Jump to content

Website blocked due to Trojan

Illu

By Illu
in Resolved Malware Removal Logs

 Share
Go to solution Solved by MKDB,

Recommended Posts

MKDB

MKDB

Posted
Posted

Hello @Illu and :welcome:

 

My name is MKDB and I will assist you.

 

  • Please follow the steps in the given order and post back the logs as an attachment when ready. Thank you very much for your cooperation.
  • Temporarily disable your antivirus or other security software first. Make sure to turn it back on once the scans are completed.
  • Temporarily disable Microsoft SmartScreen to download software below if needed. Make sure to turn it back on once the scans are completed.
  • As English is not my native language, please do not use slang or idoms. It may be hard for me to understand.

 

 

Step 1

  • Please download the Malwarebytes Support Tool (MBST).
  • Run MBST.
  • In the left navigation pane of MBST, click Advanced.
  • In the Advanced Options, click Gather Logs. A status diagram displays the tool is Getting logs from your machine.
  • A zip file named mbst-grab-results.zip will be saved to your desktop, please upload that file on your next reply.

 

 

 

Link to post
Share on other sites
MKDB

MKDB

Posted
Posted

Thank you very much for the logfiles @Illu.

We are going to remove some orphans and check Windows system files, so the FRST-Fix (Step 1) will take some time (probably > 10 min). Please be patient.

 

 

Step 1

  • Please download the attached fixlist.txt file and save it to the desktop or location where you ran FRST from (C:\Users\saatv\Downloads\).

Note: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

  • Close all open programs and save your work.
  • Run FRST again.
  • Press the Fix button only once and wait. Please be patient.
  • If the tool needs a restart, please make sure you let the system restart normally and let the tool complete its run after restart.
  • FRST will create one log now (Fixlog.txt) in the same directory the tool is run.
  • Please attach this logfile to your next reply.

 

 

 

Step 2

  • Run FRST again.
  • Do not change any settings.
  • Press the Scan button.
  • FRST will create two logs now (FRST.txt + Addition.txt) in the same directory the tool is run.
  • Please attach these logfiles to your next reply.

 

fixlist.txt

Link to post
Share on other sites
MKDB

MKDB

Posted
Posted (edited)

Good job. 👍

 

Unfortunately, the fix was not finished due to a timeout limit.

I would like you to run another Fix with FRST (Step 1) to complete the first one. Moreover, we will run MSS as a checkup (Step 2).

 

 

I noticed this DNS server, it points to Australia:

Quote

Tcpip\..\Interfaces\{b5ea351a-ed05-403e-89b2-79e54deed079}: [NameServer] 1.1.1.1,1.0.0.1

Did you set it? Are you aware of it?

 

Let me know if MBAM still blocks services.exe after the following two steps @Illu

 

 

Step 1

  • Please download the attached fixlist.txt file and save it to the desktop or location where you ran FRST from.

Note: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

  • Close all open programs and save your work.
  • Run FRST again.
  • Press the Fix button only once and wait. Please be patient.
  • If the tool needs a restart, please make sure you let the system restart normally and let the tool complete its run after restart.
  • FRST will create one log now (Fixlog.txt) in the same directory the tool is run.
  • Please attach this logfile to your next reply.

 

 

 

Step 2

The Microsoft Safety Scanner (MSS) is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system.

  • The download links & the how-to-run-the tool are at this link at Microsoft.
  • Please let me know the results of this scan.
  • Run a full scan.
  • The log is named MSERT.log.
  • The log will be at%SYSTEMROOT%\debug\msert.log which in most cases is

C:\Windows\debug\msert.log

  • Please attach that log with your next reply.

 

 

fixlist.txt

Edited by MKDB
Link to post
Share on other sites
MKDB

MKDB

Posted
Posted (edited)

Regarding the DNS server: I usually let users delete unknown DNS entries, but if it's your default one, I will not touch it.

 

Please post the newest fixlog.txt from FRST and go on with Step 2.

Thank you.

Edited by MKDB
Link to post
Share on other sites
MKDB

MKDB

Posted
Posted

Thank you for the fixlog, it looks good. 🙂

I'm sorry for the long scan time, it depends on different aspects, e. g. number of files on the system, hardware requirements.

Thank you for the hint, I'll review my instruction... maybe a QuickScan would be enough.

Link to post
Share on other sites
MKDB

MKDB

Posted
Posted

Oh great, logfile comes back clean. Reboot your system. You can remove the file MSERT (Microsoft Safety Scanner).

How is your system running at the moment? Does MBAM still blocks a website?

Link to post
Share on other sites
MKDB

MKDB

Posted
Posted (edited)

That sounds good. 🙂

 

Thank you for your cooperation @Illu, we're done.

 

Step 1

  • Right-Click on FRST64 and choose Rename.
  • Rename FRST64 into Uninstall.
  • Run Uninstall.
  • FRST and it’s files/folders will be deleted.
  • If the tool needs a restart, please make sure you let the system restarts normally.

 

 

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection.

Thank you.

Edited by MKDB
Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites
MKDB

MKDB

Posted
Posted

@Illu, please run FRST again and post the requested logfiles.

 

 

Step 1

Please download the suitable version of Farbar Recovery Scan Tool (FRST) and save it to your desktop: 32bit | 64bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Check the box in front of Shortcut.txt.
  • Press the Scan button.
  • FRST will create three logs (FRST.txt + Addition.txt + Shortcut.txt) in the same directory the tool is run.
  • Please attach these logfiles to your next reply.

 

 

Link to post
Share on other sites
MKDB

MKDB

Posted
Posted (edited)

Ok, now we try two more steps. Let me know how if this helps.

 

 

Step 1

First of all, please reset Firefox. After that, please reboot your system.

 

 

 

Step 2

Let me have you run a different scanner to double-check. I don't expect it to find anything, but no harm in checking.

I would suggest a free scan with the ESET Online Scanner

Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe

 

  • It will start a download of "esetonlinescanner.exe".
  • Save the file to your system, such as the Downloads folder, or else to the Desktop.
  • Go to the saved file, and double click it to get it started. 
  • When presented with the initial ESET options, click on "Computer Scan".
  • Next, when prompted by Windows, allow it to start by clicking Yes.
  • When prompted for scan type, Click on Full scan
  • Look at & tick  ( select )   the radio selection "Enable ESET to detect and quarantine potentially unwanted applications"   and click on the Start scan button.
  • Have patience.  The entire process may take an hour or more. There is an initial update download.
  • There is a progress window display.
  • You should ignore all prompts to get the ESET antivirus software program.  ( e.g. their standard program). You do not need to buy or get or install anything else.
  • When the scan is completed, if something was found, it will show a screen with the number of detected items.  If so, click the button marked “View detected results”.
  • Click The blue “Save scan log” to save the log.
  • If something was removed and you know it is a false finding, you may click on the blue ”Restore cleaned files”  ( in blue, at the bottom).
  • Press Continue when all done.  You should click to off the offer for “periodic scanning”.

 

Note: If you do need to do a File Restore from ESET please follow the directions below

[KB2915] Restore files quarantined by the ESET Online Scanner version 3

https://support.eset.com/en/kb2915-restore-files-quarantined-by-the-eset-online-scanner

 

Edited by MKDB
Link to post
Share on other sites
MKDB

MKDB

Posted
Posted

Well done @Illu. 👍

I didn't expect that ESET will find anything, because your logfiles look clean to me. Let me ask in Malware Removal Team for ideas about those pop-ups from MBAM.

I would like you to run two final steps for now. Thank you in advance!

 

 

Step 1

Please download and run the Kaspersky Virus Removal Tool to remove any found threats.

Let me know if it finds anything or not.

 

 

Step 2

  • Run MBST again.
  • In the left navigation pane of MBST, click Advanced.
  • In the Advanced Options, click Gather Logs. A status diagram displays the tool is Getting logs from your machine.
  • A zip file named mbst-grab-results.zip will be saved to your desktop, please upload that file on your next reply.

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept