Jump to content
glivo1

Behaving as infected.

Recommended Posts

Hello glivo1 and welcome to Malwarebytes,

My screen name is kevinf80, i`m here to help clean up your system. Make sure to run all scans from accounts with Administrator status, continue as follows please:

Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Open Malwarebytes, select > "settings" > "protection tab"

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan Scan within Archives are both on.... Leave all other settings to default..

Go back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes deal with any found entries... Then select "Export Summary" then "Text File (*.txt)" name that log and save , you can copy or attach that to your reply...

Next,

Download AdwCleaner by Xplode onto your Desktop.
 
  • Double click on Adwcleaner.exe to run the tool.
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...


Next,

Go here and click 'SCAN NOW' under 'ESET Online Scanner' save to your Desktop.

Turn off the real-time scanner of any existing antivirus program before performing the online scan. Here's how

Right click on user posted image and select "Run as Administrator"

In the new Window accept the terms of service

user posted image

In the new Window select "Enable detection of potentially unwanted applictions" then expand "Advanced Settings"

user posted image

In the new Window checkmark (tick) the entries as shown, make sure "Clean threats automatically" is not checkmarked. Now select "Scan"

user posted image

In the new Window new virus database signatures will download, Do Not Select Stop

user posted image

The Window will progress showing the scan in action....

user posted image

In the new Window if no threats are found, select "Delete applications data on close" then select "Finish" no log is produced, confirm that in your reply...

user posted image

If threats are found the following Window will open:

user posted image

Click on "Select All" then "Save to Text file" name and save that file, attach to your reply.

Now select "Do not clean" and then close out....

Let me see those logs, also tell me if there are any remaining issues or concerns...

Thank you,

Kevin

fixlist.txt

Share this post


Link to post
Share on other sites

I will continue as described but I need to tell you of 3 strange things that just happened and they appear to be directly related to this "Cleansing".

1/  Immediately after running FRST, it self terminated and then I had a message box appear from AVG telling me that it had "Removed FRST.exe" as a found threat. Fixlog.txt was created. FRST.exe is indeed gone from the directory, again. I had to reload it by download before I could run it as it was missing.

2/  I returned to Windows Live mail and your email notification was gone.  There was an error saying that "Live mail did not close properly" (or similar). "Open message anyway" optional by clicking link. I did and your email came back.

3/  The Internet Explorer program was closed so I had to re-open and browse to this forum page again.

I will now continue with the next steps.

Here is the first attachment, Fixlog.txt.

Fixlog.txt

Share this post


Link to post
Share on other sites

FRST log is not complete, is no big deal let me see the rest of the logs when complete...

Share this post


Link to post
Share on other sites

Mmmm. That's interesting.  I thought the program terminated prematurely and then "AVG" wiped the executable.  Also interesting is that AdwCleaner found threats and cleaned them. Several of the Folders it wanted to get rid of were related to AVG. 

Following the reboot I lost Windows Explorer (not responding / close program) for a while and only the AdwCleaner log file was left visible in Notepad window.

Here is that log and I'm running the final scan now.  It has identified 1 threat so far.

AdwCleaner[C0].txt

Share this post


Link to post
Share on other sites

Opening that link just sent my screen into a meltdown. The whole thing went black and the small "Analog only" symbol appeared. This is what happens when the monitor loses signal.  Then it all came back very slowly and as I'm replying to you a notification came up that my "Display Driver stopped responding and has recovered."

The ESET online scanner has located another threat and it appears to be in a file called Windows.iso. I downloaded this file to make a Windows 10 disk for my son's computer a few weeks back and this particular file came through extremely over size.  The image file was 6.4 GB instead of 3.5 GB and would not fit on a disk so I just moved it to a directory in My Documents/W10 huge ISO and downloaded another.  It came from the Microsoft downloads page.  Should have deleted it but forgot about it until now.

Edit for addition. 

After reading that I think I'll change from AVG on all computers.  I always decline to use Web Tune Up but it seems to force install anyway.

 Maybe not the link.  Bug has returned with Internet Explorer starting to play up again.  Changing Tabs does not swap image to correspond. This was a first symptom I noticed yesterday.

 

 

Edited by glivo1

Share this post


Link to post
Share on other sites

That link is clean as a whistle, I always check url`s at VirusTotal, the link inquestion gets zero hits out of 64 checks......

https://www.virustotal.com/en/url/8f7aca5980fe3692fb412356437c9c57eaf6d564d4ae1d6a4d8a6136726aa868/analysis/1485809424/

Let me see the eset log when ready, also give an update on any remaining issues or concerns....

Share this post


Link to post
Share on other sites

Just got this pop up but Internet Explorer hadn't actually stopped  and clicking on "Close the Program" actually didn't do anything.

 

IE_stop.png

IE_stop.txt

Share this post


Link to post
Share on other sites

I don't know where Magix  or Device Doctor have come from.  It's not something I put there.

Share this post


Link to post
Share on other sites

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs. "FRST.txt" and "Addition.txt"

 

Share this post


Link to post
Share on other sites

I had to download FRST again. I had to click "Start here" because it wouldn't start the download automatic.

It wont run. When I click Scan it just disappears.

Share this post


Link to post
Share on other sites

Task Manager says it is a Running Application but I cant Switch to it.  Also showing a folder icon.

Screen image.

TM.png

Share this post


Link to post
Share on other sites

AVG Resident shield is off already.

The Task Manager was showing the File Manager Folder icon.  I just tried to run FRST with Task Manager open and as soon as I click "Scan" it just disappears.

I will delete executable, download and run again.

Share this post


Link to post
Share on other sites

No Good. Wont run at all.

Should I remove the whole FRST directory and start from scratch?  I only deleted the executable file.

Share this post


Link to post
Share on other sites

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Let me know if there are any remaining issues or concerns with your operating system...

Thank you,

Kevin...

 

fixlist.txt

Share this post


Link to post
Share on other sites

Thanks for the log and update, if your system is running as expected run the following to clean up:

Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

If your security program alerts to Delfix either, accept the alert or turn your security off.

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:

 
  • Remove disinfection tools <----- this will remove tools we have used.
  • Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created.
  • Reset system settings <--- this will reset any system settings back to default that were changed either by us during cleansing or malware/infection


Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted…

Next,

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin... user posted image

Share this post


Link to post
Share on other sites

Thanks Kev,

Is MBAM 3.0 a better option than AVG? Obviously it costs but previously I thought you needed both. MBAM website suggests I can do away with AVG if I buy 3.0.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.