Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

all started with sweetpacks malware


  • Please log in to reply
20 replies to this topic

#1 MACHOUSE36

MACHOUSE36

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:17 AM

Posted 08 July 2013 - 09:17 AM

I downloaded "windows password key" program to try and help a buddy who forgot his password. BIG MISTAKE.

Had the sweetpacks malware and has essentially locked my system up.

I have tried a number of programs (minitoolbox, adwareclenaer, combofix,jrt) to try and get rid and I need help!

Here are the symptoms:

SLOW SYSTEM AT BOOTUP,

TEMPORARY PROFILE WARNING WHEN LOGGIN ON, EVEN THOUGH THERE ARE NO OTEHR PROFILES EVEN IN EXISTENCE

ALL MY OWN CREATED FILES AND FOLDERS DO NOT APPEAR ON THE DESKTOP EVEN THOUGH IF I SEARCH FOR THEM THEY ARE AVAILABLE.

MY EMAIL PROGRAM ACTS LIKE ITS THE FIRST TIME I HAVE EVER USED IT, REGISTRATION PROMPTS ETC..

 

 

I have tried to run malwarebytes, but after 1 hour of running it locks up on this folder:

c:\users\client\localsettings\temporaryinternetfiles\content.ie5\..........

when I try to view that folder it is not even visible, not hidden either?

 

 

HELP!!!


Edited by Queen-Evie, 08 July 2013 - 09:21 AM.
moved from Windows 7


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,077 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:17 AM

Posted 08 July 2013 - 09:44 AM

Since you already ran Combofix due to malware infection, its log should be thoroughly reviewed by trained experts in order to ascertain what was detected/removed. A log should have been created and saved to the root directory, usually C:\ComboFix.txt.

Please follow the instructions in the Preparation Guide For Requesting Help starting at Step 6. When you have done that, start a new topic and post the required logs to include your ComboFix log in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team Experts. After doing this, please reply back in this thread with a link to the new topic so we can closed this one.

If HelpBot replies to your topic, please follow Step One and CLICK the link so it will report your topic to the team members.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 im abcd

im abcd

  • Members
  • 167 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:17 AM

Posted 08 July 2013 - 09:46 AM

Lets begin by doing the following: Download RKILL and Vipre Rescue. Once both of them are downloaded, boot up your PC in safe mode by repeatably pressing f8 while your PC is starting up. Next, run RKILL and after RKILL is done running, run Vipre Rescue AV. Boot back up in safe mode, once scanning with both is done. RKILL should produce a log. Paste that over here. 

 

Regards,

Abcd .


3dsig_zpsd150d538.png

 


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,077 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:17 AM

Posted 08 July 2013 - 09:47 AM

I downloaded "windows password key" program to try and help a buddy who forgot his password. BIG MISTAKE

Yes it was a big mistake and for those reading this topic:

The practice of using torrents, cracking tools, keygens, warez or any pirated software is not only considered illegal activity but it is a serious security risk.
 

Cracking applications are used for illegally breaking (cracking) various copy-protection and registration techniques used in commercial software. These programs may be distributed via Web sites, Usenet, and P2P networks.

TrendMicro Warning

...warez and crack web pages are being used by cybercriminals as download sites for malware related to VIRUT and VIRUX. Searches for serial numbers, cracks, and even antivirus products like Trend Micro yield malcodes that come in the form of executables or self-extracting files...quick links in these sites also lead to malicious files. Ads and banners are also infection vectors...

Keygen and Crack Sites Distribute VIRUX and FakeAV

...warez/piracy sites ranked the highest in downloading spyware...just opening the web page usually sets off an exploit, never mind actually downloading anything. And by the time the malware is finished downloading, often the machine is trashed and rendered useless.

University of Washington spyware study

...One of the most aggressive and intrusive of all bad websites on the Internet are serial, warez, software cracking type sites...they sneak malware onto your system...Where do trojan viruses originate? One of the biggest malware distributors on the Internet are serial/warez/code cracking sites.

Bad Web Sites: Malware

...a staggering 59% of the key generators and crack tools downloaded from P2P networks represent a security liability since they contain malicious and unwanted code. "25% of the Web sites we accessed offering counterfeit product keys, pirated software, key generators or crack tools attempted to install either malicious software or potentially unwanted software. A significant number of these Web sites attempted to install malicious or unwanted code...In addition to the peer-to-peer networks, 11% of the key generators and crack tools downloaded from Web sites were also plagued by malicious and unwanted software.

Microsoft Reveals the Risks of Using Pirated XP and Office
Whatever You Do, Do Not Download Windows 7 Via Torrent Sites

When you use these kind of programs, be forewarned that some of the worst types of malware infections can be contracted and spread by visiting crack, keygen, warez and other pirated software sites. In many cases, those sites are infested with a smörgåsbord of malware and an increasing source of system infection. Those who attempt to get software for free can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling the OS.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,077 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:17 AM

Posted 08 July 2013 - 09:55 AM

im abcd I know your only trying to help but since MACHOUSE36 advised he ran ComboFix, he needs to follow the instructions I provided for the reasons indicated before doing anything else.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 MACHOUSE36

MACHOUSE36
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:17 AM

Posted 08 July 2013 - 10:19 AM

Thanks for the overwhelming response!

So I ran system restore, it took along time for it to complete. But it now my system seems to be back to normal.

What do you suggest I do from here to make sure its still not lurking in my system somewhere.



#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,077 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:17 AM

Posted 08 July 2013 - 10:30 AM

If C:\ComboFix.txt is still present at that location, I suggest you still follow the instructions I provided in Post #2.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 im abcd

im abcd

  • Members
  • 167 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:17 AM

Posted 08 July 2013 - 11:10 AM

im abcd I know your only trying to help but since MACHOUSE36 advised he ran ComboFix, he needs to follow the instructions I provided for the reasons indicated before doing anything else.

Sorry about that. I didn't see your reply. You probably posted while I was still typing my reply. :P 

 

 

Thanks for the overwhelming response!

So I ran system restore, it took along time for it to complete. But it now my system seems to be back to normal.

What do you suggest I do from here to make sure its still not lurking in my system somewhere.

 

And to the OP, doing a system restore isn't always the best solution. It may damage your system further. So I suggest you follow quietman's instructions. 

 

Regards,

Abcd. 


3dsig_zpsd150d538.png

 


#9 MACHOUSE36

MACHOUSE36
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:17 AM

Posted 08 July 2013 - 11:20 AM

combofix.txt is no longer there, it was probably deleted when I did the system restore



#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,077 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:17 AM

Posted 08 July 2013 - 11:31 AM

Please download and perform a scan with AdwCleaner by Xplode.
This is a utility which will identity and remove any unknown Toolbars, adware and potential unwanted programs (PUP).
You can refer to these instructions: How To Use AdwCleaner

- A logfile (AdwCleaner.txt) will automatically open in Notepad after the scan has finished.
- The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
- Copy and paste the contents of that logfile in your next reply.


Please download Junkware Removal Tool thisisujrt.gif and save it to your Desktop.
  • Close all open programs and shut down any protection/security software now to avoid potential conflicts.
  • Double-click on JRT.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log file named JRT.txt will automatically open and be saved to your Desktop.
  • Copy and paste the contents of JRT.txt in your next reply.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 MACHOUSE36

MACHOUSE36
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:17 AM

Posted 08 July 2013 - 11:36 AM

I download adwcleaner, click search, it runs for a few minutes and then when the notepad file opens it says: access denied and the notepad file is blank.



#12 MACHOUSE36

MACHOUSE36
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:17 AM

Posted 08 July 2013 - 11:47 AM

JRT TOOL LOG:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Professional x64
Ran by Client on Mon 07/08/2013 at 12:36:39.35
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\apnupdater
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440}

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\cr_installer
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installedbrowserextensions
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\crossrider
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\genericasktoolbar.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\genericasktoolbar.toolbarwnd
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\genericasktoolbar.toolbarwnd.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\features\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\products\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0004493.BHO
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0004493.BHO.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0004493.Sandbox
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0004493.Sandbox.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\CrossriderApp0004493.BHO
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\CrossriderApp0004493.BHO.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\CrossriderApp0004493.Sandbox
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\CrossriderApp0004493.Sandbox.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{11111111-1111-1111-1111-110011441193}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{22222222-2222-2222-2222-220022442293}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011441193}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\wow6432node\clsid\{11111111-1111-1111-1111-110011441193}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\wow6432node\clsid\{22222222-2222-2222-2222-220022442293}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Successfully deleted: [Registry Key] "hkey_current_user\software\apn"
Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"
Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_current_user\software\ask.com"
Successfully deleted: [Registry Key] "hkey_local_machine\software\apn"
Successfully deleted: [Registry Key] "hkey_local_machine\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_local_machine\software\pip"

 

~~~ Files

Successfully deleted: [File] "C:\Windows\couponprinter.ocx"

 

~~~ Folders

Successfully deleted: [Folder] "C:\Users\Client\appdata\local\coupon companion"
Successfully deleted: [Folder] "C:\Users\Client\appdata\locallow\sweetim"
Successfully deleted: [Folder] "C:\Program Files (x86)\coupon companion"
Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"
Successfully deleted: [Empty Folder] C:\Users\Client\appdata\local\{2fcb0545-19d8-3919-6bc0-2eb70d341979}
Successfully deleted: [Folder] "C:\Users\Client\appdata\locallow\asktoolbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\ask.com"
Successfully deleted: [Folder] "C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}"

 

~~~ Chrome

Successfully deleted: [Registry Key] hkey_local_machine\software\policies\google\chrome\extensioninstallforcelist
Successfully deleted: [Folder] C:\Users\Client\appdata\local\Google\Chrome\User Data\Default\Extensions\pbkdpahkifcigckmhiafindmaflfifgm
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\pbkdpahkifcigckmhiafindmaflfifgm

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 07/08/2013 at 12:43:11.77
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,077 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:17 AM

Posted 08 July 2013 - 11:51 AM

I have not seen that message with this tool so I will check with the developer.

Try using it again but this time, do so while in "Safe Mode".
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#14 MACHOUSE36

MACHOUSE36
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:17 AM

Posted 08 July 2013 - 12:14 PM

adware log:

# AdwCleaner v2.304 - Logfile created 07/08/2013 at 13:10:49
# Updated 03/07/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Client - CLIENT-PC
# Boot Mode : Safe mode
# Running from : C:\Users\Client\Desktop\MALWARE TOOLS\adwcleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

Folder Found : C:\Users\Client\AppData\Local\APN
Folder Found : C:\Users\Client\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Folder Found : C:\Users\Client\AppData\Local\Temp\AskSearch

***** [Registry] *****

Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16618

[OK] Registry is clean.

-\\ Google Chrome v27.0.1453.116

File : C:\Users\Client\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found [l.25] : icon_url ="encodings": "UTF-8",        "hxxp://cdn.web.sweetim.com/toolbarff/searchplugin/bing.ico",       "id": "7",       "instant_url": "",       "keyword": "start.sweetim.com",       "name": "Bing",       "prepopulate_id": "0",       "search_terms_replacement_key": "",       "search_url": "{google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}",       "suggest_url": ""
Found [l.2174] : homepage = "hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10045&barid={08BF69EA-E59D-11E2-B970-E06995DDDF3B}",    "homepage_is_newtabpage": false,

*************************

AdwCleaner[R3].txt - [3418 octets] - [08/07/2013 13:09:53]
AdwCleaner[R4].txt - [3179 octets] - [08/07/2013 13:10:49]
AdwCleaner[S1].txt - [5541 octets] - [06/07/2013 10:32:06]
AdwCleaner[S2].txt - [824 octets] - [06/07/2013 12:27:44]
AdwCleaner[S3].txt - [897 octets] - [06/07/2013 14:33:06]

########## EOF - C:\AdwCleaner[R4].txt - [3417 octets] ##########



#15 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,077 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:17 AM

Posted 08 July 2013 - 01:46 PM

Please download Malwarebytes Anti-Malware mbamicontw5.gif and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
  • Double-click on the renamed file to install, then follow these instructions for doing a Quick Scan in normal mode.
  • Don't forget to check for database definition updates through the program's interface (preferable method) before scanning.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A.4. Issues.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • After the scan, make sure that everything is checked and then click the Remove Selected button to remove all the listed malware.
  • When done, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab .
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

Note: A 14-day trial of Malwarebytes Anti-Malware PRO is available as an option when first installing the free version so all users can test the real-time protection component for a period of two weeks. When the limited time period expires those features will be deactivated and locked. Enabling the Protection Module feature again requires registration and purchase of a license key. If you continue to use the free version, there is no requirement to buy a license...you can just use it as a stand-alone scanner. Users who have previously completed the trial will not be prompted to start the trial upon upgrade or reinstallation.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users