Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Antivirus programs, Malwarebytes, SpyBot, AVG, RKill, etc. will not st


  • This topic is locked This topic is locked

#136
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,590 posts

Go ahead and click Run. It will likely fail anyway since a reboot is going to happen. But it's safe to do.


  • 0

Advertisements


#137
carolinachris

carolinachris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 80 posts

Go ahead and click Run. It will likely fail anyway since a reboot is going to happen. But it's safe to do.

Brian,

 

I clicked "Run", it booted up, then rebooted and it looped to the same window I asked about in the prior post; a window asking to run the AVG remover again...


  • 0

#138
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,590 posts

Do it one last time. Go ahead and run it and let the machine reboot and let me know if it comes up again.


  • 0

#139
carolinachris

carolinachris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 80 posts

Do it one last time. Go ahead and run it and let the machine reboot and let me know if it comes up again.

Brian,

 

It rebooted fine this time, without restarting again.

 

I ran the McAfee utility and rebooted.

 

I ran the JRT and rebooted.

 

I have attached two text files:

1.  A large text file from the avg remover.

2.  The text file from the JRT.

Attached Files


Edited by carolinachris, 11 September 2015 - 01:37 PM.

  • 0

#140
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,590 posts

Excellent. Do you know what you want to use as your Antivirus going forward? My recommendation is to use Microsoft Security Essentials as it's free, light on resources and can be as good as other paid alternatives. If you still want to use AVG or another product then feel free to download it to your desktop but don't install yet. I need to check for any remnants first. Please do the following.

 

Note: At the moment your machine has no Antivirus so please try to stay off the internet for anything unnecessary until we re-install one. The infection you had was severe so I had to do it this way.

 

Step#1 - Fresh Set of Logs
 
1. Right click on FRST64.exe and select Run as administrator. When the tool opens click Yes to disclaimer.
2. Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running.
3. Press Scan button.
4. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
5. Please copy and paste log back here.
6. Because you selected the Addition.txt check box this log will be created as well. Please copy and paste this log as well.
 
 
 
Items for your next post
1. FRST and Addition logs


  • 0

#141
carolinachris

carolinachris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 80 posts

Brian,

 

Step#1 - Fresh Set of Logs
1. FRST and Addition logs
 
See attached files; FRST912 and Addition912...

Attached Files


  • 0

#142
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,590 posts

Thank you. There were indeed remnants that needed cleaned up. Please do the following.

 

Step#1 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop. Attached File  fixlist.txt   4.47KB   112 downloads
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

 

Step#2 - Install your Antivirus

Please install whichever antivirus you decided on.

 

Step#3 - Malwarebytes Scan


  • Download Malwarebytes to your desktop from here.
  • Right-click on the file that is downloaded to your desktop and select Run as administrator. Answer Yes when asked to Allow.
  • Select the appropriate language and click OK.
  • Click Next.
  • Select "I accept the agreement" and click Next.
  • Click Next
  • Change the install path if desired. Normally you will keep this as is. Click Next.
  • Click Next again.
  • Click Next again.
  • Click Install.
  • Uncheck "Enable free trial of Malwarebytes Anti-Malware Premium".
  • Click Finish
  • If an update is found you will be prompted to download and install. Go ahead.
  • Click the Settings button and then the Detection and Protection tab. Then check the box to Scan for rootkits. as shown below.
  • ScanForRootkits.JPG
     
  • Click the Scan button at the top of the form and then click Start Scan button and let complete.
  • If malware was detected you can now click the Remove Selected Button. If no malware was detected you can skip the rest of these bullet items and go to the next step which is to retrieve the Malwarebytes log.
  • RemoveSelected.JPG
  • Once the malware is removed you may get a prompt asking you to reboot. Note: Please answer Yes.
  • Restart.JPG.

 
Step#4 - Retrieve Malwarebytes Log
1. Open up the Malwarebytes program again if it's not already. You can simply double click on the shortcut on your desktop that says "Malwarebytes Anti-Malware".
2. Click the History button as shown in the picture below.
3. Click Application Logs as shown in the picture below.
4. Click on the most recent Scan Log as shown in the picture below.
ApplicationLog.JPG
 
5. The Scanning History Log screen will open. Click the Export button in the lower left and choose Copy to Clipboard. Paste the info into your next post (Right-click your mouse in the post and select Paste).
ScanningHistory.JPG

 

 

 

Items for your next post

1. FRST Fixlog

2. Malwarebytes log

 


  • 0

#143
carolinachris

carolinachris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 80 posts

Brian,

 

Step#1 - FRST Fix
 
Fixlog.txt attached.
 
Downloading Malwarebytes.
 
 
BTW, I have previously paid for a pro version of Malwarebytes. I guess I can use the free one now and get that version later...

Attached Files


Edited by carolinachris, 14 September 2015 - 10:36 AM.

  • 0

#144
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,590 posts

BTW, I have previously paid for a pro version of Malwarebytes. I guess I can use the free one now and get that version later...

 

Apologies for missing that. Yes, please download/install your paid version if that's what you are entitled to. Thanks.


  • 0

#145
carolinachris

carolinachris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 80 posts

Brian,

 

When I downloaded Malwarebytes from your link, it automatically verified the premium version and installed it.

 

Step#4 - Retrieve Malwarebytes Log...

 

MWB log is attached

Attached Files


Edited by carolinachris, 14 September 2015 - 11:01 AM.

  • 0

Advertisements


#146
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,590 posts

Looks good. Let's uninstall comboxfix and plug a few vulnerabilities.

 

Step#1 - Uninstall Combofix
1. Please ensure that Combofix.exe is still on your desktop before proceeding.
2. Click your Start button and in the search box type Combofix /Uninstall and hit enter on your keyboard. (Note there is a space after Combofix and before /Uninstall).
3. Allow Combofix to run as it will perform the uninstall procedures.

 

Step#2 - Uninstalls
Please uninstall the following programs one at a time. Instructions for doing so are here.
If any of the programs give you an error during the uninstall, notate it and move on to the next one. Just let me know which ones had issues. If you are asked to reboot, answer No until all the programs have been uninstalled and then you can reboot. All of these programs are outdated and vulnerable.

 

Adobe Flash Player 16 ActiveX            <<-----I wouldn't re-install this one until you find a need for it
Adobe Reader 9.5.2                             <<-----after uninstalling you may install the most current version from here.

cmd                                                       <<----this is an unknown program and should be uninstalled unless you are sure what it is

Step#3 - Windows Updates

Please make sure you go to Windows Updates and download, install all critical/important updates. Keep doing this until there are no more left.

 

 

We're almost done here. Thanks for hanging in there with me.


  • 0

#147
carolinachris

carolinachris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 80 posts

Brian,

 

Step#1 - Uninstall Combofix

Combofix uninstalled successfully...

 

Step#2 - Uninstalls

Adobe Flash Player 16 ActiveX (I have version Adobe Flash Player 18 ActiveX) uninstalled successfully...

Adobe Reader 9.5.2 uninstalled successfully...

cmd uninstalled successfully.
 
Rebooted successfully.

Edited by carolinachris, 14 September 2015 - 12:32 PM.

  • 0

#148
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,590 posts

Try pasting the following into the search box instead.

 

%UserProfile%\Desktop\Combofix /Uninstall


  • 0

#149
carolinachris

carolinachris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 80 posts

Try pasting the following into the search box instead.

 

%UserProfile%\Desktop\Combofix /Uninstall

Brian,

 

I had to manually set it to search the Desktop. It uninstalled successfully...


  • 0

#150
carolinachris

carolinachris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 80 posts

Brian,

 

Step#3 - Windows Updates:
Updating Windows and will report back when done.
 
This could take a while...
 
BTW, 230 updates is quite a bit to download and install.
 
Currently, it's installing - "update 125 of 230"...

Edited by carolinachris, 14 September 2015 - 02:44 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP