Jump to content

GoneInsane

Members
  • Posts

    16
  • Joined

  • Last visited

Everything posted by GoneInsane

  1. Malware bytes didn't find anything nor did eset but after time I got several weird UAC popups, freezes, network errors and trouble rebooting. I've given up and reset my pc last night. I appreciate all you help and time devoted to this and will donate. Cheers
  2. Ok. Apparently Stopzilla Antimalware ran a check while I was watching tv and found this Active Desktop Policiesvalue="NoChanging Wallpaper" path="VR32lhkus\s-1-5-21-2069095907-3351469989-3210406979-1001\software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop" which it quarantined. After that I had trouble rebooting. It showed that "System" was preventing reboot then I got this error message. "explorer.exe - Application Error" This instruction at 0xc499a02f referenced memory at 0xa2a09538. The memory could not be read. Click ok to terminate the program. when i clicked ok. It tried and failed to reboot. Just kept saying "rebooting" for several minutes till I finally held done the power button to shut it down. Turned it on again and when it loaded I could not open any files. So rebooted again, so now I am going to run Malwarebytes again. Ill let you know what I find
  3. ok reset was quicker but Stopzilla says its re-quarantine the same keys. Also before reboot HKEY_CURRENT_USER\Software\Classes\.exe only had a default key before reboot. After reboot it now it has two again default and application/x-msdownload. (this is where 9-labs said malware.rpl.gen.bot was) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe also has two.
  4. Ok I ran FRST in normal mode and am attaching the logs. The Black screen (when it comes up) is after i load in. Its like I can't see the Desktop but Stopzilla Splash screen comes up(loads automatically) and if I control alt delete I go to the Task Manager screen where i can reboot into safe mode or 'sometimes' if i press esc it will then load the desktop. After your last post when I booted into normal mode Stopzilla Antimalware showed this. Quarantined Systemp Policies.DisableRegistryTools hkus\S-1-5-21-2069095907-3351469989-3210406979-1001\software\microsoft\windows\currentversion\policies\system\DisableRegistryTools System Policies.DisableTaskMgrhkus\S-1-5-21-2069095907-3351469989-3210406979-1001\software\microsoft\windows\currentversion\policies\system\DisableTaskMgr Eset and TDSSKiller shows nothing.FRST.txt Addition.txt
  5. I can restart out of safe mode. The black screen of death comes and goes. Attaching Logs FRST.txt Addition.txt
  6. First of all Thank you for the quick reply and help it is greatly appreciated. Just so you know I am doing this all in Safe Mode. I ran Farbar again and am attaching the log. It restarted me out of Safe Made and I got a black screen of death. I went back into Safe mode and ran AdwCleaner and Junk Removal Tools, and Malwarebytes and am attaching logs as well. Malwarebytes didn't seem to find that Malware.rpl.gen.bo,t but it didn't find it before so that is not new. Should I run 9-Labs or Trojan Killer to see if it is still there Also quick question should I have removed the PUPs and PUM that Rogue Killer found last night. Fixlog.txt AdwCleanerS1.txt JRT.txt Malwarebytes Log.txt
  7. sorry i posted this in the wrong thread. Feel free to delete this
  8. First of all Thank you for the quick reply and help it is greatly appreciated. Just so you know I am doing this all in Safe Mode. I ran Farbar again and am attaching the log. It restarted me out of Safe Made and I got a black screen of death. I went back into Safe mode and ran AdwCleaner and Junk Removal Tools, and Malwarebytes and am attaching logs as well. Malwarebytes didn't seem to find that Malware.rpl.gen.bo,t but it didn't find it before so that is not new. Should I run 9-Labs or Trojan Killer to see if it is still there Also quick question should I have removed the PUPs and PUM that Rogue Killer found last night. Fixlog.txt AdwCleanerS1.txt JRT.txt Malwarebytes Log.txt
  9. Just ran another 9-labs scan in addition to the Malware.rpl.gen.bot it also found this which is new today thanks this virus. [E50933A9E022D3F96787F3DE4ACFF330] PUP.Win32.Gen.vb!n [C:\Users\Tara\Downloads\fix_Video-setup.exe]
  10. Hi. Last Thursday got a Browser Redirect Virus, Cloudscout, and my Internet kept dropping. After trying several different Anti-Virus Programs in safe mode (with which I found MANY viruses Trojans, PUM, PUPs etc). I tried (and purchased) Trojan Killer, which found Malware.rpl.gen.bot in one of my Registry Keys. Also 9-Labs found it as well. I believe it was the source of the Browser Redirect Virus and it has been constantly downloading new viruses since I found it. I have tried quarentine it, and even manually removing the Key but it just comes back after reboot out of safe mode. If I not in safe mode it returns within a minute. I have tried everything and am going slowly insane trying to get it out of my computer. I found this forum post of a similar case. https://forums.malwarebytes.org/index.php?/topic/152888-in-desperate-need-of-help/. I have run the Malwarebytes (which cant see it) plus Rogue Killer, and FARBAR which I will include logs for. Please help! P.S. Please feel free to delete my old previous post in the forums. https://forums.malwarebytes.org/index.php?/topic/172370-malwarerplgenbot/ 9lab-log-2015-09-05 (00-16-42).txt FRST 9-6-2015 Safe Mode.txt Addition 9-6-2015 Safe Mode.txt Malwarebytes 9-6-2015 Safe Mode.txt RogueKiller 9-6-2015 Safe Mode.txt
  11. http://tools.safezone.cc/drongo/AutoLogger/AutoLogger.zipBut I don't know if I trust it. What should I do? Sorry for extra post. finger slipped on post
  12. Hi. I have this in my registry key hkey_current_user/software/classes.exe I've tried antivirus andante malware and even tried manually deleting the key itself but it just comes back after a minute or on a reboot out of safe mode. I downloaded Trojan Killer and they want me to download this,
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.