uniqueindividualgirl Posted October 29, 2015 ID:998474 Share Posted October 29, 2015 Hello, I recently got bogged with a whole bunch of malware. Mostly PUP, but also some other baddies like Trojian. I uninstalled all the unwanted programs and ran a scan. When I ran a scan with Antimalwarebytes, something crazy like 716 threats were detected. I looked at them all and they were all baddies I didn't want. I check them all to delete/quarantine, the free version said the threats were removed. I ran another scan because my computer was still running slow, and they were still there. When I tried the same with the premium version, instead of saying the threats were removed, it said 0 threats were removed. I also tries the premium version in safe mode-same results. If any attachments are needed, or I need to uninstall something, please let me know. FRST.txtAddition.txt Link to post Share on other sites More sharing options...
kevinf80 Posted October 29, 2015 ID:998485 Share Posted October 29, 2015 Hello and welcome,P2P/Piracy Warning:If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy. Re-run Malwarebytes as follows: Please open Malwarebytes Anti-Malware. On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits". Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button. A Threat Scan will begin. With some infections, you may or may not see this message box. 'Could not load DDA driver' Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions. When the scan is complete, click Apply Actions. Wait for the prompt to restart the computer to appear, then click on Yes. After the restart once you are back at your desktop, open MBAM once more.To get the log from Malwarebytes do the following: Click on the History tab > Application Logs. Double click on the scan log which shows the Date and time of the scan just performed. Click Export > From export you have three options: Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply XML file (*.xml) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…Next, You will have to run FRST from an account with Administrator rights..... Run again as follows: Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" Also checkmark Shortcut.txt and Addition.txt under Optional scan Select scan, when done post the logs.... Thank you, Kevin Link to post Share on other sites More sharing options...
uniqueindividualgirl Posted October 30, 2015 Author ID:998648 Share Posted October 30, 2015 Thank You for your quick response. I acknowledge your piracy warning and I want to comply. I uninstalled Torrent beforehand, but due to your warning, there must be something else. There isn't any other torrent that pops up in my "uninstall a program" section. Please guide me on what exactly I must do to remove the pirated content and I will comply. I have read the "piracy" link, but it doesn't provide any specific information. In regard to your instructions: The scan was too long and the forum won't let me put in the text part of the comment. So I have attached it as a word document as scan 10.29.15.txt.docx.Addition.txtFRST.txtShortcut.txtscan 10.29.15.txt.docx Link to post Share on other sites More sharing options...
kevinf80 Posted October 30, 2015 ID:998717 Share Posted October 30, 2015 Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.Run FRST and press the Fix button just once and wait.The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply. Next, Please open Malwarebytes Anti-Malware one more time. On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits". Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button. A Threat Scan will begin. With some infections, you may or may not see this message box. 'Could not load DDA driver' Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions. When the scan is complete, click Apply Actions. Wait for the prompt to restart the computer to appear, then click on Yes. After the restart once you are back at your desktop, open MBAM once more.To get the log from Malwarebytes do the following: Click on the History tab > Application Logs. Double click on the scan log which shows the Date and time of the scan just performed. Click Export > From export you have three options: Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply XML file (*.xml) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply… Next, Download AdwCleaner by Xplode onto your Desktop. Double click on Adwcleaner.exe to run the tool. Click on the Scan in the Actions box Please wait fot the scan to finish.. When "Waiting for action.Please uncheck elements you want to keep" shows in top line.. Click on the Cleaning box. Next click OK on the "Closing Programs" pop up box. Click OK on the Information box & again OK to allow the necessary reboot After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed... Next, Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts. (re-enable when done) Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator". The tool will open and start scanning your system. Please be patient as this can take a while to complete depending on your system's specifications. On completion, a log (JRT.txt) is saved to your desktop and will automatically open. Post the contents of JRT.txt into your next message. Next, Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktopEnsure to get the correct version for your system....32 Bit version:https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en64 Bit version:https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=enRight click on the Tool, select “Run as Administrator” the tool will expand to the options WindowIn the "Scan Type" window, select Quick ScanPerform a scan and Click Finish when the scan is done.Retrieve the MSRT log as follows, and post it in your next reply:1) Select the Windows key and R key together to open the "Run" function2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:notepad c:\windows\debug\mrt.log Let me see those logs, also give an update on any remaining issues or concerns... Thank you, Kevin...Fixlist.txt Link to post Share on other sites More sharing options...
uniqueindividualgirl Posted November 2, 2015 Author ID:999203 Share Posted November 2, 2015 I have done what you said, in the following order: The fixlog from fixlist.txt:Fixlog.docx The Malwarebytes scan: Malwarebytes log #1.docx The Adwcleaner.exe: AdwCleanerC1.docx The Junkware Removal tool: JRT.docx The Malicious Software Removal Tool: mrt.log.docx I have some lingering concerns. While the Malwarebytes scan does show fewer baddies and when I try to quarantine, it does say I quarantined them. I am concerned because I ran another scan after I did everything above and still had over 50 threats. I have copied the scan hereMalwarebytes log #2.docx. In addition, every now an then this pop up occurs. It started when I had the problem removing the threats, but even with everything above, the popup still occurs. I have posted a screenshot of the popup here. Finally, if I am in violation of the piracy policy, please advise me on how to fix it(ie what files I need to delete, ect...). Thank You Link to post Share on other sites More sharing options...
kevinf80 Posted November 2, 2015 ID:999221 Share Posted November 2, 2015 Run Malwarebytes one more time, ensure to reboot on completion of the threat scan... Post the new log. Next, Download Dr Web Cureit from here http://www.freedrweb.com/cureit save to your desktop. (Scroll to bottom of page) The file will be randomly named Reboot to safe mode Run Dr Web Tick the I agree box and select continue Click select objects for scanning Tick all boxes as shown Click the wrench and select automatically apply actions to threats Press start scan The scan will now commence Once the scan has finished click open report <<<<---- Do not miss this step A notepad will open Select File > Save as.. Save it to your desktopThis log will be excessive, Attach it to your next reply… Next, Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt and Shortcut.txt under "Optional scan" Select scan, when done post the new logs.... Post those logs, also give an update on any remaining issues or concerns... Thank you, Kevin.... Link to post Share on other sites More sharing options...
uniqueindividualgirl Posted November 5, 2015 Author ID:999793 Share Posted November 5, 2015 Hello, I have done as requested Here is the first scan from Malwarebytes:Malwarebytes Scan before.txt Here is the log for Dr. Web:cureit.log Here are the logs for FRST:Addition.txtFixlog.txtFRST.txtFixlog.txt I still have that popup and 74 threats still aren't removed. Here is a Malwarbytes Scan afterwards:Malwarebytes Scan after.txt Do you have any more advice? Thank You Link to post Share on other sites More sharing options...
kevinf80 Posted November 5, 2015 ID:999876 Share Posted November 5, 2015 The second malwarebytes log suggests the malware is still returning... Continue as follows: Check progrmas list via Programs and Features, uninstall the following if present: NitroplusCHiRAL Next, Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.Run FRST and press the Fix button just once and wait.The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply. Next, This scan is very thorough so will take several hours to complete: Scan with ESET Online ScannerThis step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox.Temporary disable your AntiVirus and AntiSpyware protection - instructions here.Please visit ESET Online Scanner website.Click there Run ESET Online Scanner.If using Internet Explorer:Accept the Terms of Use and click Start. Allow the running of add-on.If using Mozilla Firefox or Google Chrome:Download esetsmartinstaller_enu.exe that you'll be given link to. Double click esetsmartinstaller_enu.exe. Allow the Terms of Use and click Start.To perform the scan:Make sure that Remove found threats is Checkmarked. Scan archives is checkmarked. In Advanced Settings: Scan for potentially unwanted applications, Scan for potentially unsafe applications and Enable Anti-Stealth technology are checkmarked. Under “Enable Stealth Technology select “Change” select any extra drives in that window. Click Start The program will begin to download it's virus database. The speed may vary depending on your Internet connection. When completed, the program will begin to scan. This may take several hours. Please, be patient. Do not do anything on your machine as it may interrupt the scan. When the scan is done, click Finish. A logfile will be created at C:\Program Files (x86)\ESET\ESET Online Scanner. Open it using Notepad.Please include this logfile in your next reply.Don't forget to re-enable protection software! Next, Run another threat scan with Malwarebytes, post that log.... Let me see those logs, also give an update on any remaining issues or concerns.... Cheers, Kevin... Fixlist.txt Link to post Share on other sites More sharing options...
uniqueindividualgirl Posted November 8, 2015 Author ID:1000585 Share Posted November 8, 2015 Due to the length of the scan, it might take me a couple of days find time to complete this. Please do not close this thread. Link to post Share on other sites More sharing options...
kevinf80 Posted November 8, 2015 ID:1000609 Share Posted November 8, 2015 I will not close your thread, post back when you`re ready... Thank you, Kevin.. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted November 21, 2015 Root Admin ID:1002764 Share Posted November 21, 2015 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts