Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Poweliks!gm Help!


  • This topic is locked This topic is locked
15 replies to this topic

#1 Atlantic33

Atlantic33

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 28 November 2014 - 05:57 PM

Hello, first thank you for your help.

 

The laptop my wife and I use has suddenly become infected with the above mentioned virus. Our Norton security detects it, removes it, but it always comes back. Norton power eraser does not recognize it.

 

Norton often says in the corner that it blocked an attack from Trojan.Powerliks!gm or TrojanAdclicker. Also we often get messages now for "Google Chrome memory High usage" Our computer acts sluggish off and on. It would be excellent to get this virus removed! Any help would be a great help to us and also I am not computer savvy whatsoever, so help is appreciated! 

 

I apologize in advanced, I have read other posts regarding this topic, I Just had a hard time following the directions to those because they were a little technical for me, thank you.



BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:08 PM

Posted 29 November 2014 - 06:29 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1
logo.png
Please download Powelikscleaner (by ESET) and save it to your Desktop.
  • Double-click the 3.png to start the tool.
  • Read the terms of the End-user license agreement and click Agree if you agree to them.
  • The tool will run automatically. If the cleaner finds a Poweliks infection, press the Y key on your keyboard to remove it.
  • If Poweliks was detected "Win32/Poweliks was successfully removed from your system" will be displayed. Press any key to exit the tool and reboot your PC.
  • The tool will produce a log in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.
1.png
2.png

Step 2

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 Atlantic33

Atlantic33
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 29 November 2014 - 02:50 PM

Thank you for your help. Before you replied I ran a combofix and other scans which I believe has removed the virus. Under the log it showed many Win deletions. Today I ran ESET scan and today it says I do not have the virus, so I think I am ok! Thank you for your help! Also My other laptop a 32 bit has the same virus. How could both laptops become infected? Is it because it shares the same internet connection?


Edited by Atlantic33, 29 November 2014 - 02:50 PM.


#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:08 PM

Posted 29 November 2014 - 03:11 PM

How could both laptops become infected?

 

Difficult to say...


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 Atlantic33

Atlantic33
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 29 November 2014 - 04:33 PM

Now on my 32 bit laptop that is infected with the same above mentioned virus, every time I try to download Powelikscleaner or any other download, it fails. The yellow and white screen at the bottom pops up to ask either to "Run" "Save" or "cancel." I click save to add it to my desktop to run. It then attempts to download the program and then pops up "Powelikscleaner couldn't be downloaded." Then the options are to "Retry" (Which fails) "cancel" or "view downloads." How can I get it to download without this happening?? Thank you for your help.



#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:08 PM

Posted 29 November 2014 - 04:37 PM

Step 1

ie11.pngRe-enable downloads in Internet Explorer


Press thew7.png + R on your keyboard at the same time. Type inetcpl.cpl and click OK.
 
Click the Security tab and then on reset.PNG
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 Atlantic33

Atlantic33
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 29 November 2014 - 04:58 PM

I followed step 1, but with no success :mellow: It goes up to "33% downloaded, then says "running security scan" and then the message comes up about it not being able to download...



#8 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:08 PM

Posted 30 November 2014 - 05:41 AM

Ok. Please download the tools with the other PC and transfer the files via usb flashdrive to the infected machine.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#9 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:08 PM

Posted 03 December 2014 - 12:54 PM

Hi,

3 Day Inactivity

This is the third day since my last post. Are you still there?

If you need more time, just let me know.

If you do not post within 48 hours, this thread will be closed due to inactivity.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#10 Atlantic33

Atlantic33
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 03 December 2014 - 03:01 PM

Yes hello I am still here I apologize work had me away from my computer. I will today attempt to do the above mentioned instructions and try to install the program with a flash drive thank you.



#11 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:08 PM

Posted 03 December 2014 - 03:04 PM

OK...:)


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#12 Atlantic33

Atlantic33
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 03 December 2014 - 03:09 PM

Sorry to be a pain but can you instruct me how to download the tools  and transfer the files via usb flashdrive to the infected machine. I'm downloading from a 64 and my Infected computer is 32 bit. thank you



#13 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:08 PM

Posted 03 December 2014 - 04:08 PM

Please downloand the 32bit version of FRST and ESET Powelikscleaner (there is no choice).
Save both files on your flash drive. Afterwards connect the flash drive with the infected machine and copy & paste the tools to the desktop. Then follow the instructions above... :)


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#14 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:08 PM

Posted 06 December 2014 - 07:33 AM

Hi,

3 Day Inactivity

This is the third day since my last post. Are you still there?

If you need more time, just let me know.

If you do not post within 48 hours, this thread will be closed due to inactivity.


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#15 Atlantic33

Atlantic33
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 06 December 2014 - 11:33 AM

Hello there, thank you for your help. We can close the thread :-)






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users