Jump to content

TheJoker

Experts
  • Posts

    91
  • Joined

  • Last visited

Reputation

1 Neutral

Profile Information

  • Location
    Gotham

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Hi TheSpiceWeasell General P2P/Piracy Warning: If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here. Failure to remove or disable such software will result in your topic being closed and no further assistance being provided. If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy. Please see this article on safe/unsafe download sites, and how many sites wrap legitimate programs with crapware. http://www.thewindowsclub.com/safe-software-download-sites Please download AdwCleaner by Xplode and save to your Desktop. Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As AdministratorClick on the Scan button.AdwCleaner will begin...be patient as the scan may take some time to complete.When it's done you'll see: Pending: Please uncheck elements you don't want removed.Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.Look over the log especially under Files/Folders for any program you want to save.If there's a program you may want to save, just uncheck it from AdwCleaner.If you're not sure, post the log for review. (all items found are adware/spyware/foistware)If you're ready to clean it all up.....click the Clean button.After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.Copy and paste the contents of that logfile in your next reply.A copy of that logfile will also be saved in the C:\AdwCleaner folder.Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\QuarantineTo restore an item that has been deleted:Go to Tools > Quarantine Manager > check what you want restored > now click on Restore. Please go here to run the online antivirus scannner from ESET. Turn off the real time scanner of any existing antivirus program while performing the online scanTick the box next to YES, I accept the Terms of Use.Click StartWhen asked, allow the activex control to installClick StartUnder scan settings, check Scan Archives and Remove found threatsClick on Advanced Settings and ensure these options are ticked:Scan for potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Stealth TechnologyClick ScanWait for the scan to finishIf any threats were found, click the 'List of found threats' , then click Export to text file....Save it to your desktop, then please copy and paste that log as a reply to this topic.Note: If no threats were found there will not be a log created. NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system. Open Notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. To do this highlight the contents of the box and right click on it and select Copy. Paste this into the open Notepad. Save the file as fixlist.txt into the same folder as FRST64.exe (both FRST64.exe and fixlist.txt have to be in the same location or the fix will not work). StartCreateRestorePoint:CloseProcesses:EmptyTemp:SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =SearchScopes: HKU\S-1-5-21-2068112944-1344598412-1296657823-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-09-28] (AVAST Software)BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-09-28] (AVAST Software)FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FFFF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-10-12] [not signed]CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-09-28]CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-09-28]U4 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]EndRun FRST64.exe and click Fix only once and wait. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post the text in your next reply and note any errors encountered. Please post the logs from AdwCleaner, ESET Online Scan, and FRST (Fixlog.txt), and note any errors encountered.
  2. It sounds like this, which according to the article is part of the firmware and cannot be removed: http://grahamcluley.com/2014/06/chinese-android-malware/ https://blog.gdatasoftware.com/blog/article/android-smartphone-shipped-with-spyware.html
  3. Excellent! You can now delete the following utilities and any logs they created: Farbar Recovery Scan Tool (and delete the folder C:\FRST) RogueKiller MBAR Malwarebytes Anti-Malware Cleanup Tool To help keep malware off your system: Keep Windows updated at Windows Update or Microsoft Update.Keep your other applications updated, there are vulnerabilities that rely on exploits through other programs like Java, Microsoft Office, Adobe Reader, Flash, and others.Run a program like Secunia Online Software Inspector or FileHippo Update Checker to see what programs need to be updated.Stay away from P2P software; even with a clean P2P program, their networks are often riddled with malware.Don't click on attachments or links in e-mail, and read your e-mail in text-only mode for the highest safety.Don't click on links received in instant message programs.In place of Internet Explorer, browse with Firefox with the NoScript and AdBlock Plus add-ons.A HOSTS file will prevent Internet Explorer from communicating with sites known to be associated with adware or spyware. A good regularly updated HOST file is MVPS HOSTS File, available at http://www.mvps.org/...p2002/hosts.htmA free non-resident utility to prevent the installation of ActiveX-based malware is JavaCool's SpywareBlaster, available at http://www.javacools...m/products.htmlI recommend reading Tony Klein's article So How did I get Infected in the First Place? at http://www.spywarein...showtopic=60955Does your problem appear resolved?
  4. That's great. were you able to get the log to post? While still on the Scan tab, click the Export Log button, select Text file (*.txt), and save the log to your Desktop. Then copy and paste the contents of the log in your next reply.
  5. When you are running RogueKiller, you seem to be missing this step: Make sure that everything is checked, and click Remove Selected. Please re-run it, make sure that everything is checked, and click Remove Selected, and post the new log. Please download the Malwarebytes Anti-Malware Cleanup Tool to completely remove MBAM: http://www.bleepingcomputer.com/download/malwarebytes-anti-malware-cleanup-tool/ Save the file to your Desktop, right-click and select "Run as administrator". When the tool finished, restart your system. Can you now successfully install the current version of MBAM?
  6. All you need to do is to right-click on the file, a menu will appear, and near the top of the list you select Run as administrator. Please re-run RogueKiller Quit all programs that you may have started.Please disconnect any USB or external drives from the computer before you run this scan!Right-click and select "Run as administrator" to startWait until Prescan has finished ...Then Click on "Scan" buttonWait until the Status box shows "Scan Finished"click on "delete"Wait until the Status box shows "Deleting Finished"Click on "Report" and copy/paste the content of the Notepad into your next reply.The log should be found on your DesktopExit/Close RogueKiller Restart your system. Please re-run Malwarebytes' Anti-Malware. Click the Update tab.Click Check for Updates.If an update is found, it will download and install.Click the Scanner tab.Select "Perform Full Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy & Paste the entire report in your next reply.Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Please copy and paste (rather than attach) the contents of the new RogueKiller log, the log from MBAM, and note any errors encountered.
  7. Please re-run RogueKiller Quit all programs that you may have started.Please disconnect any USB or external drives from the computer before you run this scan!For Vista or Windows 7, right-click and select "Run as Administrator to start"For Windows XP, double-click to start.Wait until Prescan has finished ...Then Click on "Scan" buttonWait until the Status box shows "Scan Finished"click on "delete"Wait until the Status box shows "Deleting Finished"Click on "Report" and copy/paste the content of the Notepad into your next reply.The log should be found on your DesktopExit/Close RogueKiller Follow the instructions here to show hidden files: http://www.bleepingcomputer.com/tutorials/show-hidden-files-in-windows-8/ Then using Windows Explore, delete the following file if still there: C:\Users\usmcterp\AppData\Roaming\ShopAtHome.com BrowserAppCore Service When finished, do the reverse to again hide hidden files. I don't really see any other malware, so let's check further: Please download Malwarebytes Anti-Rootkit here. Unzip the contents to a folder on the Desktop.Open the folder where the contents were unzipped and run mbar.exe ( right-click and select Run as administrator for Vista and Windows 7).Follow the instructions in the wizard to update and allow the program to scan your computer for threats.Click on the Cleanup button to remove any threats and reboot if prompted to do so.Wait while the system shuts down and the cleanup process is performed.Please post the two logs produced.Please note: This tool is still in BETA mode, so please ensure you have backed up any important files. Is this a registered or free version? Please copy and paste the contents of the two logs each in their own reply, the new log from RogueKiller, and note any errors encountered.and not any errors encountered.
  8. Just skip running DelFix and move to manually removing the utilities used (to include DelFix).
  9. Go to start > run and copy and paste the next command in the field: ComboFix /uninstall Make sure there's a space between ComboFix and / Then hit Enter. This will uninstall ComboFix, implement some cleanup procedures, and reset System Restore points. Download DelFix from here and save it to your desktop. Ensure Remove disinfection tools is checked.Click the Run button.Any other programs or logs that were not removed you can manually remove: Farbar Recovery Scan Tool (and delete the folder C:\FRST) AdwCleaner (run the program and click Uninstall) Junkware Removal Tool Malwarebytes Anti-Rootkit RogueKiller TDSSKiller To help keep malware off your system: Keep Windows updated at Windows Update or Microsoft Update.Keep your other applications updated, there are vulnerabilities that rely on exploits through other programs like Java, Microsoft Office, Adobe Reader, Flash, and others.Run a program like Secunia Online Software Inspector or FileHippo Update Checker to see what programs need to be updated.Be careful with flash drives, as they can spread infections. See this post on USB/flash drive safety.Stay away from P2P software; even with a clean P2P program, their networks are often riddled with malware.Don't click on attachments or links in e-mail, and read your e-mail in text-only mode for the highest safety.Don't click on links received in instant message programs.In place of Internet Explorer, browse with Firefox with the NoScript and AdBlock Plus add-ons.A HOSTS file will prevent Internet Explorer from communicating with sites known to be associated with adware or spyware. A good regularly updated HOST file is MVPS HOSTS File, available at http://www.mvps.org/...p2002/hosts.htmA free non-resident utility to prevent the installation of ActiveX-based malware is JavaCool's SpywareBlaster, available at http://www.javacools...m/products.htmlI recommend reading Tony Klein's article So How did I get Infected in the First Place? at http://www.spywarein...showtopic=60955 Does your problem appear resolved?
  10. How is the system running now? If there are no more errors, we can start cleanup.
  11. Go to Start > Settings > Control Panel > Internet Options > Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously. In Firefox go to Tools -> Options -> Advanced Tab -> Network Tab -> "Settings" under Connection, and select No Proxy. After that, re-run RogueKiller and make sure you select everything except this item: [suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\M4-Service Then please post the new RogueKiller log.
  12. Is there a reason you chose to not remove most of the items that RogueKiller detected? Please download tdsskiller.exe and save it to your Desktop. Go here for information. Double-click on TDSSKiller.exe to run the application. Click on the Start Scan button and wait for the scan and disinfection process to be over. If an infected file is detected, the default action will be Cure, click on ContinueIf a suspicious file is detected, the default action will be Skip, click on ContinueIf you are asked to reboot the computer to complete the process, click on the Reboot Now button. - A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt).Please copy and paste the contents of that file in your next reply. If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.
  13. You have a rootkit that needs to be removed. Please download Malwarebytes Anti-Rootkit here. Unzip the contents to a folder on the Desktop.Open the folder where the contents were unzipped and run mbar.exe ( right-click and select Run as administrator for Vista and Windows 7).Follow the instructions in the wizard to update and allow the program to scan your computer for threats.Click on the Cleanup button to remove any threats and reboot if prompted to do so.Wait while the system shuts down and the cleanup process is performed.Please post the two logs produced.Please note: This tool is still in BETA mode, so please ensure you have backed up any important files. Re-run RogueKiller Quit all programs that you may have started.Please disconnect any USB or external drives from the computer before you run this scan!For Vista or Windows 7, right-click and select "Run as Administrator to start"For Windows XP, double-click to start.Wait until Prescan has finished ...Then Click on "Scan" buttonWait until the Status box shows "Scan Finished"click on "delete"Wait until the Status box shows "Deleting Finished"Click on "Report" and copy/paste the content of the Notepad into your next reply.The log should be found on your DesktopExit/Close RogueKiller Please post the contents of the two logs from MBAR, each in their own reply as they can be long, the new log from RogueKiller, and note any errors encountered.
  14. I don't see that you had mentioned that before. The next itme you run Malwarebytes, be certain you update it before scanning, does this still happen? Excellent. Did you rename ComboFix when you ran it? I see you haven't yet posted this log previously requested, we got caught up in manually deleting what ESET detected before it stopped responding. Download and save to your Desktop RogueKillerX64.exe (by tigzy) Quit all programsPlease disconnect any USB or external drives from the computer before you run this scan!For Vista or Windows 7, right-click and select "Run as Administrator to start"Start RogueKiller.exeWait until Prescan has finishedClick on ScanClick on Report and copy/paste the content of the notepad in your next reply (don't fix anything yet, not everything it finds is bad).Please post the log from RogueKiller, answer the question about renaming ComboFix and the question about Malwarebytes Anti-Malware, and note any errors encountered.
  15. It removes some empty registry entries and files that no longer point to anything, resets one malware related entry back to a default value, and removes a lot of Alternate Data Streams (ADS) that had been attached to several folders: http://www.symantec.com/connect/articles/windows-ntfs-alternate-data-streams That's good, it means that all the itens found were items that AdwCleaner had already quarantined. I hadn't asked you to run AdwCleaner as I saw that you already had. Since several of the ADS entries were not found, I'd like to see another FRST log to make sure they are all gone. Re-run Farbar Recovery Scan Tool Double-click to run it. When the tool opens click Yes to disclaimer. Press Scan button. It will create a log (FRST.txt) in the same directory the tool is run. Please post the contents of FRST.txt in your next reply.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.