Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus help please


  • Please log in to reply
38 replies to this topic

#16 Guest_Francis Houle_*

Guest_Francis Houle_*

  • Guests
  • OFFLINE
  •  

Posted 05 May 2013 - 08:14 PM


  • Check Loaded Modules and Detect TDLFS file systemDo not check Verify file digital signatures (even though it is checked in the example)
  • If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now


    2012081514h0118.png

  • Click Start Scan and allow the scan process to run
  • If threats are detected select Delete for all of them unless I instruct you otherwise
  • Click Continue


    tds6.jpg
  • Click Reboot computer
  • Please post the contents of TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)in your reply

Please download aswMBR ( 4.5MB ) to your desktop.

  • Double click the aswMBR.exe icon, and click Run.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Click the Scan button to start the scan.
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal


  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    esetsmartinstaller_enu.png

    • Click on to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. Note: If no malware was found you will not get a log.
  • Click the Back button.
  • Click the Finish button


BC AdBot (Login to Remove)

 


#17 xjeffx

xjeffx
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  

Posted 05 May 2013 - 08:19 PM

Ok I will do all that. The Malwarebytes rootkit tool found 6 things, are you sure you don't want me to do the cleanup as you previously said?



#18 Guest_Francis Houle_*

Guest_Francis Houle_*

  • Guests
  • OFFLINE
  •  

Posted 05 May 2013 - 08:23 PM

Which cleanup?



#19 xjeffx

xjeffx
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:21 PM

Posted 05 May 2013 - 08:26 PM

Which cleanup?

The cleanup option for the Malwarebytes anti root tool (MBAR), it found 6 things but told me not to do the cleanup just to exit the program. Do you want me to do the cleanup?

 

TDSS found nothing.

 

I've heard some bad things about the ESET scanner, not sure if I want to do that...



#20 Guest_Francis Houle_*

Guest_Francis Houle_*

  • Guests
  • OFFLINE
  •  

Posted 05 May 2013 - 08:29 PM

Yes do the cleanup!

 

I've never heard bad things about ESET scanner. Its safe



#21 xjeffx

xjeffx
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  

Posted 05 May 2013 - 08:35 PM

Yes do the cleanup!

 

I've never heard bad things about ESET scanner. Its safe

Ok I will.

 

I just heard that it sometimes false-positives important files and screws up your computer.



#22 Guest_Francis Houle_*

Guest_Francis Houle_*

  • Guests
  • OFFLINE
  •  

Posted 05 May 2013 - 08:40 PM

You can create a restore point before doing it!



#23 xjeffx

xjeffx
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:21 PM

Posted 05 May 2013 - 08:40 PM

You can create a restore point before doing it!

Ok I will do that. I'll post when it's finished.



#24 Guest_Francis Houle_*

Guest_Francis Houle_*

  • Guests
  • OFFLINE
  •  

Posted 05 May 2013 - 08:46 PM

Excellent!



#25 xjeffx

xjeffx
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  

Posted 05 May 2013 - 10:37 PM

ESET log:

 

C:\Users\All Users\Microsoft\Windows\DRM\B22E.tmp Win64/Olmarik.AY trojan 
C:\Users\All Users\Microsoft\Windows\DRM\B24F.tmp Win64/Olmarik.AY trojan 
C:\Users\All Users\Microsoft\Windows\DRM\D548.tmp Win64/Olmarik.AY trojan 
C:\Users\All Users\Microsoft\Windows\DRM\D568.tmp Win64/Olmarik.AY trojan 
C:\ProgramData\Microsoft\Windows\DRM\B22E.tmp Win64/Olmarik.AY trojan cleaned by deleting - quarantined
C:\ProgramData\Microsoft\Windows\DRM\B24F.tmp Win64/Olmarik.AY trojan cleaned by deleting - quarantined
C:\ProgramData\Microsoft\Windows\DRM\D548.tmp Win64/Olmarik.AY trojan cleaned by deleting - quarantined
C:\ProgramData\Microsoft\Windows\DRM\D568.tmp Win64/Olmarik.AY trojan cleaned by deleting - quarantined
C:\Users\Antifa\AppData\Roaming\pEventServ\pEventServ.dll a variant of Win32/Sefnit.CP.Gen trojan cleaned by deleting - quarantined
C:\Users\Antifa\AppData\Roaming\pEventServ\{4a9378e8-b13f-0052-fbac-78bafbd2793a}.exe a variant of Win32/Sefnit.CQ.Gen trojan cleaned by deleting - quarantined
 

It only got rid of 6 out of the 10, how can I get rid of the rest?



#26 Guest_Francis Houle_*

Guest_Francis Houle_*

  • Guests
  • OFFLINE
  •  

Posted 05 May 2013 - 10:42 PM

Delete them manually!



#27 xjeffx

xjeffx
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:21 PM

Posted 05 May 2013 - 10:47 PM

Delete them manually!

Ok, I checked the box that said Delete Quarantined files, so hopefully that did it. I'll let you know if my computer is any better.

 

Edit: Still being redirected on Google. :axe:


Edited by xjeffx, 05 May 2013 - 10:49 PM.


#28 Guest_Francis Houle_*

Guest_Francis Houle_*

  • Guests
  • OFFLINE
  •  

Posted 05 May 2013 - 10:56 PM

Which one is affected by this problem?


#29 xjeffx

xjeffx
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  

Posted 05 May 2013 - 10:58 PM

 

Which one is affected by this problem?

 

Which one what?

 

I was told that resetting the computer to factory settings could remove this virus, is that an option? (I'm not worried about losing anything)



#30 Guest_Francis Houle_*

Guest_Francis Houle_*

  • Guests
  • OFFLINE
  •  

Posted 05 May 2013 - 11:00 PM

which browser***






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users