Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Laptop still performing poorly after Malwarebytes/Avast removes 1,000s

Started by Aaron Beleven , Dec 07 2014 02:33 PM

  • This topic is locked This topic is locked

#16
Essexboy
Posted 10 December 2014 - 08:38 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
It could be a temporary glitch
  • 0

Advertisements

#17
Aaron Beleven
Posted 10 December 2014 - 09:09 AM

Aaron Beleven

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

Okay, Sorry about the delay it scanned all night.  Here is the detected threat reports.  I skipped treating each one.  I will go on to start the rest of your instructions now.

 

Status: Detected   (events: 10)
12/9/2014 5:07:22 PM Detected adware not-a-virus:AdWare.Win32.AnProt.a C:\FRST\Quarantine\C\Program Files (x86)\AnyProtectEx\AnyProtectTrayIcon.exe Medium
12/9/2014 5:07:22 PM Detected adware not-a-virus:AdWare.Win32.AnProt.a C:\AdwCleaner\Quarantine\C\Users\Kevon\AppData\Local\AnyProtectScannerSetup.exe.vir//AnyProtectTrayIcon.exe Medium
12/9/2014 8:28:10 PM Detected adware not-a-virus:AdWare.Win32.PennyBee.a C:\Users\Guest 1\AppData\Local\tmp13205\dag13205.exe//data0000.res/wpennybeed.exe Medium
12/9/2014 8:37:20 PM Detected adware not-a-virus:AdWare.Win32.PennyBee.a C:\Users\Guest 1\AppData\Local\tmp13205\dag13205.exe//# Medium
12/9/2014 10:14:58 PM Detected adware not-a-virus:AdWare.Win32.PennyBee.a C:\Documents and Settings\Guest 1\AppData\Local\tmp13205\dag13205.exe//data0000.res/wpennybeed.exe Medium
12/9/2014 10:22:17 PM Detected adware not-a-virus:AdWare.Win32.PennyBee.a C:\Documents and Settings\Guest 1\Local Settings\tmp13205\dag13205.exe//data0000.res/wpennybeed.exe Medium
12/9/2014 11:00:36 PM Detected adware not-a-virus:AdWare.Win32.PennyBee.a C:\Documents and Settings\Guest 1\Local Settings\tmp13205\dag13205.exe//# Medium
12/9/2014 11:00:50 PM Detected adware not-a-virus:AdWare.Win32.PennyBee.a C:\Documents and Settings\Guest 1\AppData\Local\tmp13205\dag13205.exe//# Medium
12/10/2014 1:15:10 AM Detected adware not-a-virus:AdWare.Win32.PennyBee.a C:\Users\Guest 1\Local Settings\tmp13205\dag13205.exe//data0000.res/wpennybeed.exe Medium
12/10/2014 9:22:54 AM Detected adware not-a-virus:AdWare.Win32.PennyBee.a C:\Users\Guest 1\Local Settings\tmp13205\dag13205.exe//# Medium

  • 0

#18
Aaron Beleven
Posted 10 December 2014 - 09:40 AM

Aaron Beleven

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

My program doesn't have a Manual Scan option (oddlly, in reports it has Manual Disinfection option):

 

GWngeqN.png?1


  • 0

#19
Essexboy
Posted 10 December 2014 - 09:50 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Darn they have changed the programme

 

OK I will run a quick check for a replacement


  • 0

#20
Essexboy
Posted 10 December 2014 - 09:55 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK AVZ is still available as a standalone tool http://support.kaspe...?el=1698#block2

Could you follow the instructions on the page to create the log. I will work on a set of instructions for this now but rather than keep you waiting :)

You will need to attach KL_syscure.zip
  • 0

#21
Aaron Beleven
Posted 10 December 2014 - 11:44 AM

Aaron Beleven

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

.

Attached Files


  • 0

#22
Essexboy
Posted 10 December 2014 - 12:11 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
The timing was perfect as I have just finished making the instructions :)

Could you let me know how it is running on completion

Open AVZ as before
Click "File" > "Custom scripts"
avzfix1.png

A dialogue will open
Copy and paste the following script into the marked space
avzfix2.JPG

Script for insertion :
 

begin
DeleteFile('');C:\Users\Kevon\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop (1).ini
QuarantineFile('C:\Users\Kevon\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop (1).ini','');
DeleteService('SymELAM');
StopService('SymELAM');
BC_DeleteSvc('SymELAM');
DeleteFile('C:\WINDOWS\system32\drivers\NISx64\1405000.01C\SymELAM.sys','32');
BC_DeleteFile('C:\WINDOWS\system32\drivers\NISx64\1405000.01C\SymELAM.sys');
DeleteFile('C:\Program Files (x86)\Mobogenie3\Mobogenie.exe','32');
BC_DeleteFile('C:\Program Files (x86)\Mobogenie3\Mobogenie.exe');
DeleteFile('C:\Users\Kevon\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop (1).ini','32');
BC_DeleteFile('C:\Users\Kevon\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop (1).ini');
DeleteFile('C:\WINDOWS\system32\drivers\NIS\1405000.01C\SYMEFA64.SYS','32');
BC_DeleteFile('C:\WINDOWS\system32\drivers\NIS\1405000.01C\SYMEFA64.SYS');
DeleteFile('C:\WINDOWS\system32\drivers\NISx64\1405000.01C\SRTSP64.SYS','32');
BC_DeleteFile('C:\WINDOWS\system32\drivers\NISx64\1405000.01C\SRTSP64.SYS');
DeleteFile('C:\WINDOWS\system32\drivers\NdisImPlatform.sys','32');
BC_DeleteFile('C:\WINDOWS\system32\drivers\NdisImPlatform.sys');
BC_ImportDeletedList;
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.


Ensure that you copy from begin to end
  • 0

#23
Aaron Beleven
Posted 10 December 2014 - 12:27 PM

Aaron Beleven

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

Oddly, I've noticed it's running even better now.  I don't know what's happening while we're working so I can't explain it.

 

Okay, so I pasted the script & selected "Run".  Here is the error .  I didn't proceed.

 

FMx7B7Q.png


Edited by Aaron Beleven, 10 December 2014 - 12:31 PM.

  • 0

#24
Essexboy
Posted 10 December 2014 - 01:27 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hmm I may have made a minor error in the script


Open AVZ as before
Click "File" > "Custom scripts"
avzfix1.png

A dialogue will open
Copy and paste the following script into the marked space then press run
avzfix2.JPG

Script for insertion :
 
begin
StopService('SymELAM');
BC_DeleteSvc('SymELAM');
DeleteFile('C:\WINDOWS\system32\drivers\NISx64\1405000.01C\SymELAM.sys','32');
BC_DeleteFile('C:\WINDOWS\system32\drivers\NISx64\1405000.01C\SymELAM.sys');
DeleteFile('C:\Program Files (x86)\Mobogenie3\Mobogenie.exe','32');
BC_DeleteFile('C:\Program Files (x86)\Mobogenie3\Mobogenie.exe');
DeleteFile('C:\Users\Kevon\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop (1).ini','32');
BC_DeleteFile('C:\Users\Kevon\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop (1).ini');
DeleteFile('C:\WINDOWS\system32\drivers\NIS\1405000.01C\SYMEFA64.SYS','32');
BC_DeleteFile('C:\WINDOWS\system32\drivers\NIS\1405000.01C\SYMEFA64.SYS');
DeleteFile('C:\WINDOWS\system32\drivers\NISx64\1405000.01C\SRTSP64.SYS','32');
BC_DeleteFile('C:\WINDOWS\system32\drivers\NISx64\1405000.01C\SRTSP64.SYS');
DeleteFile('C:\WINDOWS\system32\drivers\NdisImPlatform.sys','32');
BC_DeleteFile('C:\WINDOWS\system32\drivers\NdisImPlatform.sys');
BC_ImportDeletedList;
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
Ensure that you copy from begin to end
  • 0

#25
Aaron Beleven
Posted 10 December 2014 - 01:56 PM

Aaron Beleven

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

It's running better & doesn't feel laggy.  Just old  :prop:  & slow in an old machine sort of way.   It's playing videos now.  I opened up both browsers and it surfed a few sites.  Loading animations are fluid.  I'm not sure how best to check performance but I think it's another miracle from here.  I'm happy at this point.


  • 0

Advertisements

#26
Essexboy
Posted 10 December 2014 - 02:05 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
You still had some Norton drivers running along with one piece of adware... Take it for a test run now and when you are happy let me know and we will tidy up
  • 0

#27
Aaron Beleven
Posted 10 December 2014 - 05:46 PM

Aaron Beleven

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

So I ran Norton results were no threats found.  Unfortunately I had to uninstall Avast as I don't know how to simply turn it off.  I know I can get it again, but just in case I wanted to let you know.

 

Also, Norton notified me it needed updates but repeatedly failed to get those updates installed.


Edited by Aaron Beleven, 10 December 2014 - 05:52 PM.

  • 0

#28
Essexboy
Posted 11 December 2014 - 08:43 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Is the licence for Norton still valid or has it expired ?
  • 0

#29
Aaron Beleven
Posted 11 December 2014 - 02:17 PM

Aaron Beleven

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Yes it was. It said I needed to Renew and I attempted to and it appears to me it's simply reinstalled. Or restart A trial version.

Just a heads up, I won't have access to that machine for one and one half days. Though it is possible it'll be sooner.
  • 0

#30
Essexboy
Posted 11 December 2014 - 02:49 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No problem on the time :)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP