Jump to content

Malware getting quarantined, How do I permanently remove it?


Go to solution Solved by Maurice Naggar,

Recommended Posts

Hello Team,

Your software is doing perfect job at keeping my system safe. The malware is not able to execute but How do I completely get rid of my system? I am attaching the picture with more details. Its on the top and the path you see, it is in %temp% file.  The vbs file is changing its name every few second, i think MB is deleting it but it is coming back again and again, (thats just my guess). 

Please assist, I need my system clean.

Regards

image.png

Link to post
Share on other sites

This pc has the Windows 10 Fast Startup option on, which makes attempts to hunt for & remove malware & correct system issues harder.

At this point, we need to be sure that the Windows 10 operating system has its " fast startup " ( aka. hyperboot ) set to OFF.

 

It is on by default. We need to set it to OFF.

 

See the following link. Use option "ONE" & do points 1 to 4 & then do step 7.

 

After that, do a Windows RESTART.

 

https://www.tenforums.com/tutorials/4189-turn-off-fast-startup-windows-10-a.html

 

That step is not a cure-all but just a step to help in complex situations like on this system.

I will return with other things to do.

Link to post
Share on other sites

  • Solution

Be sure you do the task above ( from earlier preceding post of mine.)

What follows is 2 things to do.

( 1 )

We need to insure that Windows is set to SHOW ALL folders & files.

Use Option ONE or TWO of this guide.

https://www.tenforums.com/tutorials/7078-turn-off-show-all-folders-windows-10-navigation-pane.html

 

( 2 )

There are a few suspicious things that need checking out, like a couple of odd looking scheduled tasks, a odd EXE, a odd DLL.

This script will also run the Windows System File Checker to check some Windows system files.

 

The custom script on this post is ONLY for this machine and NO other.   

The script Fixlist.txt  ( below ) needs to be saved to Downloads folder 

  • Please be sure to Close any open work files, documents,  any apps you started yourself  before starting this.

 

  • If there are any CD / DVD / or USB-flash-thumb or USB-storage drives attached,  please disconnect any of those.

 

The system will be rebooted after the script has run.

 

Please save the (attached file named) FIXLIST.txt   to the  Downloads  folder

Fixlist.txt

 

  • Start the Windows Explorer and then, to the  Downloads  folder.

RIGHT click on  FRSTENGLISH.exe   and select RUN as Administrator and allow it to proceed.

  •  Reply YES when prompted to allow to run the tool.
  • If the tool warns you the version is outdated, please download and run the updated version.
  • IF Windows prompts you about running this, select YES to allow it to proceed.

 

  • IF you get a block message from Windows about this tool......

click line More info information on that screen

and click button Run anyway on next screen.

 

  • on the FRST window:

Click the Fix button just once, and wait.

 

PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. 

If you receive a message that a reboot is required, please make sure you allow it to restart normally.

The tool will complete its run after restart.

When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run.

 

Please attach the FIXLOG.txt with your next reply later, at your next opportunity   

 

Do let me know how things are overall,  after all this.

  • Like 1
Link to post
Share on other sites

Hello.  Thanks for the report.  The run is good.  Here is the next thing to do.

Let me suggest you do one scan with Adwcleaner to check for adwares.

First download & save it 

https://support.malwarebytes.com/hc/en-us/articles/360038520054-Download-and-install-Malwarebytes-AdwCleaner

 

Then do a scan with Adwcleaner 

 

https://support.malwarebytes.com/hc/en-us/articles/360038520114-Malwarebytes-AdwCleaner-scan-and-clean

Attach the clean log.

Also, as we go along, let me know How is the situation ?

Edited by AdvancedSetup
corrected font issue
  • Thanks 1
Link to post
Share on other sites

Hi Maurice,

The Adwcleaner link seems to be down, I was not able to download the Adwcleaner.

About the overall performance, I believe that the problem is solved now. I could not find the vba file which was changing name every few seconds. It was in %temp% folder. I think it is completely removed now. 

If you can attach the Adwcleaner file here, I want to run the scan with it as well. 

Thank you for taking the time and efforts to solve my computer problems. 

Best Regards

Link to post
Share on other sites

Hi.   This is is the download link for Adwcleaner   https://downloads.malwarebytes.com/file/adwcleaner

This here is an alternate link  https://toolslib.net/downloads/finish/1-adwcleaner/

 

I am glad to heard the good news on status of the system.    😀

Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.