Aura

Trusted Advisors
  • Content count

    6,330
  • Joined

  • Last visited

  • Days Won

    14

About Aura

  • Rank
    Special Ops
  • Birthday 02/14/1994

Profile Information

  • Location
    Qu├ębec, Canada
  • Interests
    Technical Support, Malware Removal & Analysis, InfoSec

Recent Profile Visitors

9,626 profile views
  1. Alright, run the following FRST fix, and provide me the fixlog.txt afterwards. fixlist.txt
  2. Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!
  3. Alright, follow the instructions below. Farbar Recovery Scan Tool (FRST) - Registry Search Follow the instructions below to download and execute a Registry search on your system with FRST, and provide the log in your next reply. Right-click on the executable and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users); Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds; In the Search text area, copy and paste the following: b21f9b2ec80718e Once done, click on the Search Registry button and wait for FRST to finish the search; On completion, a log will open in Notepad. Copy and paste its content in your next reply;
  4. No problem Tadas, you're welcome Since there are no signs of infection anymore in your logs, and you just told me that there are no more issues left to address, I guess we're done here. We'll wrap it up by running DelFix to delete the tools and logs that were used in this clean-up. DelFix Follow the instructions below to download and execute DelFix. Download DelFix and move the executable to your Desktop; Right-click on DelFix.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users); Check the following options : Activate UAC; Remove disinfection tools; Create registry backup; Purge system restore; Reset system settings; Once all the options mentionned above are checked, click on Run; After DelFix is done running, a log will open. Please copy/paste the content of the output log in your next reply; Tips, tricks, advice and recommendations Now it's time to give you some tips, tricks, advice and recommendations on how to protect your system and prevent you from being infected in the future. This is where I'll explain basic security measures that you should take to protect and harden your system, and also make sure it stays as safe and secure as possible against hackers and malware. You are free to ignore the recommendations listed below, although I obviously do not recommend it. If you have any questions about one of the points covered in the speech below, feel free to ask me your questions here directly so I can answer them and guide you. Windows Updates Keeping Windows up to date is one of the first steps in having a safe and secure system. The Security Updates that Windows receives are meant to fix exploits and flaws in it that makes it more secure and not exploitable by hackers. In order to do that, you should always install the Security Updates, known as "Important Updates" on your Windows system. These updates are released on the second Tuesday of every month, but some are also released before if they are emergency/critical Security Updates. Let's make sure that you have all your Important Updates and Recommended Updates installed and that your Windows Updates are set to be installed automatically. How To Change Windows Update Settings How To Check For & Install Windows Updates Keeping your programs up-to-date Like keeping Windows updated, keeping your installed programs up-to-date is another important step in having a safe and secure system. Outdated programs can be exploited by hackers and malware to infect a system and take it over. This is especially true today with the rise of Exploit Kits which is one of the biggest attack vectors to distribute malware. Therefore, you should always keep vulnerable programs like Adobe Flash Player, Adobe Shockwave Player, Java, Silverlight, etc. updated to their most recent version (even better, you don't have to install them if you don't use them). Programs like SecuniaPSI and Heimdal Free will scan your system for outdated programs, and help you identify them, as well as update them. Antivirus, Antimalware, Firewall and Anti-Exploit/Ransomware Having a decent security setup (led by an Antivirus) is the most crucial step to protect a system. These programs are a layer of defence that will prevent a system from being infected, or if it somehow ends up infected, help mitigate the infection and remediate it. Ideally, you should have on your system one Antivirus (never more than one installed at the time), one Antimalware (you can install multiple of these, assuming they do not conflict with each other and the other security programs installed), one Firewall and if you wish, one Anti-Exploit and/or Anti-Ransomware (since Ransomware are currently the most dangerous threat around and it can hit anywhere). Here are a few programs worth checking out if you don't have one yet. Note: The programs listed below are all free to use or they have some sort of trial. Some of them have a paid version that provides more features, while a lot of other good programs only have a paid version but aren't listed there (such as Kaspersky and ESET Antivirus products). Antivirus Sophos Home Bitdefender Free Antivirus Emsisoft Anti-Malware - Free 30 day trial. Once it expires, EAM enters into a freeware mode where it is still considered an Antivirus program, but without real-time protection; Avira Free Antivirus avast! Free Antivirus Antimalware Malwarebytes - Has both a free and paid version; HitmanPro 3 - Free 30 day trial; Zemana AntiMalware - Free 30 day trial; Firewall Starting in Windows Vista, the Windows Firewall greatly improved and will satisfy the needs of most users. If you do not have an Internet Suite Antivirus program (which includes a firewall) and you want to use a 3rd party firewall, you can consider the options below. GlassWire - Has both a free and paid version (with different packages); Windows Firewall Control - Gives you more control over your Windows Firewall; TinyWall - Lightweight firewall implementing the Windows Firewall and giving you more control over it; Anti-Exploit/Anti-Ransomware Malwarebytes Anti-Exploit Beta - In a perpetual beta state, and entirely free; HitmanPro.Alert - Free 30 day trial; CryptoPrevent - Has both a free and paid version; Web Browsers and Web Browsing Web Browsers could be considered as the closest door between a malware and your system. This is where most malware goes through to infect a system, and therefore it should be the program(s) you want to secure the most. There are two ways of going about it: hardening your web browser via extensions, and having good browsing habits. Hardening your web browser means to install extensions that will help it protect itself (and your system on the same occasion) against Exploit Kits, MiTM attacks, etc. but also you at the same time. Here are a few extensions that I recommend you to install. uBlock Origin: Efficient multi-purpose blocker that is lightweight on RAM and CPU usage (Google Chrome and Mozilla Firefox, called uBlock on Opera); HTTPS Everywhere: Extension that converts your HTTP (unencrypted) requests to HTTPS (encrypted) ones (Google Chrome, Mozilla Firefox and Opera); Web of Trust: Website reputation, rating and review extension that will help you quickly identify bad and suspicious sites from good ones (every web browsers); NoScript: NoScript is a script blocker (Java, Flash, JavaScript, etc.) for Mozilla Firefox and Firefox-based browsers (Mozilla Firefox and Firefox-based web browsers); uMatrix: For advanced users, a point and click matrix-like extensions that allow you to control requests done on a webpage (based on source, destination and type) (Google Chrome, Mozilla Firefox and Opera); LastPass: Secure password manager allowing you to create, manage, and use passwords you save in your LastPass account (every web browser); As for safe browsing habits, you can find tons of guides, tutorials, articles, etc. online that will highlight the basics you need to follow (only visit websites you trust, do not click on ads, do not download files from untrusted sources, use a password manager, always verify the URL of a website and make sure it's correctly typed, etc.), and even what you can do if you want to take it a step further (create a fake email address for spam emails, browse the web in a privacy mode, etc.). Here are a few: The Ultimate Guide to Secure your Online Browsing: Chrome, Firefox and Internet Explorer on Heimdal Security Seven Useful Habits For A Safer Internet on Kapsersky Blog Tips for Secure Web Browsing: Cybersecurity 101 on VeraCode Safe browsing habits on Internet Safety Project Wiki As you can see, there are plenty of resources out there. Simply Googling "good browsing habits" or "safe browsing habits" should allow you to find a lot of them. Other recommendations Even if you follow every recommendation that I listed here, in the end, it's also your job to be careful when browsing the web and downloading files if you don't want to get infected. Therefore, if you use your brain (common sense) when browsing the web, downloading programs and files, etc., you have far less chances to get infected by a malware. If for example you're not sure if a website is legitimate or not, or if a file is safe to download and execute, or if a program looks "too good" to be free, I suggest you to avoid going to that website, downloading that file or using that program. Here are a few guides, tutorials, articles, etc. that you could read in order to learn more about computer protection and security to improve your current computer protection setup but also improve your good web browsing and computer usage practices : Answers to common security questions - Best Practices by quietman7 How Malware Spreads - How did I get infected by quietman7 Simple and easy ways to keep your computer safe and secure on the Internet by Lawrence Abrams (aka Grinler) How to Prevent Malware by miekiemoes Tips & Advice on StaySafeOnline.org The End! And that's it! Now that you know more about how to protect your computer and secure it, you're good to go back to your online activities, but in a safe and secure way! You are also free to stay on the forums and ask for help in different topics if you ever need to. Just make sure that you post your question/issue in the right section to get the best assistance possible. And if you ever get infected again (which I hope you wont!), you can always comeback in this section to get another checkup with one of our trained malware removal member. Do you have any questions before I close this thread?
  5. Awesome, thank you These samples have been forwarded to Malwarebytes' Research Team. How's your system behaving now? Are there any other issues to address?
  6. Nice Now, run the following fix. This time, it should create a proper DATE-TIME.zip file on your desktop. Upload it to the link below. http://www.bleepingcomputer.com/submit-malware.php?channel=194 fixlist.txt
  7. Sorry, I had forgotten the /s switch. Attach the next fixlog.txt, don't copy/paste it as it'll be way too long fixlist.txt
  8. Urg. Alright, run this fix and attach the fixlog.txt here afterwards please. fixlist.txt
  9. 2 things left to remove Use the fixlist.txt below and attach the fixlog.txt afterward. Also, can you check the size of the following folder? C:\FRST\Quarantine fixlist.txt
  10. Good Last but not least, run a new scan with FRST (normally, no need to go in the RecoveryPE this time), and provide me a fresh set of logs (FRST.txt and Addition.txt).
  11. Finally we're getting somewhere Alright, time for a sweep with AdwCleaner and JRT. AdwCleaner - Fix Mode Download AdwCleaner and move it to your Desktop; Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users); Accept the EULA (I accept), let the database update, then click on Scan; Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Cleaning button. This will kill all the active processes; Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it; After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply; Junkware Removal Tool (JRT) Download Junkware Removal Tool (JRT) and move it to your Desktop; Right-click on JRT.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users); Press on any key to launch the scan and let it complete; Credits : BleepingComputer.com Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply; Your next reply(ies) should therefore contain: Copy/pasted AdwCleaner clean log; Copy/pasted JRT log;
  12. Good. Please run a new scan with FRST and provide me a fresh set of logs.
  13. Awesome Run a scan and provide me the log afterwards please.
  14. Now, are you able to run a scan with Malwarebytes?