mistercrab
-
Posts
7 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by mistercrab
-
-
Can I safely delete everything in quarantine?
-
It didnt detect anything.
-
Yup!! I guess that issue is fixed, can I safely delete malware and everything else?
-
Fix result of Farbar Recovery Scan Tool (x64) Version: 18-11-2017
Ran by Vedran (18-11-2017 13:17:09) Run:1
Running from C:\Users\Vedran\Desktop
Loaded Profiles: Vedran & (Available Profiles: Vedran)
Boot Mode: Normal
==============================================fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3132166389-607629509-1695856137-1001\...\Winlogon: [Shell] C:\Windows\System32\cmd.exe [345088 2010-11-21] (Microsoft Corporation) <==== ATTENTIONHKU\S-1-5-21-3132166389-607629509-1695856137-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=vmn&type=vmn__webcompa__1_0__ya__hp_WCYID10099_swoc_campaign_150430__yaie
Task: {8D3D3A06-BB6C-4D2B-B78E-0FF0CAB7E92E} - System32\Tasks\{07F1F425-8614-4143-BEB4-164FA10ED7E3} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.7.0.103/hr/abandoninstall?page=tsProgressBar
Task: {E5060351-954B-4034-B668-83F8394E5CBC} - System32\Tasks\{1645526D-187B-4BF9-AACA-CF7EB2B3A0F7} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.7.0.103/hr/abandoninstall?page=tsBingAlternateDataStreams: C:\ProgramData\TEMP:FB6A21E3 [430]
EmptyTemp:
*****************Processes closed successfully.
Restore point was successfully created.
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => key removed successfully
HKU\S-1-5-21-3132166389-607629509-1695856137-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value removed successfully
HKU\S-1-5-21-3132166389-607629509-1695856137-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8D3D3A06-BB6C-4D2B-B78E-0FF0CAB7E92E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8D3D3A06-BB6C-4D2B-B78E-0FF0CAB7E92E} => key removed successfully
C:\Windows\System32\Tasks\{07F1F425-8614-4143-BEB4-164FA10ED7E3} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{07F1F425-8614-4143-BEB4-164FA10ED7E3} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E5060351-954B-4034-B668-83F8394E5CBC} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E5060351-954B-4034-B668-83F8394E5CBC} => key removed successfully
C:\Windows\System32\Tasks\{1645526D-187B-4BF9-AACA-CF7EB2B3A0F7} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1645526D-187B-4BF9-AACA-CF7EB2B3A0F7} => key removed successfully
C:\ProgramData\TEMP => ":FB6A21E3" ADS removed successfully.=========== EmptyTemp: ==========
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 48959293 B
Java, Flash, Steam htmlcache => 591255759 B
Windows/system/drivers => 53992478 B
Edge => 0 B
Chrome => 262827867 B
Firefox => 803511413 B
Opera => 0 BTemp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 100688 B
systemprofile32 => 692 B
LocalService => 116035 B
NetworkService => 10558 B
Vedran => 321565190 BRecycleBin => 1393988926 B
EmptyTemp: => 3.2 GB temporary data Removed.================================
The system needed a reboot.==== End of Fixlog 13:21:40 ====
-
Don't worry about time, I'm a very patient person
-
Hello, did a scan because CMD was running on start-up then closes itself, it was weird, and now Malwarebytes detected severals PUPs (yontoo and yahoo) and Hijack.Autorun in a registry. I put them in quarantine, did a reboot, now PC only starts up with CMD and blackscreen, so I have to type in manually start explorer, then everything works fine, what should I do with the malware, and how to fix the blackscreen issue? Thanks.
EDIT: Starting Windows with Safe Mode with or without networking have the same issue.
Hijack.Autorun (malware)
in Resolved Malware Removal Logs
Posted
Alright, thanks for the help Yoan, it was a quick fix, have a nice day.