Dell Inspiron 531S De-Clogging

Status
Not open for further replies.
Originally Posted By: sleddriver
BTW, I went to this site using FF without any ad blocking and was amazed at the pop-ups, mid-thread ads, etc. I've never seen that before! Has that always been the case? I never see any of that due to the way my system is config'd.

That is NOT normal at all... sounds like malware / adware on what ever computer you were using!
 
Originally Posted By: ClutchDisc
Originally Posted By: sleddriver
BTW, I went to this site using FF without any ad blocking and was amazed at the pop-ups, mid-thread ads, etc. I've never seen that before! Has that always been the case? I never see any of that due to the way my system is config'd.

That is NOT normal at all... sounds like malware / adware on what ever computer you were using!


Interesting...I'll have to run it through the washer and disinfect next time I'm over there. ESET didn't note any infections so I thought it was good.
 
Originally Posted By: sleddriver
That's the full-meal-deal! ESET did give it a clean bill of health, and it's highly recommended, thus I doubt it's infected with anything.

Update:

Well not exactly....

I executed each of the programs you suggested, in order, and dumped their output to .txt files if given the chance. You were wise to suggest running several and I was pre-mature in declaring her system was not infected, as it was!

Rkill didn't detect anything. I didn't run Combofix when it declared that MS forefront client security was still running and I wasn't able to turn it off. The other programs never mentioned this. TDSKiller didn't find anything either.

Malwarebytes found:
Quote:
C:\Users\All Users\lfhfkgoleofpabhibhaipbdcadbhphng\PBh.js JS/Kryptik.ATB trojan
C:\ProgramData\lfhfkgoleofpabhibhaipbdcadbhphng\PBh.js JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\Users\...\Downloads\disk-defrag-setup.exe a variant of Win32/OpenCandy.C potentially unsafe application deleted - quarantined
C:\Users\...\Downloads\DownloadManagerSetup.exe a variant of Win32/InstallCore.SZ potentially unwanted application deleted - quarantined

Found numerous instances of JSKxxx on a web search.Not sure why it would hit on disk-defrag & download managerSetup unless these were corrupted/re-named/not what they appear, etc.

For grins, I re-ran ESET on-line, checked all the boxes and let her go. It found 78 registry keys referring to PUP.Optional.Multiplug and Multiplug.A! And something called WOW6432NODE, PUP.Optional.WowCoupon.A

Folders: 4
Rogue.Multiple, C:\ProgramData\1887373585, , [209f261ac0ca23130f38510249ba7888],
PUP.Optional.RandomDealApp.A, C:\ProgramData\RandomDealApp, , [ecd310300e7c8da90040f392cd36bf41],
PUP.Optional.WowCoupon.A, C:\ProgramData\WOwCoupon, , [8b345fe1a5e5f244236fe5a52dd62ad6],
PUP.Optional.CheapCoupon.A, C:\ProgramData\CheapCoupon, , [0bb448f8b4d60234787afe8d23e021df],

Files: 21
PUP.Optional.Multiplug, C:\Program Files (x86)\savveriBox\NbXyCpxKHMcqaN.x64.dll, , [a31cf24e98f28caa52cf18b21ce955ab],
PUP.Optional.Multiplug, C:\Program Files (x86)\dowNLooaditkeEp\k7MCB9vX0oZ0St.x64.dll, , [b708a29e97f35cdad24f7654bd48bb45],
PUP.Optional.Multiplug, C:\ProgramData\1887373585\BITA14.tmp, , [fcc381bf8703ac8a7a1e2efd7d851be5],
PUP.Optional.MultiPlug.A, C:\ProgramData\savearnet\yk4U1KDjfseFOZ.dll, , [3b841b25eb9fca6ca6813d8664a1ee12],
PUP.Optional.MultiPlug.A, C:\ProgramData\savearnet\yk4U1KDjfseFOZ.x64.dll, , [3b841b25eb9fca6ca6813d8664a1ee12],
PUP.Optional.MultiPlug.A, C:\ProgramData\taopBuyer\vhzlw7R7mJppVY.dll, , [dfe0f14f34560d299295bf04e421ea16],
PUP.Optional.MultiPlug.A, C:\ProgramData\taopBuyer\vhzlw7R7mJppVY.x64.dll, , [dfe0f14f34560d299295bf04e421ea16],
PUP.Optional.Multiplug, C:\ProgramData\WOwCoupon\sVj9ToOaq2jtvE.dll, , [506f83bd59318babbdda6cbfb9495da3],
PUP.Optional.Multiplug, C:\ProgramData\WOwCoupon\sVj9ToOaq2jtvE.x64.dll, , [506f83bd59318babbdda6cbfb9495da3],
PUP.Optional.Multiplug, C:\Program Files (x86)\ShOpPeeraMasteuR\OPCkXtxuNl8LWV.dll, , [ecd3ab9596f4d264efa8b774b052c040],
PUP.Optional.Multiplug, C:\Program Files (x86)\ShOpPeeraMasteuR\OPCkXtxuNl8LWV.x64.dll, , [ecd3ab9596f4d264efa8b774b052c040],
PUP.Optional.Multiplug, C:\Program Files (x86)\ShoppperMasster\CugYRki59QZBh1.dll, , [0cb39ea2e2a8bb7b7f1876b516ec44bc],
PUP.Optional.Multiplug, C:\Program Files (x86)\ShoppperMasster\CugYRki59QZBh1.x64.dll, , [0cb39ea2e2a8bb7b7f1876b516ec44bc],
PUP.Optional.Multiplug, C:\Program Files (x86)\PragmaProc\PragmaProc.dll, , [3e81b38df1992313f2a63bf0ce34c53b],
PUP.Optional.AirInstaller, C:\Users\...\Downloads\setup.exe, , [269954eca2e890a68029b0953dc44db3],
Rogue.Multiple, C:\ProgramData\1887373585\BITA14.tmp, , [209f261ac0ca23130f38510249ba7888],
PUP.Optional.RandomDealApp.A, C:\ProgramData\RandomDealApp\RandomDealApp.exe, , [ecd310300e7c8da90040f392cd36bf41],
PUP.Optional.WowCoupon.A, C:\ProgramData\WOwCoupon\sVj9ToOaq2jtvE.dat, , [8b345fe1a5e5f244236fe5a52dd62ad6],
PUP.Optional.WowCoupon.A, C:\ProgramData\WOwCoupon\sVj9ToOaq2jtvE.tlb, , [8b345fe1a5e5f244236fe5a52dd62ad6],
PUP.Optional.CheapCoupon.A, C:\ProgramData\CheapCoupon\CheapCoupon.exe, , [0bb448f8b4d60234787afe8d23e021df],
PUP.Optional.ResultHunters.A, C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\default\prefs.js, Good: (), Bad: (), ,[b609bc840f7b1a1c815b42cee32317e9]

Previously, she said a friend who frequently visits uses her computer and "likes to shop". Evidently! Wowcoupon, cheapcoupon, resulthunters, ShOpPeeraMasteuR, ShopperMasster, taopBuyer, savearnet....one of these must have resulted in the sudden pop-ups I previously witnessed when looking at BITOG.

Very interesting...it pays to run multiple scanners! I finished with CCleaner and Auslogics disk-defrag.
 
The BIOS in this machines supports up to 4GB RAM, of which only 3.2GB is usable. IIRC, it may be as low as 3.0GB usable. It's a consumer grade machine. The Inspiron 530S (Intel CPU) and the Vostro 200 or 220 series (sorry, can't remember which off-hand) were re-badged versions of the same product.

I'm seeing these units fail en-masse nowadays as the power supplies give up and/or motherboards fail.
 
That's odd that a home PC has Windows 7 Enterprise. That's usually only with SA with a VLK. Did the shoppe she visited install this?
 
Originally Posted By: ToyotaNSaturn
The BIOS in this machines supports up to 4GB RAM, of which only 3.2GB is usable. IIRC, it may be as low as 3.0GB usable. It's a consumer grade machine. The Inspiron 530S (Intel CPU) and the Vostro 200 or 220 series (sorry, can't remember which off-hand) were re-badged versions of the same product.

I'm seeing these units fail en-masse nowadays as the power supplies give up and/or motherboards fail.

The fans & HS's were so clogged with dust, I had to bring it to my place and clear it with an air-compressor. The cpu fins & fan were really bad. Didn't see any bulging MB caps. At least now it'll dissipate heat better.
 
Originally Posted By: redhat
That's odd that a home PC has Windows 7 Enterprise. That's usually only with SA with a VLK. Did the shoppe she visited install this?

Yea, she works at a university so they configured it.
 
Status
Not open for further replies.
Back
Top