Jump to content
Due to inclement weather in Southwest Florida, our Clearwater support team is offline. Our other offices are available to assist you, however their responses may be delayed. We appreciate your patience and understanding during this time. ×

Self Replicating Virus


Recommended Posts

Hello,

 

I have seen a lot of good posts on here resolving the same type of issue but with older versions of Windows. I am using Windows 10 Pro and I just would like some help tailored for me.

I became infected while trying to download a serial to usb driver online. (sneaky viruses) I know because it was constantly running adware through the speakers and hijacking my browser for ads as well. I could tell as soon as it downloaded it was malicious. 

 

  • I was not able to use windows defender so I went to regedit and reset the value for do not use antimalware.  Defender did not help.
  • I attempted to download MBAM directly to infect laptop. Received an error, would not let me download
  • Downloaded MBAM to usb drive and put on laptop, ran MBAM. Lots of malware, all deleted. Or so I thought. Still having issues.
  • Tried emsisoft, problems persist.
  • Ran RKill. Keeps shutting down a proxy server.
    • Active Proxy Server Detected

       * Proxy Disabled.
       * ProxyOverride value deleted.
       * ProxyServer value deleted.
       * AutoConfigURL value deleted.
       * Proxy settings were backed up to Registry file.

  • Ran multiple programs multiple times, no malware detected, ads still running.

Hopefully this helps.

 

Thanks In Advance! Also I am starting to become really interested in cyber security after three days of trying to get at this virus so explanations and other reading materials are greatly appreciated.

 

R,

 

Cody

Link to post
Share on other sites

[IMG] Fix with Farbar Recovery Scan Tool
 

[IMG] This fix was created for this user for use on that particular machine. [IMG]
[IMG] Running it on another one may cause damage and render the system unstable. [IMG]


Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
 

  • Right-click on [IMG] icon and select [IMG] Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.


Please attach it to your reply.

fixlist.txt

Link to post
Share on other sites

It was malware called Dotdo --> https://blog.malwarebytes.org/cybercrime/2016/03/adware-pup-dotdo-fastinternet-blocks-security-related-domains/

Your PC should be clean now, but let's run MalwareBytes scan for non-active remnants cleanup.

 

[IMG] Scan with Malwarebytes' Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.

  • Install the progam and select update.
  • Once updated, click the Settings tab, in the left panel choose Detection & Protection and tick Scan for rootkits.
  • In the same tab, under PUP and PUM detections make sure it is set to Treat detections as malware.
  • Click the Scan tab, choose Threat Scan is checked and click Start Scan.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • At the bottom click Export and choose Text file.

Save the file to your desktop and include its content in your next reply.

Link to post
Share on other sites

No, this was everything:

 

Since there are no more problems, we can declare this PC clean thumbs_up_smiley.gif

Now, we can proceed with post-cleanup procedures. Let's remove my tools and create a new, non infected restore point concurrently deleting old ones.


Step 1. - Creation of system restore point and tools removal.


Download DelFix by Xplode and save it to your desktop.

  • Run the tool by right click on the 51a5ce45263de-delfix.png icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings

  • Push Run and wait until the tool completes his work.
  • All tools we used should be gone. Tool will create an report for you (C:\DelFix.txt). I don't need it for review.


Tool deletes old system restore points and creates a fresh system restore point after cleaning.


Step 2. - Tips and tricks to keep your computer clean, safe and in a good shape.


Security tips - highly recommended reading:


Maintenance tips:


Additional software that I personally use and install on all my clients devices:

  • Malwarebytes' Anti-Malware(paid version highly recommended) - to scan your system from time to time in search for malware.
  • Malwarebytes' Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities.
  • McShield - to prevent infections spread by removable media.
  • Unchecky - to prevent from installing additional foistware, implemented in legitimate installations.
  • CryptoPrevent - tool for protection against Cryptolocker and similar ransomware infections.
  • Adblock - to surf the web without annoying ads!
  • Qualys BrowserCheck - cloud service that scans your browsers and plugins to see if they’re all up-to-date.

My help is free for everybody.


If you're happy with the help provided and/or wish to show your appreciaton, please consider a donation: btn_donateCC_LG.gif
Thank you!

Stay safe,
TwinHeadedEagle :)

Link to post
Share on other sites

New development, I am still having issues. I tried to download the link you supplied and I got a proxy server error. I did some searching and found a few things that I am unsure of.

The two files I found are called ceement and adxregistrator. I found the adxregistrator in my users>documents>add-in express. It looks suspicious because it elevates control and disables functions and enable some kind of stealth mode.

Also my chrome proxy settings are grayed out.

 

Link to post
Share on other sites

These files look legit. You can always scan them with VirusTotal to see if they are malicious.

 

[IMG] Fix with Farbar Recovery Scan Tool
 

[IMG] This fix was created for this user for use on that particular machine. [IMG]
[IMG] Running it on another one may cause damage and render the system unstable. [IMG]


Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
 

  • Right-click on [IMG] icon and select [IMG] Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.


Please attach it to your reply.

fixlist.txt

Link to post
Share on other sites

I still cannot go to bleepingcomputer to download the Delfix. I thought it could be that MBAM and Emsisoft were at odds so I uninstalled emsisoft. I will check for other virus programs but the ERR_PROXY_CONNECTION_FAILED is what keeps displaying on my chrome browser.

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.