Andro1d
-
Content Count
737 -
Joined
-
Last visited
Content Type
Profiles
Forums
Calendar
Posts posted by Andro1d
-
-
Hello and Welcome to the forums.
I am MoNsTeReNeRgY22 and I will be assisting you with your malware problem today.
Looking at your system now, one or more of the identified infections is a backdoor application which can allow attackers to access your computer, stealing passwords and personal data.
If this computer is ever used for on-line banking, I suggest you do the following immediately:
1. Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.
2. From a clean computer, change ALL your on-line passwords for email, for banks, financial accounts, PayPal, eBay, on-line companies, any on-line forums or groups you belong to.
Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.
Download SDFix and save it to your Desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
Please then reboot your computer in Safe Mode by doing the following :
- Restart your computer
- After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
- Instead of Windows loading as normal, the Advanced Options Menu should appear;
- Select the first option, to run Windows in Safe Mode, then press Enter.
- Choose your usual account.
- Open the extracted SDFix folder and double click RunThis.bat to start the script.
- Type Y to begin the cleanup process.
- It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
- Press any Key and it will restart the PC.
- When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
- Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum). - Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
- Restart your computer
-
Hello and Welcome to the forums.
I am MoNsTeReNeRgY22 and I will be assisting you with your malware problem today.
Please download Malwarebytes' Anti-Malware from Here or Here
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Full Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
-
Hello and Welcome to the forums.
I am MoNsTeReNeRgY22 and I will be assisting you with your malware problem today.
I can't read your HJT log the way you posted it, do it this way.
Open HJT Scan and Save a Log File, it will open in Notepad
Go to Format and make sure Wordwrap is unchecked
Go to Edit> Select All.....Edit > Copy and Paste the new log into this thread.
-
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
-
Hello again,
Sorry for the delay, real life got a hold of me.
Please download Malwarebytes' Anti-Malware from Here or Here
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Full Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
-
Hello again,
Download win32delfkil.exe.
Save it on your desktop., and close all windows.
Double click on win32delfkil.exe and install it. This creates a new folder on your desktop: win32delfkil.
Close all windows, open the win32delfkil folder and double click on fix.bat.
The computer will reboot automatically.
Post the contents of the logfile c\windelf.txt, along with a new hijackhislog.
-
Hello again,
Please download Deckard's System Scanner (DSS) to your desktop.
- Close all applications and windows.
- Double-click on dss.exe to run it, and follow the prompts.
- When the scan is complete, a text file will open - Main.txt
- Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of Main.txt into your thread.
- An additional text file, Extra.txt,will also be available (by default) in the following FOLDER, C:\Deckard\System Scanner.
- Please go to that folder and also copy the contents of Extra.txt to your post as well.
Note: Some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so.
- Close all applications and windows.
-
Nice job your log looks clean!
Please use the following suggestions to help prevent reinfection.
Also, you may delete any tools I had you download during the cleaning process.
Reset System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. You will lose all previous Restore Points which are likely to be infected. Now we need to make a new Restore Point for your PC, please do the following:
- Click Start
- Right click My Computer and select Properties
- Click the System Restore tab
- Check "Turn off System Restore" and click "Apply".
- It will then ask you if you want to turn off System Restore, select Yes
Please give a moment as it will delete the old Restore points - Then uncheck "Turn off System Restore" which will create a new Restore point
- Click OK
The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again. As a note, all of the tools and utilities mentioned are either free or have free versions available.
SpywareBlaster - Great prevention tool to keep malware from installing on your system.
**Tutorial on installing & using this product can be found HERE**
SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
**Tutorial on installing & using this product can be found HERE**
IE-SpyAd - Puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
**Tutorial on installing & using this product can be found HERE**
ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out malware that like to reside in the temp folders.
Firewall A firewall is very important, in order to protect your computer from hackers. I notice that you don't have one installed! Therefore I recommend Comodo, Online Armor, or Outpost.
**Tutorial on Firewalls can be found HERE**
It is important to run only one of each type of protection program in resident mode at a time since conflicts can make them less effective. This would mean only one resident antivirus, firewall and scanning type of anti-spyware. Programs like SpywareBlaster and IE-Spyads do not conflict with any of these since they don't have a real time scanning engine that would conflict.
Windows Updates - It is highly recommended to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
It is also highly recommended to stay on top of your updates at all times, for Windows and all the above mentioned applications. This will ensure that you stay protected at the maximum level possible.
Finally, I strongly recommend
How did I get infected in the first place? (by Tony Klein)Good luck and safe surfing
- Click Start
-
Hello again,
Please download Malwarebytes' Anti-Malware from Here or Here
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Full Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
-
Hello and Welcome to the forums.
I am MoNsTeReNeRgY22 and I will be assisting you with your malware problem today.
Step 1
Your log shows that you have run HijackThis without extracting it from the zip folder first or have it running fromyour desktop/temporary location. To ensure that backups made when items are fixed are secure, we need to get HijackThis set up properly. To do this please download the self-extracting version of HijackThis that will unzip the file for you and put a shortcut on your desktop. Please delete any copies of HijackThis.zip you have saved.
Please download the self-extracting version of HijackThis from here:
Save HJTInstall.exe to your desktop.
Double-click the file then click the Install button.
The file will be extracted to C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
A shortcut for future use will also be created on your desktop and the Intro Frame of HijackThis will open.
Click Do a system scan and save a log file. Copy the entire contents of that log and post it here by clicking the Add Reply button.
Please use the shortcut to run the extracted HijackThis.exe from now on. Delete any copies of HijackThis.zip that you have saved.
Step 2
- NOTE: You will need to temporarily disable any programs you have running that will block attempts to edit the registry. As FixIEDef calls REGEDIT to delete registry keys added by Zlob, Trojan.Downloader.Delf, AntiSpyPro, and IE Defender.
- Download FixIEDef.exe by ShadowPuterDude to the Desktop.
Note: FixIEDef now supports Non-English Language Systems - Double-click FixIEDef.exe:
- That will open the About FixIEDef screen. Click OK to continue:
- Next, press the Scan! button:
- FixIEDef needs to run as Administrator to perform correctly. This message simply confirms it was able to run with admin privileges. Click OK to continue:
- Wait for the scan to finish. It shouldn't take very long:
- WARNING: FixIEDef will kill all copies of Internet Explorer and Explorer that are running, during removal of malicious files. The icons and Start Menu on your Desktop will not be visible while FixIEDef is removing malicious files. This is necessary to remove parts of the infection that would otherwise not be removed.
- After the !!! All Finished !!! message is displayed, click Exit:
- Post the FixIEDef log file, located on the Desktop.
Note: process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool". It is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
See: http://www.beyondlogic.org/consulting/proc...processutil.htm
- NOTE: You will need to temporarily disable any programs you have running that will block attempts to edit the registry. As FixIEDef calls REGEDIT to delete registry keys added by Zlob, Trojan.Downloader.Delf, AntiSpyPro, and IE Defender.
-
Hello and Welcome to the forums.
I am MoNsTeReNeRgY22 and I will be assisting you with your malware problem today.
Step 1
Please download the OTMoveIt2 by OldTimer.
- Save it to your desktop.
- Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
- Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
[kill explorer]
C:\Users\acer\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\BR040286.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BisonInst0402
EmptyTemp
[start explorer] - Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the yellow bar) and choose Paste.
- Click the red Moveit! button.
- A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
- Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
Step 2
Please download Deckard's System Scanner (DSS) to your desktop.
- Close all applications and windows.
- Double-click on dss.exe to run it, and follow the prompts.
- When the scan is complete, a text file will open - Main.txt
- Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of Main.txt into your thread.
- An additional text file, Extra.txt,will also be available (by default) in the following FOLDER, C:\Deckard\System Scanner.
- Please go to that folder and also copy the contents of Extra.txt to your post as well.
Note: Some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so.
- Save it to your desktop.
-
Hello and Welcome to the forums.
I am MoNsTeReNeRgY22 and I will be assisting you with your malware problem today.
Please do an online scan with Kaspersky WebScanner
Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
Click on the Accept button and install any components it needs.
- The program will install and then begin downloading the latest definition files.
- Once they are downloaded, the database will be updated.
Please accept any ActiveX or Java notifications[i/] - After the files have been updated, go to the left side of the page under the Scan section and select My Computer.
- This will start the program and scan your system.
- The scan will take a while so be patient and let it run.
- Once the scan is complete, click on View scan report
- Now, click on the Save Report as button.
- Save the file to your desktop.
- Copy and paste that information in your next post.
- The program will install and then begin downloading the latest definition files.
-
Hello and Welcome to the forums.
I am MoNsTeReNeRgY22 and I will be assisting you with your malware problem today.
Please download Deckard's System Scanner (DSS) to your desktop.
- Close all applications and windows.
- Double-click on dss.exe to run it, and follow the prompts.
- When the scan is complete, a text file will open - Main.txt
- Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of Main.txt into your thread.
- An additional text file, Extra.txt,will also be available (by default) in the following FOLDER, C:\Deckard\System Scanner.
- Please go to that folder and also copy the contents of Extra.txt to your post as well.
Note: Some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so.
- Close all applications and windows.
-
Hello again,
Please download Deckard's System Scanner (DSS) to your desktop.
- Close all applications and windows.
- Double-click on dss.exe to run it, and follow the prompts.
- When the scan is complete, a text file will open - Main.txt
- Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of Main.txt into your thread.
- An additional text file, Extra.txt,will also be available (by default) in the following FOLDER, C:\Deckard\System Scanner.
- Please go to that folder and also copy the contents of Extra.txt to your post as well.
Note: Some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so.
- Close all applications and windows.
-
Hello and Welcome to the forums.
I am MoNsTeReNeRgY22 and I will be assisting you with your malware problem today.
1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Then download Brute Force Uninstaller to your desktop.
- Right click the BFU folder on your desktop, and choose Extract All
- Click "Next"
- In the box to choose where to extract the files to,
- Click "Browse"
- Click on the + sign next to "My Computer"
- Click on "Local Disk (C: ) or whatever your primary drive is
- Click "Make New Folder"
- Type in BFU
- Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Coolpics Remover.
Save it in the same folder you made earlier (c:\BFU).
Then, please go to Start > My Computer and navigate to the C:\BFU folder.
- Start the Brute Force Uninstaller by doubleclicking BFU.exe
- Behind the scriptline to execute field click the folder icon
and select coolpics.bfu - Press Execute and let it do it̢۪s job. (You ought to see a progress bar if you did this correctly.)
- Wait for the complete script execution box to pop up and press OK.
- Press exit to terminate the BFU program.
Reboot your computer and check if it worked.
- Right click the BFU folder on your desktop, and choose Extract All
-
Hello and Welcome to the forums.
I am MoNsTeReNeRgY22 and I will be assisting you with your malware problem today.
Sorry for the delay. If you are still in need of assistance, please post a fresh HJT log.
-
Thanks for the update
-
Hello again,
Please download Malwarebytes' Anti-Malware from Here or Here
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Full Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
-
Hello and Welcome to the forums.
I am MoNsTeReNeRgY22 and I will be assisting you with your malware problem today.
Looking at your system now, one or more of the identified infections is a backdoor application which can allow attackers to access your computer, stealing passwords and personal data.
If this computer is ever used for on-line banking, I suggest you do the following immediately:
1. Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.
2. From a clean computer, change ALL your on-line passwords for email, for banks, financial accounts, PayPal, eBay, on-line companies, any on-line forums or groups you belong to.
Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.
Please visit this web page for instructions for downloading and running ComboFix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
This includes installing the Windows XP Recovery Console in case you have not installed it yet.
For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.
Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.
Once you have finished installing the Windows Recovery Console, please continue with the rest of the tutorial at the above link.
Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
-
Hello and Welcome to the forums.
I am MoNsTeReNeRgY22 and I will be assisting you with your malware problem today.
- NOTE: You will need to temporarily disable any programs you have running that will block attempts to edit the registry. As FixIEDef calls REGEDIT to delete registry keys added by Zlob, Trojan.Downloader.Delf, AntiSpyPro, and IE Defender.
- Download FixIEDef.exe by ShadowPuterDude to the Desktop.
Note: FixIEDef now supports Non-English Language Systems - Double-click FixIEDef.exe:
- That will open the About FixIEDef screen. Click OK to continue:
- Next, press the Scan! button:
- FixIEDef needs to run as Administrator to perform correctly. This message simply confirms it was able to run with admin privileges. Click OK to continue:
- Wait for the scan to finish. It shouldn't take very long:
- WARNING: FixIEDef will kill all copies of Internet Explorer and Explorer that are running, during removal of malicious files. The icons and Start Menu on your Desktop will not be visible while FixIEDef is removing malicious files. This is necessary to remove parts of the infection that would otherwise not be removed.
- After the !!! All Finished !!! message is displayed, click Exit:
- Post the FixIEDef log file, located on the Desktop.
Note: process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool". It is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
See: http://www.beyondlogic.org/consulting/proc...processutil.htm
- NOTE: You will need to temporarily disable any programs you have running that will block attempts to edit the registry. As FixIEDef calls REGEDIT to delete registry keys added by Zlob, Trojan.Downloader.Delf, AntiSpyPro, and IE Defender.
-
I had this problem recently with my PSU. I kinda just moved on and got used to the noise. I havent really noticed it as of recently though.
-
I absolutely hate IE and FF, Opera all the way. I hae had major issues with both of those browsers in the past, and haven't had one yet with Opera! I also believe Opera is faster than both.
-
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
-
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
Hijackthis Log[RESOLVED]
in Malware Removal
Posted
Hello again,
The program ran fine, so please follow my instructions below.
Please download the OTMoveIt2 by OldTimer.
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.