Potential malware preventing access to some sites

[Astani]

Hi there! New here, but a long user of Malwarebytes software.

I have a problem with my system where possible malware is limiting/preventing access to Microsoft sites, any anti-malware sites, preventing Chrome and Gmail sign in. Now those are sites that I have tested so far, besides YouTube which works normally. 

All this started recently, just after I got stupid "Mail.ru" extension which I removed from Chrome, but which remained on Internet Explorer. 

Further info, my system crashed after I scanned it with Baidu Antivirus which was already installed on my PC, however this happened after I clicked "Delete", to remove 117 of malware, mostly trojans, some Heuristic type malware. 

I got blue screen after the crash, and even in safe mode, all issues remained.

I saw in these forums that "Mail.ru" is rather common malware, and it really bothers me having all these problems now. 

Windows Update is offline, as well as many other Windows services, such as issue reporting. 

I downloaded file for Malwarebytes for Windows on my smartphone, and I now plan to install it via file transfer by my smartphone as I am cut off from internet downloads on PC. 

I really need help. Will update if I resolve the issues on my own. 

PC info:

Windows 7 64-bit SP 1

CPU: Intel Q6600, GPU: ATI X1950 GT multi-GPU, 4 GB RAM, HDD space over 500 GB for :C/, 80 GB additional drive. Drivers updated. 

 

[kevinf80]

Hello Astani and welcome to Malwarebytes, Download Farbar Recovery Scan Tool and transfer it to your desktop. Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way... Be aware FRST must be run from an account with Administrator status...   Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.) Make sure Addition.txt is checkmarked under "Optional scans"   Press Scan button to run the tool.... It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The tool will also make a log named (Addition.txt) Please attach that log to your reply. Thank you, Kevin...

[Astani]

FRST.txtAddition.txt

Hi there again. I hope I got it right with this upload. Anyway, I ran Malwarebytes on my PC, first scan detected 92 of malware, while second and last only 2. Mostly trojans dns changer type, some Heuristic and I think some keyloggers. Updates for MB are not operational, ransomware and real time protection cannot be turned on. Same state as before. All quarantined malware removed.

I'm using my smartphone to reply and bring in files to PC. 

I am using Premium trial version, but premium features are not operational.  Scan reports saved. 

 

[kevinf80]

Thanks for those logs, run the following:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Your system should reboot after the fix, see how your system responds..

Thank you,

Kevin

fixlist.txt

[Astani]

Hi Kevin,

It seems like everything is back to normal, access to previously blocked sites is now available. 

Only issue is with MBAM, malware and ransomware protection is non-functional, can't turn it on. I also ran Chameleon, but it didn't do anything to turn on real-time protection.

Either way, I am really thankful for your help, Kevin! 

I'd like to tell you how I got infected and what to avoid, the "Free Driver Updater"(not actual name of app). I wanted a software to help me update drivers, and so I downloaded something and after that I got "Mail.ru" and many trojans and other malware following that.

I wonder if you happen to know of any good but free software for driver updates? I like to keep my PC up to date.

Big thanks to these awesome forums and everyone at Malwarebytes! Keep up the good work! 

Here's the log text you asked for, Kevin:

 

Fixlog.txt

[kevinf80]

hello Astani,   Download and run the Malwarebytes Support Tool Accept the EULA and click Advanced tab on the left (not Start Repair) Click the Clean button, and allow it to restart your system and then reinstall Malwarebytes, either by allowing the tool to do so when it offers to on restart, or by downloading and installing the latest version from here   Does Malwarebytes now operate normally..?   Thank you,   Kevin...

[Astani]

Hi again, Kevin!

MBAM works fine now, I reinstalled it and ran Chameleon again. No issues. All real-time protection layers are active. I ran update as well and it's up to date. Just a question about FRST.

Can I delete FRST or move it to a folder and keep it for future? 

As for PC, no issues with browsing. 

Thanks again!

[kevinf80]

Hello Astani,

Thanks for the info update, good to hear Malwarebytes is working normally for you. Regarding FRST, probably better to remove it, if needed later it can easily be downloaded again...

Right click on FRST here: C:\Users\Mirza\Desktop\FRST64.exe and rename uninstall.exe when complete right click on uninstall.exe and select "Run as Administrator" If you do not see the .exe appended that is because file extensions are hidden, in that case just rename FRST64 to uninstall That action will remove FRST and all created files and folders... Next, Run Windows Disk Clean Up Utility - https://neosmart.net/wiki/disk-cleanup/ From there you should be good to go... Next, Read the following links to fully understand PC Security and Best Practices, you may find them useful.... Answers to Common Security Questions and best Practices Do I need a Registry Cleaner? Take care and surf safe Kevin...

 

 

[kevinf80]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Thanks