Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Is It Proof of Infections Left Behind? [Solved]


  • This topic is locked This topic is locked

#1
Gib80

Gib80

    Member

  • Member
  • PipPip
  • 26 posts

Is this proof of malware left behind?

 

 

I have had this problem where I'd lose space on my c drive and I've had it for
monthhs. Recently, I have scanned my pc with anti-viruses MSE and MBAM, both
in safe mode one at a time btw!
I didn't really find anything threatening after those scans, but one thing I found
that might convince you that I have malware is that I went to internet options
then down to where it says browsing history I hit the settings button and I was
taken aback to find this message, "The amount of disk space currently set aside
to store temporary internet files.....," but the part that will convince you is
that the message was after I had set the "disk space to use" at 250mb (which I read
is the default setting) someone changed it. I think this justifies all the space
I had been losing and still are losing. When I clicked on cancel, I could see the
amount on "disk space to use." Its at a whopping 257024mb! That right there is
proof that someone is maleficent, because these controls are definitely being
controlled by somebody other than me!
 

Attached Files


  • 0

Advertisements


#2
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Greetings Gib80 and :welcome:

My nickname is Ruggie and I will be assisting you in cleaning your computer.
Please be aware I am currently in the final stages of training right now and all my work will be checked by an instructor so there may be a slight delay between posts. The added benefit to this is that you will have 2 sets of eyes looking at your problem so you can be assured you will get the best possible help.

  • Malware removal can be a long process and will at times get complicated with multiple steps to perform to ensure that your system is no longer infected.
  • When we start the process, the list of instructions must be followed closely, it may seem difficult at times but it is important that you stay with me until your computer is declared clean.
  • If you are receiving help elsewhere, please let me know so we can close this thread and help someone else.

stop32.png Before going any further, I recommend that you print out (or save to a file) these guidelines and also the instructions when I post them, as part of the repair process may involve going into safe mode and therefore you will not have internet access.

The following guidelines are important but the ones highlighted in RED are of the highest importance and must not be skipped.

right-grn.pngPlease be aware, the fixes we perform are specific to this machine, at this moment in time. They must not be used on another computer or unsupervised at another time. This can render your computer unbootable.

right-grn.pngIf at all possible, Make backups of all your important files, whilst we will do our best to ensure that no files are lost or damaged, sometimes things can go wrong.

right-grn.png I will do everything in my power to ensure that this clean is successful, but occasionally failure hits us all. In this event, please have your original installation disks to hand and be prepared to have to format and reinstall your computer.

right-grn.png Refrain from using any tool that hasn't been instructed as it could alter the process that we are working through and cause further problems. Also only use the tools I instruct in the manner provided as they are very powerful and if not used properly can cause even more problems. It is best if you can avoid using the computer at all, apart from to perform the cleaning steps to ensure that any infections aren't spread.

right-grn.pngPlease stick with me until the end. malware removal is difficult and time consuming. We have to analyse hundreds of lines in log files. This takes time which we give freely so I ask that you do us the courtesy of seeing it through.

right-grn.png Only paste the contents of log files into your reply, DO NOT attach any log files unless requested to do so.

right-grn.png If you have any questions or get stuck, stop and ask....I am here to help you make this go as smoothly as possible.

right-grn.png If you do not reply within 3 days, your topic will be closed. It can be reopened if you ask. But if you plan on being gone for a longer period, just let me know and I will hold it open for you.

Ready? Now lets get to work

Initial FRST Scan

Please download Farbar Recovery Scan Tool and save it to your Desktop. There will be 2 versions offered, if you know which version is the one you need, download that one, if not, download both, only one will work on your computer, that is the one you need.

  • Right click frst.png to run as administrator. >> Windows 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
  • When the tool opens click Yes to the disclaimer.
  • Ensure that the following are ticked as in the image below

Drivers MD5
Shortcut.txt
Addition.txt

frst-addition.png

  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • This will also generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Items I need to see in your next post:

  • FRST.txt
  • Shortcut.txt
  • Addition.txt
     

  • 0

#3
Gib80

Gib80

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

Hello, I have 3 of them for you:)

Please bear in mind, this infection is no joke and I'm in normal mode and safe mode w/ networking

back and forth!

Attached Files


  • 0

#4
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Hi there, firstly, do you use Office Depot Solutions Toolkit?
 
Ok lets get started :D


Step 1

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please download the installer for Registry Backup from here or here and save to your desktop.
  • Right-click on tweaking.com_registry_backup_setup.exe and select Run as Administrator >> Follow the prompts for a default installation
  • Ensure the option Open "Tweaking.com - Registry Backup" When Install Completes is selected >> Next > >> Finish
  • Once the GUI(graphical user interface) has appeared/loaded:-

TCRB-1.jpg

  • Click on Backup Now >> once the process is complete, similar to the below will displayed in the GUI:-

TBRB-2.jpg

  • Close Tweaking.com - Registry Backup

Note: There will now be a folder at the root of the Hard-Drive named C:\RegBackup, do not delete this as it is the actual backup just created.

A tutorial for Registry Backup explaining the various features can be viewed here.

Step 2


FRST Fix

If FRST.exe/FRST64.exe is not on your desktop, please download Farbar Recovery Scan Tool and save it to your desktop.

  • Download the attached and save it to your desktop <<< very important - it must be in the same location as FRST.exe/FRST64.exe
  • Right click frst.png and run as administrator. When the tool opens click Yes to the disclaimer.
  • Press the Fix button.
  • It will produce a log called fixlog.txt on your Desktop.
  • Please copy and paste the contents of that log back here.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Step 3

Microsoft Fixit
Please download the Microsoft Fix-It from here and save it to your Desktop.

Right click the downloaded file on your Desktop and choose Run As Administrator to run the program and let it reboot when it asks.

Step 4

ESET Poweliks Cleaner

ESETOnline.png Scan with ESET Poweliks Cleaner

Please download ESET Poweliks Cleaner and save the file to your desktop.

  • Right-click on ESETOnline.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • If the tool will find Poweliks, you will be prompted Win32/Poweliks found in your system.
  • Press Y to continue the removal.
  • You should be noted that the tool succesfully removed the threat from your system.
  • The tool will also produce a logfile on your desktop, named ESETPoweliksCleaner_Date.Time.
  • Please copy and paste the log into the thread back here and tell me whether the tool found Poweliks and if so whether it indicated that Poweliks had successfully been removed.

Items I need to see in your next post:

  • FRST Fixlog
  • ESET log

  • 0

#5
Gib80

Gib80

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

The Office Depot information I want to keep. It's a reminder.

Attached Files


  • 0

#6
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts
Hi there. There appears to be no malware on your computer.

I think whatever you saw was just the size in KB

251MB is 257024KB so it makes a lot of sense, otherwise, your hard drive which reports as: (Fixed) (Total:174.62 GB) (Free:98.43 GB) is storing an additional 257GB of temporary files which is of course impossible.

Lets remove the tools we have used:
Tool Removal

We need to remove the tools we've used during cleaning your machine
  • Download Delfix from here
  • Ensure Remove disinfection tools is ticked
    Also tick:delfix-select.png
    • Activate UAC
    • Create registry backup
    • Purge system restore
    • Reset System Settings
  • Click Run
Safe surfing and have a good day :D
  • 0

#7
Gib80

Gib80

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

Thanks for keeping me posted!


  • 0

#8
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP