Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't run malware tools, ie 32bit not working, receive powershell service error


  • This topic is locked This topic is locked
8 replies to this topic

#1 mike1214

mike1214

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 11 January 2015 - 06:18 PM

Hello. I started having issues with internet explorer 32 bit running very slow. Eventually, ie-8 32bit started to fail by not connecting to the web. It would just continue to attempt to connect to a page. However, firefox and ie 64bit work, but still very slowly. I tried reseting ie8 and deleting all the temp files. I also noticed i was getting a pop up error when starting windows 7. The message was regarding the "powershell service" terminating. I imagine there is some malware on my machine. I have tried all sorts of malware removal programs both in safe mode and normal. Not all the malware programs will start up or even install. I have been at this many hours now and really could use some help. Look foward to a reply. Thank you.



BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:53 PM

Posted 11 January 2015 - 06:29 PM

Hello -

This sounds like a classic case of Poweliks infection. Please follow the directions below - - -

 

Please download Powelikscleaner (by ESET) and save it to your Desktop.

  • Double-click ESETPoweliksCleaner.exe to start the tool.
  • Read the terms of the End-user license agreement and click Agree if you agree to them.
  • The tool will run automatically. If the cleaner finds a Poweliks infection, press the Y key on your keyboard to remove it.
  • If Poweliks was detected "Win32/Poweliks was successfully removed from your system" will be displayed. Press any key to exit the tool and reboot your PC.
  • The tool will produce a log in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

1.png
2.png



#3 mike1214

mike1214
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 11 January 2015 - 06:45 PM

Hello noknojon. I already saw posts of this infection already and tried to use the tool. It does not wan to run for some reason. I just tried using this tool again in safe mode. When I double click it, the program ask if I wan to run it. I select run, but it appears it just closes. I also tried right clicking the program and selecting run as admin., but same results. I also tried again to run the program in normal win7 mode, and the program again would not run. What should i try now???



#4 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:53 PM

Posted 11 January 2015 - 07:35 PM

Hi -

There is another Version of almost the same tool, but please try this ...........

 

One secret may be this .......

Please download RKill by Grinler to your desktop

  • If you have an old version, please delete it first
  • Right click on the new Red icon and select Run as Administrator
  • If this tool will not run in Normal Mode, please run it in Safe Mode
  • A black DOS box will appear for a short time and then disappear.
  • This is normal and indicates the tool ran successfully.
  • At most the tool will usually run for about 2 minutes
  • Please Copy and Paste the small log back here.
  • Try ESET Tool now, or try the Malwarebytes Rootkit tool ...................

 

 

Download Malwarebytes Anti-Rootkit (A.K.A. MBAR) from HERE

  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain.
  • If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt

 

Thanks -


Edited by noknojon, 11 January 2015 - 07:40 PM.


#5 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:53 PM

Posted 11 January 2015 - 07:49 PM

The other specific option is the Symantec tool for Poweliks..

I meant to post this above, but there was a mix-up in my Text-Editor .......................

 

This tool is designed to remove the infection of the Trojan.Poweliks.

How to download and run the tool

Important:

  • Selecting "Run as administrator" will result in an incomplete repair. You must be logged in to the Administrator account and all other users must be logged out in order for the tool to work correctly.
  • There are two versions of this tool, one designed to run on 32-bit computers and one designed to run on 64-bit computers. To find out if your computer is running a 32-bit or 64-bit version of Windows, please read the following Microsoft Knowledge Base article: How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system


Follow these steps to download and run the tool:

  1. Download FixPoweliks64.exe for 64-bit computers and FixPoweliks32.exe for 32-bit computers.
  2. Save the file to a convenient location, such as your Windows desktop.
  3. If you are sure that you are downloading this tool from the Security Response website, you can skip this step. If you are not sure, or are a network administrator and need to authenticate the files before deployment, follow the steps in the Digital Signature section before proceeding with step 4.
  4. Close all the running programs.
  5. If you are running Windows XP, turn off System Restore. For instructions on how to turn off System Restore, read your Windows documentation.
  6. Double-click the FixPoweliks64.exe or the FixPoweliks32.exe file to start the removal tool.
  7. Click I Accept to accept the EULA, then click Start to begin the process and allow the tool to run.

    2014-111020-0511-99.1.png
    2014-111020-0511-99.2.png
     
  8. When the tool has finished running, you will see a message prompting you to check the logfile for results.

    2014-111020-0511-99.3.png

The removal tool writes a summary of its operation to a logfile named FixPoweliks64.log or FixPoweliks32.log with results similar to the following:

  • List of terminated processes
  • List of removed registry values

2014-111020-0511-99.4.png
If the system is clean, no restart is required and the logfile will be blank.

Note: If the Removal Tool does not display the following message after being run, please run the Removal Tool again to provide confirmation that the compromised computer has been repaired:


  • Trojan.Poweliks has not been found on the system.

Note: If all running programs were not closed prior to successful removal of Trojan.Poweliks it may be necessary to relaunch relevant applications or reboot the computer to restore functionality. This is the result of injected processes being terminated.

What the removal tool does
The removal tool carries out the following actions:

  • Terminates the associated processes
  • Removes registry keys/values added by the threat


#6 mike1214

mike1214
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 11 January 2015 - 09:59 PM

Noknojon,

 Not so good news. I downloaded Rkill, but it won't run in normal nor safe mode. It starts the install with a progress bar, but closes as soon as the progress bar completes. I never see the dos screen nor the log. I also tried the mbar in both modes and no luck. In normal mode, it asks if i want to run the file, but a just a get a spinning circle icon for a few seconds and then nothing happens. I also tried the other file you mentioned FixPoweliks64.exe, but it also would not start up. On a side note, earlier today i was able to install spybot, but it won't let me run a scan. Kinda weird. Any thoughts?



#7 mike1214

mike1214
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 11 January 2015 - 10:03 PM

I also forgot to mention...I was able to run cccleaner and adwcleaner earlier today. I removed any threats found by those tools.



#8 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:53 PM

Posted 12 January 2015 - 12:49 AM

Sorry but many restore programs, and many other dedicated tools are not able to be used in this area of the forum. Please see the directions below ...

 

 

Please follow the instructions in the Malware Removal and Log Section Preparation Guide starting at Step 6.

  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 6 there are instructions for downloading and running DDS which will create two logs.
  • Note: Windows 8.1 Users will not be able run DDS and create a log, but still create the new topic.

When you have done that, Copy and Paste your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.

Start a new topic, give it a relevant title and post your log(s) along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. If you cannot produce any of the required logs or you're using Windows 8.1, then still start the new topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happened when you tried to create them. A member of the Malware Removal Team will walk you through, step by step, on how to clean your computer.

After doing this, please reply back in this thread with a link to the new topic so we can close this one, to prevent others answering incorrectly.

 

 

Thank You ....



#9 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 35,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:06:53 AM

Posted 13 January 2015 - 08:46 PM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/t/563028/tricky-poweliks-infection-possibly-ie-32bit-not-workingcant-run-malware-tools/ you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic. Good luck with your log.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users