Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

VIRUS!


  • Please log in to reply

#1
LOC

LOC

    New Member

  • Member
  • Pip
  • 1 posts

Hi randomz, So I spent about 10 hours yesterday trying to remove malware and got most of it off. But I keep getting weird notifications from Malwarebytes about an IP trying to open a malicious website. It's probably through a torrent I downloaded the other day (i've learned my lesson now). I have a bunch of little issues I need resolved, so please bare with me... thanks.

 

Folder name: 

 

Rar$EXb0.946   

 

I tried accessing the folder, and attempted to delete the folders within, but it did literally nothing (no response message, nothing). I exited the folder, but now it barricaded up and whenever I try to open it it says "C:\Users\Lucas\AppData\Local\Temp\Rar$EXb0.946 refers to a location that is unavailable. It could be a hard drive on this computer, or a network. Please yada yada yada ya ya ya....".  When I try to delete the folder it also has no response message.

Also, are files that start with a "{" and then a bunch of random characters a virus? The ones on my system I'm suspicious of, written exactly as they are, are called

 

{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~  

 

{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000003  

 

{C905F738-883B-4A73-A935-D3A8BFEFF75F}.tmp    <-- ESPECIALLY this one as it's a temp file

 

If these are malicious, please give me code that deletes them permanently. Also, if you need the IP address that's trying to break in, I can probably get that too. Kisses and cheeses.

 

P.S. Potentially Useful Information:

-Deleted part of virus that disabled all my antivirii

-Deleted part of virus that censored my internet

-Deleted part of the virus that spammed adware URL's whenever I opened gamemaker (the NON-torrent version)

-I may have installed something that permanently affected gamemaker, as it was a crack (and it didn't even give me the professional edition... those little shitz!), so I'm not sure if they're getting into my computer through gamemaker. Also, I have stuff on gamemaker, so I wouldn't like to completely obliterate it...


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,002 posts
  • MVP
 
Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer
 
NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.
 
Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).
 
scan-results.jpg
 
Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.
 
The report will be saved in the C:\AdwCleaner folder.
 
 
 
Junkware-Removal-Tool
 
Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus.  Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  •  
     
     
    Please download Farbar Recovery Scan Tool and save it to your Desktop. 
     
    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. 
     
    •  
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 
  • Press Scan button. 
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here. 
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 

    • 0






    Similar Topics

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP