Jump to content

Recommended Posts

  • Replies 210
  • Created
  • Last Reply

Top Posters In This Topic

  • Root Admin

You are mostly clean but still have a few items that should not be there so I will rip out a few more things to hopefully help prevent this from showing up in the logs again.  You can use your email but don't be clicking on links if you can avoid it. 

 

You also appear to have a few programs that are not installed but are running from this location.
I'm going to have FRST remove them and if you want them then you need to download the latest version and I recommend that you actually install them if you want to use them.

C:\Users\Kishore Reddy\Downloads\new prog


I thought I asked you to uninstall Java already but it's still showing in the logs as well.


Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and save the new version to your computer.  Then quit your browser, do not run the updated version from your browser.

fixlist.txt

Link to post
Share on other sites

Mr.Ron, before the scan i have manually deleted Adobe Flash Player_11.7.700.224_Activex_sps.exe and moved WFN/ Notifier to downloads.

 

Deleted new prog (C:\Users\Kishore Reddy\Downloads\new prog).

 

Uninstalled Java a few months back, please help me to remove the left over files. thankyou.

Fixlog.txt

Link to post
Share on other sites
  • Root Admin

Okay, please run this again now and reboot the computer.
 
Please Run TFC by OldTimer to clear temporary files:

  • Download TFC from here and save it to your desktop.
  • http://oldtimer.geekstogo.com/TFC.exe
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

Then run MBAM and check for updates and do a new Quick Scan and post back that new log file.

Link to post
Share on other sites
  • Root Admin

Please run the following and we'll see if we can manually track down the files involved here and remove them.
This will be a big list I'm sure so please attach the log file when ready - I don't think you can easily copy/paste it to a reply.


Please download the correct version of SystemLook for your computer and save it to your desktop.
You can check here if you're not sure if your computer is 32-bit or 64-bit

SystemLook 32-bit x86 | or | SystemLook 64-bit x64

  • If using Windows XP just double click on SystemLook.exe to run it.
  • For all other versions of Windows, right click over SystemLook.exe or SystemLook_x64.exe and choose Run as administrator to run it
  • Copy the contents of the following code box into the main text field - including the colon characters.
    :filefind*bProtector**Conduit**DealPly**Delta**BrowserDefender**Babylon**DataMngr**BabylonToolbar**Funmoods**Facemoods*:folderfind*bProtector**Conduit**DealPly**Delta**BrowserDefender**Babylon**DataMngr**BabylonToolbar**Funmoods**Facemoods*:regfindbProtectorConduitDealPlyDeltaBrowserDefenderBabylonDataMngrBabylonToolbarFunmoodsFacemoods
  • Click the Look button to start the scan
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  • Note: The log can also be found on your Desktop named SystemLook.txt
Link to post
Share on other sites

Please reboot your system and then:

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

We would like to see if there is any progress.

Link to post
Share on other sites

Hello Mr.Borislav, the MBAM scan log is as follows:

 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.09.19.06
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
Kishore Reddy :: KISHOREREDDY-PC [administrator]
 
19-09-2013 22:05:06
mbam-log-2013-09-19 (22-05-06).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 206244
Time elapsed: 8 minute(s), 14 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 1
c:\users\kishore reddy\appdata\roaming\delta (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
 
Files Detected: 3
c:\users\kishore reddy\appdata\roaming\delta\sqlite3.dll (PUP.Optional.Delta.A) -> Delete on reboot.
c:\users\kishore reddy\appdata\local\google\chrome\user data\default\bprotector web data (PUP.Optional.BProtector.A) -> Delete on reboot.
c:\users\kishore reddy\appdata\local\google\chrome\user data\default\bprotectorpreferences (PUP.Optional.BProtector.A) -> Delete on reboot.
 
(end)
Link to post
Share on other sites
  • Root Admin

Please close all open applications and browsers and run the following.  If needed please print out the instructions but don't keep the browser open.


STEP 01
RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes
so that your normal security software can then run and clean your computer of infections.
When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies
that stop us from using certain tools. When finished it will display a log file that shows the processes that were
terminated while the program was running.

As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot
your computer as any malware processes that are configured to start automatically will just be started again.
Instead, after running RKill you should immediately scan your computer using the requested scans I've included.

Please download Rkill by Grinler from one of the links below and save it to your desktop.

Link 1
Link 2

  • On Windows XP double-click on the Rkill desktop icon to run the tool.
  • On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.

STEP 02
Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus

 

 

STEP 03
Please download AdwCleaner

by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. If you see an entry you want to keep then remove the check mark before clicking on Clean.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

 

 

STEP 04
Please donwload the attached CFScript.txt to the same location as Combofix - then quit your browser and drag and drop CFScript.txt onto Combofix to run it.
When done it will produce a new log, please post that log when done.


STEP 05
Restart the computer one more time and then run MBAM and check for updates again and run a new Quick Scan and post back that new log.

CFScript.txt

Link to post
Share on other sites
  • Root Admin

Please restart the computer into Safe Mode and run an MBAM Quick Scan again and post back that new log.

 

Also, please download a new fresh copy of Combofix (delete the current copy) and run a new scan from Normal Mode and post back that log.

 

Thanks

Link to post
Share on other sites
  • Root Admin

Please do not reboot.  Let's try to see if you can get some clean bill of health from more than one antivirus as Combofix has now found and replaced infected files almost every time it's been run.

 

Temporarily disable your antivirus and run this one.

 

 

dr_web_cureit_zpse80d87bf.jpg

  1. Please download Dr.Web CureIt! antivirus and save it to your computer. The file size is in excess of 100MB
  2. NOTE: Free usage of Dr.Web CureIt! for business purposes is illegal.
  3. Internet Explorer may show a warning when downloading - the file is safe to download from the provided link.
  4. Shutdown your antivirus to avoid any conflicts while scanning.
  5. Once the scans have completed please re-enable your antivirus.
  6. If using Malwarebytes Anti-Malware PRO you can right click over the tray icon and disable the Protection Modules
  7. If needed you can also temporarily disable it from starting with Windows
  8. Temporarily turn off any other security add-ons or applications you may also have.
  9. Once you have downloaded Dr.Web CureIt! you should right click over it and choose Properties and verify it has a Digital Signature.
  10. If it does not have a Digital Signature then do not run it.
  11. Close all open programs including all Web browsers and then double-click on drweb-cureit.exe to start the installer.
  12. You should have your User Account Control (UAC) enabled for improved security and which should then produce a dialog box asking for approval to run the installer.
  13. Click on the Yes button to start the installer.
  14. Click OK to scan your computer in the Enhanced Protection Mode
  15. Click on the check box to agree to participate in their software improvement program.
  16. Then if needed choose your Language by clicking on the small globe like icon in the upper right corner by the wrench.
  17. Then click on the Continue button and then click on the Select objects for scanning link just below the "Start scanning" button.
  18. Place a check mark on all the items except for Temporary files and System restore points - those items should not have a check mark on them.
  19. Then click on the Start scanning button.
  20. If a threat is found you can click on the Action column in the program.
  21. Your options will be Cure or Ignore
  22. If you see an item that you are absolutely sure is OK, then un-check the check box for that item, otherwise keep it on Cure.
  23. Then click on the Neutralize button.
  24. Once completed click on the green Open Report link. It will open the report in NOTEPAD
  25. Save the report to your desktop. The report will be called Cureit.log
  26. Close Dr.Web Cureit!
  27. Reboot your computer to allow files that were in use to be moved/deleted during reboot.
  28. After reboot, attach the log Cureit.log you saved previously in your next reply.
  29. Re-Enable your antivirus and other security programs when all done.


 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.


Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.