Jump to content

Need malware removal help!

Lmiller

By Lmiller
in Resolved Malware Removal Logs

 Share

Recommended Posts

Lmiller

Lmiller

Posted
  • Author
Posted

Here is the MBAM scan log. I cant get ESET to work. It opens up in a window about 1/6 the size of my actual screen. I accept terms of use and it put me on the screen where I make sure the right boxes are checked or unchecked. But I cant see the start button on that screen. I maximized it but it still only showed the small portion and the remainder was solid grey. When I refreshed it took me back to the home screen where i click the "RUN " button and had to start over....then it does the same thing

mbamscanlog.txt

Link to post
Share on other sites
  • Replies 86
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Naathim

Naathim

Posted
Posted

OK, we'll try a different scanner. Got some of them in my arsenal.



panda-av.jpg Scan with Panda Cloud Cleaner

This type of scan often produces false positives. In any case do not remove on your own any of its findings! Removal will be made after the careful analysis of the scan results.

Please download Panda Cloud Cleaner and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Install the scanner by right-click on panda-av.jpg icon and select RunAsAdmin.jpg Run as Administrator.
  • It should start itself automaticaly after the installation.
  • In the main console click Accept and Scan.
  • This scan won't take long, about several minutes (depending on your system specs). Let it run uninterrupted.
  • At the last stage you will see a couple of messages about veryfying & analyzing results. Wait patiently.
  • Upon completion you will see detections window. Enter one of them and click there View Report at the bottom right side.
  • A notepad window named PCloudCleaner.log will open. Save it to your desktop.

Please include the contents of that file in your next reply.
Don't forget to re-enable your switched-off protection software!
After that you may uninstall Panda Cloud Cleaner from your machine, if you wish to.

Link to post
Share on other sites
Naathim

Naathim

Posted
Posted

Allow the first four to be deleted:

Malware. FILE: C:\USERS\CODY & LAGINA\APPDATA\LOCAL\SOFTUPDATE\SOFTUPDATE.EXE to be deleted.Malware. FOLDER: C:\USERS\CODY & LAGINA\APPDATA\LOCAL\SOFTUPDATE to be deleted.Malware. REGKEY: HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND. Value: (null) To be changed to: C:\Program Files\Internet Explorer\IEXPLORE.EXE.Malware. REGKEY: HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\FIREFOX.EXE\SHELL\OPEN\COMMAND. Value: (null) To be changed to: C:\Program Files (x86)\Mozilla Firefox\firefox.exe.

 
What issues remain?

Link to post
Share on other sites
Naathim

Naathim

Posted
Posted

Yes, please re-run the scan and for the things lister prior after the scan choose "delete" - leave the others :)
 
After that let's scan for vulnerabilities.



51c9d14017fa0-SecurityCheck.PNG Scan with Security Check

Please download Security Check by Screen317 and save it to your desktop.

  • Right-click on 51c9d14017fa0-SecurityCheck.PNG icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Follow onscreen instructions inside the black box. This scan won't take long.
  • Soon a notepad document called checkup.txt will open automaticaly.

Please include the content of that document.

Link to post
Share on other sites
Lmiller

Lmiller

Posted
  • Author
Posted

ok well it did all that...said  "could not find path specified" again. opened the notepad and there was nothing there.  Oh, and even after I change my homepage back to what I want it, That safesearch website makes itself my homepage again. Like literally I change it and apply actions and  then the next time I log on it's back to safe search. I though we had deleted that??

Link to post
Share on other sites
Naathim

Naathim

Posted
Posted

There must be a reloader... Or the browser synchronizes it.



FRST.gif Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    > XP users click run after receipt of Windows Security Warning - Open File.
    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content in your next reply.

Link to post
Share on other sites
  • 2 weeks later...
Lmiller

Lmiller

Posted
  • Author
Posted

It's okay. I hope everything is better now. As far as a I can tell there are no further problems. It has been running normal and not as slow as it had been. My husband did tell me last night that he was on it and the touchpad mouse started to mess up and every letter he typed doubled its self. But I fixed the touchpad and since then I myself have not noticed any letter doubling or anything of the sort.  Do you know of a way I can permanently change my homepage on my browsers back to msn though? That is the only problem I am having. I change it everytime I open the browser and apply all the actions. I have even restarted my computer afterwards to see if that made it stick. But it never fails, safesearch ALWAYS makes itsself my homepage.

Link to post
Share on other sites
Naathim

Naathim

Posted
Posted

Do this one:



EXEfile7.png Scan with SystemLook

Download SystemLook x64 by jpshortstuff and save it to your desktop.

  • Right-click on EXEfile7.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • In the main box please paste the following script:
    :regfind*safesearch*
  • click Look.
  • When finished a logfile SystemLook.txt will open (will be also saved to your desktop)
  • Click Exit to close the tool.

Please include the content of SystemLook in your next reply.

Link to post
Share on other sites
Naathim

Naathim

Posted
Posted

I will narrow down my search a little.

 

EXEfile7.png Scan with SystemLook

Please re-run SystemLook x64.

  • Right-click on EXEfile7.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • In the main box please paste the following script:
    :regfind*safesear*
  • click Look.
  • When finished a logfile SystemLook.txt will open (will be also saved to your desktop)
  • Click Exit to close the tool.

Please include the content of SystemLook in your next reply.

Link to post
Share on other sites
Naathim

Naathim

Posted
Posted

I can't find the loading point for this darned safesear.ch  :angry2: 

51a612a8b27e2-Zoek.png Scan with ZOEK

 

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    createsrpoint;process;autoclean;services-list;systemspecs;startupall;iedefaults;firefoxlook;chromelook;filesrcm;installedprogs;
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Please include its content in your next reply.
Don't forget to re-enable your switched-off protection software!

Link to post
Share on other sites
Lmiller

Lmiller

Posted
  • Author
Posted

It has been running for a couple hours now and hasn't given me a log yet. I also spent the majority of my morning fixing the keyboard and mouse touch pad again. The keyboard typed every letter twice in a row with only hitting the button once. And my touchpad mouse malfunctioned again and I had to uninstall and reinstall it again as well.

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

I will go ahead and take over for Naathim in his absence
 

Please go into Control Panel, Add/Remove and uninstall ALL versions of Java and then run the following.
 
Please download JavaRa-1.16 and save it to your computer.

  • Double click to open the zip file and then select all and choose Copy.
  • Create a new folder on your Desktop named RemoveJava and paste the files into this new folder.
  • Quit all browsers and other running applications.
  • Right-click on JavaRa.exe in RemoveJava folder and choose Run as administrator to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location and post it in your next reply.

Next:
 
Please Run TFC by OldTimer to clear temporary files:
  • Download TFC from here and save it to your desktop.
  • http://oldtimer.geekstogo.com/TFC.exe
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.


 
 

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Yes the link for JavaRA was down. Please try this updated link. Ignore the Add/Remove for Java and just run the JavaRA tool.

 

 

Please go into Control Panel, Add/Remove and uninstall ALL versions of Java and then run the following.
 
Please download JavaRa-1.16 and save it to your computer.

  • Double click to open the zip file and then select all and choose Copy.
  • Create a new folder on your Desktop named RemoveJava and paste the files into this new folder.
  • Quit all browsers and other running applications.
  • Right-click on JavaRa.exe in RemoveJava folder and choose Run as administrator to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location and post it in your next reply.

Next:
 
Please Run TFC by OldTimer to clear temporary files:
  • Download TFC from here and save it to your desktop.
  • http://oldtimer.geekstogo.com/TFC.exe
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.


 
 

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

How is the computer running now?

 

Are there still any signs of an infection?

 

 

 

Please open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkits, Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button. Remove any threats found
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.
 

 

 

 

Please download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!

 

 

Link to post
Share on other sites
Lmiller

Lmiller

Posted
  • Author
Posted

My computer is running slow again. If I have 2 tabs open on a browsers neither will load, they literally take 20 or more minutes to load up. This has never happened before. Also, Malwarebytes scan log won't paste from clipboard in here. I can't get anything to paste in here, haven't been able to this whole time. That's why I had to attach everything. And the security check log file is completely empty. Notepad opened and there was nothing there. It said in the black box over and over that it could not find the path specified. Which has happened more than once with different scan tools.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.