Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trivia removal unsuccessful


  • This topic is locked This topic is locked
9 replies to this topic

#1 YnotRide

YnotRide

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 08 January 2015 - 12:50 PM

Hello. I was attacked by Mr. Trovi a couple days ago. I googled it and killed all the programs it added, 16 in all in less than a minute, file extensions and some kind of rerouting deal. Can't remember. Took five hours. It's still there trying to start all over again and locking me up in everything I do. I then googled fixes specific to windows 7, and this site comes up for most successful repairs, on, well everything really but Trovi also. Registered, performed search, and found help is specific to each user. So... Help? Thank you, T (I'm on my iPad or I couldn't even do this)

BC AdBot (Login to Remove)

 


m

#2 YnotRide

YnotRide
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 08 January 2015 - 10:39 PM

Well spellcheck on the iPad changed the title which can't be edited to Trovi so I reckon no reply.

#3 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:42 AM

Posted 09 January 2015 - 09:24 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

  • Important: To help me reviewing your logs, please post them in code boxes. You can create them by clicking on the <>-symbol on top of the reply window.

 
 
 
 
HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware.
 
 
  
Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)
 
  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 
 
Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.
  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please attach this file to your next reply.
 


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#4 YnotRide

YnotRide
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 10 January 2015 - 04:54 AM

Thank you for the reply. I'm having quite the problem getting to any of the links, actually staying on the link to download and start these. I get hijacked and it locks everything on a BS update page, all of which are different but freezes everything but my shutdown button. Get back with you in a couple hours. Patience wearing thin. Thanks again. (Sent from iPad)

#5 YnotRide

YnotRide
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 10 January 2015 - 02:26 PM

I very well may not be savy enuf to do this. I've killed off all the redirector stuff I could find etc. I am now able to click this page up and quickly X out the second page popping up. But when I click any subsequent links I am hijacked right to Bangladesh or Saturn or something without a chance to redirect back. At that point the only thing that works is the shut down button.

#6 YnotRide

YnotRide
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 11 January 2015 - 07:49 PM

TTT for access during hijack. Thank you



#7 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:42 AM

Posted 12 January 2015 - 04:40 AM

Do you have another computer nearby?


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#8 YnotRide

YnotRide
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 12 January 2015 - 05:29 AM

Yes I have a home PC also. It is rarely used but functions fine. It is Windows Vista not Windows 7 like my Dell laptop that's infected. I am not able to download anything from here at all. I can download from google but only in two steps. I can click a single link and download from it. I am hijacked if I click a link, have to make any selection, and download from there. Two step actions can work by immediately jumping mouse to where the X pops up to kill the second page before it locks screen. Any third click or action automatically freezes everything but shutdown button. Thank you again...T 



#9 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:42 AM

Posted 12 January 2015 - 05:33 AM

Download the following program, save it on a flash drive and scan the infected one.

Use the XP computer to post the result here:

 

 

Scan with FRST (Recovery Environment)


To run FRST on Vista and Windows7:



Plug the flashdrive into the infected PC.

Enter System Recovery Options.


To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.



To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.


On the System Recovery Options menu you will get the following options:

  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt
  • Select Command Prompt


  • In the command window:
  • type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
  • Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.

It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#10 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:42 AM

Posted 21 January 2015 - 06:54 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users