Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malawarebytes freezes at end of scan before finishing to remove Disk Antivirus


  • Please log in to reply
52 replies to this topic

#16 NeedHelpPleez

NeedHelpPleez
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:04:03 PM

Posted 17 March 2013 - 12:37 AM

Malawarebytes ran successfully all the way through and removed the threats listed. Is there anything else I need to do? If the completes the process, then can I delete the reports and downloaded programs? My computer is starting slower, so I'm guessing it is all of the programs downloaded...

Let me know what else, if anything, I need to do. In the meantime, thank you for all of your help!

BC AdBot (Login to Remove)

 


#17 NeedHelpPleez

NeedHelpPleez
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:04:03 PM

Posted 17 March 2013 - 12:41 AM

Can Malawarebytes and Vipre both run at the same time without interfering with each other?

#18 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:03 PM

Posted 17 March 2013 - 03:50 AM

Please run malwarebytes again and post the new log

 

Follow the instructions for adware cleaner.You missed it.Use the DELETE button

 

I would like you to reboot twice or thrice so that system returns to normal speed.



#19 NeedHelpPleez

NeedHelpPleez
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:04:03 PM

Posted 17 March 2013 - 10:11 AM

For some reason, I am not seeing what I thought I posted last night, so will try again. Malwarebytes ran successfully and removed what it found. I am not finding the txt file on my desktop, so in the Quarantine section the following are listed as removed:. files called Heuristics.Reserved.Word.Exploit -let me know if you need locations - and 1 file called Rogue.FakeAV.

- Do I need to do anything else?

- Can I remove the programs and reports from this process?

-Will Malwarebytes and Vipre run together at the same time without canceling each other out?

- Thank you so much for your help!

Let me know what, if anything, else I need to do. Again, thank you.

#20 NeedHelpPleez

NeedHelpPleez
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:04:03 PM

Posted 17 March 2013 - 10:12 AM

Opps. Disregard this last post I just sent. I just saw your reply.

#21 NeedHelpPleez

NeedHelpPleez
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:04:03 PM

Posted 17 March 2013 - 10:36 AM

AdwCleaner instructions given:
AdwCleaner by Xplode - Search for Adware

-------------------


■Please download AdwCleaner by Xplode onto your desktop.
■Double click on AdwCleaner.exe, select OK, then Run
■Click on DELETE
■A logfile will automatically open after the scan has finished
■Copy and paste the contents in your reply
■You can find the logfile at C:\AdwCleaner[R1].txt as well


But there is no "OK". Ther is a Search, Delete and Uninstall button. I clicked on Search and then Delete. Here is the report:

# AdwCleaner v2.114 - Logfile created 03/17/2013 at 10:30:39
# Updated 05/03/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Laytem - LAYTEM-PC
# Boot Mode : Normal
# Running from : C:\Users\Laytem\Desktop\AdwCleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found : C:\ProgramData\AVG Secure Search

***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Google Chrome v25.0.1364.172

File : C:\Users\Laytem\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found [l.1] : homepage ={"backup":{"hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=US&userid=c483e70d-397a-43[...]

*************************

AdwCleaner[R1].txt - [13521 octets] - [16/03/2013 20:21:14]
AdwCleaner[R2].txt - [1129 octets] - [16/03/2013 22:23:29]
AdwCleaner[R3].txt - [1000 octets] - [17/03/2013 10:30:39]
AdwCleaner[S1].txt - [13655 octets] - [16/03/2013 20:22:24]
AdwCleaner[S2].txt - [1199 octets] - [16/03/2013 22:24:16]
AdwCleaner[S3].txt - [1259 octets] - [16/03/2013 22:37:07]

########## EOF - C:\AdwCleaner[R3].txt - [1241 octets] ##########

Malwarebytes reports from yesterday and today (found yesterday's in a file):

Malwarebytes 10-16-13:
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.03.17.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Laytem :: LAYTEM-PC [administrator]

3/16/2013 11:58:41 PM
mbam-log-2013-03-16 (23-58-41).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 233865
Time elapsed: 9 minute(s), 55 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Users\Laytem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Disk Antivirus Professional (Rogue.FakeAV) -> Quarantined and deleted successfully.

Files Detected: 3
C:\Users\Laytem\Desktop\eXplorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
C:\Users\Laytem\Desktop\uSeRiNiT.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
C:\Users\Laytem\Desktop\WiNlOgOn.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

(end)


Malwarebytes 10-17-13:
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.03.17.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Laytem :: LAYTEM-PC [administrator]

3/17/2013 10:13:35 AM
mbam-log-2013-03-17 (10-13-35).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 234184
Time elapsed: 6 minute(s), 24 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


I will reboot 2-3 times now.

#22 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:03 PM

Posted 17 March 2013 - 10:49 AM

Any changes?



#23 NeedHelpPleez

NeedHelpPleez
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:04:03 PM

Posted 17 March 2013 - 11:16 AM

I rebooted several times and the speed has picked up.

The infection has not popped up for a while. I had noticed it listed with the programs lised on my Start button, with the folder listed as empty, but it was never in the program listings where it could be uninstalled.

Any further steps?

Also, can I run both Malwarebytes and Vipre at same time?

Once this is complete, can I remove reports and programs downloaded and ran throughout this process? Or, are there some that I should keep and run periodically?

Thank you for all of your help. I truly appreciate everything and you sticking with me through all of this. I never dreamed it would be such a process! I could not have done this without your help.

As you have been doing, let me know if I need to do anything else. Again, thank you.

#24 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:03 PM

Posted 17 March 2013 - 11:36 AM

You missed an important step

 

I asked you to copy the SMTMP folder from temp directory to desktop.Did you do it?



#25 NeedHelpPleez

NeedHelpPleez
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:04:03 PM

Posted 17 March 2013 - 11:56 AM

I did it last night. Should I do it again and redo the Malwarebytes and Adware? Do you want to see a copy of the contents?

#26 NeedHelpPleez

NeedHelpPleez
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:04:03 PM

Posted 17 March 2013 - 12:26 PM

I recopied folder to desktop and reran Adware. The results:

# AdwCleaner v2.114 - Logfile created 03/17/2013 at 12:09:48
# Updated 05/03/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Laytem - LAYTEM-PC
# Boot Mode : Normal
# Running from : C:\Users\Laytem\Desktop\AdwCleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found : C:\ProgramData\AVG Secure Search

***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Google Chrome v25.0.1364.172

File : C:\Users\Laytem\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found [l.1] : homepage ={"backup":{"hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=US&userid=c483e70d-397a-43[...]

*************************

AdwCleaner[R1].txt - [13521 octets] - [16/03/2013 20:21:14]
AdwCleaner[R2].txt - [1129 octets] - [16/03/2013 22:23:29]
AdwCleaner[R3].txt - [1310 octets] - [17/03/2013 10:30:39]
AdwCleaner[R4].txt - [1060 octets] - [17/03/2013 12:09:48]
AdwCleaner[S1].txt - [13655 octets] - [16/03/2013 20:22:24]
AdwCleaner[S2].txt - [1199 octets] - [16/03/2013 22:24:16]
AdwCleaner[S3].txt - [1259 octets] - [16/03/2013 22:37:07]
AdwCleaner[S4].txt - [1379 octets] - [17/03/2013 10:36:58]

########## EOF - C:\AdwCleaner[R4].txt - [1361 octets] ##########


# AdwCleaner v2.114 - Logfile created 03/17/2013 at 12:11:10
# Updated 05/03/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Laytem - LAYTEM-PC
# Boot Mode : Normal
# Running from : C:\Users\Laytem\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\ProgramData\AVG Secure Search

***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Google Chrome v25.0.1364.172

File : C:\Users\Laytem\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.1] : homepage ={"backup":{"hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=US&userid=c483e70d-397a-43[...]

*************************

AdwCleaner[R1].txt - [13521 octets] - [16/03/2013 20:21:14]
AdwCleaner[R2].txt - [1129 octets] - [16/03/2013 22:23:29]
AdwCleaner[R3].txt - [1310 octets] - [17/03/2013 10:30:39]
AdwCleaner[R4].txt - [1430 octets] - [17/03/2013 12:09:48]
AdwCleaner[S1].txt - [13655 octets] - [16/03/2013 20:22:24]
AdwCleaner[S2].txt - [1199 octets] - [16/03/2013 22:24:16]
AdwCleaner[S3].txt - [1259 octets] - [16/03/2013 22:37:07]
AdwCleaner[S4].txt - [1379 octets] - [17/03/2013 10:36:58]
AdwCleaner[S5].txt - [1370 octets] - [17/03/2013 12:11:10]

########## EOF - C:\AdwCleaner[S5].txt - [1430 octets] ##########


Should I continue with the remaining instructions with the SMTMP folder instructions?


Run the services repair tool

http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe

Run Farbar service scanner again and post the new log

Now run RKILL given in previous instructions and post the new log

Download UNHIDE from here

http://www.bleepingcomputer.com/download/unhide/dl/6/

Run it and restart the PC.Try to run malwarebytes scan now.

#27 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:03 PM

Posted 17 March 2013 - 12:30 PM

Open the SMTMP folder and you will find sub folders 1,2 ,3 and 4.

 

Copy the contents of

 

smtmp\1:

Windows Vista and Windows 7: C:\ProgramData\Microsoft\Windows\Start Menu

smtmp\2\:

Windows Vista and Windows 7: C:\Users\<your login name here>\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\

smtmp\3\:

Windows Vista and Windows 7: C:\Users\<your login name here>\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar

smtmp\4\:

Windows Vista and Windows 7: C:\Users\Public\Desktop

 

Restart the PC.This should restore the startmenu programs



#28 NeedHelpPleez

NeedHelpPleez
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:04:03 PM

Posted 17 March 2013 - 12:53 PM

If I am understanding your instructions correctly, there are only two subfolders in the copied and original SMTMP folders: 1 and 4.

4 says it it empty.

1 folder is Programs. All folders within it are either empty or their subfolders are empty.

Should I go directly into the C: files listed above?

I apologize for my confusion.

#29 NeedHelpPleez

NeedHelpPleez
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:04:03 PM

Posted 17 March 2013 - 01:22 PM

Also, after I copy the contents, where do I paste them? Thank you. Again, sorry for the confusion.

#30 NeedHelpPleez

NeedHelpPleez
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:04:03 PM

Posted 17 March 2013 - 01:31 PM

C:\Users\Public\Desktop

Desktop is not in the folder. Public Desktop is. I assume that is the correct folder?

I copied each of those and saved them in a separte folder on my desktop.

Shall I proceed without folders 2 and 3?

Edited by NeedHelpPleez, 17 March 2013 - 01:35 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users