 min 3 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections,
Detection, 25/03/2016 16:16, SYSTEM, DESKTOP-39C8CFA, Protection, Malicious Website Protection, Domain, 82.163.143.39, m77.dnsqa.me, 55753, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 25/03/2016 16:16, SYSTEM, DESKTOP-39C8CFA, Protection, Malicious Website Protection, Domain, 82.163.143.39, m77.dnsqa.me, 55753, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 25/03/2016 16:16, SYSTEM, DESKTOP-39C8CFA, Protection, Malicious Website Protection, Domain, 82.163.143.39, m77.dnsqa.me, 55754, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 25/03/2016 16:16, SYSTEM, DESKTOP-39C8CFA, Protection, Malicious Website Protection, Domain, 82.163.143.39, m77.dnsqa.me, 55758, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 25/03/2016 16:16, SYSTEM, DESKTOP-39C8CFA, Protection, Malicious Website Protection, Domain, 82.163.143.39, m77.dnsqa.me, 55759, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 25/03/2016 16:49, SYSTEM, DESKTOP-39C8CFA, Protection, Malicious Website Protection, Domain, 82.163.143.39, m77.dnsqa.me, 55822, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 25/03/2016 16:49, SYSTEM, DESKTOP-39C8CFA, Protection, Malicious Website Protection, Domain, 82.163.143.39, m77.dnsqa.me, 55911, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 25/03/2016 16:49, SYSTEM, DESKTOP-39C8CFA, Protection, Malicious Website Protection, Domain, 82.163.143.39, m77.dnsqa.me, 55979, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 25/03/2016 16:49, SYSTEM, DESKTOP-39C8CFA, Protection, Malicious Website Protection, Domain, 82.163.143.39, m77.dnsqa.me, 55980, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 25/03/2016 16:49, SYSTEM, DESKTOP-39C8CFA, Protection, Malicious Website Protection, Domain, 82.163.143.39, m77.dnsqa.me, 56041, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Update, 25/03/2016 16:52, SYSTEM, DESKTOP-39C8CFA, Scheduler, Domain Database, 2016.3.25.2, 2016.3.25.3,
Protection, 25/03/2016 16:52, SYSTEM, DESKTOP-39C8CFA, Protection, Refresh, Starting,
Protection, 25/03/2016 16:52, SYSTEM, DESKTOP-39C8CFA, Protection, Malicious Website Protection, Stopping,
Protection, 25/03/2016 16:52, SYSTEM, DESKTOP-39C8CFA, Protection, Malicious Website Protection, Stopped,
Protection, 25/03/2016 16:53, SYSTEM, DESKTOP-39C8CFA, Protection, Refresh, Success,
Protection, 25/03/2016 16:53, SYSTEM, DESKTOP-39C8CFA, Protection, Malicious Website Protection, Starting,
Protection, 25/03/2016 16:53, SYSTEM, DESKTOP-39C8CFA, Protection, Malicious Website Protection, Started,
(end)
hhmmm ... Cougar?
In the last half an hour I have been getting tons of warnings, not just about the m77dnsqa but loads of others and, despite Malwarebytes am getting pop up ads and crashing
I have uninstalled Mozilla and am writing from ie now
Install NoScript extension for your Firefox will stop the pop up if I can recall ...
Have you scanned in Safe Mode?
Have you used Malwarebytes to delete them?
I've removed your full name in that log.
Very odd that MBAM thinks it's clean but is still blocking stuff. Do what chewkw said, bring up Windows in safe mode and run it again for a start off.
Actually, before you do that, try a System Restore to a point before you noticed the infection.
... if that doesn't work, I'll need to do some reading on this particular infection. I'll try and find some time after food.
Also,
Where in the country are you?
Thanks guys, it is weird isn't it. I am in London. Will try the things you suggest.
Also when you are using system restore you need to turn off something to prevent it duplicating or changing whatever which I cannot remember now.
Try the followings:
1. Safe Mode (or System restore first ... I cannot remember now)
2. System restore
3. Scan (also scan using other Malwarebytes tools - sometimes they have target tool for targeted nasties)
4. Delete nasties (sometimes they are quarantined first)
5. Install NoScript extension on Firefox.
If you have difficult getting into Safe Mode then you might try this ...
[url= http://www.makeuseof.com/tag/boot-windows-10-safe-mode/ ]www.Makeuseof.com[/url] or [url= http://www.howtogeek.com/107511/how-to-boot-into-safe-mode-on-windows-8-the-easy-way/?PageSpeed=noscript ]www.howtogeek.com[/url]
Update?
Only time our laptop got infected starting in safe mode and using a restore point (as suggested above) sorted it.
Try hitman to scan your pc
hello, i started in safe mode and ran mwb and got 8 things detected but now i am back in normal it seems i am still under attack. i don't know how to do a restore point reset because no orevious points seem to have been saved. here is the log:
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 25/03/2016
Scan Time: 23:07
Logfile: malware log 1.txt
Administrator: Yes
Version: 2.2.1.1043
Malware Database: v2016.03.25.04
Rootkit Database: v2016.03.12.01
License: Trial
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 8
CPU: x64
File System: NTFS
User:
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 376182
Time Elapsed: 7 min, 42 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 8
PUP.Optional.PastaLeads, HKU\S-1-5-21-1994851422-4030357334-3900213487-1001_Classes\LOCAL SETTINGS\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APPCONTAINER\STORAGE\MICROSOFT.MICROSOFTEDGE_8WEKYB3D8BBWE\CHILDREN01\INTERNET EXPLORER\DOMSTORAGE\nps.pastaleads.com, Quarantined, [6296ed9e78215cda16bd3560966eb64a],
PUP.Optional.PastaLeads, HKU\S-1-5-21-1994851422-4030357334-3900213487-1001_Classes\LOCAL SETTINGS\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APPCONTAINER\STORAGE\MICROSOFT.MICROSOFTEDGE_8WEKYB3D8BBWE\CHILDREN01\INTERNET EXPLORER\DOMSTORAGE\pastaleads.com, Quarantined, [bb3d5d2e83162a0c21b3573e36cef010],
PUP.Optional.Revizer, HKU\S-1-5-21-1994851422-4030357334-3900213487-1001_Classes\LOCAL SETTINGS\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APPCONTAINER\STORAGE\MICROSOFT.MICROSOFTEDGE_8WEKYB3D8BBWE\CHILDREN01\INTERNET EXPLORER\DOMSTORAGE\re-markable.net, Quarantined, [6e8a6823a7f278be975c197cae56eb15],
PUP.Optional.Revizer, HKU\S-1-5-21-1994851422-4030357334-3900213487-1001_Classes\LOCAL SETTINGS\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APPCONTAINER\STORAGE\MICROSOFT.MICROSOFTEDGE_8WEKYB3D8BBWE\CHILDREN01\INTERNET EXPLORER\DOMSTORAGE\static.re-markable00.re-markable.net, Quarantined, [95632665d9c0aa8cbb39385d3aca0bf5],
PUP.Optional.PastaLeads, HKU\S-1-5-21-1994851422-4030357334-3900213487-1001_Classes\LOCAL SETTINGS\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APPCONTAINER\STORAGE\MICROSOFT.MICROSOFTEDGE_8WEKYB3D8BBWE\CHILDREN01\INTERNET EXPLORER\EDPDOMSTORAGE\nps.pastaleads.com, Quarantined, [fbfd32591d7c44f2c3127421fc084fb1],
PUP.Optional.PastaLeads, HKU\S-1-5-21-1994851422-4030357334-3900213487-1001_Classes\LOCAL SETTINGS\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APPCONTAINER\STORAGE\MICROSOFT.MICROSOFTEDGE_8WEKYB3D8BBWE\CHILDREN01\INTERNET EXPLORER\EDPDOMSTORAGE\pastaleads.com, Quarantined, [7880ccbf07923501568015803bc94cb4],
PUP.Optional.Revizer, HKU\S-1-5-21-1994851422-4030357334-3900213487-1001_Classes\LOCAL SETTINGS\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APPCONTAINER\STORAGE\MICROSOFT.MICROSOFTEDGE_8WEKYB3D8BBWE\CHILDREN01\INTERNET EXPLORER\EDPDOMSTORAGE\re-markable.net, Quarantined, [b04838531188fc3a91641382e321817f],
PUP.Optional.Revizer, HKU\S-1-5-21-1994851422-4030357334-3900213487-1001_Classes\LOCAL SETTINGS\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APPCONTAINER\STORAGE\MICROSOFT.MICROSOFTEDGE_8WEKYB3D8BBWE\CHILDREN01\INTERNET EXPLORER\EDPDOMSTORAGE\static.re-markable00.re-markable.net, Quarantined, [2fc9424921783501fcfa5d389b692bd5],
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
Try what quirrel suggests
Ok, now that you have managed to detect them nasties ...
If they can be detected then they can be nuked! 😛
1. Still in Safe Mode
2. Go to the Malwarebyte quarantine tab.
3. Open the quarantine tab.
4. Delete them buggers.
5. Reboot pooter.
6. Repeat 1 to 4 again.
If nothing else appears ...
7. Reboot normally.
8. Check if everything is normal ... you will know.
9. Then go download Hitman pro or whatever they are free nowadays for second opinion. i.e. scan your system with Hitman in normal mode and safe mode.
10. If you have tried System Restored make sure you keep an eye on the system because sometime them nasties will hide in System Restored.
11. Optional - finally download a free version of CCleaner Home to clean out the junks in your pooter.
😛
edit: there are also other scanning tools from Malwarebyte website you can use to scan for advance nasties ... use them.