Cloudworxz Posted July 22, 2013 ID:705771 Share Posted July 22, 2013 I'm infected with malware and I have no idea how to remove it. One day I tried going to gmtower.org, but I accidentally went to gmtower.com (typosquatter). The website installed a fake version of SUPERantispyware which placed "Gay Fetish Porn.url" on my desktop every time I started my computer. Malwarebytes hardly ever opens now, because the malware keeps blocking it. And when it does, malwarebytes doesn't detect anything because I believe the malware has made it void. My other antivirus doesn't start and is taking up 79% of my computer's CPU. I then installed and ran a fresh copy of Spybot S&D, which detected the malware, but refused to remove it. I really have no idea what the file is called, but I do know that it has a .vbs extension and that it is located in a .rar archive. If anyone has any removal tips, please don't hesitate to post them. As soon as I can find the malware in its folder, I will provide a sample. Link to post Share on other sites More sharing options...
Psychotic Posted July 22, 2013 ID:705781 Share Posted July 22, 2013 Hi there,my name is Marius and I will be assisting you with your Malware related problems.Before we move on, please read the following points carefully. First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding. Perform everything in the correct order. Sometimes one step requires the previous one. If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem. Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me. Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts. If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed. Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean. My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding. Scan with DDSDownload DDS and save it to your desktop from here or here orhere.Disable any script blocker, and then double click dds.scr to run the tool.When done, DDS will open two (2) logsDDS.txtAttach.txtSave both reports to your desktop. Scan with Gmer rootkit scannerPlease download Gmer from here by clicking on the "Download EXE" Button.Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent. If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO. In the right panel, you will see several boxes that have been checked. Uncheck the following ...Sections IAT/EAT Show All ( should be unchecked by default )[*]Leave everything else as it is. [*]Close all other running programs as well as your Browser. [*]Click the Scan button & wait for it to finish. [*]Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post. [*]Save it where you can easily find it, such as your desktop. [*]Please post the content of the ark.txt here.**Caution**Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries Link to post Share on other sites More sharing options...
Cloudworxz Posted July 23, 2013 Author ID:706420 Share Posted July 23, 2013 I have followed your instructions and removed the malware. Thank you for the help. Link to post Share on other sites More sharing options...
Psychotic Posted July 24, 2013 ID:706556 Share Posted July 24, 2013 None of the tools I adviced you to run removed anything.Your computer is still infected so please post up the created logs. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 27, 2013 Root Admin ID:707659 Share Posted July 27, 2013 Are you still with us? Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 30, 2013 Root Admin ID:708751 Share Posted July 30, 2013 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts