RiverMarco Posted March 28, 2017 ID:1112770 Share Posted March 28, 2017 (edited) I've been scanning with Mbam for a couple of days now,and I can't get rid of this virus,or multiple viruses,I've scanned with Farbar,those are the logs and everything. Probably some of the logs are wrote in Italian,due to my system and everything,forgive me in that case. Hope I will get some help to get rid of this virus,Running win xp professional service pack 3 32 bit FRST.txt Addition.txt Edited March 28, 2017 by RiverMarco Link to post Share on other sites More sharing options...
Android8888 Posted March 28, 2017 ID:1112830 Share Posted March 28, 2017 Hello RiverMarco and Forum. I'm Android 8888 and I'll be helping you with your malware issues. Please ask questions if anything is unclear. I suggest printing out each set of instructions or copy them to a Notepad file and reading the entire post before proceeding. It will make following them easier. Please DO NOT run any tools on your own and follow the directions in the order listed. Make sure to run all the tools from the Desktop. Your Operating System (Windows XP) is no longer supported by Microsoft since April 2014. That means your computer has become and will remain more vulnerable to infections. Also, the Firewall in Windows XP doesn't provide protection against unauthorized outgoing connections, leaving your system vulnerable to theft of your data. I suggest you to upgrade your Windows Operating System after the cleaning process. With that being said let's start to clean-up some malware. I noticed that you have malicious programs installed (below in bold) on your system. I'll ask you to uninstall them since uninstalling such programs before running malware removal tools will ensure a better clean-up. Iminent puush If you have an issue when uninstalling a program, please let me know. Next, Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply. Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST executable is located); DO NOT open or modify that file: Double-click on the FRST executable to start the tool; Click on the Fix button;Credits: Aura On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad; Please attach the fixlog.txt in your next reply; Next, Please read the instructions below and make a clean install of Malwarebytes from version 2 to version 3. Download MBAM-clean and save it to your computer Desktop. Double-click on mbam-clean.exe icon to start the tool. It will ask you to reboot the machine - please do so. Run the MBAM-clean tool again and reboot when complete. NOTE: DO NOT miss this step. Download Malwarebytes version 3 from here and save it to your Desktop or anywhere else on your system since you know where is located. Double click on the installer and follow the prompts to install the program. If necessary select the Blue Help tab for video instructions. When the install completes and is updated do the following: Open Malwarebytes; On the left pane select Settings; Then select the Protection tab; Scroll down to Scan Options and ensure Scan for Rootkits and Scan within Archives are both on. Go back to DashBoard and select the blue Scan Now tab. While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), give it a name and save it to your Desktop. The log can also be viewed by clicking the log to select it, then clicking the View Report button. Please attach the log in your next reply. Next, Download Junkware Removal Tool (JRT) and move it to your Desktop; Double-click on JRT.exe to start the tool; Press on any key to launch the scan and let it complete;Credits: Aura Once the scan is complete, a log will open. Please attach the log in your next reply; Next, Download AdwCleaner and move it to your Desktop; Double-click on AdwCleaner.exe to start the tool; Let the database update, then click on Scan; Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all the active processes; Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it; After the restart, a log will open when logging in. Please attach the log in your next reply; To summarize please attach: The fixlog.txt produced by FRST; The MBAM clean log; The JRT log; The AdwCleaner clean log. Let know what issues or concerns do you have with your computer at this point. Thank you. fixlist.txt Link to post Share on other sites More sharing options...
RiverMarco Posted March 29, 2017 Author ID:1113306 Share Posted March 29, 2017 (edited) Done everything as followed,I've attached every log as you requested. AdwCleaner[C0].txt JRT.txt Mbamscanlog.txt Fixlog.txt Edited March 29, 2017 by RiverMarco Link to post Share on other sites More sharing options...
Android8888 Posted March 29, 2017 ID:1113381 Share Posted March 29, 2017 Hello RiverMarco. It appear that all scans went well and cleaned up many infected items. Next, Please download Emsisoft Emergency Kit and save it to your computer Desktop. Right-click the icon and select Run as administrator to run the tool. Click Yes to accept the security warning. Click on the Install button and wait until the installation complete. When finished it will open a new window. Right-click the on the start emergency kit scanner file and select Run as administrator. Click Yes to accept the security warning. The tool will search for updates. If an update is found click Yes to accept and install it. After the update complete, click on Malware Scan under 2. Scan and click Yes to accept and let Emsisoft Emergency Kit detect PUPs. Once the scan is complete, make sure that every item in the list is checked, and click on Quarantine selected; If it asks you for a reboot to delete some items, click on Ok to reboot automatically; After the restart, go to C:\EEK folder and click on the start emergency kit scanner file again to open it; Now click on Logs tab menu; From there, go under the Quarantine Log tab, and click on the Export button; Save the log on your Desktop, then attach it in your next reply; Next, Please download Sophos Virus Removal Tool and save it to your computer's Desktop. Right-click the icon and select Run as administrator. Click Yes to accept any security warnings that may appear. Click the Next button. Select 'I accept the terms in the license agreement', then click Next twice. Click the Install button and wait until the installation is complete. Click the Finish button. The tool created a shortcut icon on the Desktop of your computer. Now, double-click the Sophos Virus Removal Tool shortcut icon to run the tool. Click Yes to accept any security warnings that may appear. After it updates and a "Start Scanning" button appears in the lower right: Disconnect from the Internet or physically unplug your Internet cable connection. Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver. Temporarily disable your anti-virus and real-time anti-spyware protection. Click the "Start Scanning" button in the lower right to start the scan. After starting the scan, do not use the computer until the scan has completed. When finished, if it detected anything there will be a "Start Clean-up" button, click it and allow it to finish. When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet. If any threats are found click Details, then View Log file (bottom left-hand corner). Copy and paste its contents in your next reply and note any errors encountered. Close the Notepad document, close the Threat Details screen, then click Start cleanup. Click Exit to close the program. If no threats were found, please confirm that result. Note: Whenever necessary, the log will be in the following location: Windows XP: C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Virus Removal Tool\Logs\SophosVirusRemovalTool.log Please attach those logs in your reply for my review and tell me how is the computer running at this point. Thank you. Link to post Share on other sites More sharing options...
RiverMarco Posted March 31, 2017 Author ID:1113930 Share Posted March 31, 2017 Good Morning,I noticed that I can't run Emsisoft Emergency Kit on my system,it tells me that it requires Windows 7 or higher. Besides that,I've attached the logs of Sophos down here! On 29/3/2017 at 6:10 PM, Android8888 said: Hello RiverMarco. It appear that all scans went well and cleaned up many infected items. Next, Please download Emsisoft Emergency Kit and save it to your computer Desktop. Right-click the icon and select Run as administrator to run the tool. Click Yes to accept the security warning. Click on the Install button and wait until the installation complete. When finished it will open a new window. Right-click the on the start emergency kit scanner file and select Run as administrator. Click Yes to accept the security warning. The tool will search for updates. If an update is found click Yes to accept and install it. After the update complete, click on Malware Scan under 2. Scan and click Yes to accept and let Emsisoft Emergency Kit detect PUPs. Once the scan is complete, make sure that every item in the list is checked, and click on Quarantine selected; If it asks you for a reboot to delete some items, click on Ok to reboot automatically; After the restart, go to C:\EEK folder and click on the start emergency kit scanner file again to open it; Now click on Logs tab menu; From there, go under the Quarantine Log tab, and click on the Export button; Save the log on your Desktop, then attach it in your next reply; Next, Please download Sophos Virus Removal Tool and save it to your computer's Desktop. Right-click the icon and select Run as administrator. Click Yes to accept any security warnings that may appear. Click the Next button. Select 'I accept the terms in the license agreement', then click Next twice. Click the Install button and wait until the installation is complete. Click the Finish button. The tool created a shortcut icon on the Desktop of your computer. Now, double-click the Sophos Virus Removal Tool shortcut icon to run the tool. Click Yes to accept any security warnings that may appear. After it updates and a "Start Scanning" button appears in the lower right: Disconnect from the Internet or physically unplug your Internet cable connection. Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver. Temporarily disable your anti-virus and real-time anti-spyware protection. Click the "Start Scanning" button in the lower right to start the scan. After starting the scan, do not use the computer until the scan has completed. When finished, if it detected anything there will be a "Start Clean-up" button, click it and allow it to finish. When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet. If any threats are found click Details, then View Log file (bottom left-hand corner). Copy and paste its contents in your next reply and note any errors encountered. Close the Notepad document, close the Threat Details screen, then click Start cleanup. Click Exit to close the program. If no threats were found, please confirm that result. Note: Whenever necessary, the log will be in the following location: Windows XP: C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Virus Removal Tool\Logs\SophosVirusRemovalTool.log Please attach those logs in your reply for my review and tell me how is the computer running at this point. Thank you. SophosVirusRemovalTool.log Link to post Share on other sites More sharing options...
Android8888 Posted March 31, 2017 ID:1113994 Share Posted March 31, 2017 Hello RiverMarco. I'm sorry I did not noticed that Emsisoft Emergency Kit will not run on XP. Your system was highly infected. Sophos cleaned many infections but we have to ensure that all the infections are gone. So let's continue. Make sure that your antivirus program is disabled while performing the following scans. Please re-run Sophos Virus Removal Tool and post its new log. Next, Please perform a scan with ESET Online Scanner. Click on this link to open ESET Online Scanner in a new window.Click on the Scan Now button to download the esetonlinescanner_enu.exe file. Save it to your Desktop. Close all your programs and browsers. Please disable your antivirus program to avoid potential conflicts, improve the performance and speed up the scan. Double click on esetonlinescanner_enu.exe to start ESET Online Scanner. It will open a window with the Terms of Use. Check mark Download latest version of ESET Online Scanner and click the Accept button. Click Yes to accept any security warnings that may appear. Under Computer scan settings, check mark Enable detection of potentially unwanted applications. Then click Advanced settings and check mark the following options:Enable detection of potentially unsafe applications Clean threats automatically Click the Scan button. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. When the scan completes, click List Threats. Click Export, and save the file to your Desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. Click the Back button. Click the Finish button. Note: If nothing is found, it will not produce a log. Please re-enable your antivirus program. Please attach the two following logs in your next reply: SVRT log; ESET log (if it produced one). Let me know how is the computer running at this point. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted May 1, 2017 Root Admin ID:1121184 Share Posted May 1, 2017 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts