GoneInsane
Members-
Posts
16 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by GoneInsane
-
Malware in Registry Key (with logs)
GoneInsane replied to GoneInsane's topic in Resolved Malware Removal Logs
Malware bytes didn't find anything nor did eset but after time I got several weird UAC popups, freezes, network errors and trouble rebooting. I've given up and reset my pc last night. I appreciate all you help and time devoted to this and will donate. Cheers -
Malware in Registry Key (with logs)
GoneInsane replied to GoneInsane's topic in Resolved Malware Removal Logs
Ok. Apparently Stopzilla Antimalware ran a check while I was watching tv and found this Active Desktop Policiesvalue="NoChanging Wallpaper" path="VR32lhkus\s-1-5-21-2069095907-3351469989-3210406979-1001\software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop" which it quarantined. After that I had trouble rebooting. It showed that "System" was preventing reboot then I got this error message. "explorer.exe - Application Error" This instruction at 0xc499a02f referenced memory at 0xa2a09538. The memory could not be read. Click ok to terminate the program. when i clicked ok. It tried and failed to reboot. Just kept saying "rebooting" for several minutes till I finally held done the power button to shut it down. Turned it on again and when it loaded I could not open any files. So rebooted again, so now I am going to run Malwarebytes again. Ill let you know what I find -
Malware in Registry Key (with logs)
GoneInsane replied to GoneInsane's topic in Resolved Malware Removal Logs
here is the log for Malware Bytes Malware Bytes 9-7.txt -
Malware in Registry Key (with logs)
GoneInsane replied to GoneInsane's topic in Resolved Malware Removal Logs
ok reset was quicker but Stopzilla says its re-quarantine the same keys. Also before reboot HKEY_CURRENT_USER\Software\Classes\.exe only had a default key before reboot. After reboot it now it has two again default and application/x-msdownload. (this is where 9-labs said malware.rpl.gen.bot was) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe also has two. -
Malware in Registry Key (with logs)
GoneInsane replied to GoneInsane's topic in Resolved Malware Removal Logs
Here are the logs Rkill.txt Fixlog.txt -
Malware in Registry Key (with logs)
GoneInsane replied to GoneInsane's topic in Resolved Malware Removal Logs
Do you want me to unQuarantine what Stopzilla found first? -
Malware in Registry Key (with logs)
GoneInsane replied to GoneInsane's topic in Resolved Malware Removal Logs
Ok I ran FRST in normal mode and am attaching the logs. The Black screen (when it comes up) is after i load in. Its like I can't see the Desktop but Stopzilla Splash screen comes up(loads automatically) and if I control alt delete I go to the Task Manager screen where i can reboot into safe mode or 'sometimes' if i press esc it will then load the desktop. After your last post when I booted into normal mode Stopzilla Antimalware showed this. Quarantined Systemp Policies.DisableRegistryTools hkus\S-1-5-21-2069095907-3351469989-3210406979-1001\software\microsoft\windows\currentversion\policies\system\DisableRegistryTools System Policies.DisableTaskMgrhkus\S-1-5-21-2069095907-3351469989-3210406979-1001\software\microsoft\windows\currentversion\policies\system\DisableTaskMgr Eset and TDSSKiller shows nothing.FRST.txt Addition.txt -
Malware in Registry Key (with logs)
GoneInsane replied to GoneInsane's topic in Resolved Malware Removal Logs
Should I be running FRST in Normal mode? -
Malware in Registry Key (with logs)
GoneInsane replied to GoneInsane's topic in Resolved Malware Removal Logs
I can restart out of safe mode. The black screen of death comes and goes. Attaching Logs FRST.txt Addition.txt -
Malware in Registry Key (with logs)
GoneInsane replied to GoneInsane's topic in Resolved Malware Removal Logs
First of all Thank you for the quick reply and help it is greatly appreciated. Just so you know I am doing this all in Safe Mode. I ran Farbar again and am attaching the log. It restarted me out of Safe Made and I got a black screen of death. I went back into Safe mode and ran AdwCleaner and Junk Removal Tools, and Malwarebytes and am attaching logs as well. Malwarebytes didn't seem to find that Malware.rpl.gen.bo,t but it didn't find it before so that is not new. Should I run 9-Labs or Trojan Killer to see if it is still there Also quick question should I have removed the PUPs and PUM that Rogue Killer found last night. Fixlog.txt AdwCleanerS1.txt JRT.txt Malwarebytes Log.txt -
Malware in Registry Key (with logs)
GoneInsane replied to GoneInsane's topic in Resolved Malware Removal Logs
sorry i posted this in the wrong thread. Feel free to delete this -
Malware in Registry Key (with logs)
GoneInsane replied to GoneInsane's topic in Resolved Malware Removal Logs
First of all Thank you for the quick reply and help it is greatly appreciated. Just so you know I am doing this all in Safe Mode. I ran Farbar again and am attaching the log. It restarted me out of Safe Made and I got a black screen of death. I went back into Safe mode and ran AdwCleaner and Junk Removal Tools, and Malwarebytes and am attaching logs as well. Malwarebytes didn't seem to find that Malware.rpl.gen.bo,t but it didn't find it before so that is not new. Should I run 9-Labs or Trojan Killer to see if it is still there Also quick question should I have removed the PUPs and PUM that Rogue Killer found last night. Fixlog.txt AdwCleanerS1.txt JRT.txt Malwarebytes Log.txt -
Malware in Registry Key (with logs)
GoneInsane replied to GoneInsane's topic in Resolved Malware Removal Logs
Just ran another 9-labs scan in addition to the Malware.rpl.gen.bot it also found this which is new today thanks this virus. [E50933A9E022D3F96787F3DE4ACFF330] PUP.Win32.Gen.vb!n [C:\Users\Tara\Downloads\fix_Video-setup.exe] -
Malware in Registry Key (with logs)
GoneInsane replied to GoneInsane's topic in Resolved Malware Removal Logs
Hi. Last Thursday got a Browser Redirect Virus, Cloudscout, and my Internet kept dropping. After trying several different Anti-Virus Programs in safe mode (with which I found MANY viruses Trojans, PUM, PUPs etc). I tried (and purchased) Trojan Killer, which found Malware.rpl.gen.bot in one of my Registry Keys. Also 9-Labs found it as well. I believe it was the source of the Browser Redirect Virus and it has been constantly downloading new viruses since I found it. I have tried quarentine it, and even manually removing the Key but it just comes back after reboot out of safe mode. If I not in safe mode it returns within a minute. I have tried everything and am going slowly insane trying to get it out of my computer. I found this forum post of a similar case. https://forums.malwarebytes.org/index.php?/topic/152888-in-desperate-need-of-help/. I have run the Malwarebytes (which cant see it) plus Rogue Killer, and FARBAR which I will include logs for. Please help! P.S. Please feel free to delete my old previous post in the forums. https://forums.malwarebytes.org/index.php?/topic/172370-malwarerplgenbot/ 9lab-log-2015-09-05 (00-16-42).txt FRST 9-6-2015 Safe Mode.txt Addition 9-6-2015 Safe Mode.txt Malwarebytes 9-6-2015 Safe Mode.txt RogueKiller 9-6-2015 Safe Mode.txt -
Malware in Registry Key (with logs)
GoneInsane replied to GoneInsane's topic in Resolved Malware Removal Logs
http://tools.safezone.cc/drongo/AutoLogger/AutoLogger.zipBut I don't know if I trust it. What should I do? Sorry for extra post. finger slipped on post -
Hi. I have this in my registry key hkey_current_user/software/classes.exe I've tried antivirus andante malware and even tried manually deleting the key itself but it just comes back after a minute or on a reboot out of safe mode. I downloaded Trojan Killer and they want me to download this,