Jump to content

Recommended Posts

It has been like 3 months since i got rid of Adware.Elex, at least I thought. I ran malwarebytes, Zemana, Hitmanpro, adwcleaner, spybot and rkill as I was advised on the internet. After few tests Adware.Elex and trojan have been found  on my PC. I removed them by the software mentioned.

Now Adware.Elex returned once again. Sudenlly Mozilla installed on my pc and one restart later I am unable to connect to the internet, only when I boot in safe mode. I ran all the software as before and detected the Adware.Elex again plus Adware.Ghoskwa. I tried to get rid of them, but after every restart they come back.

Thanks,

feEEda

Edited by feEEda
Link to post
Share on other sites

Hello feEEda and welcome to Malwarebytes,

My screen name is kevinf80, i`m here to help clean up your system. Make sure to run all scans from accounts with Administrator status, continue as follows please:

Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...

Change the download folder setting in the Default Browser only. so all of the tools we may use are saved to the Desktop:

user posted imageGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. user posted image
Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

user posted imageMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. user posted image Choose Options. In the downloads section, click the Browse button, click on the Desktop folder and the click the "Select Folder" button. Click OK to get out of the Options menu.

user posted imageInternet Explorer - Click the Tools menu in the upper right-corner of the browser. user posted image Select View downloads. Select the Options link in the lower left of the window. Click Browse and select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

user posted imageChange default download folder location in Edge -Boot to a user account with admin status, select start > file explorer > right click on "Downloads" folder and select "Properties"

In the new window select "Location" tab > clear the text field box and type in or copy/paste %userprofile%\Desktop > select "Apply" then "OK"

Be aware you are not changing the Browser download folder location, you are changing the user’s download directory location.....

Next,

Follow the instructions in the following link to show hidden files:

http://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/

Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


Let me see those logs...

Thank you,

Kevin..
Link to post
Share on other sites

Apologies for late reply... Is this IP address known to you and trusted.. IP 10.0.0.138

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Let me see that log, will your system now connect to internet in Normal mode...?

 

fixlist.txt

Link to post
Share on other sites

I´m not familiar with that IP as far as I know.

Pressed the fix button, log attached.

I´m still not able to connect to the internet in Normal mode and when I booted into it I encountered an error (attached). Also when I opened the browser - Microsoft Edge I saw that the settings have been altered to open "ourluckysites.com" on every new bookmark.

Thanks,

feEEda

Fixlog.txt

error.png

Link to post
Share on other sites

Run Malwarebytes from safemode with NW...

Open Malwarebytes, select > "settings" > "protection tab"

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Go back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes deal with any found entries... Then select "Export Summary" then "Text File (*.txt)" name that log and save , you can copy or attach that to your reply...


Post that log

Link to post
Share on other sites

However i did a "full scan" yesterday before I contacted you during which I found like 200 entries which I moved to carantine...

I´m also wondering if u can read the log, because It´s not in English, since my Malwarebytes are not...

 

Link to post
Share on other sites

Yes I can read the logs, I just copy and paste to Google Translator... Run the following Windows repair tool it has to run from Safemode so will be ok..

Download Portable Windows Repair (all in one) from one of the following:

www.tweaking.com/files/setups/tweaking.com_windows_repair_aio.zip

http://www.majorgeeks.com/mg/getmirror/tweaking_com_windows_repair_portable,1.html

https://www.bleepingcomputer.com/download/windows-repair-all-in-one/

Unzip the contents into a newly created folder on your desktop.

Boot your system to Safe mode, instructions here: https://support.microsoft.com/en-gb/help/12376/windows-10-start-your-pc-in-safe-mode

Open the Tweaking.com folder, run the tool by right click on Repair_Windows (icon with red briefcase) select "Run as Administrator"

From the main GUI do the following:

Select Tab 5 to make Registry backup, use the recommended option...

user posted image

When complete select "Repairs" tab, from there select "Open Repairs" tab..

From that window select the default option and checkmarck "Select All" box. When ready select "Start Repairs" tab....

user posted image

When complete re-boot your system to Normal mode, see if there is any improvement...

Logs are saved to the Tweaking.com folder on your Desktop, the one to post is _Windows_Repair_Log.txt
 
When this completes see if internet will work in Normal mode...
 
Thanks,
 
Kevin.
Link to post
Share on other sites

Now when I booted to normal mode I was able to connect to the Internet, even load a page in Edge, but after like 4 secs it went back.

When I try to troubleShoot I dont get anything, It just says no problem was found.

This probably happens because the PC is connected to the Internet, It´s just super slow, when I was last time It got faster, but something is still blocking it.

Im judging that on the fact that when I went to the ethernet adapter and opened It´s properties I saw that it recieves/sends 1000/1000 bites, that now changed to 7 000 000/300 000 bites, but I´m still not able to connect to the Internet with any programme.

Files attached

Minidump.zip

Link to post
Share on other sites

Ok, change back to Normal Boot mode, instructions at same link for clean boot... Go back to Safe mode with NW to download "MiniToolBox" when d/l go back to Normal mode

Please download MiniToolBox from here:

http://www.bleepingcomputer.com/download/minitoolbox/dl/65/

Put sytem back to Normal mode then run the tool....

Checkmark the following checkboxes:
 
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
  • List Restore Points


Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

Let me see that log....

 

Link to post
Share on other sites

Download the following then run it from Normal mode..

Please download http://www.majorgeeks.com/mg/getmirror/complete_internet_repair,1.html Complete Internet Repair and transfer it to your Desktop.

Download Mirror http://www.majorgeeks.com/mg/getmirror/complete_internet_repair,2.html

Double click the icon and select Extract (accept UAC alert if applicable)

Double click the Complete Internet Repair folder on your desktop.

Run the version relevant to your system, 32 bit or 64 bit.

Double click the CIntRep.exe icon <----32 bit version.

Double click the ClntRep_64.exe icon <--- 64 bit version

Place a checkmark next to the following entries:
 
  • Reset Internet Protocol (TCP/IP)
  • Repair Winsock (Reset Catalog)
  • Renew Internet Connections
  • Flush DNS Resolver Cache
  • Repair Internet Explorer
  • Clear Windows Update History
  • Repair Windows / Automatic Updates
  • Repair SSL / HTTPS / Cryptography
  • Reset Windows Firewall Configuration
  • Restore the default hosts file
  • Repair Workgroup Computers view


Click Go!

Ignore any error messages for now

Click OK to reboot your computer, Is the connection restored?
Link to post
Share on other sites

Ok I want to restore your system to the date I quoted..... This can only be done with FRST via the recovery environment... You will need a USB flash drive (memory stick)

Please download Farbar Recovery Scan Tool from here:

http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

save it to a USB flash drive. Ensure to get the correct version for your system, 32 bit or 64 bit...

Next,

Download and save to the same Flash drive the attached file "fixlist.txt" (end of reply)

Next,

Hold down the Shift key and re-boot your PC. Windows should open to the "Choose an Option" window....

From that window select "Troubleshoot" from the next window select "Advance Options" from there select "Command Prompt" ensure to plug the flash drive into an open USB port...

Continue with the following:
 
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst64 or e:\frst depending on your version. Press Enter Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Fix button.
  • It will make a log (fixlog.txt) on the flash drive. Please copy and paste it to your reply.


Thanks,

Kevin..
 

fixlist.txt

Link to post
Share on other sites

Kinda got stuck on a dead end here.

I changed password to my Microsoft account, because I forgot the old one and since my computer isn't able connect to the internet it can't get the new one. 

Not sure what else to do other than reinstalling.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.