Shako62 Posted October 18, 2014 ID:891909 Share Posted October 18, 2014 Same problem here... Wont let me download any fix programs as it says my steeings dont allow etc... fff5ee.com95.215.1.5766.77.96.140Etc.Started this morning... Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 18, 2014 ID:891914 Share Posted October 18, 2014 Hello Shako62 and welcome aboard. This sub-forum is strictly one to one help. We do not piggy back more than 1 customer in 1 thread. I have deleted your other post and made this one here yours. You truly need to do the forum preliminaries. That is to get and run some diagnostic reports. Then reply and ATTACH the reports in the reply.Please print out, read and follow the directions here, skipping any steps you are unable to complete. Link to post Share on other sites More sharing options...
Shako62 Posted October 18, 2014 Author ID:891915 Share Posted October 18, 2014 I have read the Do this first list etc and am unable to download the fix programs mentioned. Will be glad to follow those instructions if I can find a way to grab the programs. Link to post Share on other sites More sharing options...
Shako62 Posted October 18, 2014 Author ID:891916 Share Posted October 18, 2014 Thanks for making this a separate thread Link to post Share on other sites More sharing options...
Shako62 Posted October 18, 2014 Author ID:891917 Share Posted October 18, 2014 Any tips on how I can get past the "My current security settings do not allow this file t be downloaded" I assume the unwanted software is preventing this... Link to post Share on other sites More sharing options...
Shako62 Posted October 18, 2014 Author ID:891918 Share Posted October 18, 2014 Ok think I managed to get the first program. Running now... Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 18, 2014 ID:891919 Share Posted October 18, 2014 Please try to collect all your questions / issues into 1 post because it is not the ideal to multi-post. and I am in middle of replying to you. Tell me more about the inability to get FRST. What browser program do you use?Is there some "error message" ? Are even able to reach the bleepingcomputer download site? What is the background story about the infection on the computer? What version of Windows is it running?Do you have access to a working computer at your home ? neighbors house ? library ? Is your antivirus out of commission? which antivirus do you have ? It is possible you may have a serious rogue or rootkit infection. Please download Malwarebytes Anti-Rootkit (MBAR) and save it to your desktop,from here http://downloads.malwarebytes.org/file/mbar•Be sure to print out ( if possible) and follow the instructions provided on that same page.•Doubleclick on the MBAR file you downloaded and approve the UAC prompt in Vista and newer operating systems.•Click **OK** on the next screen, to allow the package to extract the contents of the file to its own folder, mbar.•mbar.exe will launch automatically. On some systems, this may take a few extra seconds. Please be patient and wait for the program to open.•After reading the Introduction, click '**Next**' if you agree.•On the Update Database screen, click on the '**Update**' button.•Once you see 'Success: Database was successfully updated' click on 'Next'.•Click the '**Scan**' button.With some infections, you may see two messages boxes. 1.'Could not load protection driver'. Click 'OK'. 2.'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.•If malware is found, do **NOT** press the Cleanup button when the scan completes. Click EXIT.Then, please send the following logs as attachments to your reply. These logs are located in the mbar folder on your desktop where the tool extracted itself to.mbar-log-2014-10-18 .....txt (where xx-xx(xx-xx-xx) is the date and time of the scan)+ alsosystem-log.txtI need to have both of those files attached in your next reply. Thanks. Send even if nothing is reported as detected. Always send these. Link to post Share on other sites More sharing options...
Shako62 Posted October 18, 2014 Author ID:891921 Share Posted October 18, 2014 Two files generatedFRST.txtAddition.txt Link to post Share on other sites More sharing options...
Shako62 Posted October 18, 2014 Author ID:891925 Share Posted October 18, 2014 Sorry for the multiple posts... Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 18, 2014 ID:891929 Share Posted October 18, 2014 Your pc has Malwarebytes Anti-Malware version 2.0.2.1012 which is very out of date. You need to do the Clean new install procedurehttps://forums.malwarebytes.org/index.php?/topic/122284-mbam-clean-removal-process/ Link to post Share on other sites More sharing options...
Shako62 Posted October 18, 2014 Author ID:891934 Share Posted October 18, 2014 Ok wil go through that process... I only got one file from the Mbar program which I have attachedsystem-log.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 18, 2014 ID:891937 Share Posted October 18, 2014 I have to have the mbar-log-2014-10-18 .....txt and what did the MBAR program show, if you recall? These notes you made at the very start fff5ee.com 95.215.1.57 66.77.96.140 Those are IP Blocks. The Malwarebytes Anti-Malware Website Blocking feature will advise users when an known malicious IP is attempted to be reached(outgoing) or is trying access your PC(incoming). Incoming threats can be ignored, our software is blocking the attack and there is nothing more that can be done. No action is required unless you're also experiencing malware symptoms or there are multiple IPs(ex;123.23.34 and 4.44.56). A browser is not required to be running, just an active Internet connection with processes running, such as Instant messenger clients, SKYPE or P2P software to trigger these alerts. These are also triggered by banner ads running on websites which is the most common form of alert Windows Vista and Windows 7 & 8 will show the process, but Windows XP does not have the structure in place for this to be displayed by our software Please see/review this reference on MBAM's IP blocks https://helpdesk.malwarebytes.org/hc/en-us/articles/202325608 Link to post Share on other sites More sharing options...
Shako62 Posted October 18, 2014 Author ID:891943 Share Posted October 18, 2014 Ok, re ran the root kit program and now have three files... I removed Malware program and am trying to get a fresh download. Gettig the security error again anytime I try to download from a link...Going to head to work and pick up a laptop to download these programs form and transfer overmbar-log-2014-10-18 (12-10-41).txtsystem-log.txtmbar-log-2014-10-18 (11-40-38).txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 18, 2014 ID:891950 Share Posted October 18, 2014 OK, we need to pause and regroup. I am gathering more information. The IP Blocks are valid. You are experiencing a likely browser hijack and the InstallQ malware. Be sure that you do NOT fall for a fake flash or fake java browser update. The IP Blocks mean that the program is working and is blocking malware. This pc also seems to be lacking a antivirus program. You must have one. We can address that later. Did you accept some sort of Java update in past few days? any fake Flash updates? Again, we need to pause and regroup. as we go along, Stop and get all your info together and then make 1 post. Then wait for me to reply. otherwise, we will be out of phase. Link to post Share on other sites More sharing options...
Shako62 Posted October 18, 2014 Author ID:891956 Share Posted October 18, 2014 Ok...I believe I was asked for a Java 7 67 update recently, looked at DirectX 11 yesterday...Maybe that was the problem. I was able to get the anti Root Kit program to run and added the text files. I was also able to run the Farbar and Mbar programs and MClean.I will re attach the text files form the results.I am not able to re download the Maleware Bytes program to replace the old version I had. I get the pop up saying the security settings are preventing download and the screen is basically frozen. I will grab a laptop and get that another way so I can re install.If you recommend an Anti Virus program, I will pick it up on the way back...Heading to get a lap top now so I can download files as needed...Thanks very much for your help and patience so far... Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 18, 2014 ID:891960 Share Posted October 18, 2014 (edited) These steps are for member Shako62 only. If you are a casual viewer, do NOT try this on your system!If you are not and have a similar problem, do NOT post here; start your own topicOK, Let us pause and do this Fix with FRST. This infection is also called Poweliks. It is on this system.Save the attached file Fixlist.txt to the same location where you have FRST.exe ---- thats important for the Fix to work.It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite an existing one please allow)Run FRST again but this time press the "Fix" button just once and wait.When finished, it will make a log ( fixlog.txt ) next to FRST.Please attach the Fixlog.txt into a reply.Fixlist.txt Edited October 18, 2014 by Maurice Naggar Link to post Share on other sites More sharing options...
Shako62 Posted October 18, 2014 Author ID:891969 Share Posted October 18, 2014 It dosnt let me download that file. Get the pop up saying my "Current security settings do not allow this file to be downloaded." Link to post Share on other sites More sharing options...
Shako62 Posted October 18, 2014 Author ID:891971 Share Posted October 18, 2014 Will try to grab on laptop Link to post Share on other sites More sharing options...
Shako62 Posted October 18, 2014 Author ID:891975 Share Posted October 18, 2014 Ok got the file, downloaded and ran. Text file attached.Fixlog.txt Link to post Share on other sites More sharing options...
Shako62 Posted October 18, 2014 Author ID:891976 Share Posted October 18, 2014 Was also able to grab the latest Malware program and have installed it. Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 18, 2014 ID:891983 Share Posted October 18, 2014 OK, very good.Lets do this next ( and by the way NO freewheeling web surfing ---- lets wait until after I give the all clear). Please do a Threat & Rootkit Scan:Start the Anti-Malware program.Click the Settings icon ( on the top bar) > then click **Detection and Protection** subtab, Detection Options, tick the box 'Scan for rootkits'.Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.A Threat Scan will begin.With _some infections_, you may see this message box.'Could not load DDA driver'Click 'Yes' to this message, to allow the driver to load after a restart.Allow the computer to restart. Continue with the rest of these instructions.When the scan is complete, click Apply Actions.Wait for the prompt to restart the computer to appear, then click on Yes.After the scan has completed, Click on the **History tab** > Application Logs.Double click on the scan log which shows the Date and time of the scan just performed.Click **'Copy to Clipboard'**Paste the contents of the clipboard into your reply.then in the body of reply box, do a Paste by pressing CTRL+V keys on the keyboard. Link to post Share on other sites More sharing options...
Shako62 Posted October 18, 2014 Author ID:891990 Share Posted October 18, 2014 Apparently the paste or Ctrl V didn't work so saved as text and attachedSan Log.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 18, 2014 ID:891996 Share Posted October 18, 2014 Awesome. Very well done. ( the Paste procedure --- you need to click once with your mouse the white space in the reply box --- then do CTRL + V )( the particular "target" for the paste has to have the focus and be the active input window). It works. Next an online scan at ESET for viruses.It's important to run this online scan to help look for any remnants that may be lurking. This scan can take upwards of an hour.1) Turn off your anti-virus software.2) Click Start>All Programs and locate Internet Explorer (64-bit). Right click to run as Administrator3) Next, click on the following link ==> http://www.eset.com/onlinescan/4) Click on the "ESET Online Scanner" button.5) Put a check in the box that says "YES, I accept the Terms of Use."6) Click the 'Start' button just to the right of the checkbox.7) UNCHECK the box that says "Remove found threats" (this is very important).8) Click on "Advanced settings".9) Put a check in the box that says "Scan for potentially unsafe applications".10Verify that "Scan for potentially unwanted applications" is also checked.11) Verify that "Enable Anti-Stealth technology" is also checked.12) Click the 'Start' button in the lower-right corner of the page, and it will begin downloading it's database, and then it will start scanning.13) When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."14) Save that text file on your desktop, and then attach it to a reply for me.15) Close the ESET online scan.15) Re-enable your Antivirus.I will take a look at the log, and let you know if anything needs to be removed. Link to post Share on other sites More sharing options...
Shako62 Posted October 18, 2014 Author ID:892004 Share Posted October 18, 2014 I didn't have anti virus, remember, so I will grab a program later. Running that scan now per your instructions.If you have a reccomendation for Anti Virus, I would be all ears... Link to post Share on other sites More sharing options...
Shako62 Posted October 18, 2014 Author ID:892006 Share Posted October 18, 2014 Getting an "Internet Explorer restricted this webpage from running scripts or ActivX controls " message now, just fyi Link to post Share on other sites More sharing options...
Recommended Posts