Sorry, not the Recovery scan, but the Service scan, C:\Users\John\Desktop\FSS.exe. That will allow me to see any changes in the services.
Pop Ups & Ads have taken over laptop [Solved]
#46
Posted 31 March 2014 - 04:01 PM
#47
Posted 01 April 2014 - 05:32 PM
In addition, download the enclosed file:
Save and extract its contents to the desktop.
Once extracted, open FRST.
#48
Posted 02 April 2014 - 05:15 AM
Here is the Farbar Service Scan log:
#49
Posted 02 April 2014 - 02:53 PM
Please first have the following file uploaded here.
C:\Windows\SysWOW64\svchost.exe
I will submit the file to the developers and anti-virus companies.
Then download the enclosed file.
Save it in the same location FRST is saved.
Open FRST and click on the Fix button.
The tool will make a log in the same location FRST is saved (Fixlog.txt), Please post it to your reply.
This will replace the svchost.exe file with a fresh copy.
Once done, restart the computer and attempt Windows Updates. Let me know the outcome.
#50
Posted 03 April 2014 - 05:00 AM
I sent the file to bleepingcomputers for analysis. Following is the fixlog you requested. I will restart my computer now and let you know about Windows Update.
#51
Posted 03 April 2014 - 05:13 AM
After restarting my computer and then attempting to check for Windows updates, a message popped up that said: "Windows Update cannot currently check for updates, because the service is not running. You may need to restart your computer."
Sorry =(
#52
Posted 03 April 2014 - 11:10 AM
Download the enclosed file.
Save it in the same location FRST is saved.
Open FRST and click on the Fix button.
The tool will make a log in the same location FRST is saved (Fixlog.txt), Please post it to your reply.
Open an administrator Command prompt (Click on Start, type CMD and press CRTL+SHIFT+ENTER). At the prompt type the following and press Enter:
netsh winsock reset
Let me know of any error message
Type EXIT and press Enter to leave the prompt.
Please open the following file in Notepad:
C:\Windows\WindowsUpdate.log
Copy and paste the last 50 lines of that report in your reply.
#53
Posted 04 April 2014 - 05:34 AM
Here is the most recent fixlog:
#54
Posted 04 April 2014 - 09:57 AM
I have checked the file uploaded to my channel first hand and it is infeted with what appears to be Virus Win32/Expiro. This virus is a Windows executable file infecting virus. It is also capable of stealing credit card and personal information.
As W32/Expiro is a file infector, any filename is fair game. As you can see, the file we replaced is already re-infected with the previous code.
You can read about this here.
W32/Expiro (and related variants) is a dangerous file infector which infects mostly .exe files, and opens a back door that compromises your computer. Using this backdoor, a remote attacker can access and instruct the infected computer to download and execute more malicious files. With this particular infection the safest solution and only sure way to remove it effectively is to reformat and reinstall the OS.
Why? The malware injects code in legitimate files similar to the Virut virus and in many cases the infected files (which could number in the thousands) cannot be disinfected properly by your anti-virus. When disinfection is attempted, the files often become corrupted and the system may become unstable or irreparable. The longer it remains on a computer, the more files it infects and corrupts so the degree of damage can vary.
Further, your machine has likely been compromised by the backdoor Trojan and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume the computer is secure even if your anti-virus reports that the malware appears to have been removed.
Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:
- When should I re-format? How should I reinstall?
- Where to draw the line? When to recommend a format and reinstall?
Just to see if these files are detected, please run a free online scan with the ESET Online Scanner
I would suggest you backup your persobnal data before proceeding.
Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.
Note: This scan works with Internet Explorer or Mozilla FireFox.
If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
- Click the green ESET Online Scanner box
- Tick the box next to YES, I accept the Terms of Use
then click on: Start - You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
- Make sure that the option Scan archives is checked.
- Now click on Advanced Settings and select the following:
- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology
- Click on Start
- The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
- When completed the Online Scan will begin automatically. The scan may take several hours.
- Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
- When completed select Uninstall application on close, make sure you copy the logfile first!
- Then click on: Finish
- Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
- Copy and paste that log as a reply to this topic.
#55
Posted 07 April 2014 - 05:12 AM
Thank you for all the information. I am sorry to hear that this is such a bad infection, but after all the attempts you have made to get rid of it, I am not surprised. Right now, we are trying to figure out which files we need to save. As soon as I am done saving them, I will run the ESET Online Scanner and send the report to you.
Thank you!
#56
Posted 07 April 2014 - 11:55 AM
You are welcome!
#57
Posted 10 April 2014 - 04:52 AM
I have been having a lot of trouble with completing the ESET scanner. I have tried running it three times and I can't get it past 95%. The first two times it ran several hours, then my computer went to sleep, so i thought when I moved my mouse to wake it up, I caused it to stall (because it wasn't continuing during the sleep). Last night I changed settings so it would not go to sleep. I let the scan run all night and this morning it was still at 95%. I moved my mouse to click finish so I could see an incomplete report and the whole ESET screen disappeared. Do you want me to keep trying?
Melanie
#59
Posted 11 April 2014 - 05:23 AM
I want to be sure I understand correctly. I didn't see any instructions on the link you gave me until I scrolled down to the very bottom of the webpage. It said: Steps to remove "Win32.Expiro.57" automatically
Is this what you are wanting me to do?
#60
Posted 11 April 2014 - 05:46 PM
Yes. That will confirm our findings.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users