Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Powelik Trojan.Adclicker dllh.exe


  • This topic is locked This topic is locked
9 replies to this topic

#1 dagushin

dagushin

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:02 PM

Posted 23 October 2014 - 04:00 PM

Symantic has told me that I have Trojan.Poweliks  and Trojan.Adclickers on my computer but no virus scans will come up with any issue. It is really slowing down my computer and I would appreciate any help.



BC AdBot (Login to Remove)

 


#2 Rootk

Rootk

  • Malware Response Team
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easter Island, Chile.
  • Local time:10:02 PM

Posted 23 October 2014 - 07:21 PM

Hi. I'm Rootk and I will be helping you with your problem.
 
Please do the following:
 
Download Farbar Recovery Scan Tool and save it to your desktop. Please pick the version that matches your operating system's bit type. If you don't know which version matches your system, take a look at this link: http://www.bleepingcomputer.com/tutorials/32-bit-or-64-bit-windows/

Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

#3 dagushin

dagushin
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:02 PM

Posted 23 October 2014 - 09:09 PM

Here you go

 

Attached Files



#4 dagushin

dagushin
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:02 PM

Posted 24 October 2014 - 01:01 PM

Is that what you needed?



#5 Rootk

Rootk

  • Malware Response Team
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easter Island, Chile.
  • Local time:10:02 PM

Posted 24 October 2014 - 03:38 PM

I noticed that you posted the same problem on another forum: http://malwaretips.com/threads/trojan-powelik-trojan-adclicker-and-bogged-down-computer.35772/. You will have to request them to close that thread in order to be able to help you. Please post back once you have done so.

#6 dagushin

dagushin
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:02 PM

Posted 24 October 2014 - 05:27 PM

I just requested them to close my other thread!



#7 Rootk

Rootk

  • Malware Response Team
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easter Island, Chile.
  • Local time:10:02 PM

Posted 24 October 2014 - 07:44 PM

OK, now please follow these steps:

1.- Open notepad. Please copy the contents of the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it to your Desktop as fixlist.txt
 
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1925728243-709145724-2588763738-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
EmptyTemp:
NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Run FRST and press the Fix button just once and wait.
The tool will make a log on your desktop (Fixlog.txt) please post it to your reply.

2.- Run FRST again, check Addition.txt, press Scan and attach both reports.

3.- Download AdwCleaner by Xplode onto your Desktop.
  • Double click on Adwcleaner.exe to run the tool.
  • Click on Scan
  • Once the scan is done, click on the Clean button.
  • You will get a prompt asking to close all programs. Click OK.
  • Click OK again to reboot your computer.
  • A text file will open after the restart. Please post the content of that logfile in your reply.
  • You can also find the logfile at C:\AdwCleaner[Sn].txt ('n' represents the number of the most recent report).
4.- Please download RogueKiller and Save to the desktop.
  • Close all windows and browsers
  • Double click on RogueKillerX64.exe to run the tool.
  • Press the scan button.
  • A report opens on the desktop named - RKreport.txt
  • Please post it in your next reply.


#8 dagushin

dagushin
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:02 PM

Posted 24 October 2014 - 08:33 PM

OK I did it all. I think everything is attached. Let me know if it is and what to do next.

Attached Files



#9 Rootk

Rootk

  • Malware Response Team
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easter Island, Chile.
  • Local time:10:02 PM

Posted 25 October 2014 - 12:23 PM

Please follow these steps:

1.- Download TFC.exe - Temp File Cleaner by OldTimer:
Alternate link: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Save it to your Desktop
  • Close any open windows, save your work.
  • Double click the TFC icon to run the program. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process,
  • Allow TFC to run uninterrupted,
  • The program should not take long to finish its job.
  • Once it's finished, click OK to reboot.
2.- Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Please open Malwarebytes Anti-Malware
    MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Please update the database by clicking on the Update Now button as shown below.
    Capture1_zps47821576.jpg
  • Following the update, Click Settings > Detection and Protection and make sure Scan for Rootkits it checked.
    MBAM%20rootkit%20setting.jpg
  • Click on Dashboard, then click on the large green Scan Now button to begin the Threat Scan.
    If Malware or Potentially Unwanted Programs are found you will receive a Prompt so that you can decide what you want to do. I suggest "Quarantine". Click the button: Apply All Actions.
  • A window with an option to view the detailed log will appear. Click on View Detailed Log.
    MBAMThreatScan_zpsc6c6daeb.jpg
  • After viewing the results, please click on the Copy to Clipboard button > OK.
    MBAMScanLog_zps21b494ad.jpg
  • Return to our forum. Paste your log into your next reply.
Note: If you lose the Clipboard copy and need to retrieve the log again it can be found by opening Malwarebytes and clicking on History> Application Logs with the date of the scan. Simply double-click on that in order to see the options for Copying to Clipboard or to Export to a .txt file (Notepad). etc.. The .txt file can be saved and posted when you are ready.

3.-Go to Eset web page and run an online scanner from ESET. (You will need to use Internet explorer for this scan).

Turn off the real time scanner of any existing antivirus program while performing the online scan
click on Run ESET Online Scanner button.
Tick the box next to YES, I accept the Terms of Use.
Click Start.
When asked, allow the ActiveX control to install.
Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
Click on Advanced Settings, ensure the options below are ticked.
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
Click Start.
Wait for the scan to finish.
Use Notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt
and copy and paste the results here in this topic.

Edited by Rootk, 25 October 2014 - 12:26 PM.


#10 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:09:02 PM

Posted 26 January 2015 - 11:13 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users