Jump to content

Malware preventing MB from working normally/access to MB website

AmneQT
 Share

Recommended Posts

AmneQT

AmneQT

Posted
Posted

Hello,

I believe I am currently infected as I can't open MB when not in Safe Mode (analysis carried out in Safe Mode didn't identify any threat).

I managed to get FRST to work in Safe Mode and got the following files.

What should I do? Please keep in mind that I can't access this thread from my infected computer so provide direct download links.

Thanks!

FRST.txt

Addition.txt

Link to post
Share on other sites
nasdaq

nasdaq

Posted
Posted

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Remove this program in bold via the Control Panel > Programs > Programs and Features.
Ace Stream Media 3.1.20.2 (HKU\S-1-5-21-5627231-2930812037-1976179604-1002\...\AceStream) (Version: 3.1.20.2 - Ace Stream Media) <==== ATTENTION
===

Lets start with running this fix.

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

CHR res: Infected resources.pak (Adware script). Reinstall Chrome. <==== ATTENTION

step1.gif Remove Chrome from your Computer and reinstall a fresh copy later.

step2.gif Before you remove Chrome Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.

How To: http://ccm.net/faq/31791-how-to-backup-your-google-chrome-bookmarks

step3.gifIf you sync you account you must remove it before you save your bookmarks etc...
Delete Your Google Chrome Browser Sync Data if you sync with other defices. <- Important ...
https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/

step4.gif Clear your Chrome cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

step5.gif Remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

step6.gif Re-install Chrome and the Bookmarks.
====

After a restart of the computer doiwnload this program

--RogueKiller--

  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or above, right-click the program file and select "Run as Administrator"
  • Accept the user agreements.
  • Execute the scan and wait until it has finished.
  • If a Windows opens to explain what [PUM's] are, read about it.
  • Click the RoguKiller icon on your taksbar to return to the report.
  • Click open the Report
  • Click Export TXT button
  • Save the file as ReportRogue.txt
  • Click the Remove button to delete the items in RED  
  • Click Finish and close the program.
  • Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.


=======

These are presently your IP addresses.

Quote

ProxyServer: [S-1-5-21-5627231-2930812037-1976179604-1002] => http=127.0.0.1:8888; 
Tcpip\Parameters: [DhcpNameServer] 213.46.172.36 213.46.172.37
Tcpip\..\Interfaces\{2afa417f-1306-4357-a3e3-cbfd3ad3ece0}: [DhcpNameServer] 213.46.172.36 213.46.172.37
Tcpip\..\Interfaces\{fcecb59a-c501-4708-8547-b5b56fdbc351}: [DhcpNameServer] 193.252.165.234

Check with your Internet provider and see if these xxx.xx.xxx.xx are required.
If not delete them if listed in the RogueKiller scan.

Restart the computer normally.

Run the Farbar program and post a fresh FRST.txt log for my review.

Let me know what problem persists.

 

fixlist.txt

Link to post
Share on other sites
nasdaq

nasdaq

Posted
Posted

Hi,

Please run the RogueKiller and remove every items EXCEPT

[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-5627231-2930812037-1976179604-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8888;  -> Trouvé(e)


[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-5627231-2930812037-1976179604-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8888;  -> Trouvé(e)

Let me know what problems persists if any.

 

Link to post
Share on other sites
  • 3 weeks later...
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.