adware.Istartsearch/Trojan.Yelloader Rootkit

[rootkithelp9988]

Hi

 

I'm infected with a rootkit using some kind of advanced persistance module that keeps coming back and refuses to be removed by malwarebytes. Can I have somebody use FBAR or that recovery tool on my computer? Thanks.

[LDTate]

Hello  and

Please take your time.

 NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

Download Malwarebytes Support Tool
https://downloads.malwarebytes.com/file/mbst?src=Forums-Reply

    Once the file is downloaded, open your Downloads folder/location of the downloaded file
    Double-click mb-support-X.X.X.XXXX.exe to run the program
        You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
    Place a checkmark next to Accept License Agreement and click Next
    You will be presented with a page stating, "Get Started!"
    Click the Advanced tab

Click the Gather Logs button

A progress bar will appear and the program will proceed with getting logs from your computer

Upon completion, a file named mbst-grab-results.zip will be saved to your Desktop. Click OK

Please attach the file in your next reply.

[rootkithelp9988]

It didn't save a zip and after restarted my malwarebytes uninstalled itself.

[LDTate]

I don't know what version of Windows you have so I'll give you 7,8 and 10

Windows 7

Restart your computer in Safe Mode.

Using the F8 or F5 Method:

Restart your computer.

When the computer starts you will see your computer's hardware being listed. When you see this information start to gently tap the F8 key on your keyboard repeatedly until you are presented with the Windows 7 Advanced Boot Options

select the Safe Mode With Networking

Then press the enter key on your keyboard to boot into Windows 7 Safe Mode.

When Windows starts you will be at a typical logon screen. Logon to your computer and Windows 7 will enter Safe mode.

Open Malwarebytes (MBAM), make sure Scan For Rootkits is checked, run a new scan and delete all in Quarantine

**Power Off** (shutdown, the pc.

Wait a few minutes.

Restart in Normal Mode and make sure it's gone

=============================

Windows

8.1 and 10

Restart your computer in Safe Mode.

Step 1: When you hit the power button in Windows 8.1 / 10 (through Charms Bar), hold down the Shift key when clicking the Restart button.

Step 2: The next screen will present you with three options. Click Troubleshoot.

Step 3: Next, hit Advanced options followed by Windows Startup Settings from the next screen.

Step 4: Your PC will now be rebooted to enable the advanced parameters, which include Safe Mode as well. Once it restarts, you’ll get nine options whereby the following commands apply:

F4 for Safe Mode

F5 for Safe Mode with Networking

F6 for Safe Mode with Command Prompt

Based on your selection, Windows 8.1 (or Windows 8 or 10 the method applies to both) will boot accordingly.

F5 for Safe Mode with Networking

Then press the enter key on your keyboard to boot into Windows Safe Mode.

When Windows starts you will be at a typical logon screen. Logon to your computer and Windows will enter Safe mode.

Open Malwarebytes (MBAM), make sure Scan For Rootkits is checked, run a new scan and delete all in Quarantine

**Power Off** (shutdown, the pc.

Wait a few minutes.

Restart in Normal Mode and make sure it's gone

[rootkithelp9988]

Still not gone.

 

Windows 10.

[LDTate]

Without logs we're not going to be able to do much.

Try again

Download Malwarebytes Support Tool
https://downloads.malwarebytes.com/file/mbst?src=Forums-Reply

    Once the file is downloaded, open your Downloads folder/location of the downloaded file
    Double-click mb-support-X.X.X.XXXX.exe to run the program
        You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
    Place a checkmark next to Accept License Agreement and click Next
    You will be presented with a page stating, "Get Started!"
    Click the Advanced tab

Click the Gather Logs button

A progress bar will appear and the program will proceed with getting logs from your computer

Upon completion, a file named mbst-grab-results.zip will be saved to your Desktop. Click OK

Please attach the file in your next reply.

[rootkithelp9988]

Can't I just the FRST Recovery tool?

[LDTate]

We can try that

Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here https://support.microsoft.com/en-us/help/15056/windows-7-32-64-bit-faq if you're not sure if your computer is 32-bit or 64-bit

https://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

FRST 32-bit version: https://downloads.malwarebytes.com/file/FRST

FRST 64-bit version: https://downloads.malwarebytes.com/file/FRST64

    Double-click to run it. When the tool opens, click Yes to disclaimer.
    Press the Scan button.
    It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
    The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here.
    Please attach the Additions.txt log to your reply as well.

[rootkithelp9988]

Oh wait missed the gather logs part lol okay will have logs soon

[rootkithelp9988]

nvm no more viruses.

[LDTate]

Did MBAM take care of it?

[AdvancedSetup]

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Thanks