Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Help! Cryptowall virus on computer!


  • Please log in to reply

#31
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,010 posts
  • MVP
Not sure what is wrong with Combofix.
 
Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner. (Pause your anti-virus)  Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).  
 
# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.
 
 
Let's also try the bitdefender quickscan.
 
 
When it finishes there is a View Report option at the bottom.  Click on it and copy and paste the report (even if it says nothing found).
 
Were you able to update Avast?  

  • 0

Advertisements


#32
sarahb16

sarahb16

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

Just an update on the ESET Online Scanner. So I tried it last night, it got to 47% and then didn't go any further. We were having some internet issues so I restarted it again today. At this moment the scanner has been running for 7hrs 40min and is at 47%. It does say that it has found 253 infected files thus far. It seems to be stuck going through C:\Users\Sarah\AppData\Local\Temp. If they are just temporary links and documents, would it be possible to just delete them?


  • 0

#33
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,010 posts
  • MVP

No problem deleting temp files.  Sometimes they won't delete.  Usually means something is using them so go on to the next one.


  • 0

#34
sarahb16

sarahb16

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

Sorry for the delay. Tried to delete some of the temp files. As you said, some will not delete. Found that FRST has quarentined some of the files, so won't let me touch them.

 

As for BitDefender. I tried to run it on IE, but it said an add on was missing to make it run. So I did it on Firefox instead and it gave me the message "You’re Good To Go! No Active Viruses Found" but would not give me an option to view a report.


  • 0

#35
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,010 posts
  • MVP

Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml

You do not have the latest Java.
First go into Control Panel, Add/Remove Software (XP) or Programs and Features (Vista/Win 7) and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
I see:
Java 7 Update 6 (64-bit)
Java 7 Update 67
Java™ 6 Update 13
Java™ 6 Update 31
Java™ 6 Update 7

Java has been very vulnerable to infection so unless you absolutely need it you should not reinstall it.

If you feel you must have Java:
Get the latest Java at:
http://www.java.com/en/

Save it to your PC then close all browsers and install it.  Do not let it install the yahoo toolbar or other foistware.
Once installed, go into Control Panel, Java, Security and set the slider to the Highest then OK.

(If you also want the 64 bit version then use the 64 bit version of IE to get it.)

 

 

Then let's download the latest version of Avast:

 

http://files.avast.c...virus_setup.exe
 

 

Save the file.  Uninstall the old version of Avast.  Reboot and then install the new version by right clicking and run as admin.  Decline any additional software.  After the next reboot it may ask you if you want to install dropbox.  Tell it no.  Stick with the Basic version.

 

 

Some people object to the voice notification of updates.  To turn it off, click on the Avast ball then on Settings then on Appearance.  Then on Sounds and uncheck Automatic Updates OK.  (It will still update it just won't tell you about in a loud voice in the middle of the night.)

They have also started using their info popup to try and get you to upgrade so I go into Settings, Appearance, Popups and change the first two to 1 second.  Their Browser Cleanup is not so user friendly since it wants to reset your home page and search engine to Yahoo so I go into Settings, Tools, and turn it off.

If you haven't registered already then right click on the orange ball and select Registration Information and click on the link.  (They just want you name and email address).  The registration is good for 12-14 months then you will need to register again.  They will, of course, try to talk you into buying the product but you can always register again for another year free tho it may not be the default.  Look for the Basic option.
 

 

Run a new FRST scan and post the log.  I want to see if this version of Avast has the same problem that the old version had:

 

Some zero byte size files/folders:
==========================
C:\Windows\System32\Drivers\aswMonFlt.sys

 

 

Assuming the reinstall fixes the problem then tonight let Avast run a boot time scan.

 

How to do a boot-time scan while you sleep: (Takes roughly 6 hours on an average system.)
First mute the speakers so it won't wake you up when Windows loads.  Click on the Orange ball.  Click on Scan, then Scan for Viruses and wait a couple of minutes for the page to change.  Change Quickscan to Boot-time Scan.  Click on Settings.  Where it says Heuristic Sensitivity click on the last rectangle so that all of them are  orange and it says High.  Check both boxes.  Then change When a threat is found ... to:  Move to Chest.  OK.  Now click on Start.  Close the Avast window and then reboot.  The scan will start.  It will tell you where it will save the report.  Usually it's
C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location.  When Windows loads Click on the Orange Ball then Scan, Then Scan History (at the bottom of the page). Click on the last scan and then Detailed Report.  If it found anything then open the aswBoot.txt file and copy and paste it.  If you can't find it then take a screen shot of the Detailed Report:
 


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP