Jump to content

My Computer is infected.

Aditya_Maladkar
 Share

Recommended Posts

nasdaq

nasdaq

Posted
Posted

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

You have not protection. This program should be kept up to date in todays's environment.
AV: Quick Heal Total Security (Disabled - Out of date) {05C1329D-F0E0-4B19-9D15-54F9BC3ADE87}
FW: Quick Heal Firewall (Disabled) {0B0BF67A-8F20-4279-BAB2-9A72A26C76BF}

Remove these programs in bold via the Control Panel > Programs > Programs and Features.

CPUID CPU-Z 1.79.1 (HKLM\...\CPUID CPU-Z_is1) (Version:  - ) <==== ATTENTION
Searchcore Toolbar (HKLM\...\Windows Searchcore Toolbar) (Version: 3.0.0.119129 - Discordia Limited) <==== ATTENTION
SelectionLinks (HKLM\...\sl-dlc) (Version: 1.0 - SelectionLinks) <==== ATTENTION

<<<>>>

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png or the 3 vertical dots located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
<<<>>>

Let me know what the problem persists.

fixlist.txt

Link to post
Share on other sites
Aditya_Maladkar

Aditya_Maladkar

Posted
  • Author
Posted

Thank you for your response,

I can't update Quick Heal Total Security and I can't even install any Antivirus because of a virus known as "Virus.Sality" however, I installed Malwarebytes and ran a scan and I found 2000+ threats. In the scan report, there are many malwares but Malwarebytes failed to remove "Virus.Sality" and I can't open Malwarebytes again. I tried re-installing, it successfully installed but my pc fails to open it.

As you said "Remove these programs in bold via the Control Panel > Programs > Programs and Features..", but there is no "Programs" option and "Program and Features" option. However, I uninstalled "CPUID CPU-Z 1.79.1" from "Control panel> Add or Remove Programs" but I didn't find other two.

As you said "Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button." but I didn't find "Reset browser settings" button.

However, I ran FRST and attached the log file.

Please help me disinfect my Computer.

 

Fixlog.txt

Link to post
Share on other sites
nasdaq

nasdaq

Posted
Posted

Hi,


As you said "Click "Settings" then "Show advanced settings" at the bottom of the screen.

It was changed to Reset and clean up > Restore settings to their original defaults

I will change my canned speech. Thank you.

===

This is a very bad virus.

Download and run the AVG removal tool.
https://www.avg.com/en-ca/remove-win32-sality

If it works please run the Farbar program and post a fresh FRST.TXT log for my review.
Let me know what problem persists.
 

Link to post
Share on other sites
nasdaq

nasdaq

Posted
Posted

Hi,

Sorry about that.

When I opened your Personal message I was transferred to your topic.
I taught I was posting in the PM environment.

===

Go for a clean install of Malwarebytes, see if that helps...

Totally Remove Malwarebytes from your system:

Download the latest version of MB-Clean by clicking this link: https://downloads.malwarebytes.com/file/mb_clean save to your Desktop, or a folder of your choice.

Close all open applications
Double-click and run mb-clean.exe
A prompt with an option to clean up the system will appear:


Yes - will proceed with backing up the license key (Malwarebytes 3.x only) and initiating the cleanup process. (Recommended)
No - will exit the utility

Once the cleanup process is completed, a prompt will appear:

Yes – will proceed and post reboot you will be prompted to continue with the downloading, installation and activation of latest version of Malwarebytes 3.x (Recommended)
No – will exit the utility and you will not be prompted (post reboot) to download, reinstall and re-activate (Not Recommended)

We recommend rebooting immediately. Additionally, stopping at this step is not recommended and will most likely not resolve your issue(s).

Upon reboot, a prompt will appear:

Yes - will download, install and activate the latest version of Malwarebytes 3.x (Recommended)
No - will exit the utility and the cleanup process is complete...

Does clear the issue..?
<<<>>>

Link to post
Share on other sites
Aditya_Maladkar

Aditya_Maladkar

Posted
  • Author
Posted
3 hours ago, nasdaq said:

Once the cleanup process is completed, a prompt will appear:

Yes will proceed and post reboot you will be prompted to continue with the downloading, installation and activation of latest version of Malwarebytes 3.x (Recommended)
No – will exit the utility and you will not be prompted (post reboot) to download, reinstall and re-activate (Not Recommended)

But it didn't prompt, I just opened it, clicked yes and then nothing happened. I rebooted but I didn't see any prompts upon startup. I attached mb-clean-results.

mb-clean-results.txt

Link to post
Share on other sites
nasdaq

nasdaq

Posted
Posted

Hi

The files and folders are no longer on the hard disk.

Lets see what we can find in the Registry.

Run the Farbar program .exe as an Administrator.

In the Search text area, copy and paste the following:
Malwarebytes;MBAM
Once done, click on the Search Registry button and wait for FRST to finish the search
On completion, a log will open in Notepad. Copy and paste its content in your next reply
====

Run the Farbar program and post a fresh FRST.TXT log.
I will check if any letf over items are reported.

Link to post
Share on other sites
Aditya_Maladkar

Aditya_Maladkar

Posted
  • Author
Posted

Hello, 

When I first ran Malwarebytes threat scanner, it saved a scan report file in My Documents folder and I found it today and I found the exact location of Sality.Virus in the Registry. Should I delete it? or is there something that I can do? Here's the screenshot of it and the Scan report file. I think it might be useful.

Virus.sality.png

Threats.txt

Link to post
Share on other sites
nasdaq

nasdaq

Posted
Posted

Hi,

Many of the entries listed in your Addition.txt log concerning Quick Heal Total Security are missing the filename.
Did you remove the folders associated with this program instead of using the Add/Remove programs applet?

AV: Quick Heal Total Security (Disabled - Out of date) {05C1329D-F0E0-4B19-9D15-54F9BC3ADE87}


FW: Quick Heal Firewall (Disabled) {0B0BF67A-8F20-4279-BAB2-9A72A26C76BF}

You have no protection.
McAfee Security Scan Plus. and AdvancedSystemCare are not enough today to protect against virus infection.
===

Even your Windows Firewall is disabled.
Set it ON.
https://support.microsoft.com/en-ca/help/875356/how-to-configure-the-windows-firewall-feature-in-windows-xp-service-pa
===

Run the AdwCleaner program and delete all entries EXCEPT
.AdvancedSystemCare It's considered PUP (Potentially Unwanted Program) you can keep it your call.

After a restart of the computer run the AdwCleaner and post a fresh Log.

Run the Farbar program and post fresh.txt and Addition.txt logs for my review.
To refresh the Addition.txt log make sure you check the box to create the file.

Let me know what problem persists.


 

Link to post
Share on other sites
Aditya_Maladkar

Aditya_Maladkar

Posted
  • Author
Posted
41 minutes ago, nasdaq said:

Many of the entries listed in your Addition.txt log concerning Quick Heal Total Security are missing the filename.
Did you remove the folders associated with this program instead of using the Add/Remove programs applet?

Yes, I removed it manually because I was getting errors when I try to remove it's using Add or remove programs I don't remember the errors.

 

Link to post
Share on other sites
Aditya_Maladkar

Aditya_Maladkar

Posted
  • Author
Posted
57 minutes ago, nasdaq said:

Even your Windows Firewall is disabled.
Set it ON.

My firewall was already at ON. I never disabled it.

Firewall.thumb.png.08306ee4bd79ebadebbfcd535f331404.png

I had not connected to internet since 4 yrs and now I can't connect because some errors maybe it's a virus. Please suggest offline methods. But I can download files from mobile and copy it to PC.

Link to post
Share on other sites
nasdaq

nasdaq

Posted
Posted

Hi,

Looks link a few files are missing.

From the Start > Run Box execute

SFC.EXE / Scannow
Click the OK button.

You may be asked to provide the Windows XP disk.

Let me know if it works.
===

Let see if we can restore your internet.

Please download the attached Fixlist.txt file to the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Keep me posted.

fixlist.txt

Link to post
Share on other sites
nasdaq

nasdaq

Posted
Posted

Hi,


Unless you can get a copy of the XP installation disk there is nothing else I can do here.

This forum is still helping on XP computer.
https://www.bleepingcomputer.com/forums/f/56/windows-xp-home-and-professional/

Some one there will be able to help you getting the disk or the missing files.
They may also be able to find out what is causing the issues with your computer.

Hope that helps.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.