Jump to content

Recommended Posts

We need some help removing a potential unwanted malware called $360Section.  Malwarebytes or McAfee doesn't seem to detect it or remove it.  I found another post on this forum from many months ago (17-July-2015) and the general help idea was to use Farbar.  HOWEVER, someone named "TwinHeadedEagle" was helping and noted that,

"icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

So... now I'm trying to use Farbar and remove $360Section, and I don't want to assume the "fix" for the other person would be the same for me.  This is where I need help.  So far I've downloaded Farbar, saved it to the Desktop, run as administrator (with all options checked), and have the Addition.txt and Shortcut.txt and FRST.txt files saved.  I will attach them for your viewing pleasure. 

I'm not sure what to do now.

I'm using a ASUS laptop, 1.33GHz, 30GB HD, 2GB RAM, 32-bit, Windows 10.

 

Addition.txt

FRST.txt

Shortcut.txt

Link to post
Share on other sites
Where do you see the entry $360Section I do not see it in your logs?

Run the following please and post the produced logs..

Please open Malwarebytes Anti-Malware.
 
  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete Apply Actions to any found entries.
  • Wait for the prompt to restart the computer to appear (if applicable), then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.


To get the log from Malwarebytes do the following:
 
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
    XML file (*.xml) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
     
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


Next,

Download AdwCleaner by Xplode onto your Desktop.
 
  • Double click on Adwcleaner.exe to run the tool.
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...


Next,

Download Norton Power Eraser from here: https://security.symantec.com/nbrt/npe.aspx? and save direct to your Desktop.
 
  • Double click on NPE.exe to start the tool. Vista, Windows 7/8/8.1/10 right click, select "Run as Administrator" accept UAC.

    user posted image

     
  • The EULA will open, accept that to move on...

    user posted image

     
  • The tool will check for updates/latest version

    user posted image

     
  • The GUI will open, select "Scan for Risks"

    user posted image

     
  • Rootkit scan alert will open, select "Restart"

    user posted image

     
  • Rootkit scan preparations will time out and Reboot the system.

    user posted image

     
  • Tool will will restart and check for update, do nothing.

    user posted image

     
  • System scan will start, do nothing.

    user posted image

     
  • If infections are found a list will be produced, make sure to checkmark "Create System Restore Point" then select "Fix Now" if nothing is found select "Exit" to close out the tool.

    user posted image

     
  • To remove "found entries" the system will need to restart, select that option.

    user posted image

     
  • If applicable select "Locate Log" attach to reply. Select "Done" when complete....
.

Next,

Let me see those logs in your reply.

Thank you,

Kevin.

 

 

 

 

Link to post
Share on other sites

Thanks for taking time to help me with this.  I believe my daughters PC is infected with $360Section because in her C drive the very first [shaded out] file is $360Section, and right after it, $Recycle.Bin and $SysReset.  Odd files.  Her computer wasn't connecting to the internet at the time of my first post.  You may see some activity in the logs about that.  I had to rollback a Broadcom Wireless Adapter driver and fix a WINsock(?)

OK.  I ran the Malwarebytes scan and looks like we spotted a couple PUP's.  I've attached the log.  It's called ExportLog.txt

I installed Adware Cleaner and ran it.  I've attached that file log.  Named Adwcleaner[C1].txt

That's where the fun ended.  I downloaded Norton Power Eraser, but installation failed soon after hitting "Accept" to the License Agreement.  The dialogue box said:

An Error has occurred.

Norton Power Eraser cannot scan a computer running directly from a compressed Windows image file, known as WIMboot.  For more information see the support document about WIMboot.

Error code: 0x8004100c,n44,n66

 

 

ExportLog.txt

AdwCleaner[C1].txt

Link to post
Share on other sites
Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop
Ensure to get the correct version for your system....

32 Bit version:
https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

64 Bit version:
https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en


Double-click iexplore.exe on your Desktop to run it
In the "Scan Type" window, select Full Scan
Perform a scan and the Click Finish when the scan is done.
Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter

notepad c:\windows\debug\mrt.log
 
Next,
 
Open FRST, type or copy paste $360Section into the text field. Select "search files" tab. Post the produced log...
 
Thank you,
 
Kevin
 
Link to post
Share on other sites
  • 4 weeks later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.