Jump to content

First time using. Won't get rid of them/quarantine


Recommended Posts

So I have a desktop that hasn't been used for a year and what be and my siblings played on with very little knowledge of anything tech. Well anyway we all downloaded a lot of random stuff causing 30k+ detected objects. When I pressed the "remove selected" button it just took about 3 minutes of waiting and then it said. 0 threats successfully quarantined. Worked on my laptop and got rid of 4 PUP flawlessly and super easily. Any reason? Any suggestions? 

 

P.S. sorry I'm awful at writing and explaining in text.

Link to post
Share on other sites

Hello and :welcome:
If you've not already done so please start here and post back the 2 log files FRST.txt and Addition.txt

P2P/Piracy Warning:
 

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 



Before we proceed further, please read all of the following instructions carefully.
If there is anything that you do not understand kindly ask before proceeding.
If needed please print out these instructions.

  • Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text.
  • If the log is too large then you can use attachments by clicking on the More Reply Options button.
  • Please enable your system to show hidden files: How to see hidden files in Windows
  • Make sure you're subscribed to this topic:
    • Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly
  • Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive
  • Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you.
  • The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue.
  • When we are done, I'll give you instructions on how to cleanup all the tools and logs
  • Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.
  • Your topic will be closed if you haven't replied within 3 days
  • (If I have not responded within 24 hours, please send me a Private Message as a reminder)




FIRST >>>>
Can you provide the log that shows the detected items (30K+ seems a little bit much)?  Is this MalwareBytes' Anti-Malware?  If it is then you can find the log file in History > Application Logs > choose the scan log you want.
At the bottom of the opened log, select Export and select Text file (*.txt).  You can then attach the file to a reply post here (see Attach Files below the Post Edit box).

 

 

SECOND >>>>

Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

 

 

Link to post
Share on other sites

1. yes it is anti malware. when I finished it last night it actually said 29,600 give or take. This is the only log that was there Malwarebytes Anti-Malware

www.malwarebytes.org
 
 
Update, 12/11/2015 6:19 PM, SYSTEM, CARMEN-PC, Manual, Failed, No Internet connection detected, 
Update, 12/11/2015 6:19 PM, SYSTEM, CARMEN-PC, Manual, Failed, No Internet connection detected, 
Update, 12/11/2015 7:06 PM, SYSTEM, CARMEN-PC, Manual, Failed, No Internet connection detected, 
Update, 12/11/2015 8:03 PM, SYSTEM, CARMEN-PC, Manual, Failed, No Internet connection detected, 
Update, 12/11/2015 8:51 PM, SYSTEM, CARMEN-PC, Manual, Failed, No Internet connection detected, 
Error, 12/11/2015 8:55 PM, SYSTEM, CARMEN-PC, Protection, IsLicensed, 13, 
Protection, 12/11/2015 8:55 PM, SYSTEM, CARMEN-PC, Protection, Malware Protection, Stopping, 
Protection, 12/11/2015 8:55 PM, SYSTEM, CARMEN-PC, Protection, Malware Protection, Stopped, 
Update, 12/11/2015 9:07 PM, SYSTEM, CARMEN-PC, Manual, Failed, No Internet connection detected, 
 
(end)

 

 

FRST.txt

Addition.txt

Link to post
Share on other sites

Your system is messy right now; there is some serious Adware on there but the real problems are two-fold: multiple AV software with the active one infected and evidence of a TDL4_ZeroAccess infection.  So, it is decision time now:

 

1)  Do you have the Factory Reset / Image disks or utility?

2)  Do you have a backup of the personal files / data on the system?  Is there information on there that you do not want to lose?

 

The reason I am asking these questions is that with the infections on this system and the amount of infected files / registry data, it may actually be best to restore the machine to Factory Image as Rootkits (TDL4) may or may not ever come out cleanly from the system.  The choice is yours; let me know what you want to do and we will proceed from there.

Link to post
Share on other sites

From your logs, it looks as if this is a HP desktop system.  The logs also listed a FACTORY_IMAGE partition labeled as Drive J.  If you go to HP support web site and look under tthe model / type of desktop, there will be directions on how to start a Factory Image load to the system.  If you can get me the model number of the desktop, I can look on the web site and help direct you.

 

One other thing you can do to help with the restore is see if the RootKits can be removed first by running the following scan(s) on the system:

 

Please download Malwarebytes Anti-Rootkit from here

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

 

 

Link to post
Share on other sites

This is the Customer Support article at HP on how to preform the restore to Factory Image:

http://support.hp.com/us-en/product/HP-Pavilion-p6203w-Desktop-PC/3999459/model/4006775/document/c01867418
 
You should be able to do the steps in this section:
Recovery from the Windows 7 desktop screen

Please let me know how this goes for you.

Link to post
Share on other sites

If you mean can you do the upgrade to Win10 and have it "clean" (format the drive) the system, the answer is yes.  You will have to use the Media Creation Tool and make a install media (DVD or USB stick).  The directions are here in this MS article: https://www.microsoft.com/en-ca/software-download/windows10 .

 

Read the sections on 

 

Using the media creation tool

Upgrade to Windows 10 using the tool

 

Note:  It would be best if you have all your keys written down before you start the installation.  Make sure you have the Win7 license key / activation key for your system before the installation of Win10 starts.  This should be on the sticker on the side of your system and / or one the owners manuals.

Link to post
Share on other sites

You are more than welcome!

 

You are now done! :D :D :D :D

Now some information on programs to help keep you safe:

Along with Malwarebytes Antimalware and Windows 10 Windows Defender (in Windows 8 or above, Defender is a full AV/AS solution), use the following as a base level security:

Consider a program that will check for out-of-date programs on your system
Some programs don't have update checks built in or make you run the application to start the check for updates process. An easier way to stay on top of the current versions of your installed programs is to use a version checking program like Heimdal Free from Heimdal Security (you can get the software from here and read more about it on the same page).

Unchecky is a small service that runs in the background to help keep those "extra toolbars" and tag along search engines from automatically installing. By automatically directing you to a custom install with all the options unchecked, only what you manually choose and confirm gets installed.

CryptoPrevent is a free program that prevents CryptoLocker / ransomware from infecting your PC by locking down the OS so the malware can not get a grip on your system. You can read the details about this program here.

Lastly, if you use Firefox as your main web browser, consider adding the NoScript and AdBlockPlus add-ons to the browser to block scripting hijacks and remove unwanted ads from the pages you view.

You may also find some information and tips at this thread:
How did I get infected in the first place?
and
COMPUTER SECURITY - a short quide to staying safer online

_____________________________________________________________________

Please come back and paste the DelFix.txt log when you can. After that, if you have no more questions, you are good to go. Surf safe, my friend!!
 

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.