Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus help


  • Please log in to reply
17 replies to this topic

#1 MomsPC

MomsPC

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:09 AM

Posted 08 November 2014 - 12:31 PM

I have Trojan Poweliks and need it gone. Hopefull I can receive some help.


Edited by Orange Blossom, 08 November 2014 - 12:44 PM.
Moved to AII. ~ OB


BC AdBot (Login to Remove)

 


#2 MomsPC

MomsPC
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:09 AM

Posted 08 November 2014 - 12:33 PM

I need help with a cleaner!



#3 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:09 AM

Posted 08 November 2014 - 04:37 PM

Welcome aboard p22002758.gif

 

Please download Powelikscleaner (by ESET) and save it to your Desktop.

1. Double-click on ESETPoweliksCleaner.exe to start the tool.

2. Read the terms of the End-user license agreement and click Agree.

3. The tool will run automatically. If the cleaner finds a Poweliks infection, press the Y key on your keyboard to remove it.

newtool1_zpsa1caa06e.png

4. If Poweliks was detected "Win32/Poweliks was successfully removed from your system" will be displayed. Press any key to exit the tool and reboot your PC.

newtool2_zps0e6d39b1.png

The tool will produce a log in the same directory the tool was run from.

Please copy and paste the log in your next reply.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#4 MomsPC

MomsPC
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:09 AM

Posted 08 November 2014 - 08:12 PM

I performed the ESET. My Norton tells me Trojan.Poweliks is still present.. :nono:


Edited by MomsPC, 08 November 2014 - 08:14 PM.


#5 bandicoot_

bandicoot_

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:09 AM

Posted 08 November 2014 - 08:32 PM

I performed the ESET. My Norton tells me Trojan.Poweliks is still present.. :nono:

 

Did Norton come with your computer and you're depending on it?

If yes, then :ranting: :ranting: :ranting: :ranting: :ranting: :ranting: :ranting:

 

Norton Internet Security coming with a PC is soon going to nag about not having protection, ala bloatware.

 

Download Malwarebytes Anti-Malware from http://www.malwarebytes.org (free), update definitions, and run a full scan. Post the log results in a reply.


Edited by bandicoot_, 08 November 2014 - 08:35 PM.


#6 MomsPC

MomsPC
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:09 AM

Posted 08 November 2014 - 08:43 PM

Norton did not come with computer. Running the Malwarebytes Anti-Malware now.



#7 MomsPC

MomsPC
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:09 AM

Posted 08 November 2014 - 08:52 PM

www.malwarebytes.org

Scan Date: 11/8/2014
Scan Time: 6:37:19 PM
Logfile: malwarereport.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.08.07
Rootkit Database: v2014.11.08.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Suzie

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 356323
Time Elapsed: 10 min, 7 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 2
PUP.Optional.MyWordTool.A, HKLM\SOFTWARE\WOW6432NODE\MyWordTool, , [a8af2019afcdb185eb7c4e3f05ff9e62],
PUP.Optional.MyWordTool.A, HKU\S-1-5-21-3059376381-16917835-1669571573-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MyWordTool, , [f85f96a3c5b7ec4aa4c4137ab054c63a],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 3
PUP.Optional.WeDownload.A, C:\Windows\Tasks\weDownload Manager Pro-chromeinstaller.job, , [c691241538447db974262e5d2ed6847c],
PUP.Optional.WeDownload.A, C:\Windows\Tasks\weDownload Manager Pro-enabler.job, , [72e51a1f423a39fdf7a3c9c2699b8b75],
PUP.Optional.WeDownload.A, C:\Windows\Tasks\weDownload Manager Pro-updater.job, , [73e430096616da5c1f7b4c3f19eb6d93],

Physical Sectors: 0
(No malicious items detected)

(end)



#8 bandicoot_

bandicoot_

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:09 AM

Posted 09 November 2014 - 11:16 AM

OK, I can see some potentially unwanted programs. These may have installed the trojan or Norton is false positiving.

 

Download TDSSKiller by Kaspersky: usa.kaspersky.com/downloads/tdsskiller

 

Post the log results. Then do a scan with Norton. If it is still there, it may be a false positive.



#9 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:09 AM

Posted 09 November 2014 - 01:56 PM

You didn't follow mt reply.

I need to see Eset tool log.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#10 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:05:09 AM

Posted 09 November 2014 - 01:58 PM

@Broni

 

I have a question regarding ramnit, but you PM states that you can not receive messages.

 

dc3

 

My apologies to MomsPC for the unorthodox means of contacting Broni.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#11 MomsPC

MomsPC
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:09 AM

Posted 09 November 2014 - 02:00 PM

TDSS found no threats or objects, the report will not let me copy and paste and scan results detail shows blank. Norton is reporting just tracking cookies.

I would like to make the unwanted programs as mentioned above go. Ultimately I want a clean registry.



#12 MomsPC

MomsPC
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:09 AM

Posted 09 November 2014 - 02:17 PM

[2014.11.08 18:18:21.842] - INFO: Processing invalid subkeys in [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...

 

[2014.11.08 18:18:21.842] - INFO: Processing [HKLM\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}]...

 

[2014.11.08 18:18:21.842] - INFO: Processing subkey [\Registry\Machine\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32]

 

[2014.11.08 18:18:21.842] - INFO: Processing subkey [\Registry\Machine\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32]

 

[2014.11.08 18:18:21.842] - INFO: Win32/Poweliks not found



#13 MomsPC

MomsPC
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:09 AM

Posted 09 November 2014 - 02:24 PM

TDSSkiller::

 

 

8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe

 

12:18:58.0386 0x11e4  Sidebar - ok

 

12:18:58.0409 0x11e4  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe

 

12:18:58.0412 0x11e4  mctadmin - ok

 

12:18:58.0560 0x11e4  [ A0327AA1960EB88668B252C3CDAB75B6, 913CE80AB5A99B66AD38EC6B3182BBE4BA42997CE4B92433365859406C922A43 ] C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe

 

12:18:58.0611 0x11e4  HP Photosmart 6510 series (NET) - ok

 

12:18:58.0640 0x11e4  DW7 - ok

 

12:18:59.0860 0x11e4  [ 2E8A5736739C6D23F5CBAE22973A1E3A, DC69CF7132FF7CACCEF4E6A8A4C71D9E5CDB6F8A7521D72999E1A6A532C384D6 ] C:\Users\NIcole\AppData\Roaming\Spotify\Spotify.exe

 

12:19:00.0070 0x11e4  Spotify - ok

 

12:19:00.0330 0x11e4  [ B66E0842FCF485F3E2D41BF0BA10966F, 966B8386B2D060167E8EAAE478509013A8729FE2CF11F890D3F9DCDA90768F34 ] C:\Users\NIcole\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

 

12:19:00.0373 0x11e4  Spotify Web Helper - ok

 

12:19:00.0378 0x11e4  Waiting for KSN requests completion. In queue: 69

 

12:19:01.0382 0x11e4  Waiting for KSN requests completion. In queue: 69

 

12:19:02.0382 0x11e4  Waiting for KSN requests completion. In queue: 69

 

12:19:03.0422 0x11e4  AV detected via SS2: Norton Internet Security, C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\21.6.0.32\WSCStub.exe ( 21.6.0.0 ), 0x51000 ( enabled : updated )

 

12:19:03.0422 0x11e4  FW detected via SS2: Norton Internet Security, C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\21.6.0.32\WSCStub.exe ( 21.6.0.0 ), 0x51010 ( enabled )

 

12:19:06.0029 0x11e4  ============================================================

 

12:19:06.0029 0x11e4  Scan finished

 

12:19:06.0029 0x11e4  ============================================================

 

12:19:06.0060 0x13a0  Detected object count: 0

 

12:19:06.0060 0x13a0  Actual detected object count: 0



#14 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:09 AM

Posted 09 November 2014 - 02:33 PM

I suggest you follow just one helper, otherwise things are confusing you and me as well.

 

You didn't follow mt reply.

I need to see Eset tool log.

 


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#15 MomsPC

MomsPC
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:09 AM

Posted 09 November 2014 - 02:42 PM

I am totally w/ you Broni!  :hello: .






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users