Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System Tool will not go away!


  • Please log in to reply
8 replies to this topic

#1 billywheelingotn

billywheelingotn

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:26 AM

Posted 19 June 2013 - 10:20 PM

Hello. I have a Toshiba Satellite C655-S5514 Laptop running Windows 7. Recently, I got the System Tool virus from somewhere and, as you may know, it renders my computer useless. I am running in Safe Mode with Networking to Make this topic. I followed the directions located at http://www.bleepingcomputer.com/virus-removal/remove-system-tool , and it worked... temporarily. For about a week and a half, I had no problems, but the virus popped up again. So, I ran through the instructions again and got rid of it, only to have it pop up again about a week later (today). I need a more permanent fix for this problem, if anyone seems to have one. Let me know if you have any questions about my problem or if I forgot to add anything.


*Moderator Edit: Moved topic from Windows 7 to the appropriate forum. ~ Queen-Evie*

Edited by Queen-Evie, 19 June 2013 - 10:30 PM.


BC AdBot (Login to Remove)

 


#2 dmoorecomputertech

dmoorecomputertech

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States
  • Local time:05:26 AM

Posted 20 June 2013 - 12:59 AM

Try booting up in Safe Mode with Networking, then run RKill and Malwarebytes Anti-Malware.

Run RKill first, which will kill processes that could stop Malwarebytes.

Then run Malwarebytes, full scan, and remove any threats that are located.

Typically, this will remove the System Tool virus.



#3 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:26 PM

Posted 20 June 2013 - 01:34 AM

Download Security Check by Screen317 from HERE
* Save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: If a security program requests permission to access the Internet, allow it to do so.
The tool is 100% safe and used on all areas of the forum every day -
 

 

Directions for rKill tool (that should have been added) -

Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them.
NOTE : You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe):http://www.bleepingcomputer.com/download/rkill/dl/11/

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

If normal mode still doesn't work, run the tool from safe mode.
When the scan is done Notepad will open with rKill log.
Post it in your next reply.
NOTE. rKill.txt log will also be present on your desktop.
NOTE Do NOT wrap your logs in "quote" or "code" brackets.
 

 

Download Malwarebytes' Anti-Malware Free (aka MBAM) and save to Desktop
* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.

 - Do not run the Malwarebytes' Anti-Malware scan in Safe mode (it should be run in Normal mode at all times)
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the MBAM log back here.
Be sure to restart the computer when you have posted the logs -

 

 

Repeat the above instructions with : SUPERAntiSpyware Free (aka SAS)
* Double-click SAS -setup.exe and follow the prompts to install the program.
* At the end, be sure to Check for Updates to be sure it is current
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the SAS log back here.
Be sure to reboot the computer after you post the log.

 

 

Perform an Online Scan with ESET Online scanner
1. Hold down Control and click on This Link to open ESET OnlineScan in a new window.
2. Click the ESET Online Scanner button.

3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

 

1. Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
2. Double click on the ESET icon on your desktop.

 

4. Check "YES, I accept the Terms of Use."
5. Click the Start button.
6. Accept any security warnings from your browser.
7. Under scan settings, check "Scan Archives" and "Remove found threats"
8. Click Advanced settings and select the following:
* Scan potentially unwanted applications
* Scan for potentially unsafe applications
* Enable Anti-Stealth technology

9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this will take quite some time. 70 to 90 minutes is an average first install and scan, but this can take a bit longer if several infections are found.
10. When the scan completes, click List Threats
11. Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
12. Click the Back button.
13. Click the Finish button.
NOTE:Sometimes if ESET finds no infections it will not create a log.

 

 

Thank You -

Edited to fix links -


Edited by noknojon, 20 June 2013 - 03:44 AM.


#4 billywheelingotn

billywheelingotn
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:26 AM

Posted 20 June 2013 - 11:15 AM

Try booting up in Safe Mode with Networking, then run RKill and Malwarebytes Anti-Malware.

Run RKill first, which will kill processes that could stop Malwarebytes.

Then run Malwarebytes, full scan, and remove any threats that are located.

Typically, this will remove the System Tool virus.

 

These are the steps located at http://www.bleepingcomputer.com/virus-removal/remove-system-tool , which I have already done twice to only have the virus come back a week later. Thank you, though.

 

Download Security Check by Screen317 from HERE
* Save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: If a security program requests permission to access the Internet, allow it to do so.
The tool is 100% safe and used on all areas of the forum every day -
 

 

Directions for rKill tool (that should have been added) -

Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them.
NOTE : You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe):http://www.bleepingcomputer.com/download/rkill/dl/11/

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

If normal mode still doesn't work, run the tool from safe mode.
When the scan is done Notepad will open with rKill log.
Post it in your next reply.
NOTE. rKill.txt log will also be present on your desktop.
NOTE Do NOT wrap your logs in "quote" or "code" brackets.
 

 

Download Malwarebytes' Anti-Malware Free (aka MBAM) and save to Desktop
* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.

 - Do not run the Malwarebytes' Anti-Malware scan in Safe mode (it should be run in Normal mode at all times)
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the MBAM log back here.
Be sure to restart the computer when you have posted the logs -

 

 

Repeat the above instructions with : SUPERAntiSpyware Free (aka SAS)
* Double-click SAS -setup.exe and follow the prompts to install the program.
* At the end, be sure to Check for Updates to be sure it is current
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the SAS log back here.
Be sure to reboot the computer after you post the log.

 

 

Perform an Online Scan with ESET Online scanner
1. Hold down Control and click on This Link to open ESET OnlineScan in a new window.
2. Click the ESET Online Scanner button.

3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

 

1. Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
2. Double click on the ESET icon on your desktop.

 

4. Check "YES, I accept the Terms of Use."
5. Click the Start button.
6. Accept any security warnings from your browser.
7. Under scan settings, check "Scan Archives" and "Remove found threats"
8. Click Advanced settings and select the following:
* Scan potentially unwanted applications
* Scan for potentially unsafe applications
* Enable Anti-Stealth technology

9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this will take quite some time. 70 to 90 minutes is an average first install and scan, but this can take a bit longer if several infections are found.
10. When the scan completes, click List Threats
11. Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
12. Click the Back button.
13. Click the Finish button.
NOTE:Sometimes if ESET finds no infections it will not create a log.

 

 

Thank You -

Edited to fix links -

 

This seems complex, but I will try it, thank you.



#5 dmoorecomputertech

dmoorecomputertech

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States
  • Local time:05:26 AM

Posted 20 June 2013 - 11:47 AM

^I have used the process above, mentioned by noknojon, to remove the appround.net hijacker virus. It is a longer process, but it is not as complex as you would think, and it has been effective in the cases I have used it. Sorry, my post was a little vague, new to the website, but this one suggested does work. Hope everything works out and make sure to post your logs, so they can be reviewed, and you can get the best help possible. Have a good one!



#6 billywheelingotn

billywheelingotn
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:26 AM

Posted 20 June 2013 - 05:12 PM

checkup.txt created by SecurityCheck.exe

 

 Results of screen317's Security Check version 0.99.67  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java™ 6 Update 25  
 Java 7 Update 17  
 Java version out of Date!
  Adobe Flash Player 11.5.502.146 Flash Player out of Date!  
 Mozilla Firefox (21.0)
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
 

Rkill.txt created by iExplore.exe (Rkill)

 

Rkill 2.5.1 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 06/20/2013 03:10:47 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * ALERT: ZEROACCESS rootkit symptoms found!

     * HKEY_CLASSES_ROOT\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32 [ZA Reg Hijack]
     * C:\Users\Billy\AppData\Local\{56e02f73-c73e-341c-1909-583710acfd43}\ [ZA Dir]
     * C:\Users\Billy\AppData\Local\{56e02f73-c73e-341c-1909-583710acfd43}\@ [ZA File]
     * C:\Users\Billy\AppData\Local\{56e02f73-c73e-341c-1909-583710acfd43}\L\ [ZA Dir]
     * C:\Users\Billy\AppData\Local\{56e02f73-c73e-341c-1909-583710acfd43}\U\ [ZA Dir]
     * C:\Users\Billy\AppData\Local\{56e02f73-c73e-341c-1909-583710acfd43}\U\00000001.@ [ZA File]

Checking Windows Service Integrity:

 * COM+ Event System (EventSystem) is not Running.
   Startup Type set to: Automatic

 * Windows Firewall (MpsSvc) is not Running.
   Startup Type set to: Automatic

 * BITS [Missing Service]
 * iphlpsvc [Missing Service]
 * WinDefend [Missing Service]
 * wscsvc [Missing Service]
 * wuauserv [Missing Service]

 * SharedAccess [Missing ImagePath]

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 06/20/2013 03:12:03 PM
Execution time: 0 hours(s), 1 minute(s), and 16 seconds(s)
 

mbam log created by MBAM

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.06.20.08

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Billy :: BILLYLAPTOP [administrator]

6/20/2013 3:27:59 PM
mbam-log-2013-06-20 (15-27-59).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 249169
Time elapsed: 7 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|SkypeRS (Trojan.Tracur.srdGen) -> Data: Rundll32.exe C:\Users\Billy\AppData\Local\SkypeRS\fwmkrwnw.dll,vcdmektlhiphjrobdrhuwr -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Svc2dll (Malware.Packer.WT) -> Data: C:\Users\Billy\AppData\Local\svcxdcl32.exe -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Internet Security (Trojan.FakeAV.sig) -> Data: C:\Users\Billy\AppData\Roaming\ildefender.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 15
C:\Users\Billy\AppData\Local\SkypeRS\fwmkrwnw.dll (Trojan.Tracur.srdGen) -> Quarantined and deleted successfully.
C:\Users\Billy\AppData\Local\svcxdcl32.exe (Malware.Packer.WT) -> Quarantined and deleted successfully.
C:\Users\Billy\AppData\Roaming\ildefender.exe (Trojan.FakeAV.sig) -> Quarantined and deleted successfully.
C:\Users\Billy\AppData\Local\Temp\15C5.tmp (Trojan.FakeAV.sig) -> Quarantined and deleted successfully.
C:\Users\Billy\AppData\Local\Temp\15C6.tmp (Trojan.FakeAV.sig) -> Quarantined and deleted successfully.
C:\Users\Billy\AppData\Local\Temp\16EF.tmp (Trojan.FakeAV.sig) -> Quarantined and deleted successfully.
C:\Users\Billy\AppData\Local\Temp\49EB.tmp (Trojan.FakeAV) -> Quarantined and deleted successfully.
C:\Users\Billy\8514363.exe (Malware.Packer.WT) -> Quarantined and deleted successfully.
C:\Users\Billy\flashplayer.exe (Malware.Packer.PEX) -> Quarantined and deleted successfully.
C:\Users\Billy\icq.exe (Trojan.Zbot.FV) -> Quarantined and deleted successfully.
C:\Users\Billy\java.exe (Trojan.Zbot.FV) -> Quarantined and deleted successfully.
C:\Users\Billy\jqs.exe (Trojan.FakeAV.sig) -> Quarantined and deleted successfully.
C:\Users\Billy\jucheck.exe (Trojan.FakeAV) -> Quarantined and deleted successfully.
C:\Users\Billy\Local Settings\svcxdcl32.exe (Malware.Packer.WT) -> Quarantined and deleted successfully.
C:\Users\Billy\Local Settings\Application Data\svcxdcl32.exe (Malware.Packer.WT) -> Quarantined and deleted successfully.

(end)
 

SAS didn't created a log for some reason after finishing the scan and removing the issues.

 

ESETScan.txt created by ESET

 

C:\$Recycle.Bin\S-1-5-21-1207351739-3254581188-1989490907-1000\$RG28DGP\DTLite4461-0327.exe    Win32/OpenCandy application    cleaned by deleting - quarantined
C:\$Recycle.Bin\S-1-5-21-1207351739-3254581188-1989490907-1000\$RWBTNVF\WinZipRegistryOptimizer.exe    a variant of Win32/OpenInstall application    cleaned by deleting - quarantined
C:\Users\Billy\AppData\Local\Apps\ApplicationHistory\mugnwrnij.dll    a variant of Win32/Kryptik.ASBS trojan    cleaned by deleting - quarantined
C:\Users\Billy\AppData\Local\Google\Chrome\User Data\Default\Default\aadgdidbgfggdhggdcdagddideggdagg\background.js    Win32/TrojanDownloader.Tracur.V trojan    cleaned by deleting - quarantined
C:\Users\Billy\AppData\Local\Google\Chrome\User Data\Default\Default\aadgdidbgfggdhggdcdagddideggdagg\ContentScript.js    Win32/TrojanDownloader.Tracur.AD trojan    cleaned by deleting - quarantined
C:\Users\Billy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4MRJBOZM\delicuous_com[2].htm    JS/Agent.NJV trojan    cleaned by deleting - quarantined
C:\Users\Billy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4MRJBOZM\index7[1].htm    HTML/Iframe.B.Gen virus    deleted - quarantined
C:\Users\Billy\AppData\Local\Temp\CZ12IOon.exe.part    Win32/TopMedia.B application    cleaned by deleting - quarantined
C:\Users\Billy\AppData\Local\Temp\InstallerBT.exe    a variant of Win32/Toolbar.Babylon.A application    cleaned by deleting - quarantined
C:\Users\Billy\AppData\Local\Temp\jar_cache1167404314122974005.tmp    multiple threats    cleaned by deleting - quarantined
C:\Users\Billy\AppData\Local\Temp\jar_cache2206204606530802015.tmp    multiple threats    cleaned by deleting - quarantined
C:\Users\Billy\AppData\Local\Temp\jar_cache5601134524818005212.tmp    multiple threats    cleaned by deleting - quarantined
C:\Users\Billy\AppData\Local\Temp\jar_cache7933739183628150453.tmp    multiple threats    cleaned by deleting - quarantined
C:\Users\Billy\AppData\Local\Temp\jar_cache8635840846437853568.tmp    multiple threats    cleaned by deleting - quarantined
C:\Users\Billy\AppData\Local\Temp\L.class    a variant of Java/Agent.EQ trojan    cleaned by deleting - quarantined
C:\Users\Billy\AppData\Local\Temp\MyBabylonTB.exe    a variant of Win32/Toolbar.Babylon.A application    cleaned by deleting - quarantined
C:\Users\Billy\AppData\Local\Temp\DM\Installer_for_adobe-flash-professional_018156\WhiteSmoke.exe    Win32/Amonetize application    cleaned by deleting - quarantined
C:\Users\Billy\AppData\Local\Temp\mugnwrnij\mugnwrnij.dll    a variant of Win32/Kryptik.ASBS trojan    cleaned by deleting - quarantined
C:\Users\Billy\AppData\Local\{56e02f73-c73e-341c-1909-583710acfd43}\U\00000001.@    Win64/Conedex.D trojan    cleaned by deleting - quarantined
C:\Users\Billy\AppData\Local\{90671A2D-7EB8-11E1-826D-B8AC6F996F26}\chrome\content\browser.xul    JS/Redirector.NIQ trojan    cleaned by deleting - quarantined
C:\Users\Billy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\45434517-74ef21e9    a variant of Java/Exploit.CVE-2012-1723.AP trojan    cleaned by deleting - quarantined
C:\Users\Billy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\2ef6ed73-5be66ac4    Java/Exploit.Agent.NBS trojan    cleaned by deleting - quarantined
C:\Users\Billy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\3195234-2288643c    multiple threats    cleaned by deleting - quarantined
C:\Users\Billy\AppData\Roaming\Mozilla\Firefox\Profiles\9dklivf9.default-1357945439676\extensions\zvrztssqoj@zvrztssqoj.org.xpi    Win32/TrojanDownloader.Tracur.AD.Gen trojan    deleted - quarantined
C:\Users\Billy\Desktop\VS2008\visual-studio-2008-windows-malavida.exe    Win32/Malavida.A application    cleaned by deleting - quarantined
C:\Users\Billy\Downloads\microsoft powerpoint 2010 setup.exe    a variant of Win32/Soft32Downloader.D application    cleaned by deleting - quarantined
C:\Users\Billy\Downloads\mozilla-firefox.exe    a variant of Win32/InstallCore.X application    cleaned by deleting - quarantined
 

Now I'm gonna restart my computer in normal mode and see if the problem was fixed. I will reply to this forum if the roblem persists, thank you.



#7 dmoorecomputertech

dmoorecomputertech

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States
  • Local time:05:26 AM

Posted 20 June 2013 - 06:21 PM

Make sure and update us on how your system is running. It showed you as having ZEROACCESS rootkit symptoms and it removed a lot of corrupted files.

 

You can also rerun Malwarebytes if you would like someone to take a look, just to make sure you are clean.

 

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.
 



#8 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:26 PM

Posted 21 June 2013 - 06:13 PM

SAS didn't created a log for some reason after finishing the scan and removing the issues.

Open SAS and near the lower Mid-Left side there should be View Scan Logs.

Open this and see if it has the scan listed there.

Also unless you asked to remove the infections, the items will not be removed or stopped.

 

Since you have Malwarebytes already installed, just click the Update tab and Check for updates.

 

It may find something, but I am concerned about this listing > >

ALERT: ZEROACCESS rootkit symptoms found!

We will deal with this after your next reply

 

There are other issues in your Security Report as it is not showing Antivirus, plus several outdated and insecure programs -

 

Thank You -

Spelling edits only-


Edited by noknojon, 21 June 2013 - 06:25 PM.


#9 billywheelingotn

billywheelingotn
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:26 AM

Posted 03 July 2013 - 04:56 PM

Well, it's been almost two weeks since I ran these programs and removed the virus. No issues yet. This seems to have worked. Thank you for the help!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users