Jump to content

Recommended Posts

Hello there

So I have this cr*p on 2 laptop whom I installed andyos on both but I'm not sure this is the origin of g*.tmp.exe.

Found threads here regarding this but after installing mbam it doesn't run.

Help would greatly appreciated.

Guy  

Addition.txt FRST.txt

Share this post


Link to post
Share on other sites

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

ATTENTION: System Restore is disabled
Turn System Restore ON for Drives in Windows 10 - Immediately.
https://www.tenforums.com/tutorials/4533-system-protection-turn-off-drives-windows-10-a.html
<<<>>>

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please post the Fixlog.txt and let me know what problem persists.

fixlist.txt

Share this post


Link to post
Share on other sites

Hello Nasdaq and thank you very much for your assistance

I believe that did the trick - no g* process in task manager and files in temp and mbam is able to launch.

Few questions if I may:

What was it and what is the origin of this?

What does it do?

Will 'fixlist.txt' be adequate for my other laptop which also runs Win 10? 

Again, thank so much.

Guy

Fixlog.txt

Share this post


Link to post
Share on other sites

Glad we could help.

The topic will be closed in a few days.

The files/logs will not be removed.

It may help others looking at hour topic.

As for the other computer do not use that Fixlist.txt. If you have problems with other computer please run the Farbar program and post fresh logs in separate topic. We do not accept to review two or more computers in the same topic. It can possibly cause important problems on occasions.

It;s better that an helper views your logs.

Share this post


Link to post
Share on other sites

g*.tmp.exe entries in task manager and in Temp folder.

After deletion they reappear after startup.

Thank in advance.

Share this post


Link to post
Share on other sites

Hi,

--RogueKiller--

  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or above, right-click the program file and select "Run as Administrator"
  • Accept the user agreements.
  • Execute the scan and wait until it has finished.
  • If a Windows opens to explain what [PUM's] are, read about it.
  • Click the RoguKiller icon on your taksbar to return to the report.
  • Click open the Report
  • Click Export TXT button
  • Save the file as ReportRogue.txt
  • Click the Remove button to delete the items in RED  
  • Click Finish and close the program.
  • Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.


=======

We will also check your BIOS and Master boot record.

Read carefully and follow these steps.
TDSS

  • Download TDSSKiller and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application.
  • Then click on Start Scan.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.

  • If an infected file is detected, the default action will be Cure, click on Continue.

  • Important: Do NOT change the default action on your own unless instructed by a malware Helper! Doing so may render your computer unbootable.

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.

  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.

  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.


===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it.

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please paste the contents of that log in your next reply.


There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
===

Wait for further instructions.

Share this post


Link to post
Share on other sites

Hello nasdaq

I'm affraid there has been a confusion,

My latest post is regarding another machine,

It has been teamed with this thread by mistake by one of your staff member.

Share this post


Link to post
Share on other sites

Hi,

Please post the FRST.TXT and Addition.txt log for the compromised computer again.

The ones you posted in the first post are no longer available.

 

Share this post


Link to post
Share on other sites

Hi,

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please post the Fixlog.txt and let me know what problem persists.
 

fixlist.txt

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.