Bassass93 Posted August 6, 2014 ID:863243 Share Posted August 6, 2014 Unable to update, uninstall or reinstall Malwarebytes.Picasa program infected. Unable to open any files.FRST: and Addition.txt attached.Thank you in advance for your review. FRST.txtAddition.txt Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted August 6, 2014 ID:863260 Share Posted August 6, 2014 Hello, They call me TwinHeadedEagle around here, and I'll be working with you. Before we start please read and note the following: Limit your internet access to posting here, some infections just wait to steal typed-in passwords.Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time.Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.Do not paste the logs in your posts, attachments make my work easier. There is a Attach Files option below which you can use to attach your reports. Always attach reports from all tools.Stay with me to the end, the absence of symptoms doesn't mean that your machine is fully operational.Note that we may live in totally different time zones, what may cause some delays between answers.Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed. I can't foresee everything, so if anything unexpected happens, please stop and inform me! There are no silly questions. Never be afraid to ask if in doubt! P2P/Piracy Warning:If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now and read the policy on Piracy. First, go to Control Panel and uninstall following (skip lines that cannot be uninstalled):- Download Updater Fix with Farbar Recovery Scan Tool This fix was created for this user for use on that particular machine.Running it on another one may cause damage and render the system unstable. Download attached fixlist.txt file and save it to the Desktop: Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!Right-click on icon and select Run as Administrator to start the tool.(XP users click run after receipt of Windows Security Warning - Open File).Press the Fix button just once and wait.If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.When finished FRST will generate a log on the Desktop, called Fixlog.txt.Please attach it to your reply. Scan with ComboFix This is a very powerful tool that should be used only if advised by Malware Analyst.Do not run ComboFix on your own! Referring to this instruction, please download ComboFix by sUBs and save it to your desktop.Temporary disable your AntiVirus and AntiSpyware protection - instructions here.Right-click on icon and select Run as Administrator to start the tool.Accept the disclaimer and agree if prompted to install Recovery Console.Do not take any actions while ComboFix goes through your System - it may cause it to stall!This scan may take some time!When finished - it will display a logfile (located also on your main drive, usually C:\ComboFix.txt).Include that log in your next reply. If you'll encounter any issues with internet connection after running ComboFix, please visit this link. If an error about operation on the key marked for deletion will appear after running the tool, please reboot your machine.fixlist.txt Link to post Share on other sites More sharing options...
Bassass93 Posted August 11, 2014 Author ID:865155 Share Posted August 11, 2014 how do I get FRST and the tool in the "same location" ? both are on desk top now. Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted August 11, 2014 ID:865158 Share Posted August 11, 2014 In that case, just follow rest of the instructions. Link to post Share on other sites More sharing options...
Bassass93 Posted August 11, 2014 Author ID:865195 Share Posted August 11, 2014 fixlog attached. combofix still working. been on completed stage 32 for 15+ mins.Fixlog.txt Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted August 11, 2014 ID:865209 Share Posted August 11, 2014 Good, keep me posted. Link to post Share on other sites More sharing options...
Bassass93 Posted August 11, 2014 Author ID:865220 Share Posted August 11, 2014 combofix logComboFix.txt Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted August 11, 2014 ID:865251 Share Posted August 11, 2014 We need to run one more step: Fix with ComboFix Let's prepare a Script for ComboFix to mark some things for being deleted.Press the + R on your keyboard at the same time.A Run window should appear in the lower left corner. Type in notepad.exe and press Enter.In the shown window paste in the following script:Driver::clfupkavFile::c:\windows\system32\drivers\clfupkav.sysClearJavaCache:: Go to File menu and select Save as.Make sure that the Save as type option is set to Text files (*.txt) and the place to save will be your desktop.Name the file CFScript and select Save.Your CFScript.txt file should appear on your desktop. Temporary disable your AntiVirus and AntiSpyware protection - instructions here.Now drag your CFScript file and drop it onto the icon.This will start ComboFix. Let it run uninterrupted!A reboot may be needed during this run. Allow it.When finished, it shall produce a log for you at C:\ComboFix.txt and display it.Please include that log in your next reply. If you'll encounter any issues with internet connection after running ComboFix, please visit this link. If an error about operation on the key marked for deletion will appear after running the tool, please reboot your machine. Do not forget to turn on your previously switched-off protection software! Link to post Share on other sites More sharing options...
Bassass93 Posted August 12, 2014 Author ID:865320 Share Posted August 12, 2014 combofix txtComboFix.txt Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted August 12, 2014 ID:865399 Share Posted August 12, 2014 Good. Tell me how is your PC now? Link to post Share on other sites More sharing options...
Bassass93 Posted August 12, 2014 Author ID:865681 Share Posted August 12, 2014 error logs attachedDECRYPT_INSTRUCTION.TXTPicasa errorlog.txt Link to post Share on other sites More sharing options...
Bassass93 Posted August 12, 2014 Author ID:865685 Share Posted August 12, 2014 In addition here is the Malwarebytes protection log.Malwarebytes protectiion log.txt Link to post Share on other sites More sharing options...
Bassass93 Posted August 12, 2014 Author ID:865707 Share Posted August 12, 2014 any ideas? Link to post Share on other sites More sharing options...
Bassass93 Posted August 12, 2014 Author ID:865732 Share Posted August 12, 2014 picasa still infected. see attached logs.also malwarebytes log.DECRYPT_INSTRUCTION.TXTPicasa errorlog.txtMalwarebytes protectiion log.txt Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted August 12, 2014 ID:865734 Share Posted August 12, 2014 Where did you found Decrypt file? Link to post Share on other sites More sharing options...
Bassass93 Posted August 12, 2014 Author ID:865737 Share Posted August 12, 2014 it opens when u try to open files in picasa. a message from the hacker? Link to post Share on other sites More sharing options...
Bassass93 Posted August 12, 2014 Author ID:865740 Share Posted August 12, 2014 when you try and open photos in picasa. a message from the hacker? Link to post Share on other sites More sharing options...
Bassass93 Posted August 12, 2014 Author ID:865742 Share Posted August 12, 2014 when u try and open files in picasa. a message from the hacker? Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted August 12, 2014 ID:865744 Share Posted August 12, 2014 I am afraid you're infected with cryptowall virus. We cannot bring your files back. Read more about it here --> http://www.bleepingcomputer.com/virus-removal/cryptowall-ransomware-information Link to post Share on other sites More sharing options...
Bassass93 Posted August 12, 2014 Author ID:865750 Share Posted August 12, 2014 malwarebytes is constantly putting up a pop up for "malicious software blocked" ip 88.214.193.212port 56343type outboundprocess C:\WindowsSysWOW64|winnit.exe Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted August 13, 2014 ID:865951 Share Posted August 13, 2014 Scan with Malwarebytes' Anti-Malware Please re-run Malwarebytes' Anti-Malware.First of all, select update.Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.Click the Scan tab, choose Threat Scan is checked and click Scan Now.If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.Upon completion of the scan (or after the reboot), click the History tab.Click Application Logs and double-click the newest Scan Log.At the bottom click Export and choose Text file.Save the file to your desktop and include its content in your next reply. Link to post Share on other sites More sharing options...
Bassass93 Posted August 13, 2014 Author ID:866088 Share Posted August 13, 2014 no threats detected. the log is attached.Malwarebytes Anti-Malware log.txt Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted August 13, 2014 ID:866114 Share Posted August 13, 2014 Run FRST again, check Addition.txt, press scan and attach both reports. Link to post Share on other sites More sharing options...
Bassass93 Posted August 13, 2014 Author ID:866123 Share Posted August 13, 2014 The logs are attachedAddition.txtFRST.txt Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted August 13, 2014 ID:866130 Share Posted August 13, 2014 Fix with Farbar Recovery Scan Tool This fix was created for this user for use on that particular machine. Running it on another one may cause damage and render the system unstable. Download attached fixlist.txt file and save it to the Desktop: Both files, FRST and fixlist.txt have to be in the same location or the fix will not work! Right-click on icon and select Run as Administrator to start the tool.(XP users click run after receipt of Windows Security Warning - Open File).Press the Fix button just once and wait.If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.When finished FRST will generate a log on the Desktop, called Fixlog.txt. Please post it to your reply.fixlist.txt Link to post Share on other sites More sharing options...
Recommended Posts