Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Urgent help needed for work computer infected!!...First Log...


  • This topic is locked This topic is locked
11 replies to this topic

#1 spaceagent

spaceagent

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:03 PM

Posted 17 February 2014 - 12:51 AM

Hey guys.

I have a work computer infected with some ransomware.

Would really appreciate it if I could get some help asap.

Followed the steps in this thread..

http://bit.ly/1oFk1s1

Attached is the first log...

 

 

 

 

 

Attached Files

  • Attached File  FRST.txt   10.41KB   2 downloads


BC AdBot (Login to Remove)

 


m

#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:03 PM

Posted 17 February 2014 - 09:37 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

 

Fix with FRST (Recovery Environment)


  • Open notepad (Start =>All Programs => Accessories => Notepad).
  • Please copy the entire contents of the code box below.
    (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

    Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfj498ze.lnk
    ShortcutTarget: lfj498ze.lnk -> C:\ProgramData\ez894jfl.cpp (Microsoft Corporation)
    
    S2 Winmgmt
    
    C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfj498ze.lnk
    C:\ProgramData\ez894jfl.cpp
    C:\ProgramData\lfj498ze.fee

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Now please enter System Recovery Options again.

  • Run frst.exe (on 64bit, run frst64.exe) and press the Fix button just once and wait.
  • The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

 

 

 

Now boot into windows.

 

 

 

Full System Scan with Malwarebytes Antimalware

  • If not existing, please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.


If the program is already installed:
  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.


Edited by TB-Psychotic, 17 February 2014 - 09:38 AM.

Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 spaceagent

spaceagent
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:03 PM

Posted 17 February 2014 - 11:39 AM

Hey TB.

Thanks!

Attached is the fix log.

When I boot into windows I cannot connect to the internet.

I can connect to the internet fine on my clean pc. So I assume the virus is doing this.

I put the Malware bytes on usb to install. But I would still need the internet connect to update it.

Any ideas?

Thanks!!!

Attached Files



#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:03 PM

Posted 17 February 2014 - 11:52 AM

Skip Malwarebytes.

 

 

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe


When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 spaceagent

spaceagent
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:03 PM

Posted 17 February 2014 - 12:26 PM

Hey TB.

Here is the combo fix log.

I still cannot connect to the internet.

Something I am missing?

Thanks!!

Attached Files



#6 spaceagent

spaceagent
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:03 PM

Posted 17 February 2014 - 12:29 PM

Nevermind dchp was not enabled.

Now fixed. Works now!!

Thanks so much! You just saved me ALOT of headache.

You are awesome!!!!



#7 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:03 PM

Posted 18 February 2014 - 03:19 AM

Stay with me - your computer may not be really clean!

 

Full System Scan with Malwarebytes Antimalware

  • If not existing, please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.


If the program is already installed:
  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.

 

 

Also, do the following:

 

 

Hit the windows key, type "CMD" (without the quotation marks), right click the found cmd symbol and select "Run as administrator".

Within the window that opens, write:

winmgmt /verifyrepository

Hit Enter.

Tell me the result (consistent or inconsistent).


Edited by TB-Psychotic, 18 February 2014 - 03:25 AM.

Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#8 spaceagent

spaceagent
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:03 PM

Posted 18 February 2014 - 01:19 PM

Hey TB! I didnt see your message until now sorry.

 

I actually ran malware bytes, malwareware bytes anti rookit, and adware cleaner yesterday and removed everything that it found.

 

attached is the log for anti rookit.

 

I think i might have taken malware bytes and adware cleaner for some reason off my computer:S because i cant find those logs.

 

i just ran CMD and it says

 

Consistent

 

Let me know what you think

 

Thank you

 

 

Attached Files



#9 spaceagent

spaceagent
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:03 PM

Posted 18 February 2014 - 01:28 PM

attached are adware cleaner logs

Attached Files



#10 spaceagent

spaceagent
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:03 PM

Posted 18 February 2014 - 01:31 PM

only log i could find from malware bytes is the protection log. (probably because for some reason i took it off my computer ;)

Attached Files



#11 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:03 PM

Posted 19 February 2014 - 06:54 AM

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#12 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:03 PM

Posted 05 March 2014 - 10:46 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users