Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Possible Infection again after less than a month

First time...Kovter

  • Please log in to reply

#1
preacherswife

preacherswife

    Member

  • Member
  • PipPipPip
  • 177 posts
About a month ago, my computer was running extremely slow and I posted on the forum and one of the techs helped me tremendously and it was discovered, I had a Trojan Kovter.
 
The tech left me with some recommendations but unfortunately before I could make some changes, I am facing this same thing once again.
 
He has advised me to post once again in the forum and to post a new set of FRST logs. additions.txt and frst.txt.  With that said, I am working on that now.

Edited by JSntgRvr, 08 November 2017 - 01:40 PM.
Moderator's edit: Letter too loud.

  • 0

Advertisements


#2
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,708 posts
I'm sorry are we having trouble posting the logs ?
  • 0

#3
preacherswife

preacherswife

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 177 posts

Joe, I found FRST in my documents folder, right clicked and hit run as administrator.  It popped up on my screen for a  couple of seconds not leaving enough of time to hit scan. 

We had this same problem before and you gave me a work around on how to fix it but I can't remember.  :headscratch: 


  • 0

#4
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,708 posts
Hello,

I don't like FRST in the documents folder. I want FRST on the desktop, Lets run delfix and get rid of any left over tools from last time.

Download DelFix by Xplode and save it to your desktop.
  • Run the tool by right click on the 51a5ce45263de-delfix.png icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
  • Push Run.
  • The program will run for a few seconds and display a notepad report.
    Paste it for my review.

  • 0

#5
preacherswife

preacherswife

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 177 posts

# DelFix v1.010 - Logfile created 08/11/2017 at 22:11:37
# Updated 26/04/2015 by Xplode
# Username : Dorraine - DORRAINE-PC
# Operating System : Windows 10 Home  (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner

~ Cleaning system restore ...

Deleted : RP #13 [Windows Update | 10/18/2017 15:26:40]
Deleted : RP #16 [Scheduled Checkpoint | 10/25/2017 22:40:07]
Deleted : RP #17 [Scheduled Checkpoint | 11/02/2017 03:44:16]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########


  • 0

#6
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,708 posts
Next

Lets set up Firefox so it downloads everthing to the desktop. It's a lot easier this way.

To do that

1. Click the "Open Menu" button in the upper right-corner of the browser. It's the one with 3 Horzontal lines.

2.Choose Options. In the downloads section, (Files and applications) click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.


Tell me when that's done.

Then we will then download a fresh copy of FRST (Farber recovery scan tool) I'll provide the instruction for that.
  • 0

#7
preacherswife

preacherswife

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 177 posts

Got it!


  • 0

#8
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,708 posts
Lets download the 64Bit version of FRST and see how it goes from there.

Everything gets download to the desktop and tools are "Run as administrator."

Please download Farbar Recovery Scan Tool and save it to your Desktop.
(64 Bit Version for you)
  • Right click to run as administrator When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from. (Desktop)
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe).(Desktop) Please also paste that along with the FRST.txt into your reply.
  • [/list]

  • 0

#9
preacherswife

preacherswife

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 177 posts

I have no idea what is going on Joe.  Each time I try to download the Farbar Recovery Scan Tool, it bumps me offline.  I have double clicked and right clicked and each time, it am knocked offline. 


  • 0

#10
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,708 posts
Hello,

Can you run adwcleaner ?

Download AdwCleaner from here. Save the file to the desktop.
NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.
Close all open windows and browsers.
  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:
iO5EZayK.png
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
  • Click the Clean button.
  • Everything checked will be moved to Quarantine.
  • When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this
adwcleaner_delete_restart.jpg
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C0].txt

  • 0

#11
preacherswife

preacherswife

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 177 posts

ARGH!  I d/led AdwCleaner and clicked to run as administrator but once again, it flashes on the screen for a couple of seconds and then it's gone.  I have no way to run the program.  :upset:


  • 0

#12
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,708 posts
Hello,

Lets see if FRST will run in the safe mode.

How to boot to safe mode in Win 10

https://support.micr...pc-in-safe-mode
  • 0

#13
preacherswife

preacherswife

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 177 posts

In safe mode, I did not see FRST on the desktop but AdwCleaner was there and I was able to run that.  Here are the results...

 

# AdwCleaner 7.0.4.0 - Logfile created on Mon Nov 13 17:24:39 2017
# Updated on 2017/27/10 by Malwarebytes
# Database: 10-28-2017.1
# Running on Windows 10 Home (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Firefox (and derivatives) ] *****

PUP.Optional.SearchAssist, Plugin found: SearchAssist Incognito -


***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************



########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP