Donna67 Posted January 9, 2017 ID:1087860 Share Posted January 9, 2017 HI, I have seemed to downloaded a virus today. I keep scanning with malware bytes and every time it comes up with more identified threats. Also I continuously get the popup for websites being blocked in the lower right hand corner. Chrome did not want to work or Microsoft edge. I reinstalled chrome and currently am able to use it. Addition_09-01-2017 16.24.35.txt FRST_09-01-2017 16.24.35.txt Link to post Share on other sites More sharing options...
kevinf80 Posted January 9, 2017 ID:1087872 Share Posted January 9, 2017 Hello Donna67 and welcome to Malwarebytes, My screen name is kevinf80, i`m here to help clean up your system. Make sure to run all scans from accounts with Administrator status, continue as follows please: Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good... Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file" NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Open FRST and press the Fix button just once and wait. The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply. Next, Open Malwarebytes, select > "settings" > "protection tab" Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on.... Go back to "DashBoard" select the Blue "Scan Now" tab...... When the scan completes deal with any found entries... Then select "Export Summary" then "Text File (*.txt)" name that log and save , you can copy or attach that to your reply... Next, Download AdwCleaner by Xplode onto your Desktop. Double click on Adwcleaner.exe to run the tool. Click on the Scan in the Actions box Please wait fot the scan to finish.. When "Waiting for action.Please uncheck elements you want to keep" shows in top line.. Click on the Cleaning box. Next click OK on the "Closing Programs" pop up box. Click OK on the Information box & again OK to allow the necessary reboot After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed... Next, Download Sophos Free Virus Removal Tool and save it to your desktop. If your security alerts to this scan either accept the alert or turn off your security to allow Sophos to run and complete..... Double click the icon and select Run Click Next Select I accept the terms in this license agreement, then click Next twice Click Install Click Finish to launch the program Once the virus database has been updated click Start Scanning If any threats are found click Details, then View log file... (bottom left hand corner) Copy and paste the results in your reply Close the Notepad document, close the Threat Details screen, then click Start cleanup Click Exit to close the program If no threats were found please confirm that result.... Let me see those logs in your reply, also tell me if there are any remaining issues or concerns... Thank you, Kevin... Fixlist.txt Link to post Share on other sites More sharing options...
Donna67 Posted January 10, 2017 Author ID:1088030 Share Posted January 10, 2017 Hi Kevin, Thanks for your quick reply and help last night. The first 3 of the 4 task you wanted me to do and the text files are below. The last one, Sophos, is still running since last night. It shows it is still going thru files, so I am thinking it just takes this long. If not let me know what to do. I am no longer getting the website blocking pop continuously, but the computer itself is sluggish. If I try to open some problems, outlook, malware, they either dont open or take a long time to do so. Thanks AdwCleaner[C0].txt Fixlog.txt malware.txt Link to post Share on other sites More sharing options...
kevinf80 Posted January 10, 2017 ID:1088040 Share Posted January 10, 2017 Hello Donna67, Yes your system was awash with malware/infection, we have moved most with FRST, AdwCleaner and Malwarebytes have also done their bit. Lets wait for Sophos to finish, it is a very thorough scan so can take several hours to complete... One other point, I asked that you enable scan for rootkits with Malwarebytes, that was not done....? Quote Open Malwarebytes, select > "settings" > "protection tab" Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on.... When Sophos completes post its log, I will want to run couple more scans after you post log from Sophos.. Thank you, Kevin... Link to post Share on other sites More sharing options...
Donna67 Posted January 10, 2017 Author ID:1088069 Share Posted January 10, 2017 I thought I had enabled that, should I run that again when the other one finishes? I am having continued frozen screens at times. Sophos is not finished yet. Link to post Share on other sites More sharing options...
Donna67 Posted January 10, 2017 Author ID:1088070 Share Posted January 10, 2017 Also, right now if i minamize the internet explorer, my desktop is black with no taskbar. The only thing showing is sophos and task manager. Link to post Share on other sites More sharing options...
kevinf80 Posted January 10, 2017 ID:1088088 Share Posted January 10, 2017 How long has the frozen screen been that way...? If you have Taskmanager open select end task on Sophos then re-boot your PC.. can you do that.. Link to post Share on other sites More sharing options...
Donna67 Posted January 10, 2017 Author ID:1088093 Share Posted January 10, 2017 It wasnt really frozen as sophos was still running, just the bottom taskbar was missing and screen was black. I went into the taskmanager, choose file and run new task, entered explorer and it came back up. sophos is still running looks about 80% done, probably another 3-4 hrs, I am guessing. it shows 0 threats at this point Link to post Share on other sites More sharing options...
kevinf80 Posted January 10, 2017 ID:1088095 Share Posted January 10, 2017 Hello Donna67, When Sophos AV is in use your PC should not be used, it is counterproductive to do so and can cause issues. I know it can be very frustrating waiting for the scan to finish but patience is really needed. Even if we end up with a clean log after many hours... Thank you, Kevin... Link to post Share on other sites More sharing options...
Donna67 Posted January 11, 2017 Author ID:1088133 Share Posted January 11, 2017 Okay, finally complete and I've attached the last file. SophosVirusRemovalTool.log Link to post Share on other sites More sharing options...
Donna67 Posted January 11, 2017 Author ID:1088143 Share Posted January 11, 2017 Iam having another problem. My computer was new last fall and when i go into task manager, it is showing 100% disk use. Link to post Share on other sites More sharing options...
kevinf80 Posted January 11, 2017 ID:1088173 Share Posted January 11, 2017 Follow these instructions: https://support.microsoft.com/en-gb/kb/3083595 Does that help...? Link to post Share on other sites More sharing options...
Donna67 Posted January 11, 2017 Author ID:1088246 Share Posted January 11, 2017 I don't think so my driver is iastorA.sys Link to post Share on other sites More sharing options...
kevinf80 Posted January 11, 2017 ID:1088294 Share Posted January 11, 2017 Ok run the following: Download and save RogueKiller to your Desktop from this link:https://www.fosshub.com/RogueKiller.html/setup.exe Right click setup.exe and select Run as Administrator to start installing RogueKiller. At the next window Checkmark "Install 32 and 64 bit versions, then select "Next" In the next window skip Licence I.D. and Licence Key, select "Next" In the next window make no changes and select "Next" In the next window leave both "Additional Shortcuts" checkmarked, then select "Next" In the next window make no changes and select "Install" RogueKiller will extract and complete installation, in the new window leave "Launch Roguekiller" checkmarked, then select finish. RogueKiller will launch. Accept UAC, then read and accept "User Agreements" In the new window the "Home" tab should already be selected, Change by selecting "Scan" tab, then select "Start Scan" When the scan completes select "Open Report" In the new Window select "Export text" name that file RK.txt, save to your Desktop and attach to your reply Let me see that log in your reply... Thank you, Kevin Link to post Share on other sites More sharing options...
Donna67 Posted January 12, 2017 Author ID:1088364 Share Posted January 12, 2017 Ok here is what i got. RK.txt Link to post Share on other sites More sharing options...
Donna67 Posted January 12, 2017 Author ID:1088365 Share Posted January 12, 2017 Okay here is what i got. Currently Chrome will not work or the edge browser I'm sending this from my phone. Screen is freezing up a lot and in the task sometime memory Maybe at 90% and sometimes the disk is at 100% RK.txt Link to post Share on other sites More sharing options...
kevinf80 Posted January 12, 2017 ID:1088416 Share Posted January 12, 2017 Right click on RogueKiller.exe and select "Run as Administrator" to start the tool, accept UAC.. In the new window the "Home" tab should already be selected, Change by selecting "Scan" tab, then select "Start Scan" When the scan completes Checkmark (tick) the following against Web Browser entries, ensure that all other entries are not Checkmarked[PUP.Gen2][Firefox:Addon] xd3uemmk.default-1449084570427 : Search and New Tab by Yahoo [jid1-16aeif9OQIRKxA@jetpack] -> Found [PUP.Gen2][Firefox:Addon] xd3uemmk.default-1449084570427 : RelevantKnowledge [{C7AE725D-FA5C-4027-BB4C-787EF9F8248A}] -> Found Hit the Delete button, when complete select "Open Report" in the next window select "Export txt" the log will open. Save to your Desktop for reference, also attach to next reply. Next, Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs. "FRST.txt" and "Addition.txt" Post those logs to your next reply.. Thank you, Kevin Link to post Share on other sites More sharing options...
Donna67 Posted January 12, 2017 Author ID:1088421 Share Posted January 12, 2017 Thanks for you help, really appreciate it. I am thinking I might of messed up. When I was finished with Rogyekiller the last time, I think there where 7 threats found, and I deleted them. I'm getting the feeling that is what you are wanting me to deleted after I run it again. I am correct? Sorry Link to post Share on other sites More sharing options...
kevinf80 Posted January 12, 2017 ID:1088423 Share Posted January 12, 2017 I only wanted the two web browser entries removing, the other five entries were legitimate and could have been left alone... Is no big deal if you`removed them, we may have to reinstall printer software but is no big deal... Lets move on, run FRSt and post the two fresh logs..... you`re system was initially awash with malware/infection, lets see what the logs show.. Thank you, Kevin Link to post Share on other sites More sharing options...
Donna67 Posted January 12, 2017 Author ID:1088430 Share Posted January 12, 2017 (edited) okay, thanks i will do that, and i just checked cause i do have rougekiller running and still has a way to go, but it is showing 2 detected items, so should i continue running it or cancel it. Edited January 12, 2017 by Donna67 Link to post Share on other sites More sharing options...
kevinf80 Posted January 12, 2017 ID:1088436 Share Posted January 12, 2017 (edited) Let RK finish, post its new log. Do not remove anything. Also run FRST and post the two new logs... Edited January 12, 2017 by kevinf80 typo Link to post Share on other sites More sharing options...
Donna67 Posted January 12, 2017 Author ID:1088437 Share Posted January 12, 2017 Sounds good, going to get sleep. I will post them in the morning Link to post Share on other sites More sharing options...
kevinf80 Posted January 12, 2017 ID:1088438 Share Posted January 12, 2017 Thanks for the update, I`m in the UK, local time is 11 am. Where are you..? Link to post Share on other sites More sharing options...
Donna67 Posted January 12, 2017 Author ID:1088496 Share Posted January 12, 2017 I am in the U.S. and it's now 11am. Here's the first report and I am going to start FRST now, When I awoke this morning, I tried to access another program on here, and it froze of me and I signed out and back in to regain access. rk1.txt Link to post Share on other sites More sharing options...
Donna67 Posted January 12, 2017 Author ID:1088498 Share Posted January 12, 2017 Okay, and here are the two text files from FRST Addition.txt FRST.txt Link to post Share on other sites More sharing options...
Recommended Posts