Jump to content

I am Infected - adsdelivery1 and picric


Recommended Posts

Hello,

 

after extensive self attempts to get this adware out i have come up to a breaking point.  I have followed numerous online guides to removing adsdelivery1 and no avail it is still present.  at this point i have the cookies blocked in chrome which is allowing for web usage but most sites load really strange still and i just want to get this off my PC.

 

Please help!

 

Attached are the logs from FRST64 that the sticky post requests.

 

Thank You

FRST.txt

Addition.txt

Link to post
Share on other sites

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.
  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )

    [*]Leave everything else as it is. [*]Close all other running programs as well as your Browser. [*]Click the Scan button & wait for it to finish. [*]Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post. [*]Save it where you can easily find it, such as your desktop. [*]Please post the content of the ark.txt here.


**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Link to post
Share on other sites

ok i got it to run here is the log.

 

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-08-18 14:48:18
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 ST2000DM001-1CH164 rev.CC24 1863.02GB
Running: gmer.exe; Driver: C:\Users\goomba\AppData\Local\Temp\fwdiapoc.sys
 
 
---- Threads - GMER 2.1 ----
 
Thread   [1284:1300]                                  000007fefeeca808
Thread   [1284:1304]                                  00000000779caef0
Thread   [1284:4624]                                  00000000779cfbf0
Thread   [1284:2384]                                  000007fefcf10168
Thread   [1284:692]                                   00000000779cfbf0
Thread   [1284:8112]                                  00000000779cfbf0
Thread   [1284:5788]                                  00000000779cfbf0
Thread   [1284:6468]                                  00000000779cfbf0
Thread   [1308:1328]                                  0000000077be3e85
Thread   [1308:1332]                                  0000000075a57587
Thread   [1308:1448]                                  0000000077be2e65
Thread  C:\Windows\System32\svchost.exe [1472:1644]   000007fefab0f2f4
Thread  C:\Windows\System32\svchost.exe [1472:1684]   000007fefabf6204
Thread  C:\Windows\System32\svchost.exe [1472:1848]   000007fef9845428
Thread  C:\Windows\System32\svchost.exe [1472:3824]   000007fef2996b8c
Thread  C:\Windows\System32\svchost.exe [1472:3796]   000007fef2991d88
Thread  C:\Windows\System32\svchost.exe [1472:5476]   000007fef9a02070
Thread  C:\Windows\System32\svchost.exe [1472:7916]   000007fef8f85fd0
Thread  C:\Windows\System32\svchost.exe [1472:4476]   000007fef9843118
Thread  C:\Windows\system32\svchost.exe [1564:1928]   000007fef9111e00
Thread  C:\Windows\system32\svchost.exe [1564:1948]   000007fef8ff1a50
Thread  C:\Windows\system32\svchost.exe [1564:2232]   000007fefc1a1a70
Thread  C:\Windows\system32\svchost.exe [1564:3816]   000007fefc1a1a70
Thread  C:\Windows\system32\svchost.exe [1564:4752]   000007fef297506c
Thread  C:\Windows\system32\svchost.exe [1564:4760]   000007fef3da1c20
Thread  C:\Windows\system32\svchost.exe [1564:4616]   000007fef3da1c20
Thread  C:\Windows\system32\svchost.exe [1564:5320]   000007fef006e1c4
Thread  C:\Windows\system32\svchost.exe [1564:3784]   000007feff6c4164
Thread  C:\Windows\system32\svchost.exe [1564:4048]   000007fef2ae17f8
Thread  C:\Windows\system32\svchost.exe [1564:7316]   000007fef2ae17f8
Thread  C:\Windows\System32\spoolsv.exe [2012:4180]   000007fef3ad10c8
Thread  C:\Windows\System32\spoolsv.exe [2012:4216]   000007fef17f6144
Thread  C:\Windows\System32\spoolsv.exe [2012:4232]   000007fef8f85fd0
Thread  C:\Windows\System32\spoolsv.exe [2012:4240]   000007fef8f73438
Thread  C:\Windows\System32\spoolsv.exe [2012:4244]   000007fef8f863ec
Thread  C:\Windows\System32\spoolsv.exe [2012:4264]   000007fef3d95e5c
Thread  C:\Windows\System32\spoolsv.exe [2012:4276]   000007fef1ac5074
Thread  C:\Windows\system32\svchost.exe [2044:2208]   000007fef50b35c0
Thread  C:\Windows\system32\svchost.exe [2044:3764]   000007fef50b5600
Thread  C:\Windows\system32\svchost.exe [2044:3868]   000007fef3f82940
Thread  C:\Windows\system32\svchost.exe [2044:2468]   000007fef2e42a40
Thread  C:\Windows\system32\svchost.exe [2044:2748]   000007fef2e42888
Thread  C:\Windows\SysWOW64\ntdll.dll [2112:2116]     0000000000c3ecb5
Thread   [2212:2240]                                  00000000779caef0
Thread   [2212:2252]                                  000007fefeeca808
Thread   [2212:5244]                                  00000000779cfbf0
Thread   [2212:8096]                                  00000000779cfbf0
Thread  C:\Windows\SysWOW64\ntdll.dll [2448:2452]     0000000000402a36
Thread  C:\Windows\SysWOW64\ntdll.dll [2448:2492]     0000000000401fd0
Thread   [2648:2692]                                  00000000779caef0
Thread   [2648:2704]                                  000007fefeeca808
Thread   [2648:2736]                                  00000000779cfbf0
Thread   [2648:7592]                                  00000000779cfbf0
Thread   [2648:2532]                                  00000000779cfbf0
Thread  C:\Windows\SysWOW64\ntdll.dll [3928:3932]     000000000040a5ed
Thread  C:\Windows\SysWOW64\ntdll.dll [3928:4088]     00000000722752c9
Thread  C:\Windows\SysWOW64\ntdll.dll [3928:4092]     0000000000405fd0
Thread  C:\Windows\SysWOW64\ntdll.dll [3928:2864]     0000000000403ee0
Thread  C:\Windows\SysWOW64\ntdll.dll [4556:4364]     00000000010ee311
Thread  C:\Windows\SysWOW64\ntdll.dll [4472:4028]     00000000002b9032
Thread  C:\Windows\system32\taskhost.exe [4108:5392]  000007fef3fb1f38
Thread  C:\Windows\system32\taskhost.exe [4108:6912]  000007fef1e45170
Thread  C:\Windows\Explorer.EXE [3368:752]            000007feebb0f5bc
Thread  C:\Windows\SysWOW64\ntdll.dll [2020:1764]     0000000000263f8e
Thread  C:\Windows\SysWOW64\ntdll.dll [2020:5448]     000000006dba0dc7
Thread  C:\Windows\SysWOW64\ntdll.dll [2020:8092]     000000006dc536af
Thread  C:\Windows\SysWOW64\ntdll.dll [2020:6440]     000000007183784b
Thread  C:\Windows\SysWOW64\ntdll.dll [6704:6908]     0000000000f8de79
Thread  C:\Windows\SysWOW64\ntdll.dll [6704:1984]     0000000072c321a0
Thread  C:\Windows\SysWOW64\ntdll.dll [6704:4888]     0000000072c321a0
Thread  C:\Windows\SysWOW64\ntdll.dll [6704:2404]     0000000072c321a0
Thread  C:\Windows\SysWOW64\ntdll.dll [3272:1236]     0000000000c008e5
 
---- EOF - GMER 2.1 ----
Link to post
Share on other sites

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe



When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.