Jump to content

Infected. Malware keeps re-infecting

steelcaress
 Share

Recommended Posts

steelcaress

steelcaress

Posted
Posted

Hi all!

I've managed to get infected some malware. This malware was present when I commandeered my son's computer. It is unknown when or where he got it. 

Steps:

1) Ran ADWCleaner. Found malware. Malware came back. 

2) Ran a full virus scan with Avast. Didn't detect said malware. 

3) Ran Hitman Pro (expired). Found nothing. 

4) Ran Emsisoft. Found nothing. 

5.) System Restore won't do much good. I could probably do it 100 times and not restore the computer to a point before the infection. Not only that, it would be a pain given things I've installed, tweaks I've made, etc. 

Enclosed are my logs. I've since uninstalled Hitman Pro and Emsisoft, being that they seemed pretty useless in my situation.

Addition.txt

AdwCleaner[S16].txt

FRST.txt

Link to post
Share on other sites
Android8888

Android8888

Posted
Posted

Hello steelcaress and  :welcome:
I'm Android 8888 and I'll be helping you with your computer issues. Please ask questions if anything is unclear.

I suggest printing out each set of instructions or copy them to a Notepad file and reading the entire post before proceeding. It will make following them easier.

Next,

Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.

  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST64.exe executable is located); DO NOT open or modify that file!
  • Right-click on the FRST executable and select Run as Administrator;
  • Click on the Fix button;
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
  • Please attach the Fixlog.txt in your next reply;


Next,

  • Download AdwCleaner and move it to your computer Desktop;
  • Right-click on AdwCleaner.exe and select Run as Administrator to start the tool;
  • Click Yes to accept the User Account Control security warning that may appear;
  • Close the window to advise AdwCleaner to a friend (it appears if you are running AdwCleaner for the first time);
  • Click on the Scan Now button;
  • Let the scan complete. Once it's done, make sure that every item listed is checked and click on the Clean & Repair button;
  • Click on the Clean & Restart Now button;
  • After the restart, a log will open when logging in. Please attach that log in your next reply.


Next,

  • Open Malwarebytes;
  • On the left pane select Settings;
  • Select the Protection tab;
  • Scroll down to Scan Options and ensure Scan for Rootkits and Scan within Archives are both on and leave all other settings to default.
  • Go back to Dash Board and select the blue Scan Now tab; Note: The scan may take some time to finish, so please be patient.
  • When the scan completes if potential threats are detected, ensure to check-mark all the listed items, and click the Quarantine Selected button.
  • While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), give it a name and save it to your Desktop.
  • The log can also be viewed by clicking the log to select it, then clicking the View Report button.
  • Please attach the log in your next reply.


To summarize please attach these logs:
Fixlog.txt
AdwCleaner[Cxx].txt log, where 'xx' is a number (the highest number is the most recent);
Malwarebytes clean log.

How is the computer running now? What issues or concerns are you still experiencing on the computer?

Android8888

fixlist.txt

Link to post
Share on other sites
Android8888

Android8888

Posted
Posted (edited)

Hi steelcaress.

You posted the AdwCleaner scan log (AdwCleaner[S19].txt), not the clean log. Have you performed the clean and repair? If not the infected items will reappear.

I need you re-run AdwCleaner and perform a new scan.

Let the scan complete. Once it's done, make sure that every item listed is checked and click on the Clean & Repair button;

Click on the Clean & Restart Now button;

After the restart, a log will open when logging in. Please attach that log in your next reply.

You can find the log in C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt where 'xx' is a number. Please search and attach the one with the highest number.

Android8888

Edited by Android8888
Link to post
Share on other sites
steelcaress

steelcaress

Posted
  • Author
Posted

This is precisely what showed up when Windows rebooted after a scan. It appears to be identical to the other log. If ADWCleaner generates another log, then it is not located on the desktop or in its logs folder. What I attached earlier was the highest number. Now the one I have attached to this reply is the highest number. 

 

Clipboard01.jpg

AdwCleaner[S21].txt

Link to post
Share on other sites
Android8888

Android8888

Posted
Posted (edited)

Humm, that is weird.

Okay, in the log you attached the 'S' letter inside the brackets means Scan. It is created when the scan is done. It appears that it did not create the Clean log (with the letter 'C' inside brackets)

Did you performed all the instructions step by step? I mean, did you clicked on the Clean and Repair and Clean and Restart Now buttons after the scan is finished?

Please re-run another scan, and when the scan is done select/check mark all the items it finds, then click on the Clean and Repair and Clean and Restart Now buttons and then restart the computer.

Then try to find the clean log with the letter 'C' along with the highest number between brackets, like this C:\AdwCleaner\Logs\AdwCleaner[CXX].txt and attach that log for my review.

Please let me know how you get on.

Edited by Android8888
Link to post
Share on other sites
Android8888

Android8888

Posted
Posted

Good! Now all infected items were deleted. ?

2 hours ago, steelcaress said:

I appreciate your patience with me.

You're welcome!

Okay, now let's search for leftovers.

Please scan your computer with ESET Online Scanner. This is a very thorough scan and can take some time to complete, but it's worth it. I advise you to run this scan at night or at least when you are not using the computer.

  • Click on this link to open ESET Online Scanner in a new window.
    1. Click on the Scan Now button to download the esetonlinescanner_enu.exe file and save it to your computer Desktop.
    2. Close all your programs and browsers and disconnect any USB flash drives from the computer.
    3. Please disable your Antivirus program to avoid potential conflicts, improve the performance and speed up the scan.
    4. Right-click on esetonlinescanner_enu.exe and select Run as administrator.
    5. Click Yes to accept the User Account Control security warning that may appear. It will open a window with the Terms of Use.

  • Click the Accept button.
  • Under Computer scan settings, check mark Enable detection of potentially unwanted applications.
  • Then click Advanced settings and check mark the following options:
    • Enable detection of potentially unsafe applications
    • Clean threats automatically
  • Click the Scan button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats.
  • Click Export, and save the file to your Desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.


Note: If nothing is found, it will not produce a log.

Please re-enable your Antivirus program.

Please post the ESET log and let me know how is the computer running at this point.

Android8888

Link to post
Share on other sites
Android8888

Android8888

Posted
Posted

Hi steelcaress.

Yes, the items found by ESET don't require special attention and also most of them were quarantined by AdwCleaner and will be removed when uninstalling the program. So your computer appears to be clean and free of malware.

Now it's time to search for updates.

Outdated programs contains security vulnerabilities that are exploited by malware in order to infect the computer without the user's knowledge. Usually this is one of the ways that more contributes to infect computers.

I advise you to download, install and run a program like FileHippo Update Checker or UCheck to see what programs need to be updated.

After installing the updates it's time to delete the tools we used in the clean-up process by running DelFix.

Follow the instructions below to download and execute DelFix.

  • Download DelFix and move the executable to your Desktop;
  • Right-click on DelFix.exe and select Run as Administrator;
  • Check ONLY the following options :
    • Remove disinfection tools (this option will remove the tools used in the cleaning process).
    • Create registry backup (this option will create a backup from the Windows Registry).
    • Purge system restore (this option will remove all previous and possibly infected restore points, and will create a new and clean restore point of your system).
  • Once the options mentioned above are checked, click on Run;
  • After DelFix is done running, a log will open. I don't need to see that log, just close and delete it. You can find and delete it from C:\Delfix.txt


How is the system running? Are there any issues or concerns with this computer?

Android8888

Link to post
Share on other sites
steelcaress

steelcaress

Posted
  • Author
Posted

Sorry for the late reply, things have been hopping at work. No rest for a freelancer!

Things seem to be running smoothly. DelFix seems to have done its job. U-Check told me what I already knew: the vast majority of software I have is up-to-date (since I outfitted it with what I needed for work within the last three weeks). A few Windows Updates later the computer seems to be fine (other than the latest Firefox being a CPU hog, but that's a different issue). Most importantly, the malware is gone and seems to stay gone.  

Thanks for all your help. You've gone above and beyond and I'm grateful.

Link to post
Share on other sites
Android8888

Android8888

Posted
Posted

Hi steelcaress and sorry for the late reply.

I'm glad to hear the malware is gone. :)

To help keep malware off your system below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please consider using these ideas to help secure your computer.

Keep your Windows Operating System up-to-date.

Keep your Antivirus program up-to-date.

Please note: Many installer offer third-party downloads that are installed automatically when you do not uncheck certain check-boxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser.

Keep Malwarebytes Anti-Malware (MBAM) up to date and perform a regular scan to your system as it will make it harder for malware to reside on your computer.
A tutorial on using MBAM can be found here and a complete guide here

Please Note:[/color] Only the paid for version has real time capabilities. Please go here and scroll down to find a comparison list of the two versions.

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure.

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Another most feared threat at the moment is an infection by a Ransomware. A Ransomware infection is a program that ransoms the data or functionality of your computer until you perform an action. This action is typically to pay a ransom in the form of Bitcoins or another payment method. I advise you to read more info on this terrible threat here and here.

Please keep your programs up to date. This applies to most of the programs and all your Internet Browsers in particular. Vulnerabilities in the programs are often exploited in order to install malware on your PC.

Be careful with flash drives, as they can spread infections. See this post on USB/flash drive safety.

Stay away from P2P software; even with a clean P2P program, their networks are often riddled with malware.

Don't click on attachments or links in e-mail, and read your e-mail in text-only mode for the highest safety.

Don't click on links received in instant message programs.

A HOSTS file will prevent Internet Explorer from communicating with sites known to be associated with adware or spyware. A good regularly updated HOST file is MVPS HOSTS File, available here

For much more useful and complete information, please read the following links to fully understand PC Security and Best Practices:
So how did I get infected in the first place
Answers to common security questions - Best Practices

Hopefully these steps will help to keep you error and malware free. If you run into more difficulty, we will certainly do what we can to help.

Happy surfing and stay safe. default_cool.png

Android8888

Link to post
Share on other sites
  • 3 weeks later...
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.