an image named Hqdefault.jpg has appeared on my desktop

Started by 54B3R, September 24, 2018, 10:29:22 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

54B3R

Just over 2 weeks ago I successfully found and quarantined a Trojan virus found on the PC. I am not sure if this has anything to do with what is currently happening, but I am specifying it just in case. I just turned on and logged in to my PC when I saw an image named Hqdefault.jpg on my desktop. I do not know where it came from, it is definitely not an image I have anywhere on my PC or one I would download. I am the only one with access to this computer, and I don't have a clue how the image got there. I am worried because I have personal information and photos on that PC that I do not want to lose. I do not know how to deal with something like this and do not want to do anything wrong that could harm my computer so I am asking for help. If you need anymore information to properly figure out my problem, I will provide it at my earliest convenience, as I do plan on checking this regularly for answers. Thank you.

SuperDave

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
If you do not want to lose your important data you should be doing regular backups of that data to an external hard drive, memory stick or CD/DVD.
Right click on the image and select Properties. You should be able to see when it was created.


Please download AdwareCleaner onto your Desktop. AdwCleaner

Before starting AdwCleaner, close all open programs and internet browsers, then double-click on the AdwCleaner icon.



If Windows prompts you as to whether or not you wish to run AdwCleaner, please allow it to run.
When the AdwCleaner program will open, click on the Scan button as shown below.



AdwCleaner will now start to search for malicious files that may be installed on your computer.
To remove the files that were detected in the previous step, please click on the Clean button.



AdwCleaner will now prompt you to save any open files or data as the program will need to reboot the computer. Please do so and then click on the OK button. AdwCleaner will now delete all detected adware from your computer. When it is done it will display an alert that explains what PUPs (Potentially Unwanted Programs) and Adware are. Please read through this information and then press the OK button. You will now be presented with an alert that states AdwCleaner needs to reboot your computer.
Please click on the OK button to allow AdwCleaner reboot your computer.A log will be produced. Please copy and paste this log in your next reply.
*********************************************
Download and install: Please download Malwarebytes' scanner to your desktop.
Double Click mbam-setup.exe to install the application.

  • It should update automatically if the computer is connected to the internet.
  • Click on Threat Scan and click on Scan Now.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete make sure all the infections have "quarantine" selected in the Action box.
  • Click on "Apply actions" You may be asked to Restart your computer to completely remove the infections.
  • When disinfection is completed you can click on "Copy to Clipboard".
  • Paste the log in you next reply (CTRL+ V)
*************************************************
Download Security Check by screen317 from the following link and save it to your desktop.

Security Check

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
Windows 8 and Windows 10 dual boot with two SSD's

54B3R

Thank you for responding and I am so sorry it took so long to respond, I have just been very busy, but I performed all 3 scans and here are the results. None of them found any threats related to that picture, should I just delete it?

Malware AdwCleaner

# -------------------------------
# Malwarebytes AdwCleaner 7.2.3.0
# -------------------------------
# Build:    08-30-2018
# Database:  (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    09-25-2018
# Duration: 00:00:20
# OS:       Windows 10 Home
# Scanned:  41933
# Detected: 15


***** [ Services ] *****

PUP.Optional.DriveTheLife       LDRVSVC

***** [ Folders ] *****

PUP.Optional.DriveTheLife       C:\Program Files (x86)\OSTotoSoft\DriverTalent
PUP.Optional.DriveTheLife       C:\ProgramData\DRIVERTALENT
PUP.Optional.DriveTheLife       C:\Users\arand\AppData\Roaming\DRIVERTALENT
PUP.Optional.DriveTheLife       C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DRIVER TALENT

***** [ Files ] *****

PUP.Optional.DriveTheLife       C:\Users\Public\Desktop\DRIVER TALENT.LNK
PUP.Optional.Legacy             C:\END

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.DriveTheLife       HKCU\Software\OSTOTOSOFT\DRIVERTALENT
PUP.Optional.DriveTheLife       HKLM\Software\Wow6432Node\OSTOTOSOFT\DRIVERTALENT
PUP.Optional.DriveTheLife       HKLM\Software\Wow6432Node\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|DRIVERTALENT.EXE
PUP.Optional.InstallCore        HKCU\Software\csastats
PUP.Optional.ProductSetup.A     HKCU\Software\PRODUCTSETUP

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

PUP.Optional.Legacy             AVG Secure Search
PUP.Optional.Legacy             Ask
PUP.Optional.Legacy             AOL

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########


Malwarebytes

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 9/25/18
Scan Time: 7:43 PM
Log File: 3b9400e2-c110-11e8-b007-408d5c4cfab8.json

-Software Information-
Version: 3.6.1.2711
Components Version: 1.0.463
Update Package Version: 1.0.7011
License: Trial

-System Information-
OS: Windows 10 (Build 17134.285)
CPU: x64
File System: NTFS
User: DESKTOP-2LME223\arand

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 340111
Threats Detected: 34
Threats Quarantined: 34
Time Elapsed: 11 min, 59 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 6
Rogue.PCCleaner, C:\Program Files (x86)\PCCleaner\AutoUpdate\AutoUpdateUtil.dll, Quarantined, [1294], [171114],1.0.7011
Rogue.PCCleaner, C:\Program Files (x86)\PCCleaner\PCCleanerConfig.dll, Quarantined, [1294], [171114],1.0.7011
Rogue.PCCleaner, C:\Program Files (x86)\PCCleaner\PCCleanerSvc.dll, Quarantined, [1294], [171114],1.0.7011
Rogue.PCCleaner, C:\Program Files (x86)\PCCleaner\PlugCore.dll, Quarantined, [1294], [171114],1.0.7011
Rogue.PCCleaner, C:\Program Files (x86)\PCCleaner\Report.dll, Quarantined, [1294], [171114],1.0.7011
PUP.Optional.DriveTheLife, C:\PROGRAM FILES (X86)\OSTOTOSOFT\CONQUERORLIVE\DTLPLUG.DLL, Quarantined, [404], [478126],1.0.7011

Registry Key: 2
Rogue.PCCleaner, HKU\S-1-5-21-4221564054-3913606162-2911981712-1003\SOFTWARE\PCCleaner, Quarantined, [1294], [210436],1.0.7011
Rogue.PCCleaner, HKLM\SOFTWARE\WOW6432NODE\PCCleaner, Quarantined, [1294], [212782],1.0.7011

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 4
Rogue.PCCleaner, C:\Program Files (x86)\PCCleaner\Plugs\14C543A105C1B089879D5EB7A8AC45F1, Quarantined, [1294], [171114],1.0.7011
Rogue.PCCleaner, C:\Program Files (x86)\PCCleaner\AutoUpdate, Quarantined, [1294], [171114],1.0.7011
Rogue.PCCleaner, C:\Program Files (x86)\PCCleaner\Plugs, Quarantined, [1294], [171114],1.0.7011
Rogue.PCCleaner, C:\PROGRAM FILES (X86)\PCCleaner, Quarantined, [1294], [171114],1.0.7011

File: 22
Rogue.PCCleaner, C:\Program Files (x86)\PCCleaner\AutoUpdate\AutoUpdate.exe, Quarantined, [1294], [171114],1.0.7011
Rogue.PCCleaner, C:\Program Files (x86)\PCCleaner\AutoUpdate\AutoUpdateUtil.dll, Quarantined, [1294], [171114],1.0.7011
Rogue.PCCleaner, C:\Program Files (x86)\PCCleaner\Plugs\14C543A105C1B089879D5EB7A8AC45F1\config.ini, Quarantined, [1294], [171114],1.0.7011
Rogue.PCCleaner, C:\Program Files (x86)\PCCleaner\Plugs\14C543A105C1B089879D5EB7A8AC45F1\ServicePlug.dll, Delete-on-Reboot, [1294], [171114],1.0.7011
Rogue.PCCleaner, C:\Program Files (x86)\PCCleaner\DuiLib.dll, Quarantined, [1294], [171114],1.0.7011
Rogue.PCCleaner, C:\Program Files (x86)\PCCleaner\Everything.exe, Quarantined, [1294], [171114],1.0.7011
Rogue.PCCleaner, C:\Program Files (x86)\PCCleaner\Everything.ini, Quarantined, [1294], [171114],1.0.7011
Rogue.PCCleaner, C:\Program Files (x86)\PCCleaner\Everything.lng, Quarantined, [1294], [171114],1.0.7011
Rogue.PCCleaner, C:\Program Files (x86)\PCCleaner\Everything32.dll, Quarantined, [1294], [171114],1.0.7011
Rogue.PCCleaner, C:\Program Files (x86)\PCCleaner\HttpDownloader.dll, Quarantined, [1294], [171114],1.0.7011
Rogue.PCCleaner, C:\Program Files (x86)\PCCleaner\InstallOperating.exe, Quarantined, [1294], [171114],1.0.7011
Rogue.PCCleaner, C:\Program Files (x86)\PCCleaner\ISTask.dll, Quarantined, [1294], [171114],1.0.7011
Rogue.PCCleaner, C:\Program Files (x86)\PCCleaner\iZip.dll, Quarantined, [1294], [171114],1.0.7011
Rogue.PCCleaner, C:\Program Files (x86)\PCCleaner\libcurl.dll, Quarantined, [1294], [171114],1.0.7011
Rogue.PCCleaner, C:\Program Files (x86)\PCCleaner\PCCleaner.exe, Quarantined, [1294], [171114],1.0.7011
Rogue.PCCleaner, C:\Program Files (x86)\PCCleaner\PCCleanerConfig.dll, Quarantined, [1294], [171114],1.0.7011
Rogue.PCCleaner, C:\Program Files (x86)\PCCleaner\PCCleanerSvc.dll, Quarantined, [1294], [171114],1.0.7011
Rogue.PCCleaner, C:\Program Files (x86)\PCCleaner\PlugCore.dll, Quarantined, [1294], [171114],1.0.7011
Rogue.PCCleaner, C:\Program Files (x86)\PCCleaner\Report.dll, Quarantined, [1294], [171114],1.0.7011
Rogue.PCCleaner, C:\Program Files (x86)\PCCleaner\unins000.dat, Quarantined, [1294], [171114],1.0.7011
Rogue.PCCleaner, C:\Program Files (x86)\PCCleaner\unins000.exe, Quarantined, [1294], [171114],1.0.7011
PUP.Optional.DriveTheLife, C:\PROGRAM FILES (X86)\OSTOTOSOFT\CONQUERORLIVE\DTLPLUG.DLL, Quarantined, [404], [478126],1.0.7011

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

Security check

Results of screen317's Security Check version 1.014 --- 12/23/15 
   x64 (UAC is enabled) 
Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Enabled! 
Windows Defender   
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````[/u]
Java 8 Update 121 
Java version 32-bit out of Date!
Adobe Flash Player    31.0.0.108 
Google Chrome (69.0.3497.100)
Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent````````[/u] 
Windows Defender MSMpEng.exe
Malwarebytes Anti-Malware mbamservice.exe 
Malwarebytes Anti-Malware mbam.exe 
Malwarebytes Anti-Malware mbamtray.exe 
Windows Defender MSASCuiL.exe   
`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````[/u]

SuperDave

Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.


First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
******************************************************************
That jpg. file is associatated with Powderpuff Girls. See here. Does that ring a bell? Was any new programs installed prior to this event? If it doesn't mean anything to you, just delete it.
Windows 8 and Windows 10 dual boot with two SSD's