Jump to content

Shako


Recommended Posts

Hello Shako62 and welcome aboard.

 

This sub-forum is strictly one to one help.  We do not piggy back more than 1 customer in 1 thread.  I have deleted your other post and made this one here yours.

 

You truly need to do the forum preliminaries.  That is to get and run some diagnostic reports.  Then reply and ATTACH the reports in the reply.

Please print out, read and follow the directions here, skipping any steps you are unable to complete.

Link to post
Share on other sites

Please try to collect all your questions / issues into 1 post because it is not the ideal to multi-post.   and I am in middle of replying to you.

 

Tell me more about the inability to get FRST.

 

What browser program do you use?

Is there some "error message" ?

 

Are even able to reach the bleepingcomputer download site?

 

What is the background story about the infection on the computer?

 

What version of Windows is it running?


Do you have access to a working computer at your home ?  neighbors house ?  library ?

 

Is your antivirus out of commission?  which antivirus do you have ?

 

It is possible you may have a serious rogue or rootkit infection.

 

Please download Malwarebytes Anti-Rootkit (MBAR)  and save it to your desktop,
from here   
http://downloads.malwarebytes.org/file/mbar

•Be sure to print out ( if possible) and follow the instructions provided on that same page.

•Doubleclick on the MBAR file you downloaded and approve the UAC prompt in Vista and newer operating systems.
•Click **OK** on the next screen, to allow the package to extract the contents of the file to its own folder, mbar.
•mbar.exe will launch automatically. On some systems, this may take a few extra seconds. Please be patient and wait for the program to open.
•After reading the Introduction, click '**Next**' if you agree.
•On the Update Database screen, click on the '**Update**' button.
•Once you see 'Success: Database was successfully updated' click on 'Next'.
•Click the '**Scan**' button.

With some infections, you may see two messages boxes.
  1.'Could not load protection driver'. Click 'OK'.
  2.'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.

•If malware is found, do **NOT** press the Cleanup button when the scan completes. Click EXIT.
Then, please send the following logs as attachments to your reply. These logs are located in the mbar folder on your desktop where the tool extracted itself to.

mbar-log-2014-10-18 .....txt (where xx-xx(xx-xx-xx) is the date and time of the scan)
+ also
system-log.txt

I need to have both of those files attached in your next reply.  Thanks.  Send even if nothing is reported as detected. Always send these.

Link to post
Share on other sites

I have to have the mbar-log-2014-10-18 .....txt

 

and what did the MBAR program show, if you recall?

 

These notes you made at the very start

fff5ee.com

95.215.1.57

66.77.96.140

Those are IP Blocks.

The Malwarebytes Anti-Malware Website Blocking feature will advise users when an known malicious IP is attempted to be reached(outgoing) or is trying access your PC(incoming).

Incoming threats can be ignored, our software is blocking the attack and there is nothing more that can be done.

No action is required unless you're also experiencing malware symptoms or there are multiple IPs(ex;123.23.34 and 4.44.56).

A browser is not required to be running, just an active Internet connection with processes running,

such as Instant messenger clients, SKYPE or P2P software to trigger these alerts.

These are also triggered by banner ads running on websites which is the most common form of alert

Windows Vista and Windows 7 & 8 will show the process, but Windows XP does not have the structure in place for this to be displayed by our software

Please see/review this reference on MBAM's IP blocks

https://helpdesk.malwarebytes.org/hc/en-us/articles/202325608

Link to post
Share on other sites

Ok, re ran the root kit program and now have three files...

 

I removed Malware program and am trying to get a fresh download. Gettig the security error again anytime I try to download from a link...Going to head to work and pick up a laptop to download these programs form and transfer over

mbar-log-2014-10-18 (12-10-41).txt

system-log.txt

mbar-log-2014-10-18 (11-40-38).txt

Link to post
Share on other sites

OK, we need to pause and regroup. I am gathering more information.

The IP Blocks are valid. You are experiencing a likely browser hijack and the InstallQ malware.

Be sure that you do NOT fall for a fake flash or fake java browser update.

The IP Blocks mean that the program is working and is blocking malware.

This pc also seems to be lacking a antivirus program. You must have one. We can address that later.

Did you accept some sort of Java update in past few days?

any fake Flash updates?

Again, we need to pause and regroup. as we go along, Stop and get all your info together and then make 1 post.

Then wait for me to reply.

otherwise, we will be out of phase.

Link to post
Share on other sites

Ok...

I believe I was asked for a Java 7 67 update recently, looked at DirectX 11 yesterday...Maybe that was the problem.

 

I was able to get the anti Root Kit program to run and added the text files. I was also able to run the Farbar and Mbar programs and MClean.

I will re attach the text files form the results.

I am not able to re download the Maleware Bytes program to replace the old version I had. I get the pop up saying the security settings are preventing download and the screen is basically frozen. I will grab a laptop and get that another way so I can re install.

If you recommend an Anti Virus program, I will pick it up on the way back...

Heading to get a lap top now so I can download files as needed...Thanks very much for your help and patience so far... :)

Link to post
Share on other sites

These steps are for member Shako62 only. If you are a casual viewer, do NOT try this on your system!
If you are not and have a similar problem, do NOT post here; start your own topic


OK, Let us pause and do this Fix with FRST. This infection is also called Poweliks. It is on this system.


Save the attached file Fixlist.txt to the same location where you have FRST.exe ---- thats important for the Fix to work.

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite an existing one please allow)

Run FRST again but this time press the "Fix" button just once and wait.

When finished, it will make a log ( fixlog.txt  ) next to FRST.
Please attach the Fixlog.txt into a reply.

Fixlist.txt

Edited by Maurice Naggar
Link to post
Share on other sites

OK, very good.

Lets do this next   ( and by the way NO freewheeling web surfing ---- lets wait until after I give the all clear).

 

Please do a Threat & Rootkit Scan:
Start the Anti-Malware program.

Click the Settings icon ( on the top bar) > then click **Detection and Protection** subtab, Detection Options, tick the box 'Scan for rootkits'.
Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
A Threat Scan will begin.

With _some infections_, you may see this message box.
'Could not load DDA driver'
Click 'Yes' to this message, to allow the driver to load after a restart.

Allow the computer to restart. Continue with the rest of these instructions.
When the scan is complete, click Apply Actions.
Wait for the prompt to restart the computer to appear, then click on Yes.

After the scan has completed, Click on the **History tab** > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click **'Copy to Clipboard'**
Paste the contents of the clipboard into your reply.
then in the body of  reply box, do a Paste by pressing CTRL+V keys on the keyboard.

Link to post
Share on other sites

Awesome.  Very well done.   ( the Paste procedure  --- you need to click once with your mouse the white space in the reply box  --- then do CTRL + V )

( the particular "target" for the paste has to have the focus and be the active input window).   It works.

 

Next an online scan at ESET for viruses.

It's important to run this online scan to help look for any remnants that may be lurking. This scan can take upwards of an hour.

1) Turn off your anti-virus software.

2) Click Start>All Programs and locate Internet Explorer (64-bit). Right click to run as Administrator

3) Next, click on the following link ==> http://www.eset.com/onlinescan/

4) Click on the "ESET Online Scanner" button.

5) Put a check in the box that says "YES, I accept the Terms of Use."

6) Click the 'Start' button just to the right of the checkbox.

7) UNCHECK the box that says "Remove found threats" (this is very important).

8) Click on "Advanced settings".

9) Put a check in the box that says "Scan for potentially unsafe applications".

10Verify that "Scan for potentially unwanted applications" is also checked.

11) Verify that "Enable Anti-Stealth technology" is also checked.

12) Click the 'Start' button in the lower-right corner of the page, and it will begin downloading it's database, and then it will start scanning.

13) When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."

14) Save that text file on your desktop, and then attach it to a reply for me.

15) Close the ESET online scan.

15) Re-enable your Antivirus.

I will take a look at the log, and let you know if anything needs to be removed.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.