Jump to content
Due to inclement weather in Southwest Florida, our Clearwater support team is offline. Our other offices are available to assist you, however their responses may be delayed. We appreciate your patience and understanding during this time. ×

Possible infection


gzembow
 Share

Recommended Posts

Hi there gzembow!

 

I am Blackbird and I will be helping you dealing with your computer problems. :)

 

I need some more information before I can help you though:

- Since when did you experience any problems that are still there now?

- What problems do you experience exactly?

- Can you please post the results of MBAM, RKill and ComboFix in your next reply?

 

Beside that I want to warn you: Running tools like ComboFix was NEVER meant to be done by users without supervision of a Trained Helper. I want to advise you to never run these kind of tools again, without proper supervision of a qualified Helper. This, because tools like ComboFix do a lot more than you think and can ruin your computer if they were not used properly!

 

I hope to hear from you soon. :)

Link to post
Share on other sites

Thank you for your assistance.

 

I now know that I should not try this without guidance. The infected computer belongs to a friend of my mother and she still uses AOL as her primary email and browser.

 

It started 11 days ago and appeared to be a hijacker just effecting AOL. The url it was redirecting to was variations on adnxs.com.

 

So I ran MBAM on 12/12 and quarantined what it found. (logs attached)

 

Then 3-5 days later the hijacker came back. The owner was leaving for holidays with her family so I was only able to try again yesterday. I followed some steps I found online and I ran Spybot v1.6.4 and cleaned a few things it found like Doubleclick. (logs attached).

 

Then I ran rKill and it seemed to indicate that the hosts file was infected.  (logs attached). So I found a MS page on how to reset the hosts file and did that.

 

Last I ran ComboFix and decided I was over my head and needed assistance. Lesson learned.  (logs attached).

 

I hope I did not do too much damage.

 

Please let me know what to do next.  Thank you very much.

mbam-log-2014-12-12 (22-55-02).xml

protection-log-2014-12-12.xml

Checks.141228-1427.log

Checks.141228-1438.txt

Fixes.141228-1716.txt

Update downloads.log

Rkill B4.txt

Rkill before.txt

Rkill.txt

hosts.txt

ComboFix.txt

Link to post
Share on other sites

Hi there,

 

I reviewed your logfiles. No shocking things are in there. :)

 

The logfiles are outdated though, and I would like to have some recent logfiles instead. Therefor, perform the following steps, please.

 

1. Please download a new, fresh copy of RKill.

  • Right-click RKill and choose Run as Administrator....
  • Follow the instructions given by the program.
  • Save the logfile that will be created by the program.
  • Post this logfile in your next reply.

 

2. Run Malwarebytes' Anti-Malware.

Note: If you're using the old version of the program (v 1.x) please uninstall this version and download and install the new v. 2.x instead. Click here to download.

  • Once the program has opened itself, download the latest update-pack by clicking Update Now.
  • Now click the Settings tab, and select Detection and Protection. Make sure the following items are set like this:
    • Place a checkmark at "Scan for rootkits"
  • Click the Scan tab.
  • Select Threat Scan and click the Run Scan button.
  • Delete everything that will be found. If a restart is required, allow Malwarebytes' Anti-Malware to restart your computer.
  • Post the scan results in your next reply.

 

3. Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

 

Please tell me in your next reply which problems you're still facing, together with the logfiles from RKill, MBAM and Farbar's Recovery Scan Tool.

 

Good luck! :)

Link to post
Share on other sites

Hi there,

 

Please download the attached fixlist.txt and save it to the same location as Farbar Recovery Scan Tool.

 

Warning!: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

 

Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please attach it to your reply.

 

Please tell me which problems you're still facing.

fixlist.txt

Link to post
Share on other sites

Hi gzembow,

 

It all seems okay to me again. :)

 

1. Please remove ComboFix by going to Start > Run (or type it in the search field in the Start menu), and type: combofix /uninstall

 

2. You can remove the other programs used manually. Don't use them after we finished this topic, as they were meant for using under supervision. Ofcourse you can continue using Malwarebytes' Anti-Malware.

 

Please let me know if you got any other questions, or if I can close this topic. :)

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.