Jump to content
Yudrig

Infected PC, need fixlist.txt

Recommended Posts

My pc is infected and I can't run MalwareBytes due to the "Windows cannot access the specified device, path or file" error.

After searching around, I found the common solution to run FRST. I'm attaching the FRST.txt and Addition.txt files and request the fixlist.txt file.

Thank you.

FRST.txt Addition.txt

Share this post


Link to post
Share on other sites

Hi,  @Yudrig    :welcome:   

My name is Maurice. I will be helping and guiding you, going forward on this case.

I am going to begin by having you run the Malwarebytes anti-rootkit standalone special tool.

 

Please read all of these lines first so that it is all clear to you about our plan. I need a one time run of MBAR like listed here, please.

Please download Malwarebytes Anti-Rootkit (MBAR) from this link here

and save it to your desktop.

 

Doubleclick on the MBAR file and allow it to run.

•Click OK on the next screen, to allow the package to extract the contents of the file to its own folder named mbar.

•mbar.exe will launch automatically. On some systems, this may take a few extra seconds. Please be patient and wait for the program to open.

•After reading the Introduction, click 'Next' if you agree.

•On the Update Database screen, click on the 'Update' button.

•Once you see 'Success: Database was successfully updated' click on 'Next', then click the Scan button.

With some infections, you may see two messages boxes:

1.'Could not load protection driver'. Click 'OK'.
2.'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.

•If malware is found, press the Cleanup button when the scan completes. .

Please attach the log it produces, you'll find the log in that mbar folder as MBAR-log-<date and time>***.txt . Please attach that to your next reply.
 

 

 

Share this post


Link to post
Share on other sites

Thanks for the report log.  There were gobs of cleanups that require a Restart.

We need to get the pc into windows Safe Mode, so we can have you run Malwarebytes there.

 

lets get the machine into Safe mode.

This article is a how-to on how to get to safe mode for Windows 10 
· Windows 10: http://windows.microsoft.com/en-gb/windows-10/start-your-pc-in-safe-mode

 

IF your Windows is Windows 7 then see https://support.microsoft.com/en-us/help/17419/windows-7-advanced-startup-options-safe-mode


{ B }
Run a scan with Malwarebytes.
Start Malwarebytes from the Start menu.

Click Settings. Then click the Protection tab.
Scroll down and lets be sure the line in SCAN OPTIONs for "Scan for rootkits" is ON
Click it to get it ON


Click the SCAN button.
Select a Threat Scan ( which should be the default).

When the scan phase is done, be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical.

Then click on Quarantine selected.

 

Be sure all items were removed. Then too, Repeat the scan one more time. It does not take long.

and again, be sure all detected items are removed.


Let it remove what it has detected.
{ C }
Now, Restart Windows back to normal mode.



When that is completed, kindly send the report.
In Malwarebytes.
Click the Reports button ( on the left )
Look for the "Scan Report" that has the most recent Date and time.

When located, click the check box for it and click on View Report.
Then click the Export button at the bottom left.
Then select Text File (*.txt)

Put in a name for that file and remember where the file is created.

Then attach that file with your reply. Thank you.

 

Share this post


Link to post
Share on other sites

I'm unable to open Malwarebytes in Safe Mode, Safe Mode with Network, and Normal Mode. I get the message "Cannot connect to Service"

 

I have to go for now, but I will follow the next step when I am able and will reply then. Thank you.

Share this post


Link to post
Share on other sites

Often, in Safe mode or Safe mode with Network, the message about cannot connect will show, but, thereafter, you should still see a way to run the program.

So please try that at least one time, later on.

 

I must ask, Did you quite recently go out and get some irresistable "free thing" / program / app  of some sort ?

I ask because I see a very very large amount of very suspicious files, tasks, and persistent "goobers"   ( meaning likely pests of various sorts).

 

This fix is for YUDRIG   only.

 

Please Close and save any open work files before you start this next step.  It will involve a Windows Restart at the end of it.

I am sending a   custom Fix script which is going to be used by the FRST64 tool. They will both work together as a pair.

Please RIGHT-click the (attached file named) FIXLIST and select SAVE AS and save it directly ( as is) to the Downloads  folder

The tool named FRST64.exe  is already on the Downloads folder.

Start the Windows Explorer and then, open the Downloads folder.


Double click FRST64

  to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
Click the Fix button just once, and wait.

 

FRST_Fixl.png.c4c1c0dddcc49b11fa400590f070bd5e.png

 

PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. Some machines take longer than others.
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after restart.
When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run.

Please attach the FIXLOG.txt with your next reply

 

 

Fixlist.txt

Share this post


Link to post
Share on other sites

Yes, I downloaded a torrent that, in retrospect, was highly suspicious. Pretty much the same story as another forum post that I found, which is why I figured I needed the same FRST solution.

I ran the fix. Malwarebytes still won't open in normal windows.

Fixlog.txt

Share this post


Link to post
Share on other sites

Okay, I seem to have cleaned my PC. I was a little impatient and followed the steps found in this thread: 

 

MalwareBytes runs fine now and reports no threats. 

Thank you very much Maurice, I'm very happy to have my PC back in good health!

❤️

MalwarebytesScanLog.txt

Share this post


Link to post
Share on other sites

Thanks for sending the log-report from the Malwarebytes scan.  I would urge more checks on this machine because it had a heavy number of malware.

 

I would urge a free scan with the ESET Online Scanner
Go to https://www.eset.com/us/home/online-scanner/

Look on the right side of the page.  Click Scan Now
It will start a download of "esetonlinescanner_enu.exe"
Save the file to your system, such as the Downloads folder, or else to the Desktop.

Go to the saved file, and double click it to get it started.
When presented with the initial ESET options, click on "Computer Scan".

Next, when prompted by Windows, allow it to start by clicking Yes

When prompted for scan type, Click on Full scan
Click on the radio selection "Enable ESET to detect and quarantine potentially unwanted applications"   and click on Start scan button.

Have patience.  The entire process may take an hour or more. There is an initial update download.
There is a progress window display.
You should ignore all prompts to get the ESET antivirus software program.   ( e.g.  their standard program).   You do not need to buy or get or install anything else.

When the scan is completed, if something was found, it will show a screen with the number of detected items.  If so, click the button marked “View detected results”.

Click The blue “Save scan log” to save the log.

If something was removed and you know it is a false finding, you may click on the blue ”Restore cleaned files”  ( in blue, at bottom).

Press Continue when all done.  You should click to off the offer for “periodic scanning”.

 

Share this post


Link to post
Share on other sites

Thanks for the ESET scan result report.  It cleaned 1 folder, 1 DLL file & 2 exe files.

The other 17 line items were already in quarantine areas.

Let's do one other scan using a Microsoft tool.

The Microsoft Safety Scanner  is a free Microsoft stand-alone virus scanner that  can be used to scan for & remove malware or potentially unwanted software from a system.

The download links & the how-to-run-the tool are at this link at Microsoft

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download

 

Let me know the result of this.

 

Share this post


Link to post
Share on other sites

Very good.   We can wrap up this case.

You can delete the files I had you download.

Best  practices & malware prevention:
Follow best practices when browsing the Internet, especially on opening links coming from untrusted sources.
First rule of internet safety: slow down & think before you "click".

Never click links without first hovering your mouse over the link and seeing if it is going to an odd address ( one that does not fit or is odd looking or has typos).


Free games & free programs are like "candy". We do not accept them from "strangers".


Never open attachments that come with unexpected ( out of the blue ) email no matter how enticing.
Never open attachments from the email itself. Do not double click in the email. Always Save first and then scan with antivirus program.
 

 

Pay close attention when installing 3rd-party programs. It is important that you pay attention to the license agreements and installation screens when installing anything off of the Internet. If an installation screen offers you Custom or Advanced installation options, it is a good idea to select these as they will typically disclose what other 3rd party software will also be installed.
Take great care in every stage of the process and every offer screen, and make sure you know what it is you're agreeing to before you click "Next".

Use a Standard user account rather than an administrator-rights account when "surfing" the web.
See more info on Corrine's SecurityGarden Blog http://securitygarden.blogspot.com/p/blog-page_7.html
Dont remove your current login. Just use the new Standard-user-level one for everyday use while on the internet.

 
Do a Windows Update.

Make certain that Automatic Updates is enabled.
https://support.microsoft.com/en-us/help/12373/windows-update-faq




Keep your system and programs up to date. Several programs release security updates on a regular basis to patch vulnerabilities. Keeping your software patched up prevents attackers from being able to exploit them to drop malware.

For other added tips, read "10 easy ways to prevent malware infection"

 

Best wishes to you.

 

Share this post


Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.