Jump to content

Please help, can't install or run Malware Removal programs

Johnnyle35

By Johnnyle35
in Resolved Malware Removal Logs

 Share

Recommended Posts

kevinf80

kevinf80

Posted
Posted

Hello and welcome,

P2P/Piracy Warning:

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Can you also post the secondary log from FRST "Addition.txt" Logs are saved to the following folder:

 

C:\FRST\Logs

 

Thanks,

 

Kevin

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Thanks for those logs, continue please:

 

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.
 

Next,

 

Please open Malwarebytes Anti-Malware.

  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • With some infections, you may or may not see this message box.

            'Could not load DDA driver'
  • Click 'Yes' to this message, to allow the driver to load after a restart.
  • Allow the computer to restart. Continue with the rest of these instructions.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.



To get the log from Malwarebytes do the following:

  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:

      Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
      Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
      XML file (*.xml)      - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…




If Malwarebytes is not installed follow these instructions first:

Download Malwarebytes Anti-Malware to your desktop.

  • Double-click mbam-setup and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish. Follow the instructions above....

 
Next,
 
Download AdwCleaner by Xplode onto your Desktop.

  • Double click on Adwcleaner.exe to run the tool.
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...


 

Next,

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts. (re-enable when done)
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


 

Next,

 

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

32 Bit version:
https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

64 Bit version:
https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en

Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window
In the "Scan Type" window, select Quick Scan
Perform a scan and  Click Finish when the scan is done.

Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

notepad c:\windows\debug\mrt.log
 

I also see that Combofix has been used, can I see the following log:

 

C:\Combofix.txt

 

Also zip up and attach this folder:

 

C:\Qoobox

 

Thank you,

 

Kevin..

 

 

Fixlist.txt

Link to post
Share on other sites
Johnnyle35

Johnnyle35

Posted
  • Author
Posted

Hi Kevin, 

 

I ran Adwcleaner and here is the log. I still unable to install Malwarebytes Anti-Malware or JRT 

 

# AdwCleaner v5.005 - Logfile created 02/09/2015 at 23:19:47

# Updated 31/08/2015 by Xplode
# Database : 2015-08-31.2 [server]
# Operating system : Windows 7 Ultimate  (x64)
# Username : Cuong Le - CUONGLE-OFFICE
# Running from : C:\Users\Cuong Le\Downloads\AdwCleaner (1).exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
 
*************************
 
:: Winsock settings cleared
:: Firewall settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [651 bytes] ##########
 
 
 
 
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.27, August 2015 (build 5.27.11700.0)
Started On Wed Sep 02 23:31:29 2015
 
Engine: 1.1.11903.0
Signatures: 1.203.693.0
 
Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Sep 02 23:34:46 2015
 
 
Return code: 0 (0x0)
 
 
 
 
It won't let me zip c:\Qoobox folder. Here is the error 
!   Cannot read contents of C:\Qoobox\BackEnv\*
!   Cannot create Qoobox.rar
!   Access is denied.
 
 

ComboFix.txt

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Thanks for the logs, as you cannot install Malwarebytes lets try via Chameleon. Open the following link and follow the instructions to install and run Malwarebytes via Chameleon:

 

https://support.malwarebytes.org/customer/portal/articles/1833351-how-do-i-use-malwarebytes-chameleon-to-install-malwarebytes-anti-malware-on-an-infected-system-?b_id=6447

 

Let me know the outcome...

 

Thank you,

 

Kevin.

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

If you prefer to go for a reinstall maybe that is the best option, that decision is up to you... If you want to continue try the following:

 

Download RKill from here: http://www.bleepingcomputer.com/download/rkill/

There are three buttons to choose from with different names on, select the first one and save it to your desktop.

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7/8, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • A log pops up at the end of the run. This log file is located at C:\rkill.log. Please post this in your next reply.
  • If you do not see the black box flash on the screen delete the icon from the desktop and go back to the link for the download, select the next button and try to run the tool again, continue to repeat this process using the remaining buttons until the tool runs. You will find further links if you scroll down the page with other names, try them one at a time.
  • If the tool does not run from any of the links provided, please let me know.


 

See if Malwarebytes will now install if RKill was successful, if not we can run a tool from outside of windows. Let me know how you want to progress..

 

Thank you,

 

Kevin...

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

One last try...

 

Information on Kaspersky rescue disk 10
http://media.kaspersky.com/downloads/consumer/kasp10.0_rescuedisk_en.pdf

Download Kaspersky Rescue Disk (iso)

  • Burn it to a cd or dvd, if you need a program to burn an ISO...use  Active@ ISO Burner
  • Configure your computer to boot from CD/DVD

    Note : If you do not know how to set your computer to boot from CD/DVD follow the steps here
  • Once you have the CD/DVD created, boot the computer up using it
  • Press any key to enter the menu
  • Select your language
  • Press 1 to accept the End User License Agreement
  • Select Kaspersky Rescue Disk. Graphic Mode
  • Click on the Start button located in the left bottom corner of the screen
  • Run Kaspersky WindowsUnlocker to remove Windows system and registry changes made by Malware/Virus


    krd5.jpg If you can't find Kaspersky WindowsUnlocker, go to Terminal instead > type > windowsunlocker > choose 1 - Unlock Windows > Enter

  • When it's done, click on the Start button and start Kaspersky Rescue Disk utility
  • Click on My Update Center tab and press Start to download the latest update
  • Next, select the Object Scan tab
  • Put a check next to C:\ and any other local drives
  • Then click Start Objects Scan
  • Quarantine any malware found
  • Restart your computer and see if it boots up normally....



When booted back into Windows Navigate > Start > Computer > C:\Kaspersky Rescue Disck 10.0 Open the folder, inside is log from KRD run named "ScanObject" copy/paste that file to your reply.
 

Thanks,

 

Kevin..

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Some of the Kaspersky log file entries are left untreated, run once more and either quarantine or delete found entries...

 

Next,

 

When Kaspersky is finished re-boot, run FRST once more as follows:

 

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the two logs....
 

As well as posting the logs also give me a list of all current issues or concerns that remain....

 

Next,

 

Zip up and attach this folder :- C:\Windows\Minidump

 

Thank you,

 

Kevin

Link to post
Share on other sites
Johnnyle35

Johnnyle35

Posted
  • Author
Posted

Hi Kevin,

 

I did the Kaspersky Scan and windows unlocker again then farbar scan. Attached are all the log.

After restart i got blue screen and here is the log

 

Problem signature:

Problem Event Name: BlueScreen

OS Version: 6.1.7600.2.0.0.256.1

Locale ID: 1033

Additional information about the problem:

BCCode: 50

BCP1: FFFFF8A029C62000

BCP2: 0000000000000000

BCP3: FFFFF8000411B7BE

BCP4: 0000000000000000

OS Version: 6_1_7600

Service Pack: 0_0

Product: 256_1

Files that help describe the problem:

C:\Windows\Minidump\090515-18392-01.dmp

C:\Users\Cuong Le\AppData\Local\temp\WER-25240-0.sysdata.xml

Read our privacy statement online:

 

http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409

If the online privacy statement is not available, please read our privacy statement offline:

 

C:\Windows\system32\en-US\erofflps.txt

 

 

Thanks

Minidump.zip

FRST.txt

Addition.txt

ScanObject.txt

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

The dump file not attribute any definite reason for the BSOD..... run RogueKiller, see if that gives us a clue...

 

Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/

  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8/8.1/10, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes select "Report",in the next window select "Export txt" the log will open as a text file post that log... Also save to your Desktop for reference. log will open.
  • Close the program > Don't Fix anything!

 

Thanks,

 

Kevin..

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept