Jump to content

MBAM stuck on Scan File System


Recommended Posts

Hi,

A few weeks ago I downloaded a file that turned out to contain a virus, and I'm constantly getting warnings by AVG about "Win:32 adware/malware-gen". I have tried Malwarebytes a few times and it seems to remove a bunch of infected files but they keep coming back. While following a guide on how to remove malware, I performed a Rootkit scan with Malwarebytes but it keeps getting stuck on a file in the Windows folder. What can I do to get rid of the virus or make Malwarebytes continue the scan? (Screenshot of Malwarebytes in the attachment).

Kind regards,

Simon

Addition.txt

FRST.txt

Malwarebytes.PNG

Link to post
Share on other sites

Hello SimonGoose and welcome to Malwarebytes,

Continue with the following:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Open Malwarebytes, select > "settings" > "protection tab"

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Go back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes deal with any found entries... Then select "Export Summary" then "Text File (*.txt)" name that log and save , you can copy or attach that to your reply...

Next,

Download AdwCleaner by Xplode onto your Desktop.

Or from this Mirror
 
  • Double click on Adwcleaner.exe to run the tool
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...


Next,

user posted imageEmsisoft Emergency Kit
  • Click Here to download Emsisoft Emergency Kit. The download will automatically start after a moment.
  • Save EmsisoftEmergencyKit.exe to your Desktop.
  • Double click on EmsisoftEmergencyKit.exe (Windows Vista/7/8/10 users: Accept UAC warning if it is enabled). A screen like this will appear:
    user posted image
     
  • Leave everything as it is, then click Extract. This will unpack Emsisoft Emergency Kit to the EEK folder located in the root drive (usually C:\).
  • Once the extraction is done, an icon will appear on your Desktop. Double click it to start Emsisoft Emergency Kit.
    user posted image
     
  • Wait for Emsisoft Emergency Kit to finish loading signatures. A screen like this should appear:
    user posted image
     
  • Choose Yes, then wait for EEK to finish updating.
  • Choose Malware Scan under the Scan button. When EEK asks to activate PUP detection, choose Yes.
  • Wait for the scan to finish.
    user posted image
     
  • If EEK detects something, all detected items will be displayed. Place a checkmark before everything, then choose Quarantine Selected.
  • If Emsisoft Emergency Kit asks to reboot, please do so immediately.
  • The scan log is located in Logs -> Scan Logs. Click on the entry of the latest scan, choose Export and save the report on your Desktop.
    user posted image
     
  • Please Copy and Paste the contents of the scan log in your next reply.

Let me see those logs, also tell me if there are any remaining issues or concerns...

Thank you,

Kevin

 

 

 

fixlist.txt

Link to post
Share on other sites

Sorry for the late reply, was a bit busy.

I completed all the scans and the logs are in the attachment. Yesterday I suddenly noticed two applications, Big Farm and Big Bang Empire on my desktop, that I didn't install. One of the scans got rid of Big Farm, though Big Bang Empire is still there..

Thanks you!

Simon

AdwCleaner[C0].txt

Fixlog.txt

malwarebyteslog.txt

Scan_170512-163729.txt

Link to post
Share on other sites

Before the scans I wasn't able to delete it (or select it) in the list of programs. But it appears that the folder the big bang empire application was in has been removed (guess by one of the scans), and there is only a shortcut left of it on the desktop that doesn't do anything. Otherwise it seems everything works fine at the moment, so thank you very much for the help!

Best,

Simon

Link to post
Share on other sites

Hello Simon,

Can you remove the shortcut for big bang empire..? If no remaining issues or concerns continue as follows to clean up:

Navigate to and delete these folders/files...

C:\ProgramData\Emsisoft
C:\Users\Andrew\Desktop\start emergency kit scanner - Shortcut.lnk
C:\EEK
C:\Users\{your user name}\Desktop\EmsisoftEmergencyKit.exe

Next,

Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

If your security program alerts to Delfix either, accept the alert or turn your security off.

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:

 
  • Remove disinfection tools <----- this will remove tools we have used.
  • Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created.
  • Reset system settings <--- this will reset any system settings back to default that were changed either by us during cleansing or malware/infection


Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted…

Next,

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin... user posted image

 

Link to post
Share on other sites

  • 2 weeks later...
Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.