Jump to content

PC Infected


Go to solution Solved by kevinf80,

Recommended Posts

My computer is def infected with something. Started noticing issue 10 days ago. First chrome/firefox/IE were very slow to open a website getting stuck on resolving host. Then computer started hanging on shut down saying configuring windows even though no updates were installed. Tried doing a restore point and it wouldn't let it, D/L malwarebytes but couldn't be installed/ anti virus wouldn't scan. And yesterday I got an email that someone tried to access my email account from Indonesia :( I did finally manage to get malware bytes with my room mates helps but it only runs in safe mode, and the problem is still there even after quarantining some item it found . I have attached farbar logs which I was only able to do in safe mode. 

FRST.txt Addition.txt

Link to post
Share on other sites

Hello dt3 and welcome to Malwarebytes,

Contnue with the following:

Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from.

NOTE. It's important that both files, FRST or FRST64, and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

NOTE-1: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed.

The following directories are emptied:
 
  • Windows Temp
  • Users Temp folders
  • Edge, IE, FF, Chrome and Opera caches, HTML5 storages, Cookies and History
  • Recently opened files cache
  • Flash Player cache
  • Java cache
  • Steam HTML cache
  • Explorer thumbnail and icon cache
  • BITS transfer queue (qmgr*.dat files)
  • Recycle Bin


Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.

The system will be rebooted after the fix has run.

Next,

Open Malwarebytes, select > "settings" > "protection tab"

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Go back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes quarantine any found entries...

To get the log from Malwarebytes do the following:
 
  • Click on the Detection History tab > from main interface.
  • Then click on "History" that will open to a historical list
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have two options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

     
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


Next,

Download AdwCleaner by Malwarebytes onto your Desktop.

Or from this Mirror
 
  • Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Quarantine button. This will kill all the active processes
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply


Next,

Download "Microsoft's Safety Scanner" and save direct to the desktop

Ensure to get the correct version for your system....

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download


Right click on the Tool, select Run as Administrator the tool will expand to the options Window
In the "Scan Type" window, select Quick Scan
Perform a scan and Click Finish when the scan is done.


Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

notepad c:\windows\debug\msert.log

The log will include log details for each time MSRT has run, we only need the most recent log by date and time....

Let me see those logs in your reply....

fixlist.txt

Edited by kevinf80
typing error
Link to post
Share on other sites

Hi Kevin,

Thanks for the reply. I have attached the fix log. I'm running everything in safe mode as that's the only way they open.

Please note since I ran FRST for the above post it was randomly uninstalled from my system. When I D/L it again it would not let me save it to desktop and said something about permission required I had to save it to another directory and move it to desktop in safe mode. I'm confident the fix was run properly but wanted to bring that to your attention in case it didn't. 

Fixlog.txt

Link to post
Share on other sites

Attached pls find the following logs

ADWCleaner log from 5 days ago, I installed this then on advice of a friend it picked up some things that it got rid off when I ran it then.

ADWCleaner from today.

MSERT log- I think this is a false positive. I have had a cracked version of office for a long time without any issues but if that's the issue I'm happy to remove it.

 

 

 

AdwCleaner[C00].txt AdwCleaner[S03].txt msert.log

Link to post
Share on other sites

Followed your link to try and do a clean boot but system wont turn down properly when it comes time to restart. I first get a message saying waiting for task host window, I wait for it but nothing happens so I press force restart. Then I get the next message 'failure to display security and shut down options' and I'm forced to shut down manually. I've attached pics so you can see what I'm dealing with. 

Is there another way to do a clean boot? 

20200923_103711.jpg

20200923_104025.jpg

Link to post
Share on other sites

Try the following....

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

fixlist.txt

Link to post
Share on other sites

 

Download Dr Web Cureit from here http://www.freedrweb.com/cureit save to your desktop.
 
  • The file will be randomly named
  • Reboot to safe mode <<<<<------------ http://www.computerhope.com/issues/chsafe.htm
  • Run Dr Web
  • Tick the I agree box and select continue
  • Click select objects for scanning

     
  • Tick all boxes as shown
  • Click the wrench and select automatically apply actions to threats


     
  • Press start scan
  • The scan will now commence



     
  • Once the scan has finished click open report <<<--- Do not miss this step



     
  • A notepad will open
  • Select File > Save as..
  • Save it to your desktop


This log will be excessive, Please attach it to your next reply…
Link to post
Share on other sites

I do not believe there is any malware or infection on your system, there was no evidence showing in FRST logs. In my opinion the best way forward is a repair install of the OS, no personal stuff will be lost. Full instructions at the following link:

https://www.sevenforums.com/tutorials/3413-repair-install.html

Let me know if that option is ok for you...:)

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.