Jump to content

Malware bytes not responding can't run scan

stonzee

By stonzee
in Resolved Malware Removal Logs

 Share

Recommended Posts

kevinf80

kevinf80

Posted
Posted

I do not believe I have an attitude, Oh and by the way i`m a grandfather, also retired. Hence I work here and several other forums helping out. My own grandmother and grandfather were killed during the second world war, any attitude I have towards them will always be love and compassion.

 

The last log you`ve posted is from FRST fix, it has successfully removed the ZeroAccess entry and other related entries, we make progress.

 

Next,

 

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

 

Next,

 

We need to run an online AV scan to ensure there are no remnants of any infection left on your system, this scan can take several hours to complete, it is very thorough and well worth running, please be patient and let it complete:

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

 

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

 

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    Click Start
  • When asked, allow the add/on to be installed
    Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
  • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

 

When the scan is complete

 

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

 

If threats were found

 

  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish

 

close program

 

copy and paste the report here

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Obviously still infected, can you run FRST scan once more and post a fresh log named FRST.txt

 

Also see if the following will run:

 

download RogueKiller from here:

http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe <- 32 bit version

 

http://www.sur-la-toile.com/RogueKiller/RogueKillerX64.exe  <- 64 bit version

                                     

 

  •  

     

  • Make sure to get the correct version for your system.

     

     

  • Quit all running programs

     

     

  • Please disconnect any USB or external drives from the computer before you run this scan!

     

     

  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe

     

     

  • Wait until Prescan has finished...

     

     

  • The following EULA will appear, please select accept

     

     

    RKLicence.png

     

     

  • Ensure MBR scan, Check faked and AntiRootkit are checked

     

     

  • Select Scan

     

     

    RK1A.png

     

     

  • When the scan completes select Report, copy and paste that to your reply.

     

     

    RK2A.png

     

     

  • The log should be found in RKreport[?].txt on your Desktop

     

     

  • Exit/Close RogueKiller

     

     

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Download OTM from either of the following links and save to your Desktop:

http://oldtimer.geekstogo.com/OTM.exe.
http://www.itxassociates.com/OT-Tools/OTM.com
http://www.itxassociates.com/OT-Tools/OTM.exe  

Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion.... If your security alerts to OTM either, accept the alert or turn off security until OTM completes...

  • Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy). Ensure to start with and include the colon before Files :Filles

    :FilesC:\torrent.exe    C:\$RECYCLE.BIN\S-1-5-21-3911576730-4034667191-3227814906-1000\$RTFVPRO.exeC:\Program Files (x86)\Mozilla Firefox\browser\nsprotector.js    C:\Users\pamela\AppData\Local\Adobe\SMCOMU1.dllC:\Users\pamela\Documents\games\mahjong-mysteries-ancient-athena-setup.exeC:\Users\pamela\Documents\My Briefcase\avc-free.exeC:\Users\pamela\Documents\My Briefcase\blazemediapro-setup.exeC:\Users\pamela\Documents\My Briefcase\install_flashplayer_11x32_mssa_aih.exe_downloader.exeC:\Users\pamela\Documents\My Briefcase\games\StacktheStates.exe:Commands[EmptyTemp]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red btnmoveit.png button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM


Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

 

Next,

 

Re -run FRST and post the produced log FRST.txt

 

Let me see those two logs...

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

It is very unfortunate that you react that way, all of the links I posted work when I select them. I post a screen shot of the first link when selected:

 

Note the first tab is for this forum at your thread, the second is created when I select the OTM link (New Tab) address is noted as (about:blank) and the d/l box appears....

 

If you are unhappy with my help and wish to discontinue please say so and i`ll finish. Maybe you can use system restore to a point in time before all of your issues started.

 

 

 

 

post-3601-0-51510200-1382651670_thumb.jp

Link to post
Share on other sites
stonzee

stonzee

Posted
  • Author
Posted

I didn't get the box.  Just the new tab. 

And since I started this process Java no longer works.  It worked great until I started running these scans.

I just get a message that Java cannot be detected on my computer.  

Also I had check disk disabled and now it starts running at every boot.  

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Your system has ZeroAccess infection, this is quite nasty and will try to protect itself from many tools we try to run. It will remain very much active when ever Windows is loaded.

 

I did ask that you run FRST via USB stick from the Recovery Environment, that method did give us a better chance to kill the infection. Unfortunately you do not have that option available.

 

In reply #36 you continue with criticism  towards me...

 

 

Okay I'm done with this. 
All you have done is cause more problems.  I have more problems now than I did when I started this process.

 

When an infection such as ZeroAccess remains undetected your system may appear OK, one of ZA primary functions is to harvest data from you, many times that maybe anything with financial implications. It aint looking to do good things.

 

As we make inroads it starts to fight back and will try to mess up your system.

 

You came to this forum with the infection on your system, that is not my fault. As you will not let me help it is pointless trying to continue...

Link to post
Share on other sites
stonzee

stonzee

Posted
  • Author
Posted

Whatever.   You came at me with an attitude.   You jumped on me because I didn't tell you I didn't have the option of a USB up front.   Seriously?   You have talked down to me and been harsh when I didn't understand your instructions.

I never blamed you for the infection.  I never once said it was your fault.   I am not computer savvy and never pretended to be.

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

There is absolutely no need to respond like that, I`m here to help you. If you do not understand the instructions I post, tell me that, I will do my best to try and simplify the instructions if I can.

 

I definitely do not have any type of bad attitude, It is not my nature to jump on anyone as you say. If you do not have access to something I ask for, just tell me....

 

What do you want me to do, continue or close out...

Link to post
Share on other sites
stonzee

stonzee

Posted
  • Author
Posted

I did tell you I did not have access to USB and your reponse.... "you should have told me up front"

How did I know you would state to use one?   So why should I have told you up front?  

I told you I'm not computer knowledgeable.  It's not my forte.   If I offended you, then I apologize.

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

No need to apologize, computers can be very frustrating for anyone, What if I ask you to create a rescue CD that can be used to remove infections form outside of Windows.

 

To do this an ISO file is downloaded to your PC, or better still another PC that has no issues, that file is then burnt to a CD. That CD will have its own operating system to boot the infected PC, it does contain tools to kill certain infections. I have a set of instructions with images I can post for you to look at..

 

If you think that maybe difficult for you maybe we can try a tool by Malwarebytes called MBAR, that will also have written instructions and images, we can try to download and run that directly on the infected PC...

 

Tell me what you want to do..

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

@stonzee

You can check with the computer manufacturer's support website on the procedure / sequence to do a factory reset to Factory state --- which puts the computer back to Day 1 as it came out of the factory.  This means you would lose all contents on the hard drive, so you would ( if possible) want to copy / save any important personal files, documents to offline storage media.

 

For all the files, documents, personal stuff you backed-up..... after all is done & you have the new Windows setup, and Antivirus installed, and MBAM.....
then I would scan any files you restore with 1) antivirus, 2) MBAM.

If you have the Windows  operating system DVD, set pc to boot from it, restart the system and boot from DVD. You'll want to first delete the existing Wdinows  partition, then do a new install of Windows .

If you do not have the Windows  DVD, check with your pc maker's support site for the directions on doing a factory restore.

Once you have Windows restored, be sure if the OEM included any antivirus that you un-install it, and install your own.
Be sure you make a visit to Windows Update to insure your Windows is all up-to-date.

Keep your pc disconnected from internet before & during the Windows clean install.
Only reconnect after the antivirus program is installed.
IF and only if your OEM or vendor included a pre-installed antivirus, be sure to Uninstall it before installing your own antivirus.

Best to you. Good luck.

Backups are your pc's best friend.

 

I wish you well.  This thread is Closed.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.