Jump to content

Recommended Posts

Hi and thanks in advance for any assistance. I've been infected with a lot of malware i think, mbar removed between 7 and 800 threats on the first run. Even after multiple runs I cannot install or run malwarebytes,mb-clean, AdwCleaner or JRT. Posting todays logs from mbar and FRST, hope you can help me save my virtual life :)

 

mbar-log-2017-05-08 (14-41-55).txt

Addition.txt

FRST.txt

Link to post
Share on other sites

Hello S7iX and welcome to Malwarebytes.

Continue with the folllowing:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

See if Malwarebytes will install...

Download Malwarebytes version 3 from the following link:

https://www.malwarebytes.com/mwb-download/thankyou/

Double click on the installer and follow the prompts. If necessary select the Blue Help tab for video instructions....

When the install completes and is updated do the following:

Open Malwarebytes, select > "settings" > "protection tab"

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Go back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes deal with any found entries... Then select "Export Summary" then "Text File (*.txt)" name that log and save , you can copy or attach that to your reply...
 
Thank you,
 
Kevin...

 

 

fixlist.txt

Link to post
Share on other sites

Hi Kevin!

 

Malwarebytes 3 still won't install. After my first post I continued lurking and got Malwarebytes 2.2.1.1043 installed and running through Chameleon. I was running a scan when you replied but I aborted it and ran the frst fix. It had found 4 reg key and one file infection, realtek high definition audio.dll.

It's still giving me an alert that a system admin has blocked mb3 when I try to start the installer.

Attaching the frst fixlog, now I'll stop messing around and wait for your instruction, thanks for helping. 

Fixlog.txt

Link to post
Share on other sites

I think you may have a similar infection to a couple other threads i`m helping, infection copies Untrusted Certificates for many security programs onto the system to stop such security from working..

See if you can do the following, read through a couple of times or print off if that is easier for you to follow
 
  • Select Windows key and R key together,,
  • In the Run dialog box type MMC, and then click OK.
  • The Microsoft Management Console (MMC) appears.
  • In the MMC, on the Console menu, click File then Add/Remove Snap-in....
  • In the Add or Remove Snap-in dialog box, click Certificates, and then click Add.
  • In the Certificates snap-in dialog box, click My User Account, and then click Finish.
  • click OK on Add or Remove Snap ins.
  • Expand the Certificates Current User node by double click
  • Expand UnTrusted Certification by double click
  • Double Click Certificates Trust List.
  • The details pane appears, showing all of the root CA certificates that are currently untrusted.


Is there an untrusted Certificate for Malwarebytes or any other Security Programs...?
Link to post
Share on other sites

Yes, it seems all the anti virus I have ever installed are untrusted :) 

Avast, AVG, Avira (Symantec class3), Bitdefender, Comodo, ESET, Kaspersky, Malwarebytes, McAfee, Panda and Trend Micro are all in there.

Link to post
Share on other sites

Excellent, continue with the following:

Download AdwCleaner by Xplode onto your Desktop.

Or from this Mirror
 
  • Double click on Adwcleaner.exe to run the tool
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...


Next,

Download Sophos Free Virus Removal Tool and save it to your desktop.

If your security alerts to this scan either accept the alert or turn off your security to allow Sophos to run and complete.....

Please Do Not use your PC whilst the scan is in progress.... This scan is very thorough so may take several hours...
 
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
  • If no threats were found please confirm that result....



The Virus Removal Tool scans the following areas of your computer:
  • Memory, including system memory on 32-bit (x86) versions of Windows
  • The Windows registry
  • All local hard drives, fixed and removable
  • Mapped network drives are not scanned.


Note: If threats are found in the computer memory, the scan stops. This is because further scanning could enable the threat to spread. You will be asked to click Start Cleanup to remove the threats before continuing the scan.

Let me see those logs, also tell me if there are any remaining issues or concerns...

Thank you,

Kevin.
Link to post
Share on other sites

  • 3 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.