Jump to content

Recommended Posts

Hello Malwarebytes forum,

 

I have had the issue of a virus that symantec, the free version of malwarebytes, and Avast could not detect. I saw in other forums the first application always mentioned is the adwcleaner tool for cleanups of this severity. So i download and use adwcleaner, lo and behold it finds 10+ threats on my system. I click clean, restarts my system, and i rescan with adwcleaner which detects 0 threats this time. Im thinking of downloading Roguekiller to further my investigation, but after a day of dealing with the infection i thought I'd look for help from a professional. Also i started having serious virus systems after downloading a .swf file. Not a smart idea on my part. Anyways, let me know what else i can do to help! Ill post the adwcleaner log in the comments after this initial post. Thank you!

Link to post
Share on other sites

Note: I have downloaded roguekiller which has detected the threats adwcleaner said it had deleted. I will post the log from Roguekiller as well.

 

 

 

Adwcleaner log below:

# AdwCleaner v6.044 - Logfile created 25/03/2017 at 13:36:32
# Updated on 28/02/2017 by Malwarebytes
# Database : 2017-03-23.2 [Server]
# Operating System : Windows 10 Pro  (X64)
# Username : Administrator2 - VOYAGER
# Running from : C:\Users\Administrator2\Downloads\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder deleted: C:\Users\Administrator2\AppData\Roaming\Microsoft\Windows\Start Menu\ByteFence
[-] Folder deleted: C:\ProgramData\ByteFence
[#] Folder deleted on reboot: C:\ProgramData\Application Data\ByteFence


***** [ Files ] *****

[-] File deleted: C:\Users\Administrator2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Free Youtube Downloader.lnk
[-] File deleted: C:\END
[-] File deleted: C:\Users\Public\Desktop\Free Youtube Downloader.lnk


***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled Tasks ] *****

***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
[-] Key deleted: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}


***** [ Web browsers ] *****

[-] [C:\Users\Niko\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Niko\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\Niko\AppData\Local\Google\Chrome\User Data\Profile 1\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Niko\AppData\Local\Google\Chrome\User Data\Profile 1\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\Administrator2\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Administrator2\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\Niko Guest Space\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Niko Guest Space\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [2829 Bytes] - [25/03/2017 13:36:32]
C:\AdwCleaner\AdwCleaner[S0].txt - [2908 Bytes] - [25/03/2017 13:35:51]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [2975 Bytes] ##########
 

Link to post
Share on other sites

Not much else to say on my end, except that the deletion of the virus by Roguekiller didn't really change anything on my end. Startup is slow, and I dare not enter the profile to which the virus started since that thing turns black and all the shortcuts disappear quicker after rapid succession. 

 

Roguekiller log:

 

RogueKiller V12.10.1.0 (x64) [Mar 20 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.14393) 64 bits version
Started in : Normal mode
User : Administrator2 [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 03/25/2017 14:00:55 (Duration : 01:21:55)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 9 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 66.253.214.16 50.30.184.16 ([-][United States])  -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{93aa8f3f-fc51-4713-8f26-b3842bdd2265} | DhcpNameServer : 66.253.214.16 50.30.184.16 ([-][United States])  -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{a43df913-8946-4d51-b2e8-d49ad5aaba4d} | DhcpNameServer : 66.253.214.16 50.30.184.16 ([-][United States])  -> Replaced ()
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {883A27FD-0E44-498A-8009-777E949EA572} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\ProgramData\Turbine\Dungeons and Dragons Online\DDO Unlimited\dndclient.exe|Name=Dungeons and Dragons Online| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {26945D02-8033-4647-A7E8-3C9894EF8DCF} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\ProgramData\Turbine\Dungeons and Dragons Online\DDO Unlimited\dndclient.exe|Name=Dungeons and Dragons Online| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {D187DEC2-39A6-4910-87DF-AD1C3964A483} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\ProgramData\Turbine\Dungeons and Dragons Online\DDO Unlimited\TurbineLauncher.exe|Name=Dungeons and Dragons Online| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {E946C828-9BD5-45D5-99BE-097495F6498C} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\ProgramData\Turbine\Dungeons and Dragons Online\DDO Unlimited\TurbineLauncher.exe|Name=Dungeons and Dragons Online| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {9F1236F2-6F1A-430A-A669-199A6E75BB30} : v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\Users\Niko\AppData\Local\Temp\nslF9A2.tmp\Installer-10611649.exe|Name=proinstaller428677851| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {7777A23C-95E1-407D-B5D3-8AE3BBBB775D} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\Niko\AppData\Local\Temp\nslF9A2.tmp\Installer-10611649.exe|Name=proinstaller428677851| [x] -> Deleted

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 5 ¤¤¤
[PUP.Gen1][Folder] C:\ProgramData\Free YouTube Downloader -> Deleted
[PUP.Gen1][File] C:\ProgramData\Free YouTube Downloader\ffmpeg.exe -> Deleted
[PUP.Gen1][File] C:\ProgramData\Free YouTube Downloader\ffprobe.exe -> Deleted
[PUP.Gen1][Folder] C:\Users\Administrator2\AppData\Local\Free YouTube Downloader -> Deleted
[PUP.Gen1][File] C:\Users\Administrator2\AppData\Local\Free YouTube Downloader\Downloads.data -> Deleted
[PUP.Gen1][File] C:\Users\Administrator2\AppData\Local\Free YouTube Downloader\ffmpeg.exe -> Deleted
[PUP.Gen1][File] C:\Users\Administrator2\AppData\Local\Free YouTube Downloader\Settings.data -> Deleted
[PUP.Gen1][Folder] C:\Users\Administrator2\AppData\Local\Free YouTube Downloader\Temp -> Deleted
[PUP.Gen1][Folder] C:\ProgramData\Free YouTube Downloader -> ERROR [3]
[PUP.Gen1][Folder] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free YouTube Downloader -> Deleted
[PUP.Gen1][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free YouTube Downloader\Free YouTube Downloader.lnk -> Deleted
[PUP.Gen1][Folder] C:\Program Files (x86)\Free YouTube Downloader -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Free YouTube Downloader\BouncyCastle.Crypto.dll -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Free YouTube Downloader\de\MigraDoc.DocumentObjectModel.resources.dll -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Free YouTube Downloader\de\MigraDoc.Rendering.resources.dll -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Free YouTube Downloader\de\PdfSharp.Charting.resources.dll -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Free YouTube Downloader\de\PdfSharp.resources.dll -> Deleted
[PUP.Gen1][Folder] C:\Program Files (x86)\Free YouTube Downloader\de -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Free YouTube Downloader\es\FreeYouTubeDownloader.Localization.resources.dll -> Deleted
[PUP.Gen1][Folder] C:\Program Files (x86)\Free YouTube Downloader\es -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Free YouTube Downloader\FreeYouTubeDownloader.Analyzer.dll -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Free YouTube Downloader\FreeYouTubeDownloader.Common.dll -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Free YouTube Downloader\FreeYouTubeDownloader.Converter.dll -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Free YouTube Downloader\FreeYouTubeDownloader.Debug.dll -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Free YouTube Downloader\FreeYouTubeDownloader.Downloader.dll -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Free YouTube Downloader\FreeYouTubeDownloader.Localization.dll -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Free YouTube Downloader\Ionic.Zip.dll -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Free YouTube Downloader\Microsoft.WindowsAPICodePack.dll -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Free YouTube Downloader\Microsoft.WindowsAPICodePack.Shell.dll -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Free YouTube Downloader\MigraDoc.DocumentObjectModel.dll -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Free YouTube Downloader\MigraDoc.Rendering.dll -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Free YouTube Downloader\Newtonsoft.Json.dll -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Free YouTube Downloader\NLog.dll -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Free YouTube Downloader\ObjectListView.dll -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Free YouTube Downloader\PdfSharp.Charting.dll -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Free YouTube Downloader\PdfSharp.dll -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Free YouTube Downloader\pt\FreeYouTubeDownloader.Localization.resources.dll -> Deleted
[PUP.Gen1][Folder] C:\Program Files (x86)\Free YouTube Downloader\pt -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Free YouTube Downloader\Readme.txt -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Free YouTube Downloader\ru\FreeYouTubeDownloader.Localization.resources.dll -> Deleted
[PUP.Gen1][Folder] C:\Program Files (x86)\Free YouTube Downloader\ru -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Free YouTube Downloader\SplitButton.dll -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Free YouTube Downloader\uk\FreeYouTubeDownloader.Localization.resources.dll -> Deleted
[PUP.Gen1][Folder] C:\Program Files (x86)\Free YouTube Downloader\uk -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Free YouTube Downloader\unins000.dat -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Free YouTube Downloader\unins000.exe -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Free YouTube Downloader\unins000.msg -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Free YouTube Downloader\Uninstall.txt -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Free YouTube Downloader\YouTubeDownloader.exe -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Free YouTube Downloader\YouTubeDownloader.ico -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Free YouTube Downloader\YouTubeDownloader.vshost.exe -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Free YouTube Downloader\zh-CHS\FreeYouTubeDownloader.Localization.resources.dll -> Deleted
[PUP.Gen1][Folder] C:\Program Files (x86)\Free YouTube Downloader\zh-CHS -> Deleted

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WD      WD10JPVX-60JC3T0 SCSI Disk Device +++++
--- User ---
[MBR] f688592a03b58373db9c5f4a708baeac
[BSP] c3ca02d57617eaac5a3c8b204c9c4908 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 922604 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1889902592 | Size: 30962 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
3 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 1953312768 | Size: 102 MB
User = LL1 ... OK
User = LL2 ... OK
 

Link to post
Share on other sites
  • Root Admin

Please restart the computer first and then run the following steps and post back the logs when ready.

STEP 01
Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus

 

STEP 02
Download Sophos Free Virus Removal Tool and save it to your desktop.
 

  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View Log file (bottom left-hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
  • If no threats were found, please confirm that result.

STEP 03
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here.
  • Please attach the Additions.txt log to your reply as well.

 

Thanks

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.