Jump to content

FBI virus infected safe mode


Recommended Posts

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

I´m currently reviewing your log - please be patient with me meanwhile.

Link to post
Share on other sites

Fix with FRST (Recovery Environment)


  • Open notepad (Start =>All Programs => Accessories => Notepad).
  • Please copy the entire contents of the code box below.
    (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

    HKLM-x32\...\Winlogon: [Shell] cmd.exe [302592 2010-11-20] (Microsoft Corporation) <=== ATTENTIONHKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1391272 2012-01-03] (Ask)HKLM-x32\...\Run: [SelectRebates] - C:\Program Files (x86)\SelectRebates\SelectRebates.exe [886752 2010-11-01] ()HKLM-x32\...\Run: [joKuYVjXTDn.exe] - C:\Users\MattCoop Laptop\AppData\Local\VEsklWXF\joKuYVjXTDn.exe [58880 2013-08-06] (Hkhxv)HKU\MattCoop Laptop\...\Run: [joKuYVjXTDn.exe] - C:\Users\MattCoop Laptop\AppData\Local\VEsklWXF\joKuYVjXTDn.exe [58880 2013-08-06] (Hkhxv)HKU\MattCoop Laptop\...\Winlogon: [Shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTIONHKU\MattCoop Laptop\...\Command Processor: "C:\Users\MattCoop Laptop\AppData\Local\VEsklWXF\joKuYVjXTDn.exe" <===== ATTENTION!C:\Program Files (x86)\SelectRebatesC:\Program Files (x86)\Ask.comC:\Users\MattCoop Laptop\AppData\Local\VEsklWXFC:\Users\MattCoop Laptop\AppData\Roaming\8eQ073DZyUC:\Users\MattCoop Laptop\AppData\Local\7MBh46oNMC:\ProgramData\2OO1QDA0JfC:\Users\MattCoop Laptop\AppData\Roaming\ObxTiRi6yLFC:\Users\MattCoop Laptop\AppData\Local\oon6Cvv7rbC:\ProgramData\rMn3PcedQNC:\Users\MattCoop Laptop\AppData\Roaming\lN9rqwxNUvC:\Users\MattCoop Laptop\AppData\Local\Pjhwxmq25ZC:\ProgramData\snalkufNWUC:\Users\MattCoop Laptop\AppData\Roaming\AvJrqG2ZadC:\Users\MattCoop Laptop\AppData\Local\5h9kXnHaC:\ProgramData\WjRJegYqL0C:\Users\MattCoop Laptop\AppData\Roaming\XRIM4wchIC:\Users\MattCoop Laptop\AppData\Local\09LWCNd9C:\ProgramData\ozNZYRvCWxC:\Users\MattCoop Laptop\AppData\Roaming\DWZSN3e50LC:\Users\MattCoop Laptop\AppData\Local\y1bIQ6CvESDC:\ProgramData\ncdFPgOC1C:\Users\MattCoop Laptop\AppData\Roaming\GglSI5MYaC:\Users\MattCoop Laptop\AppData\Local\RFmPFgEPC:\ProgramData\xdYCLxsbC:\Windows\Minidump\080513-71963-01.dmpC:\Users\MattCoop Laptop\AppData\Roaming\2433f433C:\ProgramData\2433f433C:\Users\MattCoop Laptop\AppData\Local\2433f433C:\Users\MattCoop Laptop\AppData\Local\Conduit


    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Now please enter System Recovery Options again.
  • Run frst.exe (on 64bit, run frst64.exe) and press the Fix button just once and wait.
  • The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

 

 

Start the system in normal mode now!

 

 

 

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe



When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.