Jump to content

Recommended Posts

   Hi Experts,


 


      I guess my system is infected with heavy malware. I am not able to run any video in youtube or any of the other sites in any of the browsers (tried on Chrome,Firefox and IE) even after the complete buffering of the video is done. The video stops/stuck/crash after a few seconds from its start.I tried to disable the chorme extensions. It didnt help. I followed the instructions to download the malwarebytes software from the website but even I am not able to install the software. When trying to install i am getting the error "The setup files are corrupt. Please get a new copy" as shown in the attached screenshot.I tried to download and run the "Download DDS from here: dds.scr or here: dds.com and save it to your desktop"  from the link -https://forums.malwa...?showtopic=9573. But this file also is not getting run. So as advised by some of the experts in the forum, I am creating a new topic for the same.Can anyone please help me to remove the malware from my system?


Link to post
Share on other sites

Hello! Welcome to Malwarebytes Forums! welcome.gif
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

 

STEP 1

 

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

 

STEP 2

 

 

Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    Put a checkmark beside loaded modules.
  • Sbf88.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
     
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    67776163.jpg
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    62117367.jpg
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and past the results at pastebin.com and post the link to the log in your next reply.

 

 

Regards,

Georgi

Link to post
Share on other sites

Hi Georgi

 

As suggested by you, I downloaded and scanned the Farbar Recovery tool and attaching the Scan result of Farbar Recovery Scan Tool  two files that got generated herewith. But I am not able to download the TDSKiller .exe mentioned in step 2 as its howing Network error-Failed/ The signature of the .exe is corrupt or invalid when i tried to download from all the browsers. Please let me know what needs to be done now.

 

Addition.txt

 

FRST.txt

 

 

Link to post
Share on other sites

Hmm..

 

Regarding the FRST log you have a lot of malicious entries but before I write a fix for them I want to exclude possible mbr infection or a polymorphic virus like Virut/Sality.

 

Can you please run the following scan for me:

 

I'd like us to scan your machine with ESET OnlineScan

  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the Run ESET Online Scanner button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
    3. Check esetAcceptTerms.png
    4. Click the esetStart.png button.
    5. Accept any security warnings from your browser.
    6. Make sure that the option Remove found threats is NOT checked, and the option Scan archives is  checked.
    7. Now click on Advanced Settings and select the following:

        • Scan for potentially unwanted applications
        • Scan for potentially unsafe applications
        • Enable Anti-Stealth Technology

[*]Push the Start button. [*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. [*]When the scan completes, push esetListThreats.png [*]Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. [*]Push the esetBack.png button. [*]Push esetFinish.png

 

 

Regards,

Georgi

Link to post
Share on other sites

Hi Georgi,

 

I have followed he steps you have mentioned above. I am able to download the application and run it. But its getting terminated at step 2 of it. Attaching the file with the detailed screenshot. Also its saying that other antivirus softwares have been found in my system. Do i need to uninstall them?

Link to post
Share on other sites

Hello,

 

Let's try this way:

 

Click on Start > type in appwiz.cpl in the search box and press Enter
Find and uninstall the following programs from the list
 

Ask Toolbar

AVG Security Toolbar

Complitly

DealPly

FinalTorrent 2012

iLivid

Registry Reviver

Search.us.com
SecretSauce

Software Version Updater

UpdateChecker

VideoFileDownload

 

 

 

Please download the following file => fixlist.txt and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

 

 

Regards,

Georgi

Link to post
Share on other sites

Hello,

 

 

Great work! :)

 

  • Now please download Combofix from here.
     
  • Save it to your Desktop.
     
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Please refer to this link for instructions.
     
  • Double click it & follow the prompts.
     
  • If you receive a UAC prompt asking if you want to continue running the program, you should press the Continue button.
     
  • Click on Yes, to continue scanning for malware.
     
  • When finished, it will produce a log for you.
     
  • Please include the C:\ComboFix.txt in your next reply.
     
  • Note: After running Combofix, you may receive an error about "illegal operation on a registry key that has been marked for deletion." If you receive this error, please reboot and it should disappear.

 

Do not touch your mouse/keyboard until the ComboFix scan has completed, as this may cause the process to stall or the computer to lock.


Regards,
Georgi

Link to post
Share on other sites

Hello,

 

We need to execute a CFScript to clean some remnants.

Please do this:


1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

2. Open notepad => navigate to format and make sure that wordwrap is unchecked. <--- important !!!

3. Copy/paste the text in the codebox below into it:
 

DirLook::
C:\OETemp
FileLook::
c:\windows\system32\drivers\wStLib64.sys
File::
c:\windows\SysWow64\sho19D2.tmp
c:\program files\FreeYouTubeDownload.exe
c:\program files\iLividSetupV1.exe
Registry::
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"DATAMNGR"=-
"Babylon Client"=-
"mobilegeni daemon"=-
DDS::
IE: Free YouTube Download - c:\users\sreedeep\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Translate this web page with Babylon - c:\users\sreedeep\Desktop\Babylon\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\users\sreedeep\Desktop\Babylon\Utils\BabylonIEPI.dll/Action.htm

4. Save this as CFScript.txt, in the same location as ComboFix.exe

5. Close any open browsers.

6. Refering to the picture below, drag CFScript into ComboFix.exe

 

Z3PoF.gif

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.



Also reply back to let me know how things are going.

 

 

Regards,

Georgi

Link to post
Share on other sites

Hello,

 

Great work! :)

 

Also if you don't mind, I want to make sure there is nothing lurking on the system so just in case I want you to go through these steps:

 

The most of them should take no more than 5 minutes each (but the time they take to complete can vary depending on the size of your hard and the speed of your computer).

 

 

STEP 1

 

 

  • Please download RKill by Grinler from the link below and save it to your desktop.

    Rkill
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply.
  • A log pops up at the end of the run. This log file is located at C:\rkill.log.
  • Please post the log in your next reply.

 

 

STEP 2

 

 

  • Please download RogueKillerX64.exe and save to the desktop.
  • Close all windows and browsers
  • Right-click the program and select 'Run as Administrator'
  • Press the scan button.
  • A report opens on the desktop named - RKreport.txt
  • Please copy and past the results at pastebin.com and post the link to the log in your next reply.

 

 

STEP 3 (try TDSSKiller again)
 

 

Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
     
  • Put a checkmark beside loaded modules.
    Sbf88.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
     
  • Click the Start Scan button.
     
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    67776163.jpg
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    62117367.jpg
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and past the results at pastebin.com and post the link to the log in your next reply.

 

 

STEP 4 (let me know if you are able to install the latest version of MBAM now):

 

 

Please download Malwarebytes Anti-Malware to your desktop.
 

  • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Settings tab > Detection and Protection subtab, Detection Options, tick the box 'Scan for rootkits'.
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • With some infections, you may see this message box.
    • 'Could not load DDA driver'
  • Click 'Yes' to this message, to allow the driver to load after a restart.
  • Allow the computer to restart. Continue with the rest of these instructions.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

 

STEP 5

 

 

1.Please download HitmanPro.

  • For 32-bit Operating System - dEMD6.gif.
  • This is the mirror - dEMD6.gif
  • For 64-bit Operating System - dEMD6.gif
  • This is the mirror - dEMD6.gif

2.Launch the program by double clicking on the 5vo5F.jpg icon. (Windows Vista/7 users right click on the HitmanPro icon and select run as administrator).

Note: If the program won't run please then open the program while holding down the left CTRL key until the program is loaded.

3.Click on the next button. You must agree with the terms of EULA. (if asked)

4.Check the box beside "No, I only want to perform a one-time scan to check this computer".

5.Click on the next button.

6.The program will start to scan the computer. The scan will typically take no more than 2-3 minutes.

7.When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore <= IMPORTANT!!!
 
8.Click on the next button.

9.Click on the "Save Log" button.

10.Save that file to your desktop and post the content of that file in your next reply.
 
Note: if there isn't a dropdown menu when the scan is done then please don't delete anything and close HitmanPro

Navigate to C:\ProgramData\HitmanPro\Logs open the report and copy and paste it to your next reply.

 

 

 

STEP 6

 

 

Download Security Check by screen317 from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

and then if there aren't any issues left I'll give you my final recommendations. smile.png

 

 

Regards,

Georgi

Link to post
Share on other sites

Hello,

 

Nice...it seems that you were able to run TDSSKiller and MBAM now...that's a good sign. However there should have a bigger log file from TDSSKiller in the root folder of drive C:\

Please upload the log at pastebin.com and post the link to the log in your next reply. :)

 

 

 

Backup Your Registry

 

 

 

Also please download the following file => fixlist.txt and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

Then please re-run HitmanPro and attach the log file to your next reply.

Also let me know for any remaining issues.

 

 

 

Regards,

Georgi

Link to post
Share on other sites

Hello,

 

 

Great work! We managed to clean the computer. How are things now?

 

Some advices:

 

I don't see an Anti Virus Program running on your machine. (I can see only a few leftovers from MSE and some anti-spyware applications like Iobit Malware Fighter, SUPERAntispyware and Enigna SpyHunter - you can uninstall both of them to save system resources).
Download and install an antivirus program, and make sure that you keep it updated
New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
You can find many freeware alternatives here:

 

http://www.comss.ru/list.php?c=utils

http://www.techsupportalert.com/best-free-anti-virus-software.htm

http://freebies.about.com/od/computerfreebies/tp/best-free-antivirus.htm

http://www.pcmag.com/article2/0,2817,2388652,00.asp

http://www.techradar.com/news/software/applications/best-free-antivirus-9-reviewed-and-rated-1057786

http://www.raymond.cc/blog/comprehensive-list-of-free-anti-virus/

 

Keep in mind to choose carefully in order to avoid conflicts or instability caused by incompatible security programs.
Also having more than one "real-time" program can be a drain on your PC's efficiency...

Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.

 

 

 

Also your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application.

  • Download the latest version of Java SE 8.
  • Click the Java SE 8  "Download JRE" button to the right.
  • Select your Platform, Register and check the box that says: "I agree to the Java SE Runtime Environment 7 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-8-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel > Programs, click on Uninstall a program and remove all older versions of Java:
     Java 7 Update 51
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version. (Vista/Windows 7 users, right click on the jre-8-windows-i586.exe and select "Run as an Administrator.")

 

Next please run JavaRa.

  • Please download JavaRa 2.5 and unzip it to your desktop.
  • Double-click on JavaRa.exe to start the program.
  • Choose Remove JRE and since you already uninstalled JAVA skip step 1 and click on the next button.
  • Now click on Perform Removal Routine to remove the older versions of Java installed on your computer.
  • When that's successfully done, please click OK to close the message.
  • Click on Next and skip the downloading process. Click Next and now click on Close this wizard and click Finish.
  • From the main menu please choose Additional tasks
  • Place a checkmark beside Remove startup entry, Remove Outdated JRE Firefox Extentions and Clean JRE Temp Files and click Run. The browsers should be closed before running this task.
  • When that's succesfully done you will see a message at the top saying: "Selected tasks completed successfully".
  • A log file should be created in the same directory as JavaRa.
  • Please attach the log to your next reply.
  • Close JavaRa by clicking the red cross button.

 

You can choose between 2 variants:

 

1. If you have applications that require Java to be installed on the computer then uninstall the old version of Java and then run JavaRa to remove all remnants and then go ahead and download & install the latest version of Java (Java SE 8).

 

2. If you want to be on the safe side then go ahead and uninstall the old version of Java, then run JavaRa to remove all remnants and then remove all applications that require Java (time to learn to live without Java and find alternatives to the applications that require Java)... Check this article.

 

It's your call. :)

 

 

Your Adobe Reader is out of date.
Older versions may have vulnerabilities that malware can use to infect your system.
Please download Adobe Reader 11.0.06 to your PC's desktop.
 

  • Uninstall Adobe Reader 10.1.9 via Start => Control Panel > Uninstall a program
  • Install the new downloaded updated software.

 

Run Windows Defragmenter to improve the computer performance (only if your HDD is not SSD)!!

 

Ways to improve your computer's performance

 

 

  • It is possible for other programs on your computer to have security vulnerability that can allow malware to infect you.
  • Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities.
  • You can check these by visiting Secunia Software Inspector or you can use the following application for this purpose PatchMyPC

 
Visit Microsoft's Windows Update Site Frequently

 

  • It is important that you visit Windows Update regularly.
  • This will ensure your computer has always the latest security updates available installed on your computer.
  • If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

 

Finally post a new log from SecurityCheck.

 

 

Regards,

Georgi

Link to post
Share on other sites

Hi Georgi,

 

Yes I am... :)  You are awesome man. Things are looking alright in my PC now I am able to run videos in youtube and other sites... But the malwarebytes is showing as Malware detected all the time. Please suggest what needs to be done to remove this.

 

As suggested by you, I have installed AVG2014 on my PC and also updated the Java Adobe Reader, ran JAVARA and Defragmentor. Attaching the latest Security Check file. For automatic updation of softwares I have installed PatcchmyPC also.

 

Again I have to say that u saved my day. Thanks a lot man... You are just awesome..:) Cheers. Let me know what needs to be done for removing malwares from my PC.

security check.txt

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.