Jump to content

Recommended Posts

We need some help removing a potential unwanted malware called $360Section.  Malwarebytes or McAfee doesn't seem to detect it or remove it.  I found another post on this forum from many months ago (17-July-2015) and the general help idea was to use Farbar.  HOWEVER, someone named "TwinHeadedEagle" was helping and noted that,

"icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

So... now I'm trying to use Farbar and remove $360Section, and I don't want to assume the "fix" for the other person would be the same for me.  This is where I need help.  So far I've downloaded Farbar, saved it to the Desktop, run as administrator (with all options checked), and have the Addition.txt and Shortcut.txt and FRST.txt files saved.  I will attach them for your viewing pleasure. 

I'm not sure what to do now.

I'm using a ASUS laptop, 1.33GHz, 30GB HD, 2GB RAM, 32-bit, Windows 10.





Link to post
Share on other sites

Where do you see the entry $360Section I do not see it in your logs?

Run the following please and post the produced logs..

Please open Malwarebytes Anti-Malware.
  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete Apply Actions to any found entries.
  • Wait for the prompt to restart the computer to appear (if applicable), then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.

To get the log from Malwarebytes do the following:
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
    XML file (*.xml) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


Download AdwCleaner by Xplode onto your Desktop.
  • Double click on Adwcleaner.exe to run the tool.
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...


Download Norton Power Eraser from here: https://security.symantec.com/nbrt/npe.aspx? and save direct to your Desktop.
  • Double click on NPE.exe to start the tool. Vista, Windows 7/8/8.1/10 right click, select "Run as Administrator" accept UAC.

    user posted image

  • The EULA will open, accept that to move on...

    user posted image

  • The tool will check for updates/latest version

    user posted image

  • The GUI will open, select "Scan for Risks"

    user posted image

  • Rootkit scan alert will open, select "Restart"

    user posted image

  • Rootkit scan preparations will time out and Reboot the system.

    user posted image

  • Tool will will restart and check for update, do nothing.

    user posted image

  • System scan will start, do nothing.

    user posted image

  • If infections are found a list will be produced, make sure to checkmark "Create System Restore Point" then select "Fix Now" if nothing is found select "Exit" to close out the tool.

    user posted image

  • To remove "found entries" the system will need to restart, select that option.

    user posted image

  • If applicable select "Locate Log" attach to reply. Select "Done" when complete....


Let me see those logs in your reply.

Thank you,






Link to post
Share on other sites

Thanks for taking time to help me with this.  I believe my daughters PC is infected with $360Section because in her C drive the very first [shaded out] file is $360Section, and right after it, $Recycle.Bin and $SysReset.  Odd files.  Her computer wasn't connecting to the internet at the time of my first post.  You may see some activity in the logs about that.  I had to rollback a Broadcom Wireless Adapter driver and fix a WINsock(?)

OK.  I ran the Malwarebytes scan and looks like we spotted a couple PUP's.  I've attached the log.  It's called ExportLog.txt

I installed Adware Cleaner and ran it.  I've attached that file log.  Named Adwcleaner[C1].txt

That's where the fun ended.  I downloaded Norton Power Eraser, but installation failed soon after hitting "Accept" to the License Agreement.  The dialogue box said:

An Error has occurred.

Norton Power Eraser cannot scan a computer running directly from a compressed Windows image file, known as WIMboot.  For more information see the support document about WIMboot.

Error code: 0x8004100c,n44,n66





Link to post
Share on other sites

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop
Ensure to get the correct version for your system....

32 Bit version:

64 Bit version:

Double-click iexplore.exe on your Desktop to run it
In the "Scan Type" window, select Full Scan
Perform a scan and the Click Finish when the scan is done.
Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter

notepad c:\windows\debug\mrt.log
Open FRST, type or copy paste $360Section into the text field. Select "search files" tab. Post the produced log...
Thank you,
Link to post
Share on other sites

  • 4 weeks later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.