[parkerbcrow]

Hello, I believe that I may have some malware on my computer. Some basic information, I have Windows 8 (64 bit) and use Internet Explorer as my web browser. I have never installed nor do I use Google Chrome, but I think it might have been installed by a program without my knowledge based on the following.

 

About a week ago, I noticed that my computer was starting to run slowly and that occasionally, whether I am connected to the internet or not, something that appeared to be a web browser window would pop up for no reason on my screen. After checking in the Task Manager, I noticed that there were multiple instances of Chrome (again, I don't use and have never knowingly installed Chrome) running from a program called "eozdxlivfin.exe", which was located in the folder "C:\ProgramData\Microsoft\PlayReady\Fgadlgfzxf\hjhfeqjmcs". When I try to end the processes they restart themselves, and when I try to delete the files in the locatoin causing the problem I am not able to do so. The slow down caused by this problem seems to be the same both on and offline, but it seems to be a bit worse whenever I am online.

 

Additionally, over the past day or two, I've also noticed in task manager that it will show a couple of instances of Internet Explorer running (not as many as the Chrome ones), even when I have not been running IE. These IE processes also seem to restart themselves when I try to end them. I have tried downloading a Malware removal program to try and fix this, but have not had any luck from it. I believe that my computer got this way by my allowing my Windows Updates and Windows Defender to lapse in their updates for quite some time, which I have tried to remedy but haven't been able to given how slow my computer now runs.

 

Please let me know if you can help me any with this, I will provide any additional information as necessary. Thanks.

 

Parker

[Advertisements]

Hi are you able to download this programme, or failing that download onto another computer and then transfer it to the sick one with a USB

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
• Select additions at the bottom
• Press Scan button.
  
• It will produce a log called FRST.txt in the same directory the tool is run from.
• Please attach both logs generated.

[Essexboy]

Hi are you able to download this programme, or failing that download onto another computer and then transfer it to the sick one with a USB

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
• Select additions at the bottom
• Press Scan button.
  
• It will produce a log called FRST.txt in the same directory the tool is run from.
• Please attach both logs generated.

[parkerbcrow]

Thank you for your response, sorry I was unable to follow your instructions sooner as I was at work. Attached are the two logs that were generated.  Addition.txt   28.65KB   252 downloads  FRST.txt   19KB   426 downloads

[Essexboy]

You have a Poweliks infection which then downloaded some of its friends to have a play.  Now we will evict them
 
Download the attached Fixlist.txt to the same location as FRST
 fixlist.txt   2.5KB   243 downloads
Start FRST and press fix
On completion reboot and a log will be produced please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
• Click on Scan.
• After the scan is complete click on "Clean"
• Confirm each time with Ok.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile with your next answer.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

FINALLY

Download and run farbar service scanner



Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

[parkerbcrow]

After following your instructions, attached are the logs that were generated. I'm no longer seeing Chrome in the task manager.  AdwCleanerS2.txt   975bytes   185 downloads  Fixlog.txt   14.55KB   302 downloads  FSS.txt   2.89KB   144 downloads

[Essexboy]

Looking better just a few services to reset now. Are you seeing any other problems ?

Download Eset service repair to your desktop
Run the programme and accept the elevation request
Once it has completed it will ask for a reboot, allow it to do so
After the reboot there will be a CC Support folder on the desktop
Open that and go to the logs folder there will be a report please post that

THEN

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup-2.0..exe to install the application. (The revision number may vary.)

• Select the language and click OK.

• Accept the agreement

• Make sure a checkmark is not placed next to Enable the Free Trial and Launch Malwarebytes' Anti-Malware, then click on finish.

• If an update is found, it will download and install the latest version.

• Once the program has loaded, select "Scan Now".

• The scan may take some time to finish,so please be patient.

• When the scan is complete, click on Quarantine All,.

• When disinfection is completed, a dialog will open and you may be prompted to Restart.(See Extra Note)

• Upon restart, launch Malwarebytes Antimalware and select History.

• Double click on the last scan done, then on Copy to Clipboard.

• To submit your reply, click on Add Reply, then right click on the window and select Paste.

• Submit your reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

[parkerbcrow]

The worst of the problem seems fixed, I'll apply these other fixes this evening.

[parkerbcrow]

Procedures performed, however on the Malwarebytes Anti-Malware nothing came back as needing to be quarentined. Attached are the logs.  mbamscan.txt   1.02KB   169 downloads  SvcRepair.log   362bytes   203 downloads

[Essexboy]

Any further problems before I tidy up ?

[parkerbcrow]

No further problems that I'm seeing really. The sound has stopped working for one of my computer games, but I think that's probably unrelated. Thank you so much for all of your help with this, I really appreciate it.

[Essexboy]

Subject to no further problems

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Remove tools

Download and run Delfix



Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware



Malwarebytes.

Update and run weekly to keep your system clean

Unchecky

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe

[Essexboy]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.