Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Had a ransomware not sure what else


  • Please log in to reply
16 replies to this topic

#1 devildog2126

devildog2126

  • Members
  • 120 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:08 PM

Posted 01 August 2012 - 03:00 PM

I had one of those FBI ransomware viruses. I went through some steps outlined. I couldn't run the emsisoft emergency kit. I loaded it, but the buttons would not work. I Used Emsisoft ant malware which found and removed 6 items. I went through some steps prscribed for another user. I may have not gone in the right order. I can log on but things are not working correctly. It is almost as if the whole computer has been resent with new settings. Help is appreciated.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:08 AM

Posted 01 August 2012 - 03:38 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 devildog2126

devildog2126
  • Topic Starter

  • Members
  • 120 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:08 PM

Posted 01 August 2012 - 08:27 PM

thanks

Edited by devildog2126, 02 August 2012 - 07:35 AM.


#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:08 AM

Posted 01 August 2012 - 08:50 PM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Download

adware cleaner

Launch it click on Delete

post the generated log

#5 devildog2126

devildog2126
  • Topic Starter

  • Members
  • 120 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:08 PM

Posted 01 August 2012 - 11:31 PM

.

Edited by devildog2126, 02 August 2012 - 07:36 AM.


#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:08 AM

Posted 01 August 2012 - 11:34 PM

Download

List parts x64

Launch it,click on SCAN,post the generated log

#7 devildog2126

devildog2126
  • Topic Starter

  • Members
  • 120 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:08 PM

Posted 01 August 2012 - 11:52 PM

.

Edited by devildog2126, 02 August 2012 - 07:37 AM.


#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:08 AM

Posted 02 August 2012 - 12:03 AM

That looks good

Please post the complete FSS log.FSS log is incomplete.

#9 devildog2126

devildog2126
  • Topic Starter

  • Members
  • 120 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:08 PM

Posted 02 August 2012 - 12:06 AM

.

Edited by devildog2126, 02 August 2012 - 07:37 AM.


#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:08 AM

Posted 02 August 2012 - 12:21 AM

Press Windows+R key and type

services.msc and click ok

Right click on

Security center,Background intelligence transfer,windows update and start them

Let me know any current issues before we wrap up

#11 devildog2126

devildog2126
  • Topic Starter

  • Members
  • 120 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:08 PM

Posted 02 August 2012 - 12:41 AM

I can't start those services in safe mode. The ransomware does not seem to pop up, but there is something still going on. The problem does not seem near correctedI get random warnings popping up during regular mode. If I post the dds or hijack this log will that help?

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:08 AM

Posted 02 August 2012 - 12:50 AM

Reboot to normal mode and run MBAM scan and ESET scanner and post the log

#13 devildog2126

devildog2126
  • Topic Starter

  • Members
  • 120 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:08 PM

Posted 02 August 2012 - 07:46 AM

ESET found nothing and did not generate a log.

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.02.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Richard Curcio :: RICHARDCURCIO [administrator]

8/2/2012 5:32:09 AM
mbam-log-2012-08-02 (05-32-09).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 386092
Time elapsed: 5 hour(s), 13 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:08 AM

Posted 02 August 2012 - 09:26 AM

What pop up do you receive? What are your current issues?

#15 devildog2126

devildog2126
  • Topic Starter

  • Members
  • 120 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:08 PM

Posted 02 August 2012 - 10:02 AM

Seems OK now. Thank you. Can I be sure traces are gone?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users