Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Agent, Trojan.TaskJS, Malwarebytes helping but can't solve


  • This topic is locked This topic is locked
24 replies to this topic

#1 hop16

hop16

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:35 PM

Posted 08 February 2015 - 03:21 PM

I have my neighbor's PC, seems like it has something that Mcafee and Malwarebytes finds pieces of but can't quite get all.

 

Aside from the items found in the topic title, Malwarebyte logs also indicate blocking outbound connections to malicious sites (multiple IP addresses) from C:\Windows\SysWOW64\dllhost.exe

 

I have attached FRST and Addition files

Attached Files



BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:35 AM

Posted 08 February 2015 - 04:13 PM

Hello hop16 and Welcome to the BleepingComputer. :welcome:  

 

My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.
 

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.

 

  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks

---------------------------------------------------------------------------------------------------------

I am currently reviewing your log.I will be back with a fix for your problem as soon as possible.Please be patient with me during this time.

 

:hello:

 

Have a great day.
 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 hop16

hop16
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:35 PM

Posted 08 February 2015 - 04:28 PM

As far as I can tell, McAfee Security Center, Microsoft Security Essentials, and Malwarebytes are now disabled.

 

Thanks for you help.



#4 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:35 AM

Posted 08 February 2015 - 04:52 PM

Hi hop16,

 

Multiple Antivirus Programs installed!

I do not recommend that you have more than one anti-virus product installed and running on your computer at a time.

The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti-virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:

1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.

Therefore please go to add/remove in the control panel and remove either [McAfee Anti-Virus and Anti-Spyware +  McAfee Firewall ] or Microsoft Security Essentials.

 

I recommend McAfee remove.

 

Removing McAfee
 

  • Download the MCPR tool from here and save the file to your desktop.
  • Start the tool by double click.
    Note: When you see the User Account Control dialog box, click Yes.
  • At the McAfee Software Removal screen, click Next.
  • At the End User License Agreement (EULA) dialog box, click Next to accept the agreement.
  • When prompted, type the Captcha information to validate to application security, then click Next.
    Note: If you have Family Protection installed, type your Administrator user name and password, and click Next.
  • If you cannot authenticate, follow the on-screen instructions to obtain an uninstall code. If you do not have Family Protection installed, you will not receive this authentication prompt.
  • When you see the message CleanUp Successful, restart your computer. Your McAfee product will not be fully removed until after the restart.
  • Confirm that all McAfee products have been removed from your computer.

Tell me when finished or when your´re facing problems! smile.gif

Have a nice day.

 

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#5 hop16

hop16
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:35 PM

Posted 08 February 2015 - 05:05 PM

McAfee has been removed



#6 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:35 AM

Posted 08 February 2015 - 05:30 PM

Hi hop16, Thanks
 
Step 1:
 
FRST Script:
Ensure your external and/or USB drives are inserted during the scan

Please download this attached txt.gif  fixlist.txt   2.28KB   0 downloads and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

NOT: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

 

Step 2:

 

Please download PoweliksCleaner by ESET and save it to your desktop.

  • Double-click ESETPoweliksCleaner.exe and follow the prompts to run it.
  • Agree to the terms of the license agreement.
  • The tool will run automatically.
  • If the cleaner finds a Poweliks infection, press the Y key on your keyboard to remove it.
  • If Poweliks was detected Win32/Poweliks was successfully removed from your system will be displayed.
  • Press any key to exit the tool and reboot your PC.
  • If an infection was found and disinfected, please attach the ESETPoweliksCleaner.exe_date.time.log it produces to your next reply.

Regards

 

Attached Files


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#7 hop16

hop16
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:35 PM

Posted 08 February 2015 - 06:15 PM

ESET did not find a Poweliks infection.

 

The Fixlog is attached.

 

 

Attached Files



#8 hop16

hop16
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:35 PM

Posted 08 February 2015 - 08:13 PM

Looks like your offline at this point so I'll check back again tomorrow evening my time.



#9 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:35 AM

Posted 09 February 2015 - 03:13 PM

Hi hop16,

 

Step 1:

 

TDSSKiller

Please download the latest version of TDSSKiller from here and save it to your Desktop.
 

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • more than one report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". The one that I need is the larger one. Please copy and paste the contents of that file here.

    Note** this report can be very long - so if the website gives you an error saying it is to long you may attache it

    If the forum still complains about it being to long send me everything that is at the end of the report after where it says

    Scan finished

    and I will see if I want to see the whole report.send me the reports made from TDSSKiller

Step 2:

  • Download and extract Malwarebytes Anti-Rootkit from here mbar-1.07.0.1009.zip and save it to your desktop.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.
  • Double-click mbar.exe inside the mbar folder then click 'Next'.
  • Note: Malwarebytes Anti-Rootkit requires administrative privileges to function properly.
  • Click 'Update'.
  • When finished updating, click 'Next' then 'Scan'.
  • If you are told you have the 'AppInit_Dlls rootkit', choose not to fix it and proceed with the scan.
  • With some infections, you may see two messages boxes:
    • 'Could not load protection driver'. Click 'OK'.
    • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart, then continue with the rest of these instructions.
  • If malware is found, do NOT press the 'Cleanup' button yet. Click 'Exit'.
  • Please zip and attach the two log files created by the tool within the folder from which it was run.

The logs will be named mbar-log-YYYY-MM-DD (##-##-##).txt and system-log.txt

 

Have a nice day.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#10 hop16

hop16
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:35 PM

Posted 10 February 2015 - 01:49 AM

Hi Olgun52,

 

I have attached a zip folder that contains all three of the requested files from the two programs.

 

No malicious objects were found

No malware was found

 

Thanks

Attached Files



#11 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:35 AM

Posted 10 February 2015 - 09:38 AM

Hi hop16, thank you for the Logs.

 

Please be sure to run our tools with administrator rights.

Next, download ComboFix Save to the Desktop

  • Disable all antivirus and antispyware programs. Get help here
  • Now, close all open windows
  • Double-click combofix.exe to run the program
  • Follow the prompts.
  • If the option is offered, it is in your best interest to allow the download and install of the Recovery Console when prompted.
  • When told that the RC is installed correctly, press YES to continue scanning for malware.
  • ComboFix will run. Please don't click on the window while the program is running, it may cause your system to stall.
  • CF may reboot the computer and resume running when it restarts.
  • When finished, a log, ComboFix.txt, is produced.

Please provide the contents of the ComboFix report in your reply.

 

Have a nice day.

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#12 hop16

hop16
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:35 PM

Posted 11 February 2015 - 10:10 AM

Olgun52,

 

I have downloaded comboFix and will run tonight my time and post results then.



#13 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:35 AM

Posted 11 February 2015 - 04:46 PM

Okay. i am waiting


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#14 hop16

hop16
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:35 PM

Posted 11 February 2015 - 11:03 PM

Ok, here is the ComboFix file.

Attached Files



#15 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:35 AM

Posted 12 February 2015 - 10:10 AM

Hi hop16,

 

Step 1:

 

Combofix scripting
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Download the attached CFScript.txt and save it to the location where Combofix is.

 

CFScriptB-4.gif

 

Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

Step 2:

 

Please download AdwCleaner to your desktop.

 

  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[S1].txt also

Step 3:

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Have a nice day.

 

Attached Files


Edited by olgun52, 14 February 2015 - 04:06 PM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users