ShinSedai Posted May 31, 2014 ID:836508 Share Posted May 31, 2014 Hey guys, I really need some help because I suspect that my laptop has been infected with Malware. My laptop is a Toshiba Satellite C855-S5356 and about a year months old. Windows 8.And it seems to me that ever since a few weeks ago, every single time I download something, say its 2GB (which normally take about 1 hour+ to download) it downloads in a few seconds and then when I open it, it says file corrupt or "windows smart screen has protected this PC" I have images below. I've been using my browser, Google Chrome for over a year now and this has never happened. This problem also happens with other browsers.I don't know how it started or when it started but can someone please help so I can get normal downloads again? I've tried using Internet Explorer as well and the same things happen every time. I've read that it might have something to do with my security software but I'm not sure. Can someone please help me? Please. Link to post Share on other sites More sharing options...
Staff gringo_pr Posted June 20, 2014 Staff ID:843971 Share Posted June 20, 2014 Hello Very sorry for the delay and I would like to know if you still need help with this? Gringo Link to post Share on other sites More sharing options...
ShinSedai Posted June 21, 2014 Author ID:844260 Share Posted June 21, 2014 HelloVery sorry for the delay and I would like to know if you still need help with this?GringoYes please! :-D Link to post Share on other sites More sharing options...
Staff gringo_pr Posted June 21, 2014 Staff ID:844565 Share Posted June 21, 2014 Hello ShinSedai I would like to know which version of Win 8.1 do you have is it the RT version? The only way you can install anything on the computer is to go to the App store? gringo Link to post Share on other sites More sharing options...
ShinSedai Posted June 22, 2014 Author ID:844766 Share Posted June 22, 2014 Hello ShinSedaiI would like to know which version of Win 8.1 do you have is it the RT version?The only way you can install anything on the computer is to go to the App store?gringoHello! Sorry I'm sort of new to this what is RT? I do have Windows 8.1 if you need any other info on my laptop then feel free to ask. I haven't tried installing stuff from the App Store, its just a majority of the stuff I download from my browsers etc. doesnt work. I just looked up RT. No I don't think it was designed for a mobile device. I'm not sure if that's what it means though. Sorry Link to post Share on other sites More sharing options...
Staff gringo_pr Posted June 22, 2014 Staff ID:844835 Share Posted June 22, 2014 Hello ShinSedai Please download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.Gringo Link to post Share on other sites More sharing options...
ShinSedai Posted June 23, 2014 Author ID:845391 Share Posted June 23, 2014 These are pretty long documents, just copy and paste everything? Sorry I know you're an expert and I shouldn't be questioning you. And also sorry for taking a while to reply I was on a trip and didn't bring my computer. Link to post Share on other sites More sharing options...
Staff gringo_pr Posted June 24, 2014 Staff ID:845510 Share Posted June 24, 2014 Go ahead and attach them if you want gringo Link to post Share on other sites More sharing options...
ShinSedai Posted June 24, 2014 Author ID:845605 Share Posted June 24, 2014 Okay..There they are below. FRST.txtAddition.txt Link to post Share on other sites More sharing options...
Staff gringo_pr Posted June 25, 2014 Staff ID:845891 Share Posted June 25, 2014 Hello ShinSedai These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one. -AdwCleaner- Please download AdwCleaner by Xplode onto your desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click on Scan.After the scan is complete click on "Clean"Confirm each time with Ok.Your computer will be rebooted automatically. A text file will open after the restart.Please post the content of that logfile with your next answer.You can find the logfile at C:\AdwCleaner[s1].txt as well.-Junkware-Removal-Tool- Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".The tool will open and start scanning your system.Please be patient as this can take a while to complete depending on your system's specifications.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next message.When they are complete let me have the two reports and let me know how things are running. Gringo Link to post Share on other sites More sharing options...
ShinSedai Posted June 25, 2014 Author ID:845915 Share Posted June 25, 2014 Hello ShinSedai These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.-AdwCleaner-Please download AdwCleaner by Xplode onto your desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click on Scan.After the scan is complete click on "Clean"Confirm each time with Ok.Your computer will be rebooted automatically. A text file will open after the restart.Please post the content of that logfile with your next answer.You can find the logfile at C:\AdwCleaner[s1].txt as well.-Junkware-Removal-Tool-Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".The tool will open and start scanning your system.Please be patient as this can take a while to complete depending on your system's specifications.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next message.When they are complete let me have the two reports and let me know how things are running.Gringo AdwCleanerS0.txtJRT.txt Link to post Share on other sites More sharing options...
ShinSedai Posted June 27, 2014 Author ID:846820 Share Posted June 27, 2014 Hello ShinSedai These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.-AdwCleaner-Please download AdwCleaner by Xplode onto your desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click on Scan.After the scan is complete click on "Clean"Confirm each time with Ok.Your computer will be rebooted automatically. A text file will open after the restart.Please post the content of that logfile with your next answer.You can find the logfile at C:\AdwCleaner[s1].txt as well.-Junkware-Removal-Tool-Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".The tool will open and start scanning your system.Please be patient as this can take a while to complete depending on your system's specifications.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next message.When they are complete let me have the two reports and let me know how things are running.Gringo Can we start the tutorial back up again? Link to post Share on other sites More sharing options...
Staff gringo_pr Posted July 1, 2014 Staff ID:848104 Share Posted July 1, 2014 Hello ShinSedai I Would like you to do the following. Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them. Run Combofix: You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this) Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here< Combofix may need to reboot your computer more than once to do its job this is normal. You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.Link 1 Link 2 Link 3 1. Close any open browsers or any other programs that are open. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Double click on combofix.exe & follow the prompts. When finished, it will produce a report for you. Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer "information and logs"In your next post I need the followingLog from Combofixlet me know of any problems you may have hadHow is the computer doing now?Gringo Link to post Share on other sites More sharing options...
ShinSedai Posted July 2, 2014 Author ID:848313 Share Posted July 2, 2014 Hello ShinSedai I Would like you to do the following.Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Double click on combofix.exe & follow the prompts.When finished, it will produce a report for you.Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stallNote 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer"information and logs"In your next post I need the followingLog from Combofixlet me know of any problems you may have hadHow is the computer doing now?Gringo So happy we can continue but when I download Combofix it says it wasn't meant to run in compatibility mode and then shuts down. What should I do ? Link to post Share on other sites More sharing options...
Staff gringo_pr Posted July 4, 2014 Staff ID:848907 Share Posted July 4, 2014 Please rerun FRST for me - is there a reason why you are quoting everything I send you? Regards, William Rowland Consumer Support Specialist Malwarebytes Link to post Share on other sites More sharing options...
ShinSedai Posted July 5, 2014 Author ID:849475 Share Posted July 5, 2014 I'm sorry, I don't know why I was quoting I just felt it was necessary, my mistake. I re-ran FRST, and the .txt file is attached below FRST.txt Link to post Share on other sites More sharing options...
ShinSedai Posted July 5, 2014 Author ID:849514 Share Posted July 5, 2014 I'm considered attempting to back up everything I have on my laptop and restore it. Maybe then the problem will be resolved. Do you think that'd work? Link to post Share on other sites More sharing options...
Staff gringo_pr Posted July 6, 2014 Staff ID:849820 Share Posted July 6, 2014 Hello ShinSedai I need you to download this script I have made for you --> fixlist.txt It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow) Run FRST again but this time press the Fix button just once and wait. When finished, it will make a log (fixlog.txt) next to FRST. Please copy and paste the content of this file to your reply. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Gringo Link to post Share on other sites More sharing options...
ShinSedai Posted July 6, 2014 Author ID:849832 Share Posted July 6, 2014 --Fixlog.txt Link to post Share on other sites More sharing options...
ShinSedai Posted July 8, 2014 Author ID:850319 Share Posted July 8, 2014 ^^ Link to post Share on other sites More sharing options...
Staff gringo_pr Posted July 11, 2014 Staff ID:851505 Share Posted July 11, 2014 Hello These logs are looking allot better. But we still have some work to do. Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps.. Clean Out Temp FilesThis small application you may want to keep and use once a week to keep the computer clean. Download CCleaner from here CCleanerRun the installer to install the application.When it gives you the option to install Yahoo toolbar uncheck the box next to it.Run CCleaner. default settings are fineClick Run Cleaner.Close CCleaner.: Malwarebytes' Anti-Malware : I see that you have MBAM installed - That is great!! and at this time I would like you to update it and run me a quick scanDouble-click mbam icongo to the update tab at the topclick on check for updatesIf an update is found, it will download and install the latest version.Once the program has loaded, select Perform quick scan, then click Scan.When the scan is complete, click OK, then Show Results to view the results.Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.When completed, a log will open in Notepad. please copy and paste the log into your next replyIf you accidentally close it, the log file is saved here and will be named like this:C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txtNote: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware. Download HijackThisGo Here to download HijackThis programSave HijackThis to your desktop.Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)copy and paste hijackthis report into the topic"information and logs"In your next post I need the followingLog From MBAMreport from Hijackthislet me know of any problems you may have hadHow is the computer doing now?Gringo Link to post Share on other sites More sharing options...
ShinSedai Posted July 12, 2014 Author ID:851922 Share Posted July 12, 2014 Running CCleaner will delete everything thats checked ? Like MS Paint etc.? Link to post Share on other sites More sharing options...
Staff gringo_pr Posted July 16, 2014 Staff ID:853537 Share Posted July 16, 2014 it will only delete temp files from those programs and not the programs themselves Gringo Link to post Share on other sites More sharing options...
ShinSedai Posted July 16, 2014 Author ID:853617 Share Posted July 16, 2014 What should I do ? Link to post Share on other sites More sharing options...
Staff gringo_pr Posted July 16, 2014 Staff ID:853809 Share Posted July 16, 2014 quarantine then gringo Link to post Share on other sites More sharing options...
Recommended Posts