Scy535mih

CLOSED Youtube and unity3d pages opened by itself while idling at homepage of firefox

Recommended Posts

That was pretty weird, first youtube opened by itself, then i was waiting if something else would happen and then the unity3d page where it downloads the program opened by itself, the sites seemed legit though. Emsisoft antimalware doesnt find anything.

 


Farbar logs:

FRST.txt

Addition.txt

Share this post


Link to post
Share on other sites

I wanna note, that i do have youtube in my browser history, and i also have unity program, those were both sites i had visited in the past.

Share this post


Link to post
Share on other sites

I see no malware in the FRST logs.  Did both pages load shortly after launching Firefox?  If so, Firefox may have thought it was starting after a crash and loaded the tabs that were open when it crashed.

Share this post


Link to post
Share on other sites

That is odd behavior.

Let's take a look with a different tool.

Download RogueKiller from https://www.fosshub.com/RogueKiller.html and save it to your desktop.

  • Double-click on setup.exe to install RogueKiller.

Close all programs and disconnect any USB or external drives before running the tool.

  • Right-click RogueKiller.exe and select Run As Administrator to run the tool.
  • Once the Prescan has finished, click Scan.
  • Once the Status box shows "Scan Finished", click on the "Report" button and attach the scan log to your reply.

Share this post


Link to post
Share on other sites

Earlier i downloaded the roguekiller from bleepingcomputer, and it only found some trackprog things that didnt seem malicious, i could be wrong though. Now I downloaded that roguekiller from your link, and ran the program again and it, though i dont know what you mean by "prescan", when i start the roguekiller it says "updates Check" and "Scan progress Check" but it doesnt actually seem to do any "prescan", there is only that Scan button which starts the scan which later can be exported in the report log.

Anyway, here are both reports from programs downloaded from bleepingcomputer and fosshub

rogue.txt

newrogue.txt

Share this post


Link to post
Share on other sites

They are unwanted modifications.  Most of the time they are not malicious.  Usually, they result in some rather annoying behavior.

How are things running?

Share this post


Link to post
Share on other sites

Those trackprog thing always appear in my roguekiller scans, they seem to be part of windows.

As for how things are running, i secure erased my ssd just in case there was some undetected malware.

Share this post


Link to post
Share on other sites

Unless you are having problems, it is time to do the final steps.

Now to remove most of the tools that we have used in fixing your machine:

Download Delfix from here and save it to your desktop.

  • Ensure Remove disinfection tools is checked.
  • Also place a checkmark next to:
    • Create registry backup
    • Purge system restore
  • Click the Run button.

When the tool is finished, a log will open in notepad. I do not need the log. You can close Notepad.

Empty the Recycle Bin

You can delete and uninstall any programs I had you download, that you do not wish to keep on the system.

To Remove EEK simple delete the EEK for in the of your System Drive, normally C:\EEK

Run Windows Update and update your Windows Operating System.

Articles to Read:
How to Protect Your Computer From Malware
How to keep you and your Windows PC happy
Web, email, chat, password and kids safety
How Did I Get Infected?

That should take care of everything.

Safe Surfing!

Share this post


Link to post
Share on other sites

Thread Closed

Reason: Resolved

The procedures contained in this thread are for this user and this user only.  Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair.  Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE if you don't we are just going to send you back to this thread.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.