Jump to content

Infected with fff5ee and blinxcore


mb129

Recommended Posts

Welcome to the forum

Download the attached fixlist.txt to the same folder as FRST.exe/FRST64.exe.

Run FRST.exe/FRST64.exe and click Fix only once and wait

The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

============================

Then...........

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

http://www.bleepingcomputer.com/download/combofix/dl/12/ <---ComboFix direct download

Please make sure you click download buttons that look similar to this, not "sponsored ad links":

bleep-crop.jpg

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

 

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

Do you use these:

FF Plugin HKCU: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\THEBRO~1\AppData\Roaming\CATALI~2\NPBCSK~1.DLL (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)

Catalina Savings Printer (HKLM-x32\...\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}) (Version: 1.0.0 - Catalina Marketing Corp)

 

MrC

Link to post
Share on other sites

They're kind of borderline but if you use them, we'll leave them.
There's a lot of other adware/spyware on the system that we should clean up.

Download the attached fixlist.txt to the same folder as FRST.exe/FRST64.exe.
Run FRST.exe/FRST64.exe and click Fix only once and wait
The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.


(if you see any of the coupon items in the log...don't fix anything...just get the log and let me look at it)

Please download AdwCleaner from HERE or HERE to your desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are either adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

======================

Please run a Threat Scan (Malwarebytes)
Click on settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware
Same for PUM (Potentially Unwanted Modifications)
Quarantine All that's found

MrC

Link to post
Share on other sites

Thank you. All logs attached, looks pretty clean to me. I did not uncheck anything on ADW. I think I may remove AVG what are your thoughts? 

 

FYI i'm from your area - grew up in Marlboro/went to Rutgers. fond memories of 3AM at the South Plainfield (I think) White Castle during college!!!

 

 

Malwarebytes log clean.txt

AdwCleanerS1.txt

AdwCleanerR1.txt

Fixlog.txt

Link to post
Share on other sites

OK...White Castle :)

You don't want AVG on your system!

If there's no other problems......

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
MrC
Link to post
Share on other sites

I haven't deleted AVG yet, waiting for you to advise me to do so.   So here is the checkup.txt:

 

 

 Results of screen317's Security Check version 0.99.89  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10 Out of date! 
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
AVG AntiVirus Free Edition 2015   
Ad-Aware Antivirus                
 Antivirus out of date! (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 JavaFX 2.1.1    
 Java 7 Update 67  
 Adobe Flash Player 15.0.0.152  
 Adobe Reader XI  
 Mozilla Firefox 30.0 Firefox out of Date!  
 Google Chrome 38.0.2125.104  
 Google Chrome 38.0.2125.111  
 Google Chrome Plugins...  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 AVG avgwdsvc.exe 
 Lavasoft Ad-Aware Antivirus Ad-Aware Antivirus 11.4.6792.0\AdAwareService.exe 
 Lavasoft Ad-Aware Antivirus Ad-Aware Antivirus 11.4.6792.0\AdAwareTray.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 2% 
````````````````````End of Log`````````````````````` 
Link to post
Share on other sites

AVG 2015 anti-virus is OK
You don't want the toolbars on the system:
http://www.systemlookup.com/CLSID/73582-AVG_Secure_Search_toolbar_dll.html

=======================================

Out dated programs on the system are vulnerable to malware.
Please update or uninstall them:


======================================

Uninstall these and any other Java listed in your Programs and Features:
JavaFX 2.1.1
Java 7 Update 67


Then: Download and install the latest version (Java™ 8 Update 25) from Here. Uncheck the box to install the Ask toolbar!!!, McAfee Security Scan Plus or any other free "stuff".

====================================

Mozilla Firefox 30.0 Firefox out of Date! <----please check for an update if available.

====================================

A little clean up to do....

Please Uninstall ComboFix: (------->if you used it<-------)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter. (it may look like CF is re-installing but it's not)
This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

bwebb7v.jpgDownload Delfix from here and save it to your desktop. (you may already have this)

  • Ensure Remove disinfection tools is checked.
  • Click the Run button.
  • Reboot

Any other programs or logs that are still remaining, you can manually delete. (right click.....Delete)
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall.

Note:
If you used FRST and can't delete the quarantine folder:
Download the fixlist.txt to the same folder as FRST.exe.
Run FRST.exe and click Fix only once and wait
That will delete the quarantine folder created by FRST.
The rest you can manually delete.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.