Jump to content

Need help with malware


laww
 Share

Recommended Posts

I'm new to forum, not sure I am posting to the right place, but I need help.

 

I have a windows7 64 bit pc

 

Symptoms seem to match what I have read about the Hijack malware.

 

- PC won't boot

- Goes into Checkdisk and stalls out during index checking

- won't go into safe mode

-won't respond to keyboard "press any key not to perform checkdisk"

- repair stalls out on the file \windows\sysWOW64\config\SYSTEMPROFILE\AppData\Local\Microsoft\Windows\TerInternetfiles\Content.IE5\ttjCAAV14FSK.js

 

I followed the instructions to run FRST64 from a flash drive and attached is the result from that run if anyone can guide me in what to do next, Seems you will provide a solution.txt file?

 

Please advise what I should do next.

 

Thank you in advance, the help I've seen you provide others here is awesome.

FRST.txt

Link to post
Share on other sites

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
 
Fix with FRST (Recovery Environment)


  • Open notepad (Start =>All Programs => Accessories => Notepad).
  • Please copy the entire contents of the code box below.
    (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

    HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1644680 2013-01-28] (Ask)HKU\LaDell\...\Run: [Google Update] - [x]S2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{860e1ae7-06eb-4f0d-712f-46ba0f9db1df}\   \...\???\{860e1ae7-06eb-4f0d-712f-46ba0f9db1df}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)C:\Program Files (x86)\Ask.comC:\Program Files (x86)\Google\DesktopC:\Users\LaDell\AppData\Local\Google\Desktop\InstallC:\Windows\assembly\GAC_32\Desktop.iniC:\Windows\assembly\GAC_64\Desktop.iniC:\Users\LaDell\AppData\Roaming\i.ini


    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Now please enter System Recovery Options again.

  • Run frst.exe (on 64bit, run frst64.exe) and press the Fix button just once and wait.
  • The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

 

 

Now try to boot into windows and report.

Link to post
Share on other sites

Hi Marius,

 

Thanks for your help.

 

My comment is in RED below, I forgot how to do this  step:

 

 

  • Now please enter System Recovery Options again.
  • I still have the 'system recovery options' dialogue open from before, but forgot what steps I need to take to run frst.exe
     
  • Run frst.exe (on 64bit, run frst64.exe) and press the Fix button just once and wait.
Link to post
Share on other sites

I ran FRST64.txt (the log is below).

Restart.

File system checking began and did what it did before, stopped at this point

   CHKDSK is verifying indexes (stage 2 or 3)

   65 percent completed (1570397 of 1649788 index entries processed)

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-10-2013
Ran by SYSTEM at 2013-11-07 12:37:00 Run:1
Running from L:\
Boot Mode: Recovery
==============================================
 
Content of fixlist:
*****************
HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1644680 2013-01-28] (Ask)
HKU\LaDell\...\Run: [Google Update] - [x]
 
S2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{860e1ae7-06eb-4f0d-712f-46ba0f9db1df}\   \...\???\{860e1ae7-06eb-4f0d-712f-46ba0f9db1df}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)
 
C:\Program Files (x86)\Ask.com
C:\Program Files (x86)\Google\Desktop
C:\Users\LaDell\AppData\Local\Google\Desktop\Install
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
C:\Users\LaDell\AppData\Roaming\i.ini
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater => Value deleted successfully.
HKU\LaDell\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update => Value not found.
*etadpug => Unable to delete service
*etadpug => Service should be removed with FRST outside recovery mode.
C:\Program Files (x86)\Ask.com => Moved successfully.
C:\Program Files (x86)\Google\Desktop => Moved successfully.
C:\Users\LaDell\AppData\Local\Google\Desktop\Install => Moved successfully.
C:\Windows\assembly\GAC_32\Desktop.ini => Moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini => Moved successfully.
"C:\Users\LaDell\AppData\Roaming\i.ini" => File/Directory not found.
 
==== End of Fixlog ====
Link to post
Share on other sites

Hi there,

my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

 

 

Fix with FRST (Recovery Environment)

 

  • Open notepad (Start =>All Programs => Accessories => Notepad).
  • Please copy the entire contents of the code box below.

    (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

    HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1644680 2013-01-28] (Ask)HKU\LaDell\...\Run: [Google Update] - [x]S2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{860e1ae7-06eb-4f0d-712f-46ba0f9db1df}\   \...\???\{860e1ae7-06eb-4f0d-712f-46ba0f9db1df}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)C:\Program Files (x86)\Ask.comC:\Program Files (x86)\Google\DesktopC:\Users\LaDell\AppData\Local\Google\Desktop\InstallC:\Windows\assembly\GAC_32\Desktop.iniC:\Windows\assembly\GAC_64\Desktop.iniC:\Users\LaDell\AppData\Roaming\i.ini
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Now please enter System Recovery Options again.

     

  • Run frst.exe (on 64bit, run frst64.exe) and press the Fix button just once and wait.
  • The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

 

 

Now try to boot into windows and report.

 

 

Hi there,

my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

 

 

Fix with FRST (Recovery Environment)

 

  • Open notepad (Start =>All Programs => Accessories => Notepad).
  • Please copy the entire contents of the code box below.

    (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

    HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1644680 2013-01-28] (Ask)HKU\LaDell\...\Run: [Google Update] - [x]S2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{860e1ae7-06eb-4f0d-712f-46ba0f9db1df}\   \...\???\{860e1ae7-06eb-4f0d-712f-46ba0f9db1df}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)C:\Program Files (x86)\Ask.comC:\Program Files (x86)\Google\DesktopC:\Users\LaDell\AppData\Local\Google\Desktop\InstallC:\Windows\assembly\GAC_32\Desktop.iniC:\Windows\assembly\GAC_64\Desktop.iniC:\Users\LaDell\AppData\Roaming\i.ini
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Now please enter System Recovery Options again.

     

  • Run frst.exe (on 64bit, run frst64.exe) and press the Fix button just once and wait.
  • The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

 

 

Now try to boot into windows and report.

 

 ran FRST64.txt (the log is below).

Restarted.  

File system checking began and did what it did before, stopped at this point

   CHKDSK is verifying indexes (stage 2 or 3)

   65 percent completed (1570397 of 1649788 index entries processed)

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-10-2013
Ran by SYSTEM at 2013-11-07 12:37:00 Run:1
Running from L:\
Boot Mode: Recovery
==============================================
 
Content of fixlist:
*****************
HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1644680 2013-01-28] (Ask)
HKU\LaDell\...\Run: [Google Update] - [x]
 
S2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{860e1ae7-06eb-4f0d-712f-46ba0f9db1df}\   \...\???\{860e1ae7-06eb-4f0d-712f-46ba0f9db1df}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)
 
C:\Program Files (x86)\Ask.com
C:\Program Files (x86)\Google\Desktop
C:\Users\LaDell\AppData\Local\Google\Desktop\Install
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
C:\Users\LaDell\AppData\Roaming\i.ini
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater => Value deleted successfully.
HKU\LaDell\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update => Value not found.
*etadpug => Unable to delete service
*etadpug => Service should be removed with FRST outside recovery mode.
C:\Program Files (x86)\Ask.com => Moved successfully.
C:\Program Files (x86)\Google\Desktop => Moved successfully.
C:\Users\LaDell\AppData\Local\Google\Desktop\Install => Moved successfully.
C:\Windows\assembly\GAC_32\Desktop.ini => Moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini => Moved successfully.
"C:\Users\LaDell\AppData\Roaming\i.ini" => File/Directory not found.
 
==== End of Fixlog ====
 
Restartedin safe mode to avoid File Checking and it stopped at this point:
Loaded: \Windows\system32\drviers\storport.sys
 
What do you recommend next?  Thank you
Link to post
Share on other sites

 

 ran FRST64.txt (the log is below).

Restarted.  

File system checking began and did what it did before, stopped at this point

   CHKDSK is verifying indexes (stage 2 or 3)

   65 percent completed (1570397 of 1649788 index entries processed)

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-10-2013
Ran by SYSTEM at 2013-11-07 12:37:00 Run:1
Running from L:\
Boot Mode: Recovery
==============================================
 
Content of fixlist:
*****************
HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1644680 2013-01-28] (Ask)
HKU\LaDell\...\Run: [Google Update] - [x]
 
S2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{860e1ae7-06eb-4f0d-712f-46ba0f9db1df}\   \...\???\{860e1ae7-06eb-4f0d-712f-46ba0f9db1df}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)
 
C:\Program Files (x86)\Ask.com
C:\Program Files (x86)\Google\Desktop
C:\Users\LaDell\AppData\Local\Google\Desktop\Install
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
C:\Users\LaDell\AppData\Roaming\i.ini
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater => Value deleted successfully.
HKU\LaDell\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update => Value not found.
*etadpug => Unable to delete service
*etadpug => Service should be removed with FRST outside recovery mode.
C:\Program Files (x86)\Ask.com => Moved successfully.
C:\Program Files (x86)\Google\Desktop => Moved successfully.
C:\Users\LaDell\AppData\Local\Google\Desktop\Install => Moved successfully.
C:\Windows\assembly\GAC_32\Desktop.ini => Moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini => Moved successfully.
"C:\Users\LaDell\AppData\Roaming\i.ini" => File/Directory not found.
 
==== End of Fixlog ====
 
Restartedin safe mode to avoid File Checking and it stopped at this point:
Loaded: \Windows\system32\drviers\storport.sys
 
What do you recommend next?  Thank you

 

Hi Marius.

 

Though my computer seemed stuck at that old failure point, I accidentally bumped the keyboard and heard the wonderful windows Greeting Song.  My desktop works again. I rebooted a second time and it came up with no problems.    I'm "Staying with you" as you requested, let's talk prevention!

 

Thanks so much for the help that got me from "down hard" to "up and running".

Link to post
Share on other sites

Full System Scan with Malwarebytes Antimalware


  • If not existing, please download
Malwarebytes' Anti-Malware to your desktop. Double-click mbam-setup.exe and follow the prompts to install the program. At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.



If the program is already installed:

  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.

 

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology

[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

 

 

 

Scan with Farbar´s Service Scanner

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender


    [*]Press "Scan". [*]It will create a log (FSS.txt) in the same directory the tool is run. [*]Please copy and paste the log to your reply.

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.