Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

A virus re-installs every time its deleted, help please!


  • Please log in to reply
4 replies to this topic

#1 Matt morrow

Matt morrow

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:59 PM

Posted 20 November 2014 - 05:33 PM

At this point i have no idea what to do, Malwarebytes is nearly constantly blocking Malicious websites and my computer is extremely slow. after running Malwarebytes, Avira and Hitman pro with no dice i booted in safe mode and ran Roguekiller. This picked up the virus that i deleted and i restarted my PC. But i still got alerts that websites were being blocked, so i went back into safe mode and ran it again and it picked up the same virus and then after repeated scanning, i found every time i deleted the virus by the next scan the virus would be re-installed. I am running on windows eight and absolutely any help would be appreciated, thank you!



BC AdBot (Login to Remove)

 


#2 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 5,783 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:12:59 PM

Posted 20 November 2014 - 05:49 PM

G'day Matt, and Welcome to BC.

 

Please run the following for me ....In the Order Listed.

 

 

Please download and run RKill by Grinler.
 A black DOS box will appear for a short time and then disappear.
 This is normal and indicates the tool ran successfully.
 At most the tool will usually run for about 2 minutes
 Please Copy / Paste the small log back here.

 
    RKill.exe:    http://www.bleepingcomputer.com/download/rkill/dl/10/

       iExplore.exe (renamed rKill.exe):     http://www.bleepingcomputer.com/download/rkill/dl/11/

Rkill.com   RKill Download Link Download Now Rkill.com

 

The "extra" Rkill url's are in case the malware wont allow you to run the program..So...if one fails, try the next one....they have simply been renamed


Important: Do not reboot your computer until you complete the next step.

 

 

 

Download MalwareBytes Anti-Malware to your desktop.


If you already have MBAM 2.0 installed:

    On the Dashboard, click the 'Update Now >>' link
   After the update completes, click the 'Scan Now >>' button.
   (Or, alternatively, on the Dashboard, click the Scan Now >> button.
    If an update is available, click the Update Now button.)
    A Threat Scan will begin.
   When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
   
(In most cases, a restart will be required.)
   Wait for the prompt to restart the computer to appear, then click  Yes.




 How To Find Your Logs ...
(Export log to save as txt

    After the restart , and you are back on your desktop, open MBAM once more.
    Click on the History tab > Application Logs.
    Double click on the Scan Log which shows the Date and time of the scan just performed.
    Click 'Export'.
    Click 'Text file (*.txt)'
    In the Save File dialog box which appears, click on Desktop.
    In the File name box type a name for your scan log.
    A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    Click Ok
    Copy and Paste that saved log to your next reply, for me to review.




(Copy to clipboard for pasting into forum replies )

    After the restart and you are back on your desktop, open MBAM once more.
    Click on the History tab > Application Logs.
    Double click on the scan log which shows the Date and time of the scan just performed.
    Click 'Copy to Clipboard'
    Paste the contents of the clipboard into your reply, for my review.


Condobloke ...Outback Australian  

 

fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

 

Microsoft gives you Windows, Linux gives you the whole house...

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

#3 Matt morrow

Matt morrow
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:59 PM

Posted 20 November 2014 - 07:32 PM

Thank you so much for the response! the log for the first scan is here. Rkill 2.6.8 by Lawrence Abrams (Grinler)

Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 11/20/2014 07:12:14 PM in x64 mode.
Windows Version: Windows 8.1 
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
Checking Windows Service Integrity: 
 
 * MsKeyboardFilter [Missing Service]
 * CSC [Missing Service]
 * E1G60 [Missing Service]
 * kbldfltr [Missing Service]
 * storvsp [Missing Service]
 * Vid [Missing Service]
 * vmbusr [Missing Service]
 * vpcivsp [Missing Service]
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * Cannot edit the HOSTS file.
 * Permissions could not be fixed. Use Hosts-perm.bat to fix permissions: http://www.bleepingcomputer.com/download/hosts-permbat/
 
 * HOSTS file entries found: 
 
  127.0.0.1 localhost
 
Program finished at: 11/20/2014 07:12:27 PM
Execution time: 0 hours(s), 0 minute(s), and 13 seconds(s)
 
 
and here is the log for Malwarebytes
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 11/20/2014
Scan Time: 7:24:22 PM
Logfile: 
Administrator: Yes
 
Version: 2.00.3.1025
Malware Database: v2014.11.20.09
Rootkit Database: v2014.11.18.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Matt
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 321385
Time Elapsed: 6 min, 31 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#4 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 5,783 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:12:59 PM

Posted 20 November 2014 - 07:41 PM

Try this...

 

Download Malwarebytes Anti-Rootkit to your desktop.

   Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
    Double click on downloaded file. OK self extracting prompt.
    MBAR will start. Click "Next" to continue.
    Click in the following screen "Update" to obtain the latest malware definitions.
    Once the update is complete select "Next" and click "Scan".
    When the scan is finished and no malware has been found select "Exit".
    If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
    Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
    "mbar-log-{date} (xx-xx-xx).txt"
    "system-log.txt"


Condobloke ...Outback Australian  

 

fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

 

Microsoft gives you Windows, Linux gives you the whole house...

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

#5 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 5,783 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:12:59 PM

Posted 20 November 2014 - 07:43 PM

and....do you remember the name of the 'virus' detected by rogue killer ?


Condobloke ...Outback Australian  

 

fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

 

Microsoft gives you Windows, Linux gives you the whole house...

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users