2 machines infected

[fletch53]

I have been going through your various forums trying to remove malware left by wtk 2.6.7.  My machine died, I did an image restore to a new machine.  Original machine was a win 7 pro and upgraded.  MS wouldn't give me a new number cause where I bought the machine from closed so I didn't have original license.  To help me out and get their homework done, my kids ran wtk 2.6.7 on both my server (2008 standard) and win 10 pro.

Can only start things on pro from eleavated cmd prompt.  gpedit has a file in %windir%\temp.  Can delete entry, but replaced.  Can't delete file.  Ran defogger.  Made all files visible.  installed Malwarebytes and chameleon.  chameleon.chm only runs from elevated dos prompt.  cannot delete entries in host file.

2008 server will run chameleon as admin, no need for elevated prompt.

Neither rkill nor tdsskiller will make Malwarebytes start straight up nor from chameleon, on either machine.

Logs attached.

Thanks so much up front for any and all help.

AdwCleaner[C2].txt

anti Tool Kit.txt

CheckResults.txt

Rkill.txt

[fletch53]

As a note, I cannot do another image restore.  My space is limited and on an auto over write.

[fletch53]

Files from frst64.  Could not run as (right click) admin.  Had to run from elevated cmd prompt.

Have been working on this for over a week now.  Tests have been from both safe mode and normal trying to get malwarebytes to run from chameleon with rkill and tdsskiller run first.

Addition.txt

FRST.txt

[fletch53]

Found and running ESET.  Seems to be working where nothing else was.

Will keep you informed as this is progressing faster then previous directions.  Thank you so much for your links and directions.

[AdvancedSetup]

Hello @fletch53

Please read and follow the directions from the following topic.

Thanks

Ron

 

[fletch53]

Hi Ron.  Thanks for the suggestion but I used Eset and that fixed it.  I ran Malwarebytes afterwards and it cleaned the registry.

As noted chameleon was ran over 13 times to no avail.  I am glad I installed it on my D drive, because although it said failed to create directory, it had created over 2,000 directories and was over 600 GB large.  Filling up my C drive would have caused other issues.

Thanks for having this forum as I would have been rebuilding machines left and right.  My kids have been restricted and back to fighting with MS about the license key!

I did have notifications on for this topic, but received none or I would have replied sooner.  Much clean up.  I am done replying as this has been remedied.