Win 8.1 Infection - limited malware removal tools running

[YtramC]

C:\Users\Ciaran\Downloads\PFPortChecker.exe Win32/InstallMonetizer.AN application

C:\Users\Marty\Downloads\cbsidlm-cbsi176-HitmanPro_3_64bit-ORG-75110395.exe a variant of Win32/CNETInstaller.B application

C:\Users\Marty\Downloads\ccsetup409.exe Win32/Bundled.Toolbar.Google.D application

C:\Windows.old\$Recycle.Bin\S-1-5-21-1229153242-3201741155-1693493588-1001\$RF8NW6Y.exe a variant of Win32/AdWare.SpeedingUpMyPC.E application

[kevinf80]

OK, do the following:

 

Open Notepad, select "Format" from the menu bar, make sure "Word Wrap" is not checked. Copy the text from the code box below to Notepad.
 

@echo offdel /f /s /q "C:\Users\Ciaran\Downloads\PFPortChecker.exe"del /f /s /q "C:\Users\Marty\Downloads\cbsidlm-cbsi176-HitmanPro_3_64bit-ORG-75110395.exe"del /f /s /q "C:\Users\Marty\Downloads\ccsetup409.exe"del /f /s /q "C:\Windows.old\$Recycle.Bin\S-1-5-21-1229153242-3201741155-1693493588-1001\$RF8NW6Y.exe"del %0

Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
It should look like this: <--XP <--vista or windows 7/8
Double click on delfile.bat to execute it.
A black CMD window will flash, then disappear...this is normal.
The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.

 

 

Next,

 

We need to remove FRST,  first it is very important to deal with its own Quarantine folder by using FRST itself..

OK, we continue:

Delete any fixlist.txt file previously used, continue:
 
Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.
 
Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). That will confirm the removal action, delete if successful.

Next,
 
Delete FRST.exe from your Desktop or the folder it was saved to, navigate to and delete its folder C:\FRST
 

 

Next,

 

 

•  

   

• Double-click OTM.exe to run it. Windows 7 or Vista accept UAC alert..

   

   

• Click on the green CleanUp! button and it will populate a list of items to clean from your system that we used or may have used.

   

   

• It should ask if you want to clean up, select Yes. You maybe asked to reboot, allow that to happen.

 

 

Next,

 

Download "Delfix by Xplode" and save it to your desktop.

 

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

 

Make Sure the following items are checked:

 

• 
     
• Remove disinfection tools
     
• Purge System Restore
     
• Reset system settings
  

 

Now click on "Run" and wait patiently until the tool has completed.

 

The tool will create a log when it has completed. We don't need you to post this.

 

Finally,

 

Navigate to and delete C:\zoek_backup folder.
 

Let me know if those steps complete, also if any remaining issues or concerns...

 

Kevin

 

 

fixlist.txt

[YtramC]

All completed and everything removed with no problems.

 

Thanks for all your help, very much appreciated.

 

Any recommended software to prevent a repeat of this?

[kevinf80]

Read the following link to fully understand PC security and best practices, you may find it useful.... It also covers Windows 8

 

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629

 

My own set up for Windows 8.1 is fairly straightforward, I use the resident Firewall also Windows Defender and Malwarebytes Pro.

 

As an extra layer I also use WinPatrol, the free version is adeqaute for general home use. Available here: http://www.winpatrol.com/download.html

 

For my browser I use Firefox with these addons: Web of Trust, Adblock Plus, Flash Block, NoScipt, Ghostery. When Firefox is open select these keys together :- Ctrl - Shift - A that will access Addons manger, this gives access to find addons, use, start, stop or disable those features etc....

Before using NoScript read from this link http://noscript.net/ makes it easy to understand....

 

I have also just started using CryptoGuard by Hitman Pro, once installed it will protect all Browsers against crypto ransomware infections, is also free. Go to following link for instructions, it will work with the set up I describe above..

 

http://www.surfright.nl/en/alert/cryptoguard'>http://www.surfright.nl/en/alert/cryptoguard

 

It was a pleasure to work with you, take care,

 

Kevin....

[AdvancedSetup]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!