my laptop has been infected, please help!

[hazri]

i attached the results of farbar recovery scan of my laptop. Please help me I need to finish my thesis.

Addition.txt

FRST.txt

[Android8888]

Hello hazri and

My screen name is Android8888 but if you wish you can call me Rui which is my real name. I will be helping you with your malware issues. Please ask questions if anything is unclear.

I suggest printing out each set of instructions or copy them to a Notepad file and reading the entire post before proceeding. It will make following them easier.

Please read the instructions carefully, I strongly suggest you DO NOT run any tools on your own or make any other changes to your computer and follow the directions in the order listed, otherwise you can worsen the situation rather than solve it.

Make sure to run all tools from the computer's Desktop and with Administrator privileges (i.e. right-click the tool icon and select Run as administrator).

Please run one scan at a time.

Once started the malware removal process has to be completed in order to ensure the success of the clean-up. Even if your computer appears to be running better after performing a first set of instructions, it may still be infected as some infections are difficult to remove and can leave remnants on the System. Please consider it clean and safe only when I declare it free of malware.

Going over your logs I noticed that you have Torrent installed.

• Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
• They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
• Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
• The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
  

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall Torrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Programs and Features.
If you wish to keep it, please do not use it until your computer is cleaned.

 

Illegal software is one of the fastest ways to get infected. One of the files to be removed in the FRST fix includes an illegal software crack. Cracks, key generators, and other means to illegally bypass registration is a sure way to get infected.
You don't even have to download and run anything from some sites that host such software to infect your system - all you have to do is visit the site with your browser.

I strongly suggest you uninstall Chrome Media Router. This is a Firefox extension known to track your Internet activity.
Instructions on how to uninstall an extension on Firefox here:

Warning: Your Hard Disk Drive has several physical bad blocks which can cause System errors and Data loss. When running the fix script below with FRST the system will reboot and start a Disk check. Please do not turn off the computer while the Disk check running.

 

Next,

First of all move the FRST executable file to the Desktop. Now, follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.

• Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST64.exe executable is located); DO NOT open or modify that file!
• Right-click on the FRST executable and select Run as Administrator;
• Click on the Fix button;
  
  Credits: Aura
• On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
• Please attach the Fixlog.txt in your next reply;
  

 

Next,

Please download Malwarebytes and save it to your computer Desktop.

Right-click the executable file and select Run as administrator to start the tool;
Click Yes to accept the User Account Control (UAC) security warning that may appear and follow the prompts to install the program;

Once the Malwarebytes Dashboard opens, on the right detail pane click on the word 'Current' under the 'Scan Status' to update the tool's database;

 

On the left menu pane click on the Settings tab, and then select the Protection tab on the top;
Under the 'Scan Options', make sure the buttons Scan for rootkits and Scan within archives are both On.

 
 
 
Click the Scan tab on the left detail pane, select Threat Scan and click the Start Scan button;

Note: The scan may take some time to finish, so please be patient;

If potential threats are detected, ensure to check mark all the listed items, and click the Quarantine Selected button;

While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), give it a name and save the log file to your computer Desktop;

Please post the content of the log in your next reply.

Note: If asked to restart the computer, please do so immediately.

 

Next,

• Download AdwCleaner and move it to your Desktop
• Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
• Accept the EULA (I accept), then click on Scan
• Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all active processes
  
  Credits: Aura
• Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
• After the restart, a log will open when logging in. Please attach that log in your next reply
  

 

Next,

• Download Junkware Removal Tool (JRT) and move it to your Desktop
• Right-click on JRT.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
• Press on any key to launch the scan and let it complete
  
  Credits: Bleeping Computer and Aura
• Once the scan is complete, a log will open. Please attach that log in your next reply
  

 

In your next reply please attach the following logs:
Fixlog.txt;
Malwarebytes log.
AdwCleaner clean log;
JRT.txt log;

How is your computer running at this point? Please let me know in detail what problems are you still having with the computer.

fixlist.txt

[hazri]

hi there Rui, thanks for helping me out. I have done the FRST and my laptop was restarted. the restart also repaired my drive C but somehow now I cant install malwarebyte. It says that the file directory is corrupted and unreadable. What do I do now?

Fixlog.txt

[hazri]

nevermind the previous issue was solved after I restart my computer. So i have done until the adware cleaner scan but the JRT is said to be discontinued. my computer's condition is much better than when i got infected, but still not as fast as usual. for instance if i wanna open file explorer or chrome, it takes some time before they actually opened. is there anything else i should do?

Fixlog.txt

malwarebytescan.txt

AdwCleaner[S1].txt

[Android8888]

Hello hazri. Thank you for the feedback.

Okay,  please proceed with the following scan with ESET Online Scanner. This scan will search for leftovers of infections on your system. It is a very thorough scan and may take several hours to complete but it is worth it.

• Click on this link to open ESET Online Scanner in a new window.
  
  1. Click on the Scan Now button to download the esetonlinescanner_enu.exe file. Save it to your Desktop.
  2. Close all your programs and browsers and disconnect any USB flash drives from the computer.
  3. Please disable your antivirus program to avoid potential conflicts, improve the performance and speed up the scan.
  4. Double click on esetonlinescanner_enu.exe to start ESET Online Scanner. It will open a window with the Terms of Use.

• Check mark Download latest version of ESET Online Scanner and click the Accept button.
• Click Yes to accept any security warnings that may appear.
• Under Computer scan settings, check mark Enable detection of potentially unwanted applications.
• Then click Advanced settings and check mark the following options:
  
  • Enable detection of potentially unsafe applications
  • Clean threats automatically
    
• Click the Scan button.
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click List Threats.
• Click Export, and save the file to your Desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• Click the Back button.
• Click the Finish button.
  

Note: If nothing is found, it will not produce a log.

Please re-enable your antivirus program.

 

Next,

Please read the instructions below and reset your browsers back to default to prevent unexpected issues.

If you are not using one of the browsers but it is installed, then you may want to consider uninstalling it as older versions of some software can pose an increase in the potential for an infection.

Internet Explorer
How to reset Internet Explorer settings

Microsoft Edge
How to Reset Microsoft Edge in Windows 10

Firefox
Click on Help / Troubleshooting Information then click on the Refresh Firefox button.

Chrome
Reset Chrome back to defaults to completely clear out issues with Chrome.

• First, go to >> Google Sync << and sign into your account. Make sure you know your password as this will clear it from the browser.
• Scroll down until you see the   button and then click it to clear your data from the server and remove your passphrase.
• Now, close all Chrome windows. Chrome cannot be running for the next step. If needed, print this information or use another browser to read the information.
• Press the Windows key + R at the same time, to bring up the run dialog box.
   
  • 
     
• Type in (or copy/paste) the following and press Enter:      %localappdata%\Google\Chrome\User Data\Default\
   

1. Press Ctrl + A to select all the files and folders.
2. Hold down Ctrl + A and click once on the files "Bookmarks" and "Bookmarks.bak". This will unselect them. This is what it should look like:
   
   
    
3. With all the files selected (except for your Bookmarks), press the Delete key and click Yes to delete the files and folders.

Restart your computer now and let me know in detail what issues or concerns are you still having with the computer. Does the slow issue still remains?

[hazri]

hello Rui, so i have done all the instruction that you have given me but the slow when opening an apps still remains. Does this has anything to do with my hard disk drive? oh and btw my local app data for google  chrome only has 1 folder (which is empty) unlike the one that you showed. Is that normal? I snipped the folder for your reference. 

ESETScan.txt

[Android8888]

Hello hazri.

14 hours ago, hazri said:

Does this has anything to do with my hard disk drive?

Most likely yes. We will try to fix or at least minimize these slow issues. However, keep in mind that a Hard Disk Drive (HDD) with bad blocks means a "sick" HDD. The bad blocks are like "dead" physical zones (clusters) in your HDD and they can't be repaired. They are identified, flagged and placed out of service. If there are many bad blocks, which seems to be the case, it means that your HDD started its end-of-life cycle. When this starts happening on a HDD, most likely will appear more and more so I strongly suggest you backup your data and replace the HDD as soon as you can.

Now I suggest printing out each set of instructions or copy them to a Notepad file and reading the entire post before proceeding. It will make following them easier.

Note: Do not skip any of the steps below. If you have difficulty in performing any step, please let me know.

Please download Zoek tool from here and save it to your computer's Desktop.
Next, temporarily disable your Security programs so it does not interfere with the scan.
Information on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs.

Right-click the Zoek.exe file and select Run as administrator to start the tool (Give it a few seconds to appear).
Click Yes to accept the User Account Control security warning.
Once Zoek window is open, copy and paste the entire script inside the code box below to the input field of Zoek:
 

createsrpoint;
autoclean;
emptyclsid;
emptyffcache;
FFdefaults;
emptyiecache;
iedefaults;
emptychrcache;
CHRdefaults;
emptyalltemp;
emptyfolderscheck;delete
ipconfig /flushdns;b

Close any open Internet Browsers.
Click the Run script button, and wait. It takes several minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the system drive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Note: Please re-enable your Security programs.

Please post the zoek-results.log in your next reply.

 

Next,

The following procedures can take some time consuming so please be patient.

Please download the portable version of Windows Repair from here.

• Move the compressed file tweaking.com_windows_repair_aio on your computer Desktop, and extract it there;
• Boot in Safe Mode with Networking; Instructions on how to do it here: Safe Mode with Networking;
• Go in the tweaking.com_windows_repair_aio folder, then Tweaking.com - Windows Repair folder, right-click on Repair_Windows.exe and select Run as Administrator;
• Click Yes to accept the User Account Control security warning that may appear;
• Wait a few seconds and click the I Agree button to accept the End User License Agreement;
  

Next, select the Step 2: (Optional) tab menu;

 
 
 

Click on the icon Open Repair Reparse Points;

 
 
 

Click on 1. Scan Reparse Points button;

 
 
 

Click on 2. Repair Selected button;

Close the current window;
 
 
 

Now, click the icon Open Repair Environment Variable;

 
 
 

Click the button 2. Apply New Paths;
Click the button 4. Apply New Paths;
Click the button 6. Apply New PathsExt;
Click the button 7. Apply Variables;

Close the current window;
 
 

Next, select the Step 4: (Optional) tab menu;
Click the Next button to start the scan and repair the System files;

 

Next,

Select the + Repairs - Main tab menu;
Click the Preset: Common Repairs button (it will open a new window with the repairs already preselected for this option);
Click the Start Repairs button and wait until the repairs are complete;
If you are being prompted with a Security Warning, allow it to go through;

Once the repair is complete, it'll ask you to restart your computer, please do it;

In your next reply please attach the zoek-results.log and let me know how is the computer running. Are there any improvements?

Thank you.

Rui

[AdvancedSetup]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!