Jump to content
KVT

Avenger.txt reloads and grows in size after each startup recommended by MAM so as to rid of captured malware

Recommended Posts

And one more:

 

I did a pc scan with Avast and the results showed that a dozen files in C:|System Volume Information\restore{numbers....}\RP493 \A0045700.exe|>images\(various extensions).png

(all files re .png) CANNOT BE SCANNED and the status is 'Error:Archive is password protected(42056).

 

What to do?

Share this post


Link to post
Share on other sites

One more thing:

There is a folder in the E drive now that i transferred (when infection took place) earlier in the week, from the desktop of the pc. It is around 8 GB and contains mostly pictures and some mp video files. While all the other picture folders in the E drive can be opened and viewed ok, this folder which came from the desk top, cannot be viewed (the pictures). There is a message when MS Office Manager tries to open them, which says there is an incompatible form. Yet they are .jpg files!

 

Could it be that during the infection, some relevant program files, did not update ok, BUT i cannot open these images even from the new laptop (which is all fine) and again i can open the other picture files. Strange....but not the end of the world :huh:   

 

 

Right click on some image, and then choose Open With. Then Choose Default program, and select program you wish.

 

 

 

And one more:

 

I did a pc scan with Avast and the results showed that a dozen files in C:|System Volume Information\restore{numbers....}\RP493 \A0045700.exe|>images\(various extensions).png

(all files re .png) CANNOT BE SCANNED and the status is 'Error:Archive is password protected(42056).

 

What to do?

 

It has to be that way, don't worry.

 

 

 

 Sorry I meant this (which is to cover hidden files, called Enable Hidden) 
 which i applied to the E drive files and which did hide one of them (the rest were hidden after i called a Mcafee technician and showed me how to hide from the 'view' system files. The temp folder with the long name of letters and numbers i deleted it.  SO, the E drive issue is over. 
 
OR this
 

http://www58.zippysh...68485/file.html which is to apply a DOS command (.dat file) to the registry of the infected (yet fixed) pc to fix what (?) exactly?

 

anyhow, i believe you are referring to the later, so after manually deleting these encrypted html and text notes, i did download again the Fix.bat file and again it flushed through a DOS command window, which closed very fast. 

 

Should i now run Delfix ? 

 

Or do i go manually and delete the FRST folder and the text files and logs of the scans and fives. Will deleting them manually be enough, or the file addresses on the background need to be deleted as well?

 

We are almost there, I think! what a marathon week! have hardly slept or eaten and w/out you i would have collapsed  :(

 

 

 

Yes, go and delete FRST files manually.

Share this post


Link to post
Share on other sites

Dear TWE,

 

I am sorry i did not reply yesterday; i was drained and exhausted from the week of agony and had to get out to and take a sanity break. Back at it now and responding to your notes:

 

1. I tried to open the E drive pictures folder with choosing a default program (any program) but i was getting notes from the Windows pictures viewer letting me know that these files cannot be opened as they be corrupted or are too large. And the media player would say 'player may not support the file or may not support the codes used to compress files.'. i accept defeat on this one; they must have been corrupted; but they are just pictures, not work documents. I am happy to have the rest of the docs in the E drive!

 

2. I have deleted manually from C drive the FRST folder and associated scanned and fixed logs. 

 

3. Ref my Sunday's note below: Can you pls let me know what type of correction this MS DOS command did in the registry files or else? Can i trust it? i did download again the Fix.bat file and again it flushed through a DOS command window, which closed very fast. 

Share this post


Link to post
Share on other sites

Ok, thank you, but how can you know if that command worked or not...? if flashed (opened and closed) so fast. 

 

No, no other issue - i have not been working on that PC since the fixes - your assistance and patience with me has kept me sane and going, you are a beaming light of good in this world. I am following up with a donation and please let me know how i can help you ever in any other way from where i am. My name is Kostas Trivizas and you will find me at Google Plus where you can contact me from. I can also offer my email here if it is a 'clean' practice. 

Share this post


Link to post
Share on other sites

Ok, thank you, but how can you know if that command worked or not...? if flashed (opened and closed) so fast.

 

 

It is supposed to work that way :)

 

 

No, no other issue - i have not been working on that PC since the fixes - your assistance and patience with me has kept me sane and going, you are a beaming light of good in this world. I am following up with a donation and please let me know how i can help you ever in any other way from where i am. My name is Kostas Trivizas and you will find me at Google Plus where you can contact me from. I can also offer my email here if it is a 'clean' practice. 

 

 

Thank you, donation will be enough.

 

 

 

Glad I could help :)

 

 

 

Below you will find my thoughts about securing your machine. Go ahead through it, you will benefit from some useful advice about safe computing.
 
 

Recommended reading:

 

 
:excl:MUST READ - general maintenance: What to do if your Computer is running slowly?
 
 
 

Recommended additional software:

 

icon_arrow.gifTFC - to clean unneeded temporary files.
icon_arrow.gifMalwarebytes' Anti-Malware - to scan your system from time to time in search for malware.
icon_arrow.gifMalwarebytes' Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities.
icon_arrow.gifMcShield - to prevent infections spread by removable media.
icon_arrow.gifCryptoPrevent - to secure yourself from very severe CryptoLocker infection.
icon_arrow.gifUnchecky - to prevent from installing additional foistware, implemented in legitimate installations.
icon_arrow.gifFiheHippo.com Update Checker - to keep your programs up-to-date.
icon_arrow.gifAdblock - to surf the web without annoying ads!
 
 
 
The following will implement some post-cleanup procedures:
 
=> Please download DelFix by Xplode to your Desktop.
 
Run the tool and check the following boxes below;
checkmark.png Remove disinfection tools
checkmark.png Create registry backup
checkmark.png Purge System Restore
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:\DelFix.txt)
 
The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.
 
 

My help is free for everybody.

If you're happy with the help provided and/or wish to buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif
Thank you!

 

 
 
 
Stay safe,
TwinHeadedEagle :)

Share this post


Link to post
Share on other sites

Thank you for your answer and for these tips! 

 

1. Can the Malware Bytes anti exploit co-exist with Avast AV (which has a browser security tool) OK with no conflict?

 

2. I clicked on the link for the CryptoPrevent and at first took me to a McShield verified looking like site (with large blue sign) which seemed to be a genuine site of Cryptodefender, but when i clicked on one of the questions-links there it took me to a page with no info and a 500 error http://www.foolishit.com/vb6-projects/cryptoprevent/

Yet, cause of the link i was able to  go to the foolishit.com site and find the product category; yet when clicking there, the same thing happened. Either their link has a problem, or could it be that the Crypto hackers have prevented this product and link from downloading?

Share this post


Link to post
Share on other sites

I have run Delfix and here are the results below.

 

It did not clean the leftover scan and fix log files and the Frst.exe file...i suspect due to my having grouped them under one folder in the hard drive (so as to not get confused).

 

Should i delete this folder manually or can i keep it for future reference?

 

If I delete it, should i run the Delfix.exe again, to delete all addresses?

 

Also, i notice below that the Yontoo 1.10.02 plugin on the browser has been deleted. I thought i had removed it from the 'Add, Remove Programs' function of control panel, but does that mean there was a left over in the registry?

 

Please do not close this exchange, till we finalise all these. I need to go out for the evening, but i will  be back at it, tomorrow am.

Thank you.

 

 # DelFix v10.8 - Logfile created 12/08/2014 at 17:24:58

# Updated 29/07/2014 by Xplode
# Username : Konstantine Trivizas - KONSTANT-8F5437
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
 
~ Removing disinfection tools ...
 
 
~ Creating registry backup ... OK
 
~ Cleaning system restore ...
 
Deleted : RP #466 [system Checkpoint | 08/09/2014 11:27:40]
Deleted : RP #467 [software Distribution Service 3.0 | 08/09/2014 11:27:40]
Deleted : RP #468 [software Distribution Service 3.0 | 08/09/2014 11:27:40]
Deleted : RP #469 [software Distribution Service 3.0 | 08/09/2014 11:27:41]
Deleted : RP #470 [software Distribution Service 3.0 | 08/09/2014 11:27:41]
Deleted : RP #471 [software Distribution Service 3.0 | 08/09/2014 11:27:41]
Deleted : RP #472 [software Distribution Service 3.0 | 08/09/2014 11:27:42]
Deleted : RP #473 [software Distribution Service 3.0 | 08/09/2014 11:27:42]
Deleted : RP #474 [software Distribution Service 3.0 | 08/09/2014 11:27:42]
Deleted : RP #475 [software Distribution Service 3.0 | 08/09/2014 11:27:42]
Deleted : RP #476 [software Distribution Service 3.0 | 08/09/2014 11:27:42]
Deleted : RP #477 [software Distribution Service 3.0 | 08/09/2014 11:27:42]
Deleted : RP #478 [software Distribution Service 3.0 | 08/09/2014 11:27:43]
Deleted : RP #479 [software Distribution Service 3.0 | 08/09/2014 11:27:43]
Deleted : RP #480 [software Distribution Service 3.0 | 08/09/2014 11:27:44]
Deleted : RP #481 [software Distribution Service 3.0 | 08/09/2014 11:27:44]
Deleted : RP #482 [software Distribution Service 3.0 | 08/09/2014 11:27:44]
Deleted : RP #483 [before uninstall Facebook Video Calling 2.0.0.447 | 08/09/2014 11:27:44]
Deleted : RP #484 [Removed Facebook Video Calling 2.0.0.447 | 08/09/2014 11:27:44]
Deleted : RP #485 [before uninstall Yontoo 1.10.02 | 08/09/2014 11:27:44]
Deleted : RP #486 [before uninstall Google Chrome | 08/09/2014 11:27:45]
Deleted : RP #487 [before uninstall Google Drive | 08/09/2014 11:27:45]
Deleted : RP #488 [Removed Google Drive | 08/09/2014 11:27:45]
Deleted : RP #489 [software Distribution Service 3.0 | 08/09/2014 11:27:45]
Deleted : RP #490 [software Distribution Service 3.0 | 08/09/2014 11:27:45]
Deleted : RP #491 [software Distribution Service 3.0 | 08/09/2014 11:27:45]
Deleted : RP #492 [software Distribution Service 3.0 | 08/09/2014 11:27:45]
Deleted : RP #493 [installed %1 %2. | 08/09/2014 11:27:45]
Deleted : RP #494 [system Checkpoint | 08/09/2014 11:27:46]
Deleted : RP #495 [software Distribution Service 3.0 | 08/09/2014 11:27:46]
Deleted : RP #496 [End of disinfection | 08/09/2014 11:27:55]
Deleted : RP #497 [AA11 | 08/09/2014 13:13:16]
Deleted : RP #498 [before uninstall Adobe Reader XI (11.0.07) | 08/09/2014 13:19:53]
Deleted : RP #499 [Removed Adobe Reader XI (11.0.07). | 08/09/2014 13:20:16]
Deleted : RP #500 [avast! antivirus system restore point | 08/09/2014 13:43:53]
Deleted : RP #501 [installed Microsoft Fix it 50535 | 08/10/2014 12:42:57]
Deleted : RP #502 [system Checkpoint | 08/12/2014 15:39:04]
 
New restore point created !
 
########## - EOF - ##########

Share this post


Link to post
Share on other sites

Thank you on the download for the cryptoprevent.

 

Something very strange. I have been messaging you here from this new laptop. But when just earlier i turned on the infected laptop to download and run the Delfix from your post, after the text file was created (which i posted above) i had to copy and paste here that file visa this new laptop, as the forum exchange via this laptop did not have  reply option!!

 

And something else: Our exchange here,on the old laptop shows to be read now by two members and one guest, while the discussion here on this new laptop i message you from, shows to be read by 0 users and 0 members and 0 guests. Dodgy??? 

Share this post


Link to post
Share on other sites

Also, my Adblock on the browser of the old computer, shows to have caught one ad on this page here, while i know that your page has no ads. I feel i am still infected by the ad pop up virus.  

Share this post


Link to post
Share on other sites

You can delete FRST report manually.

 

About Yontoo, it is just emptied restore point, don't worry.

 

 

About your forum questions, don't worry, it is happening sometimes.

 

Adblock works that way, it blocks ads and show how many are blocked. It is normal.

Share this post


Link to post
Share on other sites

also i notice that on the old pc, the 'mark community read'link  next to 'change theme' al the way at the end and below this page, at the light blue part, does not show! 

Share this post


Link to post
Share on other sites

No to worry; this was a small variance between being logged on to the forum and not being logged on...and i had not realised i was not signed on on the older pc when i wrote this. 

 

Another issue: Chrome on that computer seems to crash more often than usual and when attempting to print documents from Chrome, it is only possible via 'print system dialogue'. Print preview does not work there, but it works with Word and Adobe. I do not believe this is virus related...in had experienced this on and off before, i just have it more now.  

 

Thank you and regards. 

Share this post


Link to post
Share on other sites

I did some research and a lot of people report this. What you can do is to hope that this will be fixed with upcoming versions.

 

If this is your last question, we can close this topic. This forum section is dedicated only for malware removal.

Share this post


Link to post
Share on other sites

 I am glad to hear that you too have obtained info and believe that the Chrome issue is not virus related. For once!

 

Yes, we can close this and again thank you for your excellent support!

 

ps: hopefully the topic, even closed, can be found for review, if needed.  

Share this post


Link to post
Share on other sites

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.