Jump to content

Recommended Posts

Hello,

Run into an issue.  Found a virus on a windows 7 x64 machine and started to use Malwarebytes, HitmanPro (can't get license to work) M$ Essentials, and RougeKiller.

 

Before removing anything we know the PC had a virus, but now after cleaning, I get an error that we can not surf the internet.  IE states:

The proxy server isn't responding

 

  • Check your proxy settings 127.0.0.1:8800.
  • Go to Tools > Internet Options > Connections. If you are on a LAN, click “LAN settings”. Make sure your firewall settings aren’t blocking your web access. Ask your system administrator for help.
  • Make sure your firewall settings aren’t blocking your web access.
  • Ask your system administrator for help.
 

I have run a JRT and FRST and attached the logs.

 

Thx in advance

JRT.txt

FRST.txt

Link to post
Share on other sites

Make sure you have created a restore point and.....

bwebb7v.jpgDownload Delfix from Here and save it to your desktop.

  • Place a check mark in front of .......
  • Create registry backup <---only!
  • [color-red]Uncheck the rest!
  • Click the Run button.

    Close the tool out when it's done....we'll use it later.

    ========================

    Download the attached fixlist.txt to the same folder as FRST.exe/FRST64.exe.

    Run FRST.exe/FRST64.exe and click Fix only once and wait

    The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

    This will reboot your computer when run.

    MrC

Link to post
Share on other sites

Great!

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
MrC
Link to post
Share on other sites

Thank you. 

 

See below:

 

Results of screen317's Security Check version 0.99.89  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Adobe Reader XI  
 Google Chrome 37.0.2062.120  
 Google Chrome 37.0.2062.124  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
 Nex Desktop Virus removal SecurityCheck.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 1% 
````````````````````End of Log`````````````````````` 
Link to post
Share on other sites

That looks OK.....

A little clean up to do....

Please Uninstall ComboFix: (------->if you used it<-------)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter. (it may look like CF is re-installing but it's not)

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

bwebb7v.jpgDownload Delfix from here and save it to your desktop. (you may already have this)

  • Ensure Remove disinfection tools is checked.
  • Click the Run button.
  • Reboot
Any other programs or logs that are still remaining, you can manually delete. (right click.....Delete)

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall.

Note:

If you used FRST and can't delete the quarantine folder:

Download the fixlist.txt to the same folder as FRST.exe.

Run FRST.exe and click Fix only once and wait

That will delete the quarantine folder created by FRST.

The rest you can manually delete.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

When I run the ComboFix / Uninstall I get an error that it could not be found.  I also searched my C: drive for comboFix and could not find anything.

 

Here is the log for DelFix

 

# DelFix v10.8 - Logfile created 17/10/2014 at 20:28:01

# Updated 29/07/2014 by Xplode
# Username : Carolyn - CAROLYN-PC
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
 
~ Removing disinfection tools ...
 
Deleted : C:\FRST
Deleted : C:\TDSSKiller_Quarantine
Deleted : C:\Users\Carolyn\Desktop\RK_Quarantine
Deleted : C:\Log.txt
Deleted : C:\TDSSKiller.2.8.16.0_08.03.2013_19.22.57_log.txt
Deleted : C:\TDSSKiller.2.8.16.0_10.03.2013_19.35.19_log.txt
Deleted : C:\TDSSKiller.3.0.0.39_12.06.2014_09.50.39_log.txt
Deleted : C:\TDSSKiller.3.0.0.40_16.10.2014_11.06.44_log.txt
Deleted : C:\TDSSKiller.3.0.0.40_16.10.2014_11.12.06_log.txt
Deleted : C:\TDSSKiller.3.0.0.40_25.08.2014_10.11.13_log.txt
Deleted : C:\Users\Carolyn\Desktop\RKreport[1]_S_03082013_02d1919.txt
 
########## - EOF - ##########
 
Thank you again.
Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.