Jump to content

JohnDotCom

Members
  • Content count

    13
  • Joined

  • Last visited

About JohnDotCom

  • Rank
    Member

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. I'll bet it turns out that most of these hacks are inside jobs, or the result of an insider (or former insider) that hangs and socializes with a less than reputable crowd. An insider knows where the weak points are, in any system. With that kind of knowledge, it doesn't take much sophistication, to hack in to anything, including the Pentagon. Most people thought John Podesta to be too sophisticated to be duped as he was, or to use "password" as his password, unless that is FakeNews.
  2. So it seems that Revo removed all traces except the actual folder name (which is benign) and this Cleaner, removed the actual folder name, and confirmed that Revo did its job, at least as well as this latest cleaner. If I were designing this, I would have left the folder name as a forensic clue, as Revo did. I don't buy the explanation, that Piriform offered, that this was a sophisticated successful attack on their "company's hosted" latest revision of the cleaner. The infected update was left available on the company's web site for almost a month. Meanwhile the installed base was being driven to the company's site, to get infected by the "There is a new update available." built into the Piriform CCleaner Software. (Good reminder that anytime you select, "Keep this software updated automatically" you are skating on thin ice and trusting that this exact thing will not happen again, with any vendor, and you are opening a door into your system, and trusting the "Whatever Company's security". I note that Jacee suggested removal of the Cleaner after using it... (Good Advice) I think I will not just uninstall it, but remove all traces with Revo, and then watch for Security News on Revo. I don't like trusting even Revo, or the hosts that Revo uses to host their latest revision, so maybe we need serial forced removals, by multiple removal vendors, with the most trusted and least recently hacked removal vendor, used as the last.
  3. What do those log files indicate, Jacee?
  4. What do those log files indicate, Jacee?
  5. Here is the second (Clean) log file: # AdwCleaner 7.0.8.0 - Logfile created on Fri Mar 02 13:20:35 2018 # Updated on 2018/08/02 by Malwarebytes # Running on Windows 7 Home Premium (X86) # Mode: clean # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** No malicious services deleted. ***** [ Folders ] ***** Deleted: C:\Windows\System32\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare Deleted: C:\Windows\System32\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare ***** [ Files ] ***** No malicious files deleted. ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks deleted. ***** [ Registry ] ***** No malicious registry entries deleted. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries deleted. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries deleted. ************************* ::Tracing keys deleted ::Winsock settings cleared ::Additional Actions: 0 ************************* C:/AdwCleaner/AdwCleaner[C1].txt - [6178 B] - [2016/6/21 4:39:22] C:/AdwCleaner/AdwCleaner[C2].txt - [2709 B] - [2016/7/6 2:30:53] C:/AdwCleaner/AdwCleaner[S1].txt - [5829 B] - [2016/6/21 4:38:4] C:/AdwCleaner/AdwCleaner[S2].txt - [1424 B] - [2016/7/6 2:29:45] ########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt ##########
  6. Here is the log file requested... # AdwCleaner 7.0.8.0 - Logfile created on Fri Mar 02 13:16:51 2018 # Updated on 2018/08/02 by Malwarebytes # Database: 03-01-2018.1 # Running on Windows 7 Home Premium (X86) # Mode: scan # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** PUP.Optional.AdvancedSystemCare, C:\Windows\System32\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare PUP.Optional.AdvancedSystemCare, C:\Windows\System32\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare ***** [ Files ] ***** No malicious files found. ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** No malicious shortcuts found. ***** [ Tasks ] ***** No malicious tasks found. ***** [ Registry ] ***** No malicious registry entries found. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries. ************************* C:/AdwCleaner/AdwCleaner[C1].txt - [6178 B] - [2016/6/21 4:39:22] C:/AdwCleaner/AdwCleaner[C2].txt - [2709 B] - [2016/7/6 2:30:53] C:/AdwCleaner/AdwCleaner[S1].txt - [5829 B] - [2016/6/21 4:38:4] C:/AdwCleaner/AdwCleaner[S2].txt - [2475 B] - [2016/7/6 2:29:45] ########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt ##########
  7. Just to tie a ribbon on this... PCmatic support confirmed what was said here (even confirming the recommendation made by Tx Redneck ) that for folks like me that may have deleted things like the whole IObit folder, it would be best to use the Revo Uninstaller, to trace installations and use their advanced uninstaller and forcefully uninstall. What a ball of yarn I found (in the IObit uninstall and clean up) going back even over 6 years.
  8. Thank you more formally, Y kawika, for your candid response and knowledge of the details behind this. I think the decision to start doing this was correct, and the "local white list" provides the perfect solution for the few individuals that might feel they need to object. Especially when we are finding 'Christmas.exe' and 'NewYear.exe', buried in there (even if they were put there for Trolling purposes). That fact by itself, tells you a lot about the culture of the companies involved (which is created from the top down). Should others wait for the PCMatic list to grow larger (as it has on Friday and Sunday) and what should one do if you just deleted the whole folder. I have submitted a Ticket on this subject and I will share what they tell me, but often they are not permitted to disclose too much at that level. In any case, since this will not be that unique a situation, I will try to share what I can.
  9. Thanks TX... for the recommendation on RevoUninstaller! Do they have a good undelete program, if I need to undelete stuff, so PCMatic can remove it?
  10. Thanks... I really appreciate your informed and candid response... After the second round of removals that occurred (on my system at 2 am Sunday Feb 11th) I looked at the IObit Folder and discovered all kinds of undeleted/unremoved stuff still there. So of course I just deleted the whole folder... hmmmm Maybe that wasn't so smart! Is that going to prevent PCMatic from finding stuff, it wants to really remove, and not just delete Sad situation these few companies have brought upon themselves... guess who has some of the best "recovr" and undelete programs out there? I guess those programs could run with a ?infront of their program name? I feel this is enough of a semi-universal problem that some guidance from PCMatic is appropriate, re deleting folders, etc.
  11. Everything was clean for a day or so after PCMatic removed the 100 plus programs listed as virus and also PUPs (all from the IObit folder). Then today, it found 14 more including something called NewYear.exe!
  12. another example... Security High C:\ Program Files\ IObit\ Advanced SystemCare 6\ christmas.exe Found Remove Hmmm...
  13. Half a dozen years ago, I used to run a lot of IObit software on my systems (ASC, Smart Defrag, IObit Uninstaller). Then there was all that controversy... and I never did like the slightly sleazy way they used to install (without telling you, except deep in the ELUA) random PUP/trialware programs, along with their specific program, unless you used the advanced install method, where you were given a choice to uncheck and thereby prevent, the additional programs from being installed by default. Then a few years ago, I decided to get rid of all their stuff (using their Uninstaller until I found another better Uninstaller... hmmm?) I slept better, but never did find a better uninstaller, than the IObit Uninstaller for removing everything about a specific program. It looks like they must have had an 'exclude list' that prevented certain programs from being removed (even by their "Remove all Traces" option) Then Out of the Blue, this week during my daily deep scan on all my systems... PCMatic starts removing over 100 virus and PUPs from one of my systems and they are related to IObit??? (anyone know what's up, or the backstory?) Example: Security High C:\ Program Files\ IObit\ Advanced SystemCare 6\ Sua13_EmptyFolderScanner.exe Found Remove
×