Jump to content

Malware Removal - Will not reboot from Malwarebytes


Recommended Posts

Help!!

I recently collected a rootkit with some RiskWare.

Malwarebytes told me that it needs to be rebooted to be deleted, so i reboot and scan again.

It still detects the same viruses that i had previously had and did not delete them.

It does not give me an option to "reboot" my pc after i clicked on quarantine like it did when i first downloaded it.
Please help, it would be greatly appreciated.

-Bubbles

Link to post
Share on other sites

These are the items i cannot remove off my computer. 

The system recovery rootkit looks like a nasty one 

Please, if you can guide me on removing these things, that would be great!

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 3/27/17
Scan Time: 10:12 PM
Logfile: 
Administrator: Yes

-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.75
Update Package Version: 1.0.1611
License: Free

-System Information-
OS: Windows 8.1
CPU: x64
File System: NTFS
User: PATS\Jacob

-Scan Summary-
Scan Type: Custom Scan
Result: Completed
Objects Scanned: 597781
Time Elapsed: 1 hr, 38 min, 13 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 5
RiskWare.DLLInjector, C:\$RECYCLE.BIN\S-1-5-21-604479001-3023413412-855544174-1004\$RFNLIYM.RAR, No Action By User, [12587], [153171],1.0.1611
Rootkit.Necurs.R.64, C:\SYSTEM RECOVERY\REPAIR\BACKUP\2B821E1F73C233F1AA307A6ED7A4BE199BF4595D.SYS, No Action By User, [20396], [200000216],1.0.1611
PUP.Optional.Spigot, C:\USERS\JACOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\66CDZ34B.DEFAULT\PREFS.JS, No Action By User, [814], [301667],1.0.1611
PUP.Optional.Spigot, C:\USERS\JACOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\66CDZ34B.DEFAULT\PREFS.JS, No Action By User, [814], [303258],1.0.1611
RiskWare.DLLInjector, C:\USERS\JACOB\DOWNLOADS\SKIDMA SCRIPT EXECUTOR HACK.RAR, No Action By User, [12587], [153171],1.0.1611

Physical Sector: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

I see that you have two Antivirus installed on your system: AVG and avast!. You should never have more than one Antivirus installed at the time on a system, as running multiple at the same time can cause system instability and conflict. Therefore, you should uninstall either AVG or avast!, and keep the other one (uninstall the one you didn't pay for, if that's the case, and keep the one you have an active licence for).

This being said, I see in your Malwarebytes log that you didn't take any action regarding the detections it reported. Once the scan is done running, are you clicking on the Quarantine Selected button (with all the detected threats checked)?

Link to post
Share on other sites

Yes, i am clicking "select all," then i am clicking quarantine selected. When i click quarantine selected, it doesn't give me a "to remove threats, you will need to reboot your computer, would you like to reboot now?" It just tells me i need to reboot. There is no "reboot" option on windows 8.1 that i can find, so i hit the windows key and go to "restart" 

I then scan again and the same threats come up! 

:(!

This is why i came here, i didn't know what to do 

-Bubbles

Link to post
Share on other sites

Because i cannot edit the post above this one, i will say the reason i downloaded AVG is to see if it could pick up on this riskware and Rootkit, which it did not so :/ 

Avast didn't pick it up either. 

And malwarebytes wouldn't remove the virus as stated above, it just tells me to reboot but doesn't give me the option

-Bubbles

Edited by Bubbles124
Link to post
Share on other sites

Alright, let's get a copy of the files Malwarebytes is trying to delete so I can submit them. After running the fix below, a .zip file should be created on your desktop with today's date as name. Upload that file to the link below.

https://www.bleepingcomputer.com/submit-malware.php?channel=194

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.

  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located);
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Click on the Fix button;
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
  • Copy and paste its content in your next reply;

fixlist.txt

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.