Jump to content
Posted 11 January 2014 - 03:11 PM
Posted 11 January 2014 - 03:46 PM
Hello Lee and Welcome -
First please remove Spybot S&D fully as it is not required, and program scans are limited.
Is there a decent (even free) Antivirus program installed ??
Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/
* Double-click on the Rkill desktop icon to run the tool.
* If using Vista or Windows 7 right-click on it and choose Run As Administrator.
* A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
* If not, delete the file, then download and use the one provided in Link 2.
* Do not reboot until instructed.
* If the tool does not run from any of the links provided, please let me know.
NOTE - If normal mode still doesn't work, run the tool from safe mode.
When the scan is done Notepad will open with rKill log.
Post it in your next reply.
NOTE. rKill.txt log will also be present on your desktop.
Important: Do not reboot your computer until you complete the next step.
* Please download AdwCleaner by Xplode and save to your Desktop.
* Double-click on AdwCleaner.exe to run the tool.
* Vista/Windows 7/8 users right-click and select Run As Administrator.
* Click on the Scan button (only once)
* AdwCleaner will begin...be patient as the scan may take some time to complete.
* After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
* NOW - Click on the Clean button (only once)
* Press OK when asked to close all programs and follow the onscreen prompts.
* Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
* After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
* Copy and paste the contents of that logfile in your next reply.
* A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
Just first basic steps
Thank You -
Posted 11 January 2014 - 04:10 PM
Ok, I used the malwarebytes rootkill program, got to where I could install malware bytes ran it cleaned everything out and now all seems to be well. If anything does come back in the near future I will use the steps you have provided. Thank you very much for your help and the quick response!
Posted 12 January 2014 - 06:10 PM
Hi Lee -
I would have liked to see the log that MBAM produced (and MBAR if still existing).
This is purely to see if there were infections, and what was removed, nothing else -
Logs are usually located at a dated tab above the main program face (about center)
For MBAM he log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
Run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
For MBAR -
Two files mbar-log-YYYY-MM-DD, system-log.txt will be created and saved within that same folder.
If you ignore this I will understand ......
Thank You -
Posted 12 January 2014 - 08:01 PM
I connected to the computer through teamviewer so I don't currently have access there was over a 100 infections in MB and i want to say at least 4 when i ran the MBroot one. But can't say specifically. If I do have to access it again in the near future I will get the logs.
Posted 21 January 2014 - 02:35 AM
Do you have access to the computer this week.
If not please update me -
Thank You -
Posted 28 January 2014 - 03:53 PM
I will be accessing the compute this week, as the virus is back. Either I didn't get it cleaned out all the way or they got re-infected. Either way. Should I follow your original steps and post those 2 logs you requested when i do get access to the computer?
0 members, 0 guests, 0 anonymous users