mistercrab

Members

View Profile See their activity

Posts
7
Joined
November 17, 2017
Last visited
November 19, 2017

Reputation

0 Neutral

Hijack.Autorun (malware)

mistercrab replied to mistercrab's topic in Resolved Malware Removal Logs

Alright, thanks for the help Yoan, it was a quick fix, have a nice day.
Hijack.Autorun (malware)

mistercrab replied to mistercrab's topic in Resolved Malware Removal Logs

Can I safely delete everything in quarantine?
Hijack.Autorun (malware)

mistercrab replied to mistercrab's topic in Resolved Malware Removal Logs

It didnt detect anything.
Hijack.Autorun (malware)

mistercrab replied to mistercrab's topic in Resolved Malware Removal Logs

Yup!! I guess that issue is fixed, can I safely delete malware and everything else?
Hijack.Autorun (malware)

mistercrab replied to mistercrab's topic in Resolved Malware Removal Logs

Fix result of Farbar Recovery Scan Tool (x64) Version: 18-11-2017 Ran by Vedran (18-11-2017 13:17:09) Run:1 Running from C:\Users\Vedran\Desktop Loaded Profiles: Vedran & (Available Profiles: Vedran) Boot Mode: Normal ============================================== fixlist content: ***************** CloseProcesses: CreateRestorePoint: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKU\S-1-5-21-3132166389-607629509-1695856137-1001\...\Winlogon: [Shell] C:\Windows\System32\cmd.exe [345088 2010-11-21] (Microsoft Corporation) <==== ATTENTION HKU\S-1-5-21-3132166389-607629509-1695856137-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=vmn&type=vmn__webcompa__1_0__ya__hp_WCYID10099_swoc_campaign_150430__yaie Task: {8D3D3A06-BB6C-4D2B-B78E-0FF0CAB7E92E} - System32\Tasks\{07F1F425-8614-4143-BEB4-164FA10ED7E3} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.7.0.103/hr/abandoninstall?page=tsProgressBar Task: {E5060351-954B-4034-B668-83F8394E5CBC} - System32\Tasks\{1645526D-187B-4BF9-AACA-CF7EB2B3A0F7} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.7.0.103/hr/abandoninstall?page=tsBing AlternateDataStreams: C:\ProgramData\TEMP:FB6A21E3 [430] EmptyTemp: ***************** Processes closed successfully. Restore point was successfully created. HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => key removed successfully HKU\S-1-5-21-3132166389-607629509-1695856137-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value removed successfully HKU\S-1-5-21-3132166389-607629509-1695856137-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8D3D3A06-BB6C-4D2B-B78E-0FF0CAB7E92E} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8D3D3A06-BB6C-4D2B-B78E-0FF0CAB7E92E} => key removed successfully C:\Windows\System32\Tasks\{07F1F425-8614-4143-BEB4-164FA10ED7E3} => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{07F1F425-8614-4143-BEB4-164FA10ED7E3} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E5060351-954B-4034-B668-83F8394E5CBC} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E5060351-954B-4034-B668-83F8394E5CBC} => key removed successfully C:\Windows\System32\Tasks\{1645526D-187B-4BF9-AACA-CF7EB2B3A0F7} => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1645526D-187B-4BF9-AACA-CF7EB2B3A0F7} => key removed successfully C:\ProgramData\TEMP => ":FB6A21E3" ADS removed successfully. =========== EmptyTemp: ========== BITS transfer queue => 0 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 48959293 B Java, Flash, Steam htmlcache => 591255759 B Windows/system/drivers => 53992478 B Edge => 0 B Chrome => 262827867 B Firefox => 803511413 B Opera => 0 B Temp, IE cache, history, cookies, recent: Users => 0 B Default => 0 B Public => 0 B ProgramData => 0 B systemprofile => 100688 B systemprofile32 => 692 B LocalService => 116035 B NetworkService => 10558 B Vedran => 321565190 B RecycleBin => 1393988926 B EmptyTemp: => 3.2 GB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 13:21:40 ====
Hijack.Autorun (malware)

mistercrab replied to mistercrab's topic in Resolved Malware Removal Logs

Don't worry about time, I'm a very patient person malwarebytes.txt
Hijack.Autorun (malware)

mistercrab posted a topic in Resolved Malware Removal Logs

Hello, did a scan because CMD was running on start-up then closes itself, it was weird, and now Malwarebytes detected severals PUPs (yontoo and yahoo) and Hijack.Autorun in a registry. I put them in quarantine, did a reboot, now PC only starts up with CMD and blackscreen, so I have to type in manually start explorer, then everything works fine, what should I do with the malware, and how to fix the blackscreen issue? Thanks. EDIT: Starting Windows with Safe Mode with or without networking have the same issue. FRST.txt Addition.txt

Sign In

mistercrab

Posts

Joined

Last visited

Reputation

Hijack.Autorun (malware)

Hijack.Autorun (malware)

Hijack.Autorun (malware)

Hijack.Autorun (malware)

Hijack.Autorun (malware)

Hijack.Autorun (malware)

Hijack.Autorun (malware)

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information