Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

cleaned a virus, now pc freezes and cant get it to go away


  • Please log in to reply
36 replies to this topic

#1 cavegoat

cavegoat

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:05:53 AM

Posted 06 July 2014 - 12:22 PM

Hi BC,

 

I accidently opened and used IE instead of chrome and now my pc has stopped running smooth, in fact, after about 3 minutes open, it freezes and i cant get it to shut down and have to force shut downs. i was able to download adwcleaner and run it in hopes it would work its magic, but nada. 

 

help me Bleeping computer, youre my only hope


Edited by hamluis, 06 July 2014 - 12:49 PM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


m

#2 dc3

dc3

    Bleeping Treehugger


  • Members
  • 29,991 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:01:53 AM

Posted 06 July 2014 - 12:26 PM

You need to explain this is greater detail.

 

The topic title states that you cleaned a virus.  How did you go about cleaning this virus?


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#3 cavegoat

cavegoat
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:05:53 AM

Posted 06 July 2014 - 12:37 PM

hi dc3, thanks for the follow up!

 

I used AVG (freeware, as i always was using) it picked up the threat, i moved it to the vault (trojan) and then "cleaned" the vaulted items. now i have the problems.  I attached my adwcleaner log.  also of note, and fun! my screen locks up after a few minutes, then my background goes black (I can still use the cursor, but it does find anything cause the GUI is black!  more fun.

 

# AdwCleaner v3.214 - Report created 02/07/2014 at 21:32:58
# Updated 29/06/2014 by Xplode
# Operating System : Windows 7 Home Premium  (64 bits)
# Username : doogie - DOOGIE-PC
# Running from : C:\Users\doogie\Downloads\AdwCleaner (3).exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.7600.17267
 
 
-\\ Google Chrome v35.0.1916.153
 
[ File : C:\Users\doogie\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=7C439574-9191-42E9-BE74-4D37BED84714&apn_ptnrs=TV&apn_sauid=51319E62-8CCE-4325-9D40-16CC78C40678&apn_dtid=OSJ000YYUS&q={searchTerms}
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [6812 octets] - [02/07/2014 20:43:27]
AdwCleaner[R1].txt - [988 octets] - [02/07/2014 21:32:09]
AdwCleaner[S0].txt - [7222 octets] - [02/07/2014 20:44:41]
AdwCleaner[S1].txt - [1301 octets] - [02/07/2014 21:32:58]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1361 octets] ##########
 
 
thank YOU!


#4 cavegoat

cavegoat
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:05:53 AM

Posted 06 July 2014 - 12:38 PM

and of course, my pc memory is cranked up to 1.5 gbs for doing nothing



#5 dc3

dc3

    Bleeping Treehugger


  • Members
  • 29,991 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:01:53 AM

Posted 06 July 2014 - 12:43 PM

Please run the following scans.

Please run the ESET OnlineScan

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

 

Please download Malwarebytes Anti-Malware.  After clicking on the link the download will start automatically.
 
1)  Double-click on mbam-setup.exe, then click on Run to install the application, follow the prompts through the installation.
 
2)  Malwarebytes will automatically open.  If this is the first time you have run this version of Malwarbytes you will see an image like the one below.
 
mbam1_zps95cc812c.png
 
Click on Update Now, after Malwarebytes is updated click on Scan.
 
If this isn't the first time you have run this version, then you will see an image like the one below.  Click on Scan
 
mbam1_zps98e7fba9.png
 
You will be prompted to update Malwarebytes, to do so click on Update Now.
 
 mbam2_zps85f38f0c.png
 
3)  The scan will automatically run now.
 
mbamreplace_zps3ead4824.png
 
 
4)  When the scan is complete the results will be displayed.  Click on Quarantine All, then click on Apply Actions
 
mbam4_zps23e52ad4.png
 
 
5)  To complete any actions taken you will be asked if you want to restart your computer, click on Yes
 
 mbam4_zps490948cc.png
 
6)  Please post the Malwarebytes log.
 
To find your Malwarebytes log,download mbam-check.exe from here and save it to your desktop.
 
To open the log double click on mbam-check.exe on your desktop.  When the log opens, scroll down toward the bottom of the log to Quarantined Items.  Copy and paste this in your next post.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#6 cavegoat

cavegoat
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:05:53 AM

Posted 06 July 2014 - 06:58 PM

1st, thanks

 

here is the este clean report, ill  post it as my usual malware scan caused the pc to freeze, ill try it again via your link, but just in case...

 

C:\AdwCleaner\Quarantine\C\ProgramData\apn\APN-Stub\W3IV6-G\APNIC.7z.vir Win32/Bundled.Toolbar.Ask.B potentially unsafe application deleted - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\apn\APN-Stub\W3IV6-G\APNIC.dll.vir Win32/Bundled.Toolbar.Ask.B potentially unsafe application deleted - quarantined
C:\Users\doogie\AppData\Local\Google\Chrome\User Data\Default\Default\aadjdfdadjgfgegfdbgegfgddedjdgdi\ContentScript.js Win32/TrojanDownloader.Tracur.AD trojan cleaned by deleting - quarantined
C:\Users\doogie\AppData\Local\Temp\APNStub.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application deleted - quarantined


#7 cavegoat

cavegoat
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:05:53 AM

Posted 06 July 2014 - 07:49 PM

and twice i ran malwarebite and around 49500 processes, it crashes.  after 40 minutes of keeping the desktop open, i got a few avgtray errors, i use avg and malwarebytes. so to reiterate,i cannot run malwarebytes because it stalls/freezes/crashes.  any alternative or workarounds?



#8 cavegoat

cavegoat
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:05:53 AM

Posted 07 July 2014 - 06:45 AM

any updates dc3?  I am still unable to run malwarebytes....



#9 dc3

dc3

    Bleeping Treehugger


  • Members
  • 29,991 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:01:53 AM

Posted 07 July 2014 - 09:52 AM

Run Malwarebytes in Safe Mode.

 

If it still has problems running install RKill and then run it in normal mode.

 

 
RKill is an easy to use tool that kills known processes and removes Windows Registry entries that stop a user from using their normal security applications.  These settings will remain until the computer is rebooted, for this reason you must run the security application before the computer is rebooted.  In your case you will run Malwarebytes. 
 
Please download RKill and install it.
 
When RKill is run it will display a console screen similar to the one below:
 
RKill_zps2e34d4b8.png
 
When RKill has finished running a log will be displayed showing all of the processes that were terminated by RKill.
 
Attention:  At this time you need to run your security applications.
 
While RKill is running you may see a message from the malware stating that the program could not be run because it is a virus or is infected.  This is the malware trying to protect itself.  Two methods that you can try to get past this and allow RKill to run are:
 
1)  Rename Rkill so that it has a .com extension.
 
2)  Download a version that is already renamed as files that are commonly white-listed by malware. The main Rkill download page contains individual links to renamed versions.  
 
After the application has run successfully you should reboot the computer to restore the processes and Windows Registry entries. 

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#10 cavegoat

cavegoat
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:05:53 AM

Posted 07 July 2014 - 04:44 PM

Thanks dc3! I tried to run malwarebytes in safe mode, again, it shuts down around 48100 processes. Its stuck on systems32\nlsdata0003.DLL

I'll try rkill next

#11 cavegoat

cavegoat
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:05:53 AM

Posted 07 July 2014 - 04:54 PM

hi again, not sure how i restore the processes and windows reg errors, but here is the rkill log

 

Rkill 2.6.7 by Lawrence Abrams (Grinler)
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 07/07/2014 05:51:56 PM in x64 mode.
Windows Version: Windows 7 Home Premium 
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001


#12 cavegoat

cavegoat
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:05:53 AM

Posted 07 July 2014 - 05:04 PM

ran rkill once again;  

 

Rkill 2.6.7 by Lawrence Abrams (Grinler)

Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 07/07/2014 06:03:07 PM in x64 mode.
Windows Version: Windows 7 Home Premium 
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * C:\Users\doogie\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe (PID: 3096) [UP-HEUR]
 * C:\Program Files\iTunesHelper.exe (PID: 3552) [P-HEUR]
 
2 proccesses terminated!
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
i have no idea what to do now!  help!


#13 cavegoat

cavegoat
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:05:53 AM

Posted 07 July 2014 - 06:16 PM

ugh, i had to uninstall avg. it was crashing my desktop too much, anyway, one more rkill log:

 

Rkill 2.6.7 by Lawrence Abrams (Grinler)
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 07/07/2014 06:47:30 PM in x64 mode.
Windows Version: Windows 7 Home Premium 
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * C:\Users\doogie\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe (PID: 2676) [UP-HEUR]
 * C:\Program Files\iTunesHelper.exe (PID: 2016) [P-HEUR]
 
2 proccesses terminated!
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * No issues found.
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 07/07/2014 07:14:18 PM
Execution time: 0 hours(s), 26 minute(s), and 48 seconds(s)


#14 cavegoat

cavegoat
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:05:53 AM

Posted 07 July 2014 - 06:56 PM

finally malwarebytes works!

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 7/7/2014
Scan Time: 7:18:12 PM
Logfile: 77malwarebytes.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.07.07.09
Rootkit Database: v2014.07.07.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7
CPU: x64
File System: NTFS
User: doogie
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 304662
Time Elapsed: 30 min, 31 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
please advise. thank you so much, i know i am a lay


#15 cavegoat

cavegoat
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:05:53 AM

Posted 07 July 2014 - 07:08 PM

If I may add, I tried to restart after and the PC pretty much froze, and now there is one program yet to close, amd:CCC -AFMC so tiring window is preventing windows from restarting




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users