Jump to content
TyB

Mail.ru Malware Not Completely Gone

Recommended Posts

I got the Mail.ru adware virus recently, and Malwarebytes free removed 166 files related to it. However, it failed to remove the Mail.ru updater, which ran every time I started my computer. It was in the local appdata folder, and I deleted it manually and it hasn't run since. How can I be sure that the virus isn't also hiding other places and that Malwarebytes actually removed it completely?

Share this post


Link to post
Share on other sites

Hello  and :welcome:

Please take your time.

 NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

Download Malwarebytes Support Tool
https://downloads.malwarebytes.com/file/mbst?src=Forums-Reply

    Once the file is downloaded, open your Downloads folder/location of the downloaded file
    Double-click mb-support-X.X.X.XXXX.exe to run the program
        You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
    Place a checkmark next to Accept License Agreement and click Next
    You will be presented with a page stating, "Get Started!"
    Click the Advanced tab

Click the Gather Logs button

A progress bar will appear and the program will proceed with getting logs from your computer

Upon completion, a file named mbst-grab-results.zip will be saved to your Desktop. Click OK

Please attach the file in your next reply.

Share this post


Link to post
Share on other sites

I have attached A file I need you to download and save it to the same place that you saved the FRST program

Download attached **fixlist.txt** and save it to same location where the FRST tool is located.

NOTE: Both FRST.exe and the fixlist.txt must be in the same location or the fix will not work.
Close all browsers before running.

Double click FRST to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
 •Click the **Fix Button**.
 
•If you receive a message that a reboot is required, please make sure you allow it to restart normally.

•The tool will complete its run after restart.

When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please attach the Fixlog.txt in your reply.

Restart the pc and let me know how it's running now.

fixlist.txt

Share this post


Link to post
Share on other sites

Also (since I can't find where to edit my first post), though it's not a huge issue, I'd appreciate a heads up in the future if anything I run is going to delete any files, temporary/recycle bin or otherwise.

Share this post


Link to post
Share on other sites
Posted (edited)

Служба автоматического обновления программ (HKU\S-1-5-21-1566778124-2472251101-175618431-1002\...\MailRuUpdater) (Version:  - Mail.Ru) <==== ATTENTION => Error: No automatic fix found for this entry.

 

It doesn't appear this bad boy wants to die

 

Step 1: Click the Start button on the bottom-left corner, type  regedit in the empty search box and tap regedit in the results.

Step 2: Select Yes in the User Account Control dialog.


Make sure "My Computer" is highlighted

Click "Edit"> "Find"
Type in  MailRuUpdater  tap Enter Key.


**Right Click** on the file if found and select "Delete"

Tap the "F3" Key to find the next entry of the file. Continue using the "F3" Key until it's finished searching.

Close Regedit.

Restart the pc.


Let me know if that solved the issues

Edited by LDTate

Share this post


Link to post
Share on other sites

Using the Registry Editor, I found two folders named MailRuUpdater. Both were subfolders of an "Uninstall" folder, I didn't write down the entire file path. I deleted both of them and performed a few more searches, and it didn't find any more.

So this MailRuUpdater folder is what the FRST application found? And no others? If so, that should be everything, I'm glad to have this crap off my computer. Thank you for the help.

Share this post


Link to post
Share on other sites
Posted (edited)
Quote

So this MailRuUpdater folder is what the FRST application found?

Yes.

I'm happy to have helped and glad this is resolved. As there are no other issues which need addressing we can now close this ticket.
 

Help Secure your browsers

Please install uBlock Origin for your browsers to better protect your system

FireFox, Chrome, and Safari 
Opera
Microsoft Edge

AdBlock for Internet Explorer

Follow-up Reading

Cryptolocker Ransomware: What You Need To Know
Scams: Tech Support Scams 
PC Safety: Seven tips to keep your PC safe

 

Thank you for choosing Malwarebytes
Peace Be With You

 

Edited by LDTate

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.