Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Viruses, Viruses, Viruses! HELP! [Solved]

malware virus software help trojan ads file infected

  • This topic is locked This topic is locked

#61
OkayOkayOkay

OkayOkayOkay

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts

Step 1: I uninstalled CCleaner. 

 

Step 2: I'm not sure. I don't think so? I put some files onto a memory stick.

I presume simone-2 is the guest account??

 

Step 3: I'm completing this now.


  • 0

Advertisements


#62
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Step 2: I'm not sure. I don't think so? I put some files onto a memory stick.

 

 

So do you have all your encrypted documents saved somewhere or do you still need help to gather those up?

 

I presume simone-2 is the guest account??

 

No. This appears to be another Administrator account. If you never sign in the computer with simone-2, we should get rid of this account.


  • 0

#63
OkayOkayOkay

OkayOkayOkay

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts

I still need to back my files up.

 

I only use Simone. I only have a Simone and Guest account. Strange one. I am going to upload the FixLog into a SendSpace link that I will private message you now as it is too big.

 

The search:

 

Farbar Recovery Scan Tool (x64) Version:20-08-2015
Ran by simone (2015-08-22 15:50:46)
Running from C:\Users\simone\Desktop
Boot Mode: Normal

================== Search Registry: "globalUpdate,esgiguard,Shredder" ===========

====== End of Search ======


  • 0

#64
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Thanks for the info. Let's identify all your corrupted documents and then we'll move them to a folder for you.

 

Step#1 - File Identification
1. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
2. Copy/paste or type *.aaa  into the Search box of the FRST window.
3. Click the Search Files button.
4. When the search is done it will open a notepad window with the results. Can you copy/paste the contents of this window into your next post?

 

Step#2 - Rootkit Scan
1. Download aswMBR to your desktop.
2. Right-click on aswMBR.exe and select Run as administrator to run it.
3. If you get a question about Virtualization Technology, answer Yes.
4. If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
5. Click the "Scan" button to start scan.
6. On completion of the scan click "Save log", save it to your desktop and post in your next reply.
NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

 

 

Items for your next post

1. FRST Search results

2. aswMBR Scan Results

 

 


  • 0

#65
OkayOkayOkay

OkayOkayOkay

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts

Finally worked this out! Posting on the thread is easier...

 

Sorry it took so long.

 

 

Attached File  Search.txt   235bytes   87 downloads

 

Attached File  aswMBR.txt   4.07KB   89 downloads


  • 0

#66
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

The search isn't showing any of your encrypted documents. As an example, in your downloads folder there used to be a whole bunch of encrypted files. Two examples follow. Are they not there? Did you happen to move these?

 

C:\Users\simone\Downloads\referral assignmentBB.pdf.aaa

C:\Users\simone\Downloads\referral assignmentBB (1).pdf.aaa

  • 0

#67
OkayOkayOkay

OkayOkayOkay

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts

They're still there. Weird that it didn't show up...


  • 0

#68
OkayOkayOkay

OkayOkayOkay

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts

The example you gave in your previous comment is still there but no longer an AAA file, and it's a standard PDF. I think today was the deadline day for my ransom payment. Could they have removed some files without our knowledge? Or maybe a cleaner tool got rid of them? Not sure. Majority of them are still there I think. My 'Sam' document with word files etc are still there as AAA files.


  • 0

#69
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

No, nothing should have removed them. OK, please try the following instead.

 

1. Click your Start button and type cmd in the search box.

2. Right-click on cmd in the search results and select Run as administrator. Answer Yes if prompted.

3. Copy and paste the following lines into the command-prompt window, one at a time, hitting enter after each.

cd\

dir /B *.aaa /s > %userprofile%\desktop\files.txt && notepad files.txt

 

4. When the scan is complete a notepad file will open. Please copy/paste the contents of this file into your next post.


  • 0

#70
OkayOkayOkay

OkayOkayOkay

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts

No scan comes up. It said it couldn't find the fixlist file...it's still on my desktop though? and isn't blank.


  • 0

Advertisements


#71
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

couldn't find the fixlist

 

I never specified a fixlist file? It should have been named files.txt. Notepad didn't open when it was complete?


  • 0

#72
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Actually I see the issue. Could you post the files.txt file that should be on your desktop?

 

Thanks.


  • 0

#73
OkayOkayOkay

OkayOkayOkay

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts

It's the zip folder you sent me

Attached Files


  • 0

#74
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Hmmm, unfortunately we are missing each other. Follow the below steps exactly and hopefully it should clear some things up.

 

1. Click your Start button and type cmd in the search box.

2. Right-click on cmd in the search results and select Run as administrator. Answer Yes if prompted.

3. Copy and paste the following lines into the command-prompt window, one at a time, hitting enter after each.

cd\

dir /B *.aaa /s > %userprofile%\desktop\files.txt && notepad %userprofile%\desktop\files.txt

 

4. Eventually a notepad file will open. Please copy/paste the contents of this file into your next post.


  • 0

#75
OkayOkayOkay

OkayOkayOkay

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts

It worked.

Attached Files


  • 0






Similar Topics


Also tagged with one or more of these keywords: malware, virus, software, help, trojan, ads, file, infected

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP