bad virus

[frazier]

help

[flashh4]

Howdy Frazier and welcome to BestTechie !!!  

My name is flashh4 (Chuck) and i will be assisting you with the cleaning of your computer.

Run these 1 at a time & post each log as you get it ! Work them as your time permits you to !!

If you don't understand something, please don't hesitate to ask for clarification before proceeding !!! You can PM me if you need to !!
Do Not Remove anything or run any tools/programs until advised to do so !

Perform all actions in the order given.

Please stay with us until we give you the "All Clean Speech"! Just because the problem has stopped it may still need some clean-up !  

Please note that all instructions given are customized for this computer only, the tools used may cause damage if used on a computer with different infections.  

If you think you have similar problems, please post a log in the Malware Removal forum and wait for help.  


===================================
 

 

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of these to run, not all of them. Try the first one first !!

   1. rkill.exe  >>> http://download.bleepingcomputer.com/grinler/rkill.exe
   2. rkill.com >>>  http://download.bleepingcomputer.com/grinler/rkill.com
   3. rkill.scr  >>>  http://download.bleepingcomputer.com/grinler/rkill.scr
   4. WiNlOgOn.exe  >>> http://download.bleepingcomputer.com/grinler/WiNlOgOn.exe
   5. uSeRiNiT.exe  >>>  http://download.bleepingcomputer.com/grinler/uSeRiNiT.exe
   6. iExplore.exe >>>  http://download.bleepingcomputer.com/grinler/iExplore.exe

Please post the log in your next reply.
 

 

 

NEXT


MALWAREBYTES with Pics:

Please download Malwarebytes' Anti-Malware to your desktop. Or from Here >> http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html


    * Double-click  mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to  Update Malwarebytes' Anti-Malware and  Launch Malwarebytes' Anti-Malware, then click  Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select  Perform quick scan, then click Scan.




When the scan is complete, click  OK, then  Show Results to view the results.



    *  Then click  Remove Selected .
    * When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
    * Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    Or via the Logs tab when the application is started.



Please don't attach the scans / logs, use "copy/paste".
 

 

Post me those 2 logs above !!

 

Thanks

Chuck

[frazier]

nti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.23.06

Windows 7 x64 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.7600.16385
frazier :: FRAZIER-PC [administrator]

Protection: Disabled

3/23/2014 7:19:35 AM
mbam-log-2014-03-23 (07-19-35).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 220666
Time elapsed: 4 minute(s), 5 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|AS2014 (Rogue.FakeAV) -> Data: C:\ProgramData\WDXRVpDn\WDXRVpDn.exe -> Quarantined and deleted successfully.
HKCU\Control Panel\don't load|wscui.cpl (Hijack.SecurityCenter) -> Data: No -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 7
C:\ProgramData\WDXRVpDn\WDXRVpDn.exe (Rogue.FakeAV) -> Quarantined and deleted successfully.
C:\Users\frazier\AppData\Roaming\Adobe\acupx217.dll (Trojan.FakeMS.ED) -> Quarantined and deleted successfully.
C:\Users\frazier\AppData\Local\Temp\MASMAHL120A.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\frazier\AppData\Local\Owrics\xkbruvppgygzcd.dll (VirTool.Vbcrypt) -> Quarantined and deleted successfully.
C:\Users\frazier\Local Settings\Temporary Internet Files\Content.IE5\K7RS94C3\AbPSi.exe (Trojan.Happili) -> Quarantined a

[flashh4]

Thanks Frazier now see if you can reboot into Normal mode & let me know if you can !!

 

Thanks

Chuck

[flashh4]

Glad to know you got it running !

 

Now let do some cleaning Frazier !

 

b]AdwCleaner
       
Please download adwcleaner by Xplode onto your desktop.
Double click on AdwCleaner.exe to run the tool again.
       Windows XP : Double click on the icon to run it.

       Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

    *Click on the Scan button.
    *AdwCleaner will begin to scan your computer like it did before.
    *After the scan has finished .......
    
    This time, click on the Clean button.
    
    *Press OK when asked to close all programs and follow the onscreen prompts.
    *Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    *After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
    *Copy and paste the contents of that logfile in your next reply.
    *A copy of that logfile will also be saved in the C:\AdwCleaner folder.



NEXT


    Please download Junkware Removal Tool and save to your desk top.

    Shut down your protection software now to avoid potential conflicts.

    * Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    * The tool will open and start scanning your system.
    * Please be patient as this can take a while to complete depending on your system's specifications.
    * On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    * Post the contents of JRT.txt into your next reply !

Re-Boot your computer now !!
 

 

Post next:
1. AdwCleaner Log
2. Junkware Removal Log

 

Thanks

Chuck
 

[frazier]

# AdwCleaner v3.022 - Report created 23/03/2014 at 08:00:11
# Updated 13/03/2014 by Xplode
# Operating System : Windows 7 Home Premium  (64 bits)
# Username : frazier - FRAZIER-PC
# Running from : C:\Users\frazier\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1MJH84HS\adwcleaner[1].exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\frazier\AppData\Roaming\File Type Helper
File Deleted : C:\windows\System32\roboot64.exe

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7600.17267

*************************

AdwCleaner[R0].txt - [957 octets] - [23/03/2014 07:50:30]
AdwCleaner[s0].txt - [889 octets] - [23/03/2014 08:00:11]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [948 octets] ##########

[flashh4]

Frazier, nothing real bad there !! Post the JunkWare Removal log next !!

 

Chuck

[frazier]

nkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Home Premium x64
Ran by frazier on Sun 03/23/2014 at  8:12:19.29
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 03/23/2014 at  8:18:15.77
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[frazier]

Thank you very much

[flashh4]

That looks pretty clean so lets call it good !

 

 
Congratulation you are clean !!!

Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.

This is my standard "All Clean Speech." You may have some already installed, these are just recommendations !

Here are some tips to reduce the potential for spyware infection in the future:

Make your Internet Explorer more secure - This can be done by following these simple instructions:

 
 *From within Internet Explorer click on the Tools menu and then click on Options.
 *Click once on the Security tab
 *Click once on the Internet icon so it becomes highlighted.
 *Click once on the Custom Level button.
 *Change the Download signed ActiveX controls to Prompt
 *Change the Download unsigned ActiveX controls to Disable
 *Change the Initialize and script ActiveX controls not marked as safe to Disable
 *Change the Installation of desktop items to Prompt
 *Change the Launching programs and files in an IFRAME to Prompt
 *Change the Navigate sub-frames across different domains to Prompt
 *When all these settings have been made, click on the OK button.
 *If it prompts you as to whether or not you want to save the settings, press the Yes button.
 *Next press the Apply button and then the OK to exit the Internet Properties page.

==========================

Make your Mozilla Firefox more secure - This can be done by adding these add-ons:

   NoScript
   AdBlockPlus

=============================

Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.

=============================

Free Anti-Virus

  Avast Free Antivirus
  Avira Free Antivirus 2013
  PC Tools AntiVirus Free
  Ad-Aware Free Antivirus

========================

Free Firewall
Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly. A tutorial on firewalls can be found here.

 Online Armor Free
 Agnitum Outpost Firewall Free
 Comodo Firewall

=======================

Make sure you keep your Windows OS current. Windows XP users can visit  Windows updatedefault.asp regularly to download and install any critical updates and service packs. Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems. Without these you are leaving the back door open.

=======================

Consider a custom hosts file such as MVPS HOSTS. This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial by WinHelp2002
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.

==========================

WOT(Web of Trust) As "Googling" is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites. WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome.

==========================

I also recommend that you read the following:
How to prevent malware by miekiemoes

==========================

To insure better safety, these are a must have:
Rule #1 ........ Good Antivirus
Rule #2 ........ Good Firewall
Rule #3 ........ Good Router is Great ! (optional but best)


Happy surfing and Stay Clean
Chuck
 

[flashh4]

This issue has been solved so i will lock this topic ! If you need it re-opened please contact me or any Mod !!

 

Thanks

Chuck