Jump to content

White Screen Virus removal help


samphotog
 Share

Recommended Posts

A coworker who isn't very computer savvy asked me to look at her computer because it was acting weird. She described it to me and as far as I can tell it's some variant of the White Screen trojan/ransomware. (I have not seen it as it only pops up at home on her network) She says a full screen white page pops up claiming to be from Time Warner Cable (her ISP) with a number to call to make it stop happening. She called and apparently paid around $70 for them to do a remote desktop session overnight to "fix" the problem. Well besides the obvious scam, they apparently removed the antivirus I installed to her the day before so I don't know what else they might have done. I've run every program I know how to run confidently. I can get the logs from FRST or anything else but I don't know how to analyze them yet so that is what I would like help with unless there are other options. I will attach the FRST log to get started and just let me know what you need from there. Thanks!

FRST.txt

Addition.txt

Link to post
Share on other sites

Hello and welcome,

P2P/Piracy Warning:
 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

 

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.
 

Next,

 

Please open Malwarebytes Anti-Malware.

  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • With some infections, you may or may not see this message box.

            'Could not load DDA driver'
  • Click 'Yes' to this message, to allow the driver to load after a restart.
  • Allow the computer to restart. Continue with the rest of these instructions.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.



To get the log from Malwarebytes do the following:

  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:

      Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
      Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
      XML file (*.xml)      - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


 

Next,

 

Download AdwCleaner by Xplode onto your Desktop.

  • Double click on Adwcleaner.exe to run the tool.
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...

 
Next,
 
thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts. (re-enable when done)
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


 

Next,

 

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

32 Bit version:
https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

64 Bit version:
https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en

Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window
In the "Scan Type" window, select Quick Scan
Perform a scan and  Click Finish when the scan is done.

Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

notepad c:\windows\debug\mrt.log
 

Let me see those logs, also give an update on any remaining issues or concerns...

 

Thank you,

 

Kevin...

Fixlist.txt

Link to post
Share on other sites

Awesome! Here we go, the FRST fix results and I left ESET online scanner running when I finally have to give it up and get some sleep and it found that. I will get the other results and post them ASAP. I don't think all of these scans will finish before I have to go to work but I'll do what I can. If it helps anything now I have run malwarebytes and adwcleaner until there were no more detections.

Fixlog.txt

eset results.txt

Link to post
Share on other sites

Post the logs I asked for, when complete let me know if any remaining issues or concerns...

 

The entries from ESET  need to be uploaded to VirusTotal for confirmation..

 

Go to http://www.virustotal.com/

  • Click the Choose file button
  • Navigate to the file C:\Windows\System32\LavasoftTcpService64.dll
  • Click the Scan it tab
  • If you get a message saying File has already been analyzed: click Reanalyze file now
  • Copy and paste the results back here please.
  • Repeat the above steps for the following files

C:\Windows\SysWOW64\LavasoftTcpService.dll

 

Thank you,

 

Kevin..
 

Link to post
Share on other sites

Her computer is very slow. I'm still waiting on malwarebytes to finish. I'm going to have to head to work here in the next half hour and I'll have to take it back to her. If she doesn't mind I'll keep it and bring it back with me to finish up those other programs tonight or I'll see if I can get that done on my lunch. While I have you though, can you recommend a good antivirus program to install that is as self sustaining as possible? I would normally put avast on there but she would have to do something with it after the first year to keep it active. This is a person who prefers the windows 8 start screen to a desktop environment and can't be talked away from internet explorer. Just something to hopefully keep this kind of thing from happening with as little user interaction as possible. Thank you very much!

Link to post
Share on other sites

Still need to see the log from Microsoft's "Malicious Software Removal Tool" Also need the results from VirusTotal... Plus need an update on any remaining issues or concerns..

 

Regarding security, I personally use and recommend Kaspersky IS and Malwarebytes premium.. Also have a look at the following link for all the hints and tips you`ll ever need for security etc..

 

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629
 

Thank you,

 

Kevin.

Link to post
Share on other sites

For the time being I'm not going to be able to provide those yet. She needed her computer back and it will be a few days before I see her and find out if it's resolved. I appreciate the help and if possible I would like to keep this thread open for a few extra days until I hear back from her.

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.