Virus

[Donna67]

HI,  I have seemed to downloaded a virus today.  I keep scanning with malware bytes and every time it comes up with more identified threats.  Also I continuously get the popup for websites being blocked in the lower right hand corner.  Chrome did not want to work or Microsoft edge.  I reinstalled chrome and currently am able to use it. 

Addition_09-01-2017 16.24.35.txt

FRST_09-01-2017 16.24.35.txt

[kevinf80]

Hello Donna67 and welcome to Malwarebytes, My screen name is kevinf80, i`m here to help clean up your system. Make sure to run all scans from accounts with Administrator status, continue as follows please: Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good... Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file" NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Open FRST and press the Fix button just once and wait. The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply. Next, Open Malwarebytes, select > "settings" > "protection tab" Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on.... Go back to "DashBoard" select the Blue "Scan Now" tab...... When the scan completes deal with any found entries... Then select "Export Summary" then "Text File (*.txt)" name that log and save , you can copy or attach that to your reply... Next, Download AdwCleaner by Xplode onto your Desktop.   Double click on Adwcleaner.exe to run the tool. Click on the Scan in the Actions box Please wait fot the scan to finish.. When "Waiting for action.Please uncheck elements you want to keep" shows in top line.. Click on the Cleaning box. Next click OK on the "Closing Programs" pop up box. Click OK on the Information box & again OK to allow the necessary reboot After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed... Next, Download Sophos Free Virus Removal Tool and save it to your desktop. If your security alerts to this scan either accept the alert or turn off your security to allow Sophos to run and complete.....   Double click the icon and select Run Click Next Select I accept the terms in this license agreement, then click Next twice Click Install Click Finish to launch the program Once the virus database has been updated click Start Scanning If any threats are found click Details, then View log file... (bottom left hand corner) Copy and paste the results in your reply Close the Notepad document, close the Threat Details screen, then click Start cleanup Click Exit to close the program If no threats were found please confirm that result.... Let me see those logs in your reply, also tell me if there are any remaining issues or concerns... Thank you, Kevin...

 

Fixlist.txt

[Donna67]

Hi Kevin, Thanks for your quick reply and help last night.  The first 3 of the 4 task you wanted me to do and the text files are below.  The last one, Sophos, is still running since last night.  It shows it is still going thru files, so I am thinking it just takes this long.  If not let me know what to do.  I am no longer getting the website blocking pop continuously, but the computer itself is sluggish.  If I try to open some problems, outlook, malware, they either dont open or take a long time to do so.

 

Thanks

AdwCleaner[C0].txt

Fixlog.txt

malware.txt

[kevinf80]

Hello Donna67,

Yes your system was awash with malware/infection, we have moved most with FRST, AdwCleaner and Malwarebytes have also done their bit. Lets wait for Sophos to finish, it is a very thorough scan so can take several hours to complete...

One other point, I asked that you enable scan for rootkits with Malwarebytes, that was not done....?
 

Quote

 

Open Malwarebytes, select > "settings" > "protection tab"

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

 

When Sophos completes post its log, I will want to run couple more scans after you post log from Sophos..

Thank you,

Kevin...

[Donna67]

I thought I had enabled that, should I run that again when the other one finishes?  I am having continued frozen screens at times.  Sophos is not finished yet.

 

[Donna67]

Also, right now if i minamize the internet explorer, my desktop is black with no taskbar.  The only thing showing is sophos and task manager.

[kevinf80]

How long has the frozen screen been that way...? If you have Taskmanager open select end task on Sophos then re-boot your PC.. can you do that..

[Donna67]

It wasnt really frozen as sophos was still running, just the bottom taskbar was missing and screen was black.  I went into the taskmanager, choose file and run new task, entered explorer and it came back up.  sophos is still running looks about 80% done, probably another 3-4 hrs, I am guessing.  it shows 0 threats at this point

 

 

[kevinf80]

Hello Donna67,

When Sophos AV is in use your PC should not be used, it is counterproductive to do so and can cause issues. I know it can be very frustrating waiting for the scan to finish but patience is really needed. Even if we end up with a clean log after many hours...

Thank you,

Kevin...

[Donna67]

Okay, finally complete and I've attached the last file.

SophosVirusRemovalTool.log

[Donna67]

Iam having another problem.  My computer was new last fall and when i go into task manager, it is showing 100% disk use.

 

[kevinf80]

Follow these instructions: https://support.microsoft.com/en-gb/kb/3083595

Does that help...?

[Donna67]

I don't think so my driver is iastorA.sys

[kevinf80]

Ok run the following:

Download and save RogueKiller to your Desktop from this link: https://www.fosshub.com/RogueKiller.html/setup.exe Right click setup.exe and select Run as Administrator to start installing RogueKiller. At the next window Checkmark "Install 32 and 64 bit versions, then select "Next" In the next window skip Licence I.D. and Licence Key, select "Next" In the next window make no changes and select "Next" In the next window leave both "Additional Shortcuts" checkmarked, then select "Next" In the next window make no changes and select "Install" RogueKiller will extract and complete installation, in the new window leave "Launch Roguekiller" checkmarked, then select finish. RogueKiller will launch. Accept UAC, then read and accept "User Agreements" In the new window the "Home" tab should already be selected, Change by selecting "Scan" tab, then select "Start Scan" When the scan completes select "Open Report" In the new Window select "Export text" name that file RK.txt, save to your Desktop and attach to your reply   Let me see that log in your reply...   Thank you,   Kevin

[Donna67]

Ok here is what i got.

RK.txt

[Donna67]

 Okay here is what i got. Currently Chrome will not work or the edge browser I'm sending this from my phone.  Screen is freezing up a lot and in the task sometime memory Maybe at 90% and sometimes the disk is at 100%

RK.txt

[kevinf80]

Right click on RogueKiller.exe and select "Run as Administrator" to start the tool, accept UAC.. In the new window the "Home" tab should already be selected, Change by selecting "Scan" tab, then select "Start Scan" When the scan completes Checkmark (tick) the following against Web Browser entries, ensure that all other entries are not Checkmarked [PUP.Gen2][Firefox:Addon] xd3uemmk.default-1449084570427 : Search and New Tab by Yahoo [jid1-16aeif9OQIRKxA@jetpack] -> Found [PUP.Gen2][Firefox:Addon] xd3uemmk.default-1449084570427 : RelevantKnowledge [{C7AE725D-FA5C-4027-BB4C-787EF9F8248A}] -> Found Hit the Delete button, when complete select "Open Report" in the next window select "Export txt" the log will open. Save to your Desktop for reference, also attach to next reply. Next, Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs. "FRST.txt" and "Addition.txt" Post those logs to your next reply.. Thank you, Kevin

 

[Donna67]

Thanks for you help, really appreciate it.  I am thinking I might of messed up.  When I was finished with Rogyekiller the last time, I think there where 7 threats found, and I deleted them.  I'm getting the feeling that is what you are wanting me to deleted after I run it again.  I am correct?  Sorry 

[kevinf80]

I only wanted the two web browser entries removing, the other five entries were legitimate and could have been left alone... Is no big deal if you`removed them, we may have to reinstall printer software but is no big deal...

Lets move on, run FRSt and post the two fresh logs..... you`re system was initially awash with malware/infection, lets see what the logs show..

Thank you,

Kevin

[Donna67]

okay, thanks i will do that, and i just checked cause i do have rougekiller running and still has a way to go, but it is showing 2 detected items, so should i continue running it or cancel it.

 

 

Edited January 12, 2017 by Donna67

[kevinf80]

Let RK finish, post its new log. Do not remove anything. Also run FRST and post the two new logs...

Edited January 12, 2017 by kevinf80
typo

[Donna67]

Sounds good, going to get sleep.  I will post them in the morning

 

[kevinf80]

Thanks for the update, I`m in the UK, local time is 11 am. Where are you..?

[Donna67]

I am in the U.S. and it's now 11am.  Here's the first report and I am going to start FRST now,  When I awoke this morning, I tried to access another program on here, and it froze of me and I signed out and back in to regain access.

 

rk1.txt

[Donna67]

Okay, and here are the two text files from FRST

Addition.txt

FRST.txt