Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Ice Cyber Crime Ransom Virus [Closed]


  • This topic is locked This topic is locked

#76
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,775 posts

How did you go about disabling Malwarebytes?  If you just did it through the system tray try this way - go to settings then to Detection and Protection then to the side and disable both protections.  Also how did you disable Avast?

 

mbam.jpg


  • 0

Advertisements


#77
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,775 posts

Sometimes Combofix refuses to run don't know why.  Anyways is your computer still running slowly?  Are you sure you completely disabled MBAM/Avast?  Did ESET uninstall without a hitch?


  • 0

#78
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,775 posts

There are two other rootkit scanners we can run if you want but it's unlikely they'll dig anything else up we could try though.


  • 0

#79
unique101sd

unique101sd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts

HI Josh,

I have attempted to run Combofix 3 more times. However, it still seems to freeze every time. My computer appears to be running a bit faster. However, it is very slow in starting Google Chrome. I would be willing to use the two other root kits if you think they might help.

 

Thanks for your patience and commitment to helping me resolve this issue.

 

I look forward to hearing from you.

 

Oh, yes, I disabled both MBAM and Avast. I also. The deinstallation of ESET went without a hitch as well.


  • 0

#80
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,775 posts
Hi unique. Let's do a rootkit scan with GMER. If this doesn't pick anything up I think we're safe. Also did you unistall ESET before or after installing Avast? And can you get me a screenshot of the Chrome 1.1.1.1 issue if you're still getting it?

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any
"<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.
Post the contents of GMER.txt in your next reply.

Things to see in your next post:
GMER.txt

  • 0

#81
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,775 posts

You still with me?  This is the last scan to make sure you're 100% clean.  If you don't wish to let me know and I can give you my all speech if everything is good.


  • 0

#82
unique101sd

unique101sd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
Hi Josh,

My apologies. I am still with you. I have been traveling on business. I will do the root kit scan this evening.

Thanks again for your assistance.
  • 0

#83
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,775 posts

I'll have to close this thread due to inactivity without a reply.  Please let me know if you wish to continue.


  • 0

#84
unique101sd

unique101sd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts

Hi Josh,

 

I am attempting to run the rootkit right now. I will post just as soon as it finishes.


  • 0

#85
unique101sd

unique101sd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts

Also, I uninstalled ESET completely before installing AVAST. I am no longer getting the Chrome 1.1.1.1. However, Chrome is very slow starting.


  • 0

Advertisements


#86
unique101sd

unique101sd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts

Attached File  GMER.txt   126.48KB   54 downloads

 

Attached File  GMER.txt   126.48KB   54 downloadsAttached File  GMER.txt   126.48KB   54 downloads

 

HI Josh,

 

Here is the additional GMER.TXT scan file


  • 0

#87
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,775 posts

Hi unique.  There's some malware present there.  Please hold off on using your computer while I create a fix for you.


  • 0

#88
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,775 posts
Let's do these two first then I'll get back to you tomorrow. Please do the following

Step 1

  • Double click on the OTL icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the None button.
  • Paste this into the Custom Scans/Fixes section:
    c:\UAC* /s

     

  • Click the Run Scan button. The scan wont take long.
  • When the scan completes, it will open a notepad window - OTL.Txt.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it in your topic

Step 2

Please redownload TDSSKiller to run a fresh scan

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters
  • Put a checkmark beside loaded modules.
    2012081514h0118.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
    19695967.jpg
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    67776163.jpg
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    62117367.jpg
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Things to see in your next post:
OTL.txt
TDSSKiller log

  • 0

#89
unique101sd

unique101sd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
Hi Josh,

I am unable to open anything on my computer now. When I started my computer, I opened it to a check disk screen. After that screen passed, I could only open the task manager. Under processes, it says that csrss.exe and Avast.exe are the two processes that are running. However, I cannot open any applications.
  • 0

#90
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,775 posts

Hi unique.  I think you might have a hardware issue possibly a dying hard drive.  How old is your computer?  Do you have your data backed up?  If not do not use your computer at all until we get the data backed up - if the hard drive dies it could cost up to $3500 to salvage the data.  All the utilities we ran came up clean.  The GMER malware I noticed was from a previous infection when you dealt with emeraldnzl here in 2009.  You are running boot camp on a mac right?  Do you have access to the manual that came with the computer?  It will have instructions on how to run a hard drive diagnostic we can follow after we back up your data if it's not already.  Please let me know if you have any questions or problems.  For now just let me know the answers to these questions.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP