Jump to content

Infection!

TheMekon

By TheMekon
in Resolved Malware Removal Logs

 Share

Recommended Posts

TheMekon

TheMekon

Posted
Posted

Hi,

I believe that my PC has been infected.

I cannot run MBAM, Microsoft Defender won't start, IE & Firefox cannot get to the internet, and at least one Excel file that I copied to a flash drive is coming up with a "Protected View" message when I try to open it in Excel. Other Excel spreadsheets on the same drive (both .xls & .xlsx will open fine) Tis one is called passwords.xls(!).

I own multiple PCs, and have resticted moving stuff around to just one other machine, and consider both of them to be in quarantine until such time as they are proven to be free from infection.

None of the 13 chameleon examples will run, either.

I am currently running in Safe mode, so hopefully any attack infection cannot report back over the internet, or import any new infections.

As soon as I realised what had happened to the passwords file, I changed both my bank account access password and my gmail password, so hopefully they aren't compromised (?)

 

Please help.

 

Thanking you in anticipation,

 

John

FRST.txt

Addition.txt

Link to post
Share on other sites
TwinHeadedEagle

TwinHeadedEagle

Posted
Posted

Hello,

    

 

They call me TwinHeadedEagle around here, and I'll try to help your with your issue.

 

     

    

Before we start please read and note the following:

  • We're primarily oriented on malware removal here, so you must know that some issues just cannot be solved and you must be prepared for this. Some tools we use here will remove your browser search history, so backup your important links and all the files whose loss is unacceptable.
  • Note that we may live in totally different time zones, what may cause some delays between answers.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
  • Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
:excl: I can't foresee everything, so if anything not covered in my instructions happens, please stop and inform me!

:excl: There are no silly questions. Never be afraid to ask if in doubt!

 

 

 

  warning.gif Rules and policies

 

We won't support any piracy.

That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!

The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

 

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.

 

 

I do not recommend usage of IOBIT products, they have bad reputation, and are prone to create problems. That is why I suggest to uninstall:

Advanced SystemCare 8

Driver Booster

Game Booster

IObit Malware Fighter

IObit Uninstaller

Smart Defrag 2

Surfing Protection

 

When you see a word "Booster", "Optimizer", "TuneUp" or similar it is often some kind of silly application. You cannot "boost" you system more than it actually is. Microsoft optimized Windows perfectly and they are constantly working on improvements, so these tools are just selling you nothing but "fog".

 

Only way to actually boost your system is to upgrade your hardware by adding SSD, more processor power or more ram memory.

FRST.gif Fix with Farbar Recovery Scan Tool

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif

icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    (XP users click run after receipt of Windows Security Warning - Open File).

  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please upload it to your reply.

fixlist.txt

Link to post
Share on other sites
TheMekon

TheMekon

Posted
  • Author
Posted

All I can say is...thanks - I'd struggled with this for the last 36 hours, using whatever tools that I could find, and one small tool, and a LOT of knowledge on your part and, hey presto - no more infection.

 

Any idea where I might have picked it up from? Before it hit me I'd been surfing day trip operators around ANZ for possible excursions during a New year's cruise - nothing dodgy; nothing downloaded; nothing even slightly off center! It's got me banjaxed! Oh, and I had nothing downloading in uTorrent, either.

Link to post
Share on other sites
  • 3 weeks later...
Maurice Naggar

Maurice Naggar

Posted
Posted

Very good. We can wrap up this case.

The following procedures will implement some cleanup procedures to remove the tools I had you use.

bwebb7v.jpgDownload Delfix from http://windowsupdate.microsoft.com]WindowsUpdate and install any Important Updates offered.

Make certain that Automatic Updates is enabled.
How to configure and use Automatic Updates in Windows
http://support.microsoft.com/kb/306525

Pay close attention when installing 3rd-party programs. It is important that you pay attention to the license agreements and installation screens when installing anything off of the Internet. If an installation screen offers you Custom or Advanced installation options, it is a good idea to select these as they will typically disclose what other 3rd party software will also be installed. Furthermore, If the license agreement or installation screens state that they are going to install a toolbar or other unwanted adware, it is advised that you cancel the install and not use the free software.

Check on other update issues as well, by getting, installing and using Secunia Personal Software Inspector (PSI) on a regular basis.
See How to detect vulnerable and out-dated programs using Secunia Personal Software Inspector
http://www.bleepingcomputer.com/tutorials/tutorial174.html

Keep your system and programs up to date. Several programs release security updates on a regular basis to patch vulnerabilities. Keeping your software patched up prevents attackers from being able to exploit them to drop malware.
 
We have another program that can also help protect against exploits. Malwarebytes Anti-Exploit (MBAE) recently was recognized as “Security innovation of the year” by V3.
http://www.v3.co.uk/v3-uk/news/2384032/v3-announces-winners-of-technology-awards-2014

We have a free version that protects against exploit attacks in your browsers and Java, and a paid version that also protects additional applications such as MS Office.
https://www.malwarebytes.org/antiexploit/

I would recommend you install the Anti-Exploit in free use mode.
 

Best to you.

 

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.