Jump to content

Recommended Posts

Hello Malwarebytes community,

I have been stuck with this virus the past while. I am not able to change the Manual Proxy address in the Settings page. It is stuck on http=127.0.0.1:8080;https=127.0.0.1:8080. When I try to change it, it reverts back when I leave and go back to the Manual Proxy screen again. I am not able to browse on Microsoft Edge or Chrome but somehow Firefox is okay and I've been able to get by for now. I have attached FRST and Addition files here. Thanks in advance for your help!!!

Eden

FRST.txt

Addition.txt

Link to post
Share on other sites

Hello basktballer and :welcome: Forums.

My screen name is Android8888 but if you wish you can call me Rui which is my real name. I will be helping you with your malware issues. Please ask questions if anything is unclear.

I suggest printing out each set of instructions or copy them to a Notepad file and reading the entire post before proceeding. It will make following them easier.

Read all of my instructions very carefully and bear in mind that any mistakes during the cleaning process may have serious consequences such as leaving the computer unbootable.

Please DO NOT run any tools on your own or make any other changes to your computer and follow the directions in the order listed during the malware removal process, otherwise you can worsen the situation rather than solve it.

Make sure to run all tools from the computer's Desktop and with Administrator privileges (i.e. right-click the tool icon and select Run as administrator).

Please run one scan at a time.

Once started the malware removal process has to be completed. Even if your computer appears to be running better, it may still be infected as some infections are difficult to remove and can leave remnants on the System.

 

I noticed that you have a malicious program installed on your system. I'll ask you to uninstall it since uninstalling that program before running malware removal tools will ensure a better clean-up.
Amazon Assistant
If you have an issue when uninstalling the program, please let me know.


Going over your logs I noticed that you have Torrent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall Torrent, however that choice is up to you. If you choose to remove these programs, you can do so via right-click on Start > Control Panel > Programs and Features
If you wish to keep it, please do not use it until your computer is cleaned.

 

Next,

Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.

  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST64.exe executable is located); DO NOT open or modify that file!
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator;
  • Click on the Fix button;
    NYA5Cbr.png
    Credits: Aura
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
  • Please attach the fixlog.txt in your next reply;


Next,

  • Download Junkware Removal Tool (JRT) and move it to your Desktop;
  • Right-click on JRT.exe and select Spcusrh.pngRun as Administrator;
  • Press on any key to launch the scan and let it complete;
    tLsXbWy.png
    Credits: Bleeping Computer and Aura
  • Once the scan is complete, a log will open. Please attach that log in your next reply;


Next,

  • Download AdwCleaner and move it to your Desktop;
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator;
  • Accept the EULA (I accept), let the database update, then click on Scan;
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Cleaning button. This will kill all the active processes;
    MV5ejgW.png
    Credits: Aura
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it;
  • After the restart, a log will open when logging in. Please attach that log in your next reply;


Next,

  • Open Malwarebytes;
  • On the left pane select Settings;
  • Select the Protection tab;
  • Scroll down to Scan Options and ensure Scan for Rootkits and Scan within Archives are both on and leave all other settings to default.
  • Go back to DashBoard and select the blue Scan Now tab; Note: The scan may take some time to finish, so please be patient.
  • When the scan completes if potential threats are detected, ensure to checkmark all the listed items, and click the Quarantine Selectedbutton.
  • While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), give it a name and save it to your Desktop.
  • The log can also be viewed by clicking the log to select it, then clicking the View Report button.
  • Please attach the log in your next reply.


In your next reply please attach:
The fixlog.txt;
The JRT.txt log;
The AdwCleaner clean log;
The Malwarebytes log.

How is the computer running now? Does the proxy settings issue remains?

Thank you.

fixlist.txt

Link to post
Share on other sites

Thanks for getting back so quickly Rui. I am not able to uninstall Amazon Assistant, and the "Modify" and "Uninstall" buttons are both greyed out. I have not yet started on any of the other removal steps yet. Please let me know how to proceed. Thanks again!

Eden

 

 

Link to post
Share on other sites

Hello basktballer.

Okay, thank you for that information.

Let's try to uninstall Amazon Assistant using the Revo Uninstaller.

Please download and install the free version of Revo Uninstaller
Right-click on the icon of Revo Uninstaller and select Run as administrator to run the tool.
Click Yes to accept any security warnings that may appear.
Select Amazon Assistant and click Uninstall. Follow the instructions to complete the removal process.
In 'Search Mode' set it to 'Advanced' and click on the Scan button. The tool will search for leftovers.
Click on Delete and then click Next. You may have to repeat this to delete all the leftovers (Registry items, files and folders).
Click on the Finish button.
Restart the computer.

Then perform the instructions in the order listed in my previous post and attach the logs for my review.

Thank you.

Rui

Link to post
Share on other sites

Hello Eden.

These are good news and you are welcome!

Now let's check for leftovers.

Please scan your computer with ESET Online Scanner.

  • Click on this link to open ESET Online Scanner in a new window.
    1. Click on the Scan Now button to download the esetonlinescanner_enu.exe file. Save it to your Desktop.
    2. Close all your programs and browsers.
    3. Please disable your antivirus program to avoid potential conflicts, improve the performance and speed up the scan.
    4. Double click on esetonlinescanner_enu.exe to start ESET Online Scanner. It will open a window with the Terms of Use.

  • Check mark Download latest version of ESET Online Scanner and click the Accept button.
  • Click Yes to accept any security warnings that may appear.
  • Under Computer scan settings, check mark Enable detection of potentially unwanted applications.
  • Then click Advanced settings and check mark the following options:
    • Enable detection of potentially unsafe applications
    • Clean threats automatically
  • Click the Scan button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats.
  • Click Export, and save the file to your Desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.


Note: If nothing is found, it will not produce a log.

Please re-enable your antivirus program.

 

Please download Security Analysis by Rocket Grannie from here

  • Save it to your Desktop.
  • Close your security software to avoid potential conflicts.
  • Double click RGSA.exe
  • Click OK on the copyright-disclaimer
  • When finished, a Notepad window will open with the results of the scan.
  • The log named SALog.txt can also be found on the Desktop or in the same folder from where the tool is run if installed elsewhere.
  • Please copy and paste the contents of that log in this topic.


Note: If you get a Warning from Windows about running the program, click on More info and then click Run Anyway to run it even though Windows says it might put your PC at risk.

 

Please copy and paste the contents of ESET log (if it produced one) and attach the SALog.txt.

Thank you.

Rui

Link to post
Share on other sites

Hello Eden.

Thank you for those logs. ESET found and deleted 5 PUA (Potentially Unsafe Applications).
So, your computer appears to be clean at this moment.


Please update Adobe Flash Player. Make sure to uncheck the two Special offers "McAfee Security Scan Plus" and "True Key by Intel Security" unless either you need or want them installed.
Adobe Flash Player


You can also run a program like Personal Software Inspector (PSI) or FileHippo Update Checker to see what programs need to be updated.

Next,

If all is running well, you can now delete the tools we used in the malware removal process using DelFix.

Follow the instructions below to download and execute DelFix.

  • Download DelFix and move the executable to your Desktop;
  • Right-click on DelFix.exe and select Run as Administrator;
  • Check the following options :
    • Activate UAC (This option will activate the User Account Control feature).
    • Remove disinfection tools (this option will remove the tools used in the cleaning process).
    • Create registry backup (this option will create a backup from the Windows Registry).
    • Purge system restore (this option will remove all previous and possibly infected restore points, and will create a new and clean restore point of your system).
    • Reset system settings (this option will reset any system settings back to default that were changed either by us during cleansing or by malware infection).
  • Once the options mentioned above are checked, click on Run;
  • After DelFix is done running, a log will open. Please copy and paste the entire content of the output log in your next reply;


Are there any issues or concerns with your computer?

Link to post
Share on other sites

Things seem to be working OK still. See below for my DelFix logs. I manually removed the tools and files that weren't done by DelFix. Thanks so much for your help again Rui!

Cheers,

Eden

 

# DelFix v1.013 - Logfile created 14/05/2017 at 21:21:29
# Updated 17/04/2016 by Xplode
# Username : Eden - EDEN-HPLAPTOP
# Operating System : Windows 10 Pro  (64 bits)

~ Activating UAC ... OK

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Eden\Desktop\RGSA.exe
Deleted : C:\Users\Eden\Desktop\SALog.txt

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #18 [Scheduled Checkpoint | 02/18/2017 04:04:03]
Deleted : RP #19 [Windows Update | 02/23/2017 03:54:30]
Deleted : RP #20 [Scheduled Checkpoint | 03/04/2017 10:06:57]
Deleted : RP #21 [Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 | 03/17/2017 03:47:27]
Deleted : RP #22 [Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 | 05/02/2017 02:23:23]
Deleted : RP #24 [Revo Uninstaller's restore point - Amazon Assistant | 05/12/2017 21:40:08]
Deleted : RP #25 [Removed Amazon Assistant | 05/12/2017 21:40:57]
Deleted : RP #28 [JRT Pre-Junkware Removal | 05/12/2017 22:08:17]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########

 

 

Edited by basktballer
didn't write message
Link to post
Share on other sites

Hi Eden and thank you for the log.

You're welcome! :)

 

If all is running well with your computer, below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections.

Please consider using these ideas to help secure your computer.

 

Keep your Windows Operating System up-to-date.

Keep your Antivirus program up-to-date.

Please note: Many installer offer third-party downloads that are installed automatically when you do not uncheck certain checkboxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser.

Keep Malwarebytes Anti-Malware (MBAM) update and perform a regular scan to your system as it will make it harder for malware to reside on your computer.
A tutorial on using MBAM can be found here and a complete guide here

Please Note: Only the paid for version has real time capabilities.
A free non-resident utility to prevent the installation of ActiveX-based malware is JavaCool's SpywareBlaster, available here

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure.

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Another most feared threat at the moment is an infection by a Ransomware. A Ransomware infection is a program that ransoms the data or functionality of your computer until you perform an action. This action is typically to pay a ransom in the form of Bitcoins or another payment method. I advise you to read more info on this terrible threat here and here.

Please keep your programs up to date. Vulnerabilities in these programs are often exploited in order to install malware on your PC.

 

Be careful with flash drives, as they can spread infections. See this post on USB/flash drive safety.

Stay away from P2P software; even with a clean P2P program, their networks are often riddled with malware.

Don't click on attachments or links in e-mail, and read your e-mail in text-only mode for the highest safety.

Don't click on links received in instant message programs.

A HOSTS file will prevent Internet Explorer from communicating with sites known to be associated with adware or spyware. A good regularly updated HOST file is MVPS HOSTS File, available here

For much more useful and complete information, please read the following links to fully understand PC Security and Best Practices:
So how did I get infected in the first place
Answers to common security questions - Best Practices

Hopefully these steps will help to keep you error and malware free. If you run into more difficulty, we will certainly do what we can to help.

Happy surfing and stay safe. default_cool.png

Android8888

 

Link to post
Share on other sites

  • 2 weeks later...
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.