Jump to content

Possibly infected, tried Chameloen, mbar, farbar, mbam... none of them run.


Recommended Posts

It all started with my internal microphone automatically muting itself, after vast research I was led to a possible malware infection.

I purchased the $49.99 Malwarebytes Premium but it will not run.  I run Chameleon and it staggers and farts and eventually fails at everything.  (Failed to copy master.conf file error at the DOS prompt.)

As instructed in this forum I tried mbar.exe... nothing.

Farbar... opens the webpage briefly then crashes Firefox.

I have an HP Omen 17-w053dx running Windows 10.

Help please?

Link to post
Share on other sites

Hi Kevin,

" Please download, install, update and do a Threat Scan with Malwarebytes and post back the log as shown below. " I cannot do this because the program will not run.

"If your current anti-virus solution let this infection through please consider purchasing the Premium version of Malwarebytes for additional protection."  I did this, but it doesn't run.

"Please download the Farbar Recovery Scan Tool and save it to your desktop."  As soon as I do this it opens another tab in Firefox then immediately crashes.

So you see, I cannot post logs.

Additionally, so we can skip some back and forth here, I've downloaded and installed Chameleon to no avail.

 

 

Link to post
Share on other sites

Boot up your spare PC plug in the flash drive, navigate to that drive, right click on it direct and select format. Quick option is adequate...

Next,

On that same PC downoad and save FRST to same Flash drive, make sure to get the correct version, if you are unsure d/l and save both, only the correct one will run. Do not plug Flash Drive into sick PC until booted to Recovery Environment.

http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

Next,

Boot sick PC to Recovery Environment, if you are unsure of that action have a read at the following link, maybe bookmark for future reference...

https://www.tenforums.com/tutorials/2294-boot-advanced-startup-options-windows-10-a.html

Next,

From the Windows 10 Tutorial you should get access to the Advanced Startup Options at boot for Windows 10

user posted image


From that window select "Troubleshoot"


user posted image


From the next window select "Advance Options"


user posted image


From that Window select "Command Prompt"

Ensure to plug the flash drive into a USB port... You should now be in Recovery Environment with the Command Prompt Window open......

Continue with the following:
 
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" or "My PC" and find your flash drive letter and close the notepad.
  • In the command window type E:\frst64 or E:\frst depending on your version. Press Enter Note: Replace letter E with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.


Leave the infected PC in Recovery mode, post the produced log from your flash drive via the spare PC....

Thank you,

Kevin..
Link to post
Share on other sites

From your spare PC Save the attached file fixlist.txt to your flash drive, same place as FRST.

Plug Flashdrive back into Sick PC, Run System Recovery Options as you did to get the log.

Run FRST and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Next,

Boot sick PC back to Normal mode.... Will Malwarebytes run...?

 

fixlist.txt

Link to post
Share on other sites

Here is the fixlog.txt you requested.

...and drum roll please... I said drum ROLL!  Yes that fixed my issue Kevin and now I can run Malwarebytes. 

It found 4 problems and quarantined them.  Now (at least so far) my microphone is automatically muting itself and I can go on working.

Thank you so much.  You will be seeing a donation via your PayPal button.  Is $50 ok?

Fixlog.txt

Link to post
Share on other sites

Yes that donation is much more than ok, thank you very much. I`m not so sure a drum roll is quite ready yet. Its just after midnight local time for me, i`ve got an early start in the morning so will be offline shortly. When you have time yourself i`d like to see a fresh set of logs from FRST with your system in normal mode to make sure your system is clean....

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.

I`ll catch up in the morning...

Cheers,

Kevin...

Link to post
Share on other sites

Here are the files you requested.

I am curious to what the problem was on my computer?  I understand a malware or virus somewhat, but are they so specific that the ONLY thing they target is my microphone?  What's the benefit to anyone in that?

Also, It assume that malware was designed to specifically make it difficult to run Malwarebytes and not allow Farbar to be downloaded too.  Wow that's pretty amazing.

And I thought I was safe by using Norton all these years.

Addition.txt

FRST.txt

Link to post
Share on other sites

Hello JasontheBeaver,

Infections are really a serious threat for any PC. Infections usually gets delivered via any of the following:
 
  • spam emails,
  • bundled freeware programs
  • Drive by downloads.
  • When browsing exploited websites
  • Exploited USB drives

They can make several malignant activities on your system after gaining accesss to your computer. Some of the harmful doings are:
 
  • Disable your security
  • Inject and start malicious processes/services
  • Slow down your computer speed.
  • Bring other harmful threats and malware.
  • Make unwanted changes in registry settings.
  • Steal your personal and confidential data.
  • Create a backdoor into your computer system.
  • Hijack your Browser(s)

I`m not really sure why your microphone was targeted, unless it was going to be used somehow...?


Does that help...?

Continue:

Infections are really a serious threat for any PC. Infections usually gets delivered via any of the following:
 
  • spam emails,
  • bundled freeware programs
  • Drive by downloads.
  • When browsing exploited websites
  • Exploited USB drives

They can make several malignant activities on your system after gaining accesss to your computer. Some of the harmful doings are:
 
  • Disable your security
  • Inject and start malicious processes/services
  • Slow down your computer speed.
  • Bring other harmful threats and malware.
  • Make unwanted changes in registry settings.
  • Steal your personal and confidential data.
  • Create a backdoor into your computer system.
  • Hijack your Browser(s)

Does that help...?

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Download AdwCleaner by Malwarebytes onto your Desktop.

Or from this Mirror
 
  • Right-click on AdwCleaner.exe and select user posted imageRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all the active processes
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply


Next,

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

https://www.microsoft.com/en-gb/download/malicious-software-removal-tool-details.aspx


Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window
In the "Scan Type" window, select Quick Scan
Perform a scan and Click Finish when the scan is done.


Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

notepad c:\windows\debug\mrt.log

The log will include log details for each time MSRT has run, we only need the most recent log by date and time....

Let me see those logs in your reply, also let me know if there are any remaining issues or concerns....

If MRST log is clean i`d recommend that you change all passwords used on this system, specifically any with financial implications..

Thank you,

Kevin..

fixlist.txt

Edited by kevinf80
typing error
Link to post
Share on other sites

Hello JasontheBeaver.

Yes Norton and Malwarebytes will work together, that set up is adequate. My own windows 10 set up is as follows:

Windows Defender - http://www.thewindowsclub.com/windows-defender-settings-windows-10
Windows Firewall - http://www.thewindowsclub.com/how-to-configure-windows-7-firewall
Malwarebytes Premium - https://www.malwarebytes.com/premium/
Unchecky - https://unchecky.com/
McShield - http://www.mcshield.net/
VirusTotal - https://www.virustotal.com/#/home/search - Bookmark this in your default browser, use for checking out files, url`s, IP Addresses, domains etc....
 
I do not use a full suite such as Norton. I believe Windows Defender and Malwarebytes Premium are more than adequate.

Unless you have any remaining issues or concerns run the following to clean up:

Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

If your security program alerts to Delfix either, accept the alert or turn your security off.

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:

 
  • Remove disinfection tools <----- this will remove tools we may have used.
  • Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created.
  • Reset system settings <--- this will reset any system settings back to default that were changed either by us during cleansing or malware/infection


Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted…

Next,

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin... user posted image

 

Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.