Jump to content

AntiMalwarebytes Won't remove any Malware from Scan


Recommended Posts

Hello,

 

I recently got bogged with a whole bunch of malware. Mostly PUP, but also some other baddies like Trojian. I uninstalled all the unwanted programs and ran a scan.

 

When I ran a scan with Antimalwarebytes, something crazy like 716 threats were detected. I looked at them all and they were all baddies I didn't want. I check them all to delete/quarantine, the free version said the threats were removed.

 

I ran another scan because my computer was still running slow, and they were still there. When I tried the same with the premium version, instead of saying the threats were removed, it said 0 threats were removed.  I also tries the premium version in safe mode-same results.

 

If any attachments are needed, or I need to uninstall something, please let me know.

 

 

FRST.txt

Addition.txt

Link to post
Share on other sites

Hello and welcome,

P2P/Piracy Warning:

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Re-run Malwarebytes as follows:

 

Please open Malwarebytes Anti-Malware.

  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • With some infections, you may or may not see this message box.

            'Could not load DDA driver'
  • Click 'Yes' to this message, to allow the driver to load after a restart.
  • Allow the computer to restart. Continue with the rest of these instructions.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.



To get the log from Malwarebytes do the following:

  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:

      Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
      Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
      XML file (*.xml)      - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…



Next,

 

You will have to run FRST from an account with Administrator rights..... Run again as follows:

 

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" Also checkmark Shortcut.txt and Addition.txt under Optional scan Select scan, when done post the logs....

 

Thank you,

 

Kevin
 

Link to post
Share on other sites

Thank You for your quick response. I acknowledge your piracy warning and I want to comply. I uninstalled Torrent beforehand, but due to your warning, there must be something else. There isn't any other torrent that pops up in my "uninstall a program" section. Please guide me on what exactly I must do to remove the pirated content and I will comply. I have read the "piracy" link, but it doesn't provide any specific information.

 

In regard to your instructions:

 

The scan was too long and the forum won't let me put in the text part of the comment. So I have attached it as a word document as scan 10.29.15.txt.docx.

Addition.txt

FRST.txt

Shortcut.txt

scan 10.29.15.txt.docx

Link to post
Share on other sites

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Please open Malwarebytes Anti-Malware one more time.

  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • With some infections, you may or may not see this message box.

            'Could not load DDA driver'
  • Click 'Yes' to this message, to allow the driver to load after a restart.
  • Allow the computer to restart. Continue with the rest of these instructions.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.



To get the log from Malwarebytes do the following:

  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:

      Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
      Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
      XML file (*.xml)      - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…

 

Next,

 

Download AdwCleaner by Xplode onto your Desktop.

  • Double click on Adwcleaner.exe to run the tool.
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...

 
Next,
 
thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts. (re-enable when done)
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


 

Next,

 

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

32 Bit version:
https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

64 Bit version:
https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en

Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window
In the "Scan Type" window, select Quick Scan
Perform a scan and  Click Finish when the scan is done.

Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

notepad c:\windows\debug\mrt.log
 

Let me see those logs, also give an update on any remaining issues or concerns...

 

Thank you,

 

Kevin...

Fixlist.txt

Link to post
Share on other sites

I have done what you said, in the following order:

 

The fixlog from fixlist.txt:Fixlog.docx

 

The Malwarebytes scan: Malwarebytes log #1.docx

 

The Adwcleaner.exe: AdwCleanerC1.docx

 

The Junkware Removal tool: JRT.docx

 

The Malicious Software Removal Tool: mrt.log.docx

 

I have some lingering concerns.  While the Malwarebytes scan does show fewer baddies and when I try to quarantine, it does say I quarantined them. I am concerned because I ran another scan after I did everything above and still had over 50 threats. I have copied the scan hereMalwarebytes log #2.docx.

 

In addition, every now an then this pop up occurs. It started when I had the problem removing the threats, but even with everything above, the popup still occurs. I have posted a screenshot of the popup here.post-194624-0-92985000-1446423232_thumb.

 

Finally, if I am in violation of the piracy policy, please advise me on how to fix it(ie what files I need to delete, ect...).

 

Thank You

Link to post
Share on other sites

Run Malwarebytes one more time, ensure to reboot on completion of the threat scan... Post the new log.

 

Next,

 

dr_web_cureit_zpse80d87bf.jpg
Download Dr Web Cureit from here http://www.freedrweb.com/cureit save to your desktop. (Scroll to bottom of page)

  • The file will be randomly named
  • Reboot to safe mode
  • Run Dr Web
  • Tick the I agree box and select continue
  • Click select objects for scanning

    drwebselect.JPG
  • Tick all boxes as shown
  • Click the wrench and select automatically apply actions to threats

    drwebfolders.JPG
  • Press start scan
  • The scan will now commence

    drwebscan.JPG
  • Once the scan has finished click open report  <<<<---- Do not miss this step

    drwebscancomplete.JPG
  • A notepad will open
  • Select File > Save as..
  • Save it to your desktop



This log will be excessive,  Attach it to your next reply…

 

Next,

 

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt and Shortcut.txt under "Optional scan" Select scan, when done post the new logs....

 

Post those logs, also give an update on any remaining issues or concerns...

 

Thank you,

 

Kevin....

 

 

Link to post
Share on other sites

Hello,

 

I have done as requested

 

Here is the first scan from Malwarebytes:Malwarebytes Scan before.txt

 

Here is the log for Dr. Web:cureit.log

 

Here are the logs for FRST:Addition.txtFixlog.txtFRST.txtFixlog.txt

 

I still have that popup and 74 threats still aren't removed.  

 

Here is a Malwarbytes Scan afterwards:Malwarebytes Scan after.txt

 

Do you have any more advice?

 

Thank You

Link to post
Share on other sites

The second malwarebytes log suggests the malware is still returning... Continue as follows:

 

Check progrmas list via Programs and Features, uninstall the following if present:

 

NitroplusCHiRAL

 

Next,

 

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

This scan is very thorough so will take several hours to complete:

 

ESETOnline.png Scan with ESET Online Scanner

This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
Please visit ESET Online Scanner website.

Click there Run ESET Online Scanner.

If using Internet Explorer:

  • Accept the Terms of Use and click Start.
  • Allow the running of add-on.

If using Mozilla Firefox or Google Chrome:
  • Download esetsmartinstaller_enu.exe that you'll be given link to.
  • Double click esetsmartinstaller_enu.exe.
  • Allow the Terms of Use and click Start.


To perform the scan:

  • Make sure that Remove found threats is Checkmarked.
  • Scan archives is checkmarked.
  • In Advanced Settings: Scan for potentially unwanted applications, Scan for potentially unsafe applications and Enable Anti-Stealth technology are checkmarked.
  • Under “Enable Stealth Technology select “Change” select any extra drives in that window.
  • Click Start
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan.
  • When the scan is done, click Finish.
  • A logfile will be created at C:\Program Files (x86)\ESET\ESET Online Scanner. Open it using Notepad.



Please include this logfile in your next reply.

Don't forget to re-enable protection software!

 

Next,

 

Run another threat scan with Malwarebytes, post that log....

 

Let me see those logs, also give an update on any remaining issues or concerns....

 

Cheers,

 

Kevin...
 

Fixlist.txt

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.