Jump to content

I'm infected - What do I do now?


Recommended Posts

  • Root Admin

Hello and welcome to Malwarebytes

 

Please do not reply to another users post in the Malware Removal for Windows sub-forum.

If you're infected or think you are, please start your own topic as needed after reading the information below.

Our program, Malwarebytes can detect and remove most malware with no further actions required for free.

Please download, install, update and do a Threat Scan with Malwarebytes and post back the log as shown below.

If your current anti-virus solution let this infection through please consider purchasing the Premium version of Malwarebytes for additional protection.

If you're still experiencing issues after running the above procedures, then please follow the instructions below.

Don't use any temporary file cleaners unless requested - this can cause data loss and make a recovery difficult.

 

NOTE: Please be patient.  When the site is busy it can sometimes take up to 24 hours before someone will be able to assist you.

If no one has replied to your new topic after 24 hours please contact a Moderator or Administrator to let them know.

 

Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.

You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to the disclaimer.
  • Press the Scan button.

_frst_scan.jpg

  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've run it before it may not and you may need to select it manually
  • Please attach both logs to your reply if possible. Otherwise, you may copy/paste the logs directly if you have to, but an attachment is better.
  • To save attachments please click the link as shown below. Then browse to where your file is located and select it and click the Open button.

_mb_attach.jpg

 

  • Then post a new topic here and include your FRST, Additions, and Malwarebytes Threat Scan logs.

 

  • After posting your new post, make sure you click the Follow button near the top right of this page, and select the option "An email when new content is posted Change how the notification is sent" so that you're alerted by mail when someone has replied to your post.

_mb_follow.jpg

_mb_follow_options.jpg

 

  • One of the expert helpers there will give you one-on-one assistance when one becomes available.
  • Please refrain from making any further changes to your computer (such as Install/Uninstall programs, using special fix tools, delete files, edit the registry, etc...) unless advised by a malware removal helper. Doing so can result in system changes which may hinder the attempts by a helper to clean your machine.
  • Also, please do not 'bump' or add a reply to your topic once it is started. Topics which appear to have replies are considered to have a  helper assisting them and may be overlooked, resulting in a longer waiting period for help.

NOTE: If you're using Peer 2 Peer software such as uTorrent or similar please completely disable it from running while being assisted here.

Troubleshooting Tips

 

 

Edited by AdvancedSetup
updated information
  • Like 1
Link to post
Share on other sites

  • 1 year later...
  • Root Admin

For those that want more graphical information, here are the same basic instructions with different graphics

 

 

Please do the following so that we can get started and assist you in detection and removal of malware.


The Farbar Recovery Scan Tool is a free Windows utility designed to create troubleshooting logs for your computer. These logs help our Support team to identify and resolve issues with your computer.

There are two versions of the Farbar Recovery Scan Tool available for download: 32-bit and 64-bit.
To find which operating system is installed on your computer, refer to Microsoft's article: 32-bit and 64-bit Windows: Frequently asked questions

Download and launch Farbar Recovery Scan Tool

  1. Download the Farbar Recovery Scan Tool
    https://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

    Do not click on any Ads. You may want to consider adding our Malwarebytes Browser Guard
    https://www.malwarebytes.com/browserguard  to help prevent Ads in the first place.


    01_farbar_download.jpg.262919d47a7f1c06a
     
  2. Locate the file you downloaded on your computer.
    Downloaded files are often saved to the Downloads folder.
     
  3. Double-click the downloaded file to run the Farbar Recovery Scan Tool.

    12_saved_frst_file.jpg.9ba07f3f31ba3d4f0
     
  4. Windows protected your PC notification may appear and block the download. This notification is from the Windows Defender SmartScreen Filter which prevents unfamiliar apps from running on your PC.
    Disable smart screen ONLY if it interferes with software we may have to use:  What is SmartScreen and how can it help protect me?

    Examples of Smart Screen preventing the download

    02_win7_smart_screen_block_01.jpg.eb05b2   


    Click the three... dots and select Keep

    03_win7_smart_screen_block_02.jpg.6f4f22


    04_win7_smart_screen_block_03.jpg.c483c1

    05_win7_smart_screen_block_04.jpg.3f1d4a

     
  5. When the User Account Control window appears, click Yes.

    06_uac_block.jpg.1a36bb28a620520d806aa98
     
  6. To accept the Disclaimer of warranty, click Yes.

    07_eula_farbar.jpg.c1966a4842ef445bf5cff
     
  7. Ensure only the boxes listed below are checked
     

    Registry  Services  Drivers
    Processes  Internet  One month
    Addition.txt


    08_farbar_main_window.jpg.a96d34d91c44d4
     

  8. Disable any Antivirus software you have installed ONLY if it stops software we may use from working.
    Please remember to re-enable any Antivirus software when we are finished running scans

    Click Scan. The scan may take a few minutes to complete.
     

  9. When the scan completes, Farbar Recovery Scan Tool shows two messages:

  • Scan completed. FRST.txt is saved in the same directory FRST is located.

    09_frst_scan_done.jpg.c818983496ed624987

  • Addition.txt is saved in the same directory FRST is located.

    10_addition_scan_done.jpg.eb6a3f6141a1bf

  • Click OK to close each message window

 

Please attach both of those logs on your next reply, DO NOT copy and paste the contents of the logs directly

11_attach_files_dialog_box.thumb.jpg.036

 

Thank you

 

 

 

 

 

 

 

 

 

 

Edited by AdvancedSetup
Updated information
  • Like 3
  • Thanks 2
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.